A FRAMEWORK FOR SECURE TRANSCODING OF VIDEOS IN CLOUD INFRASTRUCTURES

Abstract

Cloud computing provides organizations with benefits like flexibility, scalability, reliability, automatic load balancing, reduction in cost of set-up of infra-structure etc. But organizations are not still very open to cloud platform. The main reason behind this is security of data stored and processes running in the cloud. All the threats into enterprise systems are automatically repackaged into cloud systems. There can be insider as well as outsider attacks in the cloud. Outsider attacks are done by the malicious persons who don’t have proper authority to use cloud resources or data stored into clouds. There can be various motivations behind these outsider attacks. Insider attacks are done by malicious person who has authority to operate the cloud system. These persons may be any administrators, employees in the cloud service provider’s organization, employees in the trusted business partner’s organization or any contractor. Insider attacks are more difficult to prevent than outsider attacks because insider attacks are performed by the persons who have authority to access the system. The report discusses about the various types of Insider attacks and the scenarios where these attacks can happen. There are three types of Insider attackers- (1) Malicious Administrators, (2) Insiders who exploits the vulnerabilities into the cloud and (3) Insiders who uses cloud resources to attacks the others resources in the cloud or local resources of the an organization. Malicious administrators may have different level of capabilities depending upon at what level they are working. Approaches to detect and mitigate insider attack are hardware as well as software based. This thesis presents a security framework which provides a computation environment which is free from a specific type of insider attack. Currently this framework is used to secure the transcoding process in a video streaming application. The Video Streaming Application presented in this report is a Railtel project. Both insider and outsider attacks are possible into this Video Streaming Application. The security work presented in this thesis is more focused on insider attacks which can be launched by malicious administrator who uses management VM to control other VMs. To mitigate such iv type of Insider attack, Input Output Memory Management Unit (IOMMU) is used in this security framework which makes it difficult for the administrator to know which memory area is the actual memory area of the target user. The IOMMU connects the main memory and input/output (I/O) buses of the physical hardware devices through DMA remapping. Secure computation is done in IOMMU based cloud.