Secure Desktop Computing In the Cloud

International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056

Volume: 10 Issue: 01 | Jan 2023 www.irjet.net p-ISSN: 2395-0072

Secure Desktop Computing In the Cloud

Priyanka Shankar Bhingardeve1 , Prajkta Mahendra Ghadge2 , Asst.Dr.S.P.Jadhav3 , Asst.prof.S.V.Thorat4

1stPriyanka Shankar Bhingardeve, MCA YTC, Satara 2ndPrajkta Mahendra Ghadge, MCA YTC Satara 3rdDr.S.P.Jadhav,4thProf.S.V.Thorat, Dept. of MCA Yashoda Technical Campus,Satara-415003 ***

Abstract—

Computationthatemployeesperformontheirdesktopand themanagementofthedesktopcomputinginfrastructureto the cloud, the need for securing such cloud-hosted user computingtasksandenvironmentsbecomeparamount.In thispaper,wepresentVenia,asecurecloud-baseddesktop computing platform designed to protect against both external and internal threats. Accessible to end-users throughathinRemoteDesktopProtocol(RDP)clientVenia isolatesend-user’sapplicationsanddataintocontainersand subjectstheinteractionswithandamongthecontainersto security policies. Following a principle of least privilege, Venia security policiescontrol user’saccesstocontainers, networkandfilesysteminteractionofthecontainers,crosscontainerdatasharingandalsoenablescollectionofdetailed logsforauditingpurpose.Veniahasbeendeployedtoa3rd party test environment where it demonstrated that endusers can perform the tasks they need on a daily basis, withoutintroducinggreaterrisktotheoverallorganization, and its currently undergoing security and performance evaluationbyanindependentevaluationteam.

1. INTRODUCTION

Thenextstepwithinthetrendofmovingbackendservices andsupportingcomputinginfrastructuretothecloud,isto maneuver end-user computing and its supporting infrastructure to the cloud additionally. Cloud computing provides economy of scale, eliminates the headache of computer code and hardware management and maintenance,andpermitson-demandscalingandpayasyou utilize rating. Properly architected, moving end-user computation to the cloud will offer a security profit. A conscientious cloud seller can offer stronger perimeter protection, specialised employees, and established tools, techniquesandproceduresforhandlingsecurityincidents than a typical enterprise will generally deploy. However, sharingmachineresourceswithinthecloudpresentsabrand newsetofsecuritychallengesforensurinorganizationand evenworse,usersfromcompletelydifferentorganizations cannotbreachsecuritytoattainmaliciousobjectives.

2 Related Work

Secure Desktop computing in the cloud Currentsolutionsfor desktopcomputingwithinthecloudsquaremeasure based offofaVirtualDesktopInfrastructure(VDI)approach.

VDI could be a variety of virtualization wherever entire desktopsolutionsarehostedwithinthecloud,soaccessed employingaskinnyconsumer,usuallywithRDP.Onesuch technologyisHorizonseven byVMWare.inhandwiththese solutions is their wholesale exporting of the desktop atmospheretothecloud.Whilehelpingtomodifythedigital geographicpointandprovidingacentralizedmanagement over resource and network access, these solutions still maintaintheapplianceprimarilybased securityproblems inherentinaveryancientdesktop.

3. Design Goals And Approach

ThemainstylegoalsforVeniawere:

• Role-specific UCEs: UCEs for individual users ought to consistofrole-specificapplicationbundles,whereverajob defines that desktop applications and resources area unit required to perform a particularjobconnected operate.A singleusermighthavemultipleroles,presumablyrequiring use of applications from multiple operative systems (e.g., LinuxandWindows)inaverysinglerole,andresourceswill besharedamongcompletelydifferentroles.

•Enterprise-specificsecuritymanagementandauditing: Interaction between end-user skinny consumer and UCE oughttobeencrypted.Resourceaccess,datasharinganduse ofUCEsoughttobesubject toenterprise-specific security controlsandauditingpolicies.

•End-userexpertise:End-userexperienceshouldn't change drastically from exploitation desktop atmosphere, in particular, end-users shouldn't need to re-authenticate themselvesforrolespecificresourceaccess,oughttorealize familiar applications in their UCE, and be able to cut and pastewhereverallowedbytheenterprisepolicy.

• Administration: Venia ought to give a straightforward approach for administrators to outline enterprise-specific security and auditing policies, and a straightforward to outline role-specific application bundles and instantiating user-specificUCEs.Toattainthesegoals,Veniawasdesigned as distinct components a collection of microservices establishingtherequiredenterpriseITservicesforauseful corporate infrastructure, a User cipher atmosphere (UCE) thatdefinestheend-userspace,togetherwiththeirdesktop, keepfilesandapplications.

International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056

Volume: 10 Issue: 01 | Jan 2023 www.irjet.net p-ISSN: 2395-0072

ensureAssociateinNursingoperationalend-userexpertise, whereasmaintainingthegoalsandobjectivesofthepolicy.

4. Implementation

A. Enterprise IT Services as Microservices EnterpriseIT services play a necessary and vital half in a corporate infrastructure. These services area unit liable for, among others, managing user access and authorization, and managingsharedresources,likeemailservers,printers,and centralized filesystems. Venia contains a collection of microservices for performing aspects of those IT managementfunctions,independentoftheend-usersspace. Separating individual aspects of IT management responsibilitiesintodistinctmicroservicesthatinteroperate via a well-definedRepresentational StateTransfer(REST) Application Programming Interface (API), and subjecting theseinteractionstostrictsecuritycontrolsandauditing[6] reduces the chance of abusing the UCEs through the enterpriseITservices,resultinginassociatedegreeoverall reductionoftheattacksurfaceoftheUCEs.

Veniacontainsfourmicroservices:

• User Service: providestheinitialentrypurposeintothe Venia system, via a web-portal, and contains all of the businesslogicforauthenticatingauseragainstadirectory service,likeActiveDirectory,andobtainingalloftheirout thereroles.

• Virtue Service: The Virtue Service coordinates communicationsbetweentheoppositemicroservices,andis responsibleforconstructingtheUCE.Oncecreated,theonly referencetheUCEmaintainsbacktothemicroservicesisfor coverage work events. This eliminates the potential for lateralattacksontheenterpriseassets.

• sensing element Service: The sensing element service aggregates all of the logs across the Venia system. This centralized service provides the required observance and analysisofsystemactivities.

• Admin Service: The admin service provides for the definition,management,anddisseminationofpolicies

B. User Compute Environment (UCE)

UCE supports the acquainted daily interaction of the endusertoperformtheirdailytasks.TheVeniaUCEmaybea single cloud based mostly machine instance that uses policy controlled containers to protect every Virtue, providing application isolation, and the ability to tightly managementandmonitorallactionsandinteractions.The UCEincorporatessecuritymechanismsatmultiplelevelsto

The current version of Venia is enforced as Associate in Nursing Amazon Web Services (AWS) application. This implementationconsistedoftwo-subnetsrunninginavery single Virtual Private Network (VPC). The sub-nets were dividedbetweenenterprisemicroservicesinone,andUCEs inanother.Theonlymicroservicesthatareaunitaccessible outside of the VPC area unit the Admin service, for policy construction,andalsotheLoginservice,forUCEcreation.

A. UCE Implementation

Each Virtue lives through one LXC The display of every Virtueissharedtothehost’sXServershowtogiveaunified desktoplook.ThedisplaysofeveryVirtueareshownwithin the sort of another window that identifies the containing Virtue. The Windows instance is connected throughRDP insideeveryVirtueonAssociateinNursingapplicationbasis. this permits Windows applications to own native support with the appearance of being on one seamless desktop among the Virtue. UNIX system applications area unit supportedthroughtheLXCcontainerstheVirtueslivetotell thetale.Awritingboardmanageratthehostlevelhasbeen other to manage copy-paste options between the Virtue windows.

B. Demonstrative Examples

Toverifyourpolicyapproach,wecreatedandtestedafew unique Virtues to exercise the capabilities of the system. Each of these Virtues were defined to address a specific security,oroperationalscenario.

5. Evaluation

To evaluate VENIA, we have a tendency to performed a series of performance overhead tests to estimate user perceptible overhead. For these many typical user operations, and compared against a regular desktop environment.everytakealookatwasconductedthrice,and the average was computed For these measurements, the quality desktop system was a VM on physically native hardware with four processor cores and 8GB of memory. VENIAwasrunningonAWSt2.xlargewithfourprocessors and16GBofmemory.Toverifyourpolicyapproach,wehave a tendency to created and tested many unique Virtues to exercisethecapabilitiesofthesystem.EachoftheseVirtues wereoutlinedtohandleaparticularsecurity,oroperational state of affairs. The automobile industry is investing in autonomousvehiclesfordriverlesscars,whichwillhaveto analyze and make decisions on data that pertains to their surroundingsformovementsanddirections.Thesevehicles needtotransmitDatatothemanufacturerssothattheycan track their usage and also get the required maintenance

International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056

Volume: 10 Issue: 01 | Jan 2023 www.irjet.net p-ISSN: 2395-0072

alerts. The data will be transmitted through networks resulting in congestion. To achieve low latency when accessingthenetwork,itisnecessaryforthemanufacturers todeviceneweffectivecomputingways

6. CONCLUSION

Asmorefront-endapplicationsandcomputationcontinueto migrate to the cloud, the need for a secure and usable platformisparamount.WithVenia,wehavedemonstrated anarchitectureforasecurecloud-basedend-usercomputing solution. With this architecture, we were successful in separating enterprise IT functions from end-user tasks, whichhelpedtoreducetheamountofinformationavailable toanattackerwhilestillprovidinganoperableenvironment fortheuser.Wefurtheremonstratedthatenterprisespecific securitycontrolsandauditingrequirementscanbeenforced ontheUCEs,andprovidedaneasytouseadministrativetoll toconstructwell definedpoliciesforVirtues.Initialresults showthatrunningtheapplicationsinvirtueswithincloudbasedUCEssubjecttotheapplicablesecuritycontrolsand auditing policies do not drastically change the user’s perceptionoftheapplications’responsetime,orconstrain accesstoanduseofinformationandresourcestheyneedto performtheirjobfunctions.

7. References

[1]T.Ristenpart,E.Tromer,H.Shacham,andS.Savage,“Hey, you,getoffofmycloud:exploringknowledgeruninthirdpartycypherclouds,”inProceedingsofthesixteenthACM conference on portable computer and communications security-CCS’09,Chicago,Illinois,USA,2009,p.199.

[2]K.Ren,C.Wang,andQ.Wang,“SecurityChallengesfor thepublic Cloud,”IEEEnetComput.,vol.16,no.1,pp.69–73,Jan.2012.

[3]K.Hashizume,N.Yoshioka,andE.B.Fernandez,“Misuse patternsforcloudcomputing,”inProceedingsoftheordinal Asian Conference on Pattern Languages of ProgramsAsianPLoP’11,Tokyo,Japan,2011,pp.1–6.

[4]“VMwareHorizonsevenisthattheleadingplatformfor virtual desktops and applications.,” VMWare. [Online]. Available: https://www.vmware.com/products/horizon.html. [Accessed:29-Apr 2019].

[5]N.Dragonietal.,“Microservices:yesterday,today,and tomorrow,”ArXiv160604036matter,Jun.2016.

[6]T.Yarygina,“ExploringMicroserviceSecurity,”p.144.

[7]G.NathNayakandS.GhoshSamaddar,“Differentflavours ofMan-In The-Middleattack,consequencesandpotential solutions,” in 2010 third International Conference on

engineering and knowledge Technology, Chengdu, China, 2010,pp.491–495.

[8] S. Jeuris and J. E. Bardram, “Dedicated workspaces: quicker commencement times and reduced psychological featureloadinorderedmultitasking,”Comput.Hum.Behav., vol.62,pp.404–414,Sep.2016.

[9] S. S. Clark, A. Paulos, B. Benyo, P. Pal, and R. Schantz, “Empirical Evaluation of the A3 Environment: Evaluating Defenses Against ZeroDay Attacks,” in 2015 tenth International Conference on convenience, Reliability and Security,Toulouse,France,2015,pp.80–89.

[10] C. Smutz and A. Stavrou, “Malicious PDF detection exploitationdataandstructuraldecisions,”inProceedingsof the twenty eighth Annual portable computer Security Applications Conference on - ACSAC ’12, Orlando, Florida, 2012,p.239.

[11] R. Sandhu, V. Bhamidipati, and Q. Munawer, “The ARBAC97 model for role-based administration of roles,” ACMTrans.Inf.Syst.Secur.,vol.2,no.1,p.31.

[12]D.R.Kuhn,E.J.Coyne,andT.R.Weil,“AddingAttributes toRoleBasedAccessmanagement,”IEEEComput.,vol.43, no.6,p.4,2010.

[13] D. Thomsen and E. Bertino, “Network Policy human action exploitation Transactions: The heavy particle Approach,”inProceedingsofthe23ndACMonconference onAccessmanagementModelsandTechnologies-SACMAT ’18,statecapital,Indiana,USA,2018,pp.129–136.

[14] R. Rosen, “Linux Containers and in addition the long haulCloud,”p.85.

[15]S.D. Wolthusen,“Securitypolicyhumanactionatthe arrangement level in the Windows organisation code packagefamily,”inSeventeenthAnnualComputerSecurity Applications Conference, port of entry, LA, USA, 2001, pp. 55–63.

[16] C. Boettiger, “An introduction to working person for duplicatable analysis, with examples from the R setting,” ACMSIGOPSOper.Syst.Rev.,vol.49,no.1,pp.71–79,Jan. 2015.

[17] A. Driscoll, Microsoft Windows PowerShell three.0 initial look: a fast, succinct guide to the new and exciting decisionsinPowerShellthree.0.2012.

[18] B. Chandra, “A technical scan of theOpenSSL ‘Heartbleed’vulnerability,”p.18.

2022, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal