الفهرس 
IntroductionOnly 14 pages are availabe for public view
 |  | from | 101 |  |  |
| | | from | 101 | | |
Abstract
Cloud computing is considered a key business enabler due to its benefits like minimizing the go live time and reducing the associated resources. Adopting cloud computing allows focusing in main business objectives as it provides reliability, flexibility, and manageability. Virtualization is considered one of the bases for cloud computing. Moving to the cloud introduces several confidentiality, integrity, and availability concerns. One of the key issues that affect availability is Distributed Denial of Service (DDoS). In such attacks, a cloud can be the source or the victim. DDoS attacks on/from a cloud can be much more harmful than its impact on/from a single physical server. One of the most recognized DDoS types is Domain Name Server (DNS) reflection amplification attack. It has the greatest peak size, and frequency of occurrence. In this thesis, we propose a technique to limit the sources of DNS reflection amplification DDoS attacks based on Best Current Practice 38 (BCP38). In particular, we make use of the role of cloud hypervisors in handling all the virtualization environment traffic. Moreover, The proposed technique can prevent scenarios in which the Internet Service Provider (ISP) edge router ingress filtering will fail to prevent and is easier to be implemented. This technique can be modified to prevent other types of DDoS attacks like Network Time Protocol (NTP) reflection amplification DDoS attacks.