Cloud Computing : Top to Bottom


Published on

This presentation will provide you with all the information, you need to know about cloud computing. It will give a description of cloud computing and related issues from top to bottom with lots of survey results, definitions from different white papers and security concerns from worth mentioning research papers.

Published in: Education, Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Cloud Computing : Top to Bottom

  1. 1. Cloud Computing: Security and Privacy Prepared by Istiyak Hossain Siddiquee 2009331009 Supervised by Dr. Mohammed Jahirul Islam Associate Professor Dept. of Computer Science & Engineering Shahjalal University of Science & Technology Sylhet, Bangladesh.
  2. 2. “Cloud Computing is an important transition, a paradigm shift in IT services delivery - one that has broad impact and can present significant challenges. “ ---"Cloud Computing: Considerations and Next Steps", published by Intel “It's stupidity. It's worse than stupidity. It's a marketing hype campaign.” ---Richard Stallman, President, Free Software Foundation
  3. 3. An IT model or computing environment composed of IT components (hardware, software, networking, and services) as well as the processes around the deployment of these elements that together enable us to develop and deliver cloud services via the Internet or a private network. --- Securing the Cloud, Winkler Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services). --- Security Guidance for Critical Areas of Focus in Cloud Computing v3.0 By Cloud Security Alliance, CSA Cloud computing is an evolution in which IT consumption and delivery are made available in a self– service fashion via the Internet or internal network, with a flexible pay-as-you-go business model and requires a highly efficient and scalable architecture. --- Cloud Computing: Considerations and Next Steps, Intel
  4. 4. “Cloud Computing refers to both the applications delivered as services over Internet and the hardware and systems software in the datacenters that provide those services.” Above the Clouds A Berkeley View on Cloud Computing, University of California Berkeley “A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” National Institute of Standard and Technology (NIST)
  5. 5. Why Cloud
  6. 6. Source: IT PRO Cloud Survey By Microsoft TechNet Cloud Power
  7. 7. Source: The Future of Cloud Computing rd Annual Survey by NorthBridge and Gigaom
  8. 8. Source: Outlook on Technology, a survey conducted by PCConnection
  9. 9. Source: Leveraging the cloud for law enforcement Survey Result IACP, SafeGov, January 31, 2013
  10. 10. Essential Characteristics of Cloud Computing According to NIST      On-demand Self Service Broad network access Resource pooling Rapid elasticity Measured service • Cost containment • Innovation speed • Availability • Scalability • Efficiency • Elasticity Schweizerische Akademie der Technischen Wissenschaften (SATW)
  11. 11. So, the attractive points of cloud computing are          Efficiency Scalability Elasticity Availability Agility Recovery No upfront cost Pay as you go Innovation speed
  12. 12. Cloud Service Delivery Model
  13. 13. defined by NIST
  14. 14. Source: 2013 Outlook on Technology, PC Connection Survey
  15. 15. Source: IT PRO Cloud Survey By Microsoft TechNet Cloud Power
  16. 16. IaaS The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls). ----According to NIST provides virtual machines and other abstracted hardware and operating systems which may be controlled through a service API. ----According to ENISA delivers computer infrastructure (typically a platform virtualization environment) as a service, along with raw storage and networking. Rather than purchasing servers, software, data-center space, or network equipment, clients instead buy those resources as a fully outsourced service ----According to CSA
  17. 17. Source: Schweizerische Akademie der Technischen Wissenschaften (SATW)
  18. 18. Examples of IaaS           Amazon EC2 Eucalyptus CSC GoGrid IBM OpenStack Rackspace Savvis Terremark VMWare
  19. 19. PaaS The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment. ----According to NIST allows customers to develop new applications using APIs deployed and configurable remotely. The platforms offered include development tools, configuration management, and deployment platforms. ----According to ENISA the delivery of a computing platform and solution stack as a service. PaaS offerings facilitate deployment of applications without the cost and complexity of buying and managing the underlying hardware and software and provisioning hosting capabilities. This provides all of the facilities required to support the complete life cycle of building and delivering web applications and services entirely available from the Internet. ----According to CSA
  20. 20. Source: Schweizerische Akademie der Technischen Wissenschaften (SATW)
  21. 21. Examples of PaaS             Google App Engine Windows Azure Engine Yard AT&T Synaptic Boomi Citrix Red Hat OpenShift Heroku AppFog Amazon AWS Caspio
  22. 22. SaaS The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user specific application configuration settings. ----According to NIST is software offered by a third party provider, available on demand, usually via the Internet configurable remotely. ----According to ENISA a software delivery model in which software and its associated data are hosted centrally (typically in the (Internet) cloud) and are typically accessed by users using a thin client, normally using a web browser over the Internet. ----According to CSA
  23. 23. Source: Schweizerische Akademie der Technischen Wissenschaften (SATW)
  24. 24. Examples of SaaS            Web Mail Google Docs Facebook Salesforce LinkedIn Workday Netsuite ServiceNow Athenahealth Medidata Cornerstone OnDemand
  25. 25. Cloud Deployment Models
  26. 26. Among these models, which one is more popular ??
  27. 27. Source The Future of Cloud Computing rd Annual Survey by NorthBridge and Gigaom
  28. 28. PC Connection CC Survey Results
  29. 29. Public Cloud The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. ---- According to NIST The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services. ----According to ENISA public cloud refers to solutions where resources are dynamically provisioned over the Internet from an offsite third-party provider who shares resources and bills on a finegrained utility computing basis. ----According to Ajilitee
  30. 30. Examples of Public Cloud      Amazon Elastic Compute Cloud (EC2) IBM’s Blue Cloud SunCloud Google AppEngine Windows Azure Services Platform
  31. 31. Private Cloud The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g. business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises. --- According to NIST The cloud infrastructure is operated solely for a single organization. It may be managed by the organization or by a third party and may be located on-premise or off-premise. --- According to CSA
  32. 32. Examples of Private Cloud         Amazon Virtual Private Cloud IBM SmartCloud Foundation Microsoft Private Cloud Cisco Private Cloud solutions VMware Private Cloud Computing Dell Cloud Solutions Rackspace Private Cloud Citrix CloudPlatform
  33. 33. Hybrid Cloud The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g. cloud bursting for load balancing between clouds)
  34. 34. Community Cloud The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g mission, security requirements, policy, or compliance considerations). It may be managed by the organizations or by a third party and may be located on premise or off-premise. --- According to CSA This cloud overlaps to grid to some extent. Several organizations with similar concerns about mission, security requirements, policy, and compliance considerations in a private community share cloud infrastructure
  35. 35. Source: Luth research and Vanson Bourne, 2013
  36. 36. 2013 Outlook on Technology Cloud Computing Survey Results by PC Connection
  37. 37. Are these survey results exaggerated ?
  38. 38. Let’s review this survey result... Cloud Computing Vulnerability Incidents A Statistical Overview, by CSA
  39. 39. American information technology research and advisory firm Gartner have identified seven cloud computing risks. These are        Privileged user access Regulatory compliance Data location Data segregation Recovery Investigative support Long term viability In CSA released a worth mentioning document with a title The Notorious Nine: Cloud Computing Top Threats in Here they idenfied nine security problem as top threat for the year          Data Breaches Data Loss Account Hijacking Insecure APIs Denial of Service Malicious Insiders Abuse of Cloud Services Insufficient Due Diligence Shared Technology Issues
  40. 40. So we can classify these threats into these categories      Confidentiality and Privacy Availability Integrity Auditability and Forensics Other Issues Let us get through these point...
  41. 41. Confidentiality and Privacy
  42. 42. While considering cloud computing security, one word that comes most often is confidentiality of data. Privacy is also related to confidentiality as because revealation of a confidential data means the violation of privacy Confidentiality and privacy leakages can occur in two wasys Loosing control over data Customers often become anxious about their data confidentiality, this is because of losing control over data. when they host their classified information to cloud they usually lose the control over their data, though they have the authorization to access data Privacy and Confidentiality Compromised One of the most common threat to computing technology as well as cloud computing technology is “compromise”. To describe this in detail we will sub-divide this point
  43. 43. Threats from Insider There are two types of threat here. Firstly from a current or former employee, contractor, or other business partner who has or had authorized access to an organization's network, system, or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization's information or information systems. Secondly, from the company itself. What if the company is running a Cheap Data Mining process on your confidential data ? Or even they can espoinage on your data.
  44. 44. Threats from Outsider There are the threats that make companies worried. There can be many types of threat from outsider. These are         Cloud malware injection attack Account or service hijacking VMWare Secuirty Problem Flooding Attacks Data Security Hypervisor Vulnerability Shared Resources Issue Compliance
  45. 45. Cloud malware injection attack A research paper described this type of attack. They said, an attacker first attempts to inject malware service implementation of virtual machine into the cloud system. This instance then serves several purposes ranging from eavesdropping via subtle data modification to full functonality changes or blockings. Attacker may also apply sql injection cross site scripting attacks to acquire sensitive data
  46. 46. Account or service hijacking Account or service hijacking is not new Attack methods such as phishing, fraud, and exploitation of software vulnerabilities still achieve results. Cloud solutions add a new threat to the landscape. If an attacker gains access to your credentials, they can eavesdrop on your activities and transactions, manipulate data, return falsified information, and redirect your clients to illegitimate sites. Your account or service instances may become a new base for the attacker.
  47. 47. VMWare Secuirty Problem Recent researches show that it is possible to locate a clients’ physical address on cloud precisely So an attacker can use those algothims to locate a consumer and gather intelligence about his classified data in cloud. Again, another research showed that it is possible to place attacker’s virtual machine beside the victim’s virtual machine, physically and then create a side channel between both the machines which can enable the attacker to steal password information by initiating SSH keystroke timing attack
  48. 48. Flooding Attacks It consists of DoS (Denial of Service), DDoS, and EDoS It is a very old problem in computer technology and hence for cloud computing also, which basically consists in an attacker sending a huge amount of nonsense requests. As each of these requests need to be identified as nonsese some computation power is required to face such attacks. Thus sometimes the server doesn’t response in time that is it Denies of Service. Sometimes attacker attacks the cloud using botnets which we call Distributed Denial of service. It is much harder to tackle as there are huge amount of nonsense request at a time There is another sort of DoS, this is called EDoS. In this, attacker attacks the billing system of a cloud service provide with an attemp to make the CSP a bankrupt
  49. 49. Data Security Data can be hijacked while it is in transit. This problem is trivial actually. We may encrypt the data or secure the connection between browser and server
  50. 50. Hypervisor Vulnerability Hypervisor is a critical piece of virtualized cloud infrastructure that provide the software layer that sits between the hardware and VMs and allows multiple VMs to share a single hardware platform. Not surprisingly, hypervisor vulnerabilities are a major source of concern for IT professionals. If a hypervisor is vulnerable to security attacks, then the integrity of the entire public or private cloud implementation is at serious risk.
  51. 51. Shared Resources Issues Sharing of resources arise some critical problems of unwanted data privacy leakages. This is because data remanence in an multitenant hardware implementation Another example of shared resources vulnerability is Reputaion Fate Sharing
  52. 52. Compliance From the former NSA Agent Edward Snowden we came to know that under long disputed PRISM Act, USA’s organization, National Security Agency (NSA) had been able to access the emails, Facebook accounts and videos of citizens across the world. Even, it had secretly acquired the phone records of millions of Americans and other important persons of the world like Angela Merkel etc. Through a secret court, it has been able to bend nine US internet companies to its demands for access to their users' data.
  53. 53. Availability
  54. 54. Integrity
  55. 55. Auditability & Forensics
  56. 56. Other Issues  Accidental Data Loss  Insecure API  Abuse of Cloud (DoS Attack Using Cloud)
  57. 57. Future.....
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.