Seminar onCloud Computing : Security and Forensics                          Govind Maheswaran                          gov...
Cloud Computing     Cloud security       Risk Assesment     Cloud ForensicsConclusion
“The cloud is for everyone.The cloud is a democracy.”
Cloud computing is a model for enabling convenient, on-demandnetwork access to a shared pool of configurable computing res...
On-Demand         • Unilaterally provision computing capabilities as needed                    automatically, without requ...
•Servers and Network            •Cloud OS and Platforms         •User gets the software as connections.                   ...
Public Cloud    Community                  CloudPrivate Cloud   Hybrid Cloud
Compute                                   StorageDatabase             Transaction
• Scale vs. Cost          • Lack of ControlPros                          Cons       • Multiplatform           • Reliabilit...
“Theyre certainly a threat, and would be easy to make malicious.”                         “The technology demands of the  ...
* Cloud is a relatively newer technology. So, its security domains are not fully known.* Cloud based Security Risks => CRI...
•   Any kind of intentional and un-intentional malicious activity    carried out or executed on a shared platform may affe...
•   Bankruptcy and catastrophes does not come with an early    warning.•   Such a run-on-the-cloud may lead to acquisition...
•   Migrating from cloud is difficult, as different cloud providers    use various OS n middleware and APIs•   Also, sudde...
•   Handled by the Provider•   User rarely has information about the protection facilities.•   Prevent unauthorized access...
•   The service provider may be following good security    procedures, but it is not visible to the customers and end    u...
•   Confidential data remains confidential.•   The information deleted by the customer may be available to    the cloud so...
•   Vulnerabilities applicable to programs running in the    conventional systems & networks are also applicable to cloud ...
•   The cloud provider maintains logs of none/some/all of the    cloud activities•   The end user has no access to these l...
•   Security testing is a process to determine that an information    system protects data and maintains functionality as ...
“Who protects my data?”                   “Are we to skip on-site inspections,                         discoverability, an...
•   Although Cloud can be considered a failure in terms of    Security, there are still many takers for it.•   This is mai...
Map the                                      Evaluate                          asset to                                   ...
Map the                                                   Evaluate                                  asset to              ...
Map the                                                    Evaluate                                   asset to            ...
Map the                                                  Evaluate                                  asset to               ...
Map the                                                Evaluate                                 asset to                  ...
Map the                                                Evaluate                                 asset to                  ...
“Theyre certainly a threat, and would be easy to make malicious.”                                          “Quiet as the f...
DEFINITION:   “The use of scientifically derived and proven methods toward  the preservation, collection, validation, iden...
•   Cloud forensics is more cost effective than conventional    Digital forensic methodologies.•   In case a cloud need to...
Legal Regulations       Legal & regulatory requirements and compliances may be       lacking in the location(s) where the ...
Continously Overwriten Logs          The cloud keeps working, and its logs are replicated and          overwritten contino...
• Cloud is changing the way systems and services are provided and utilized.• The more informed IT departments are about th...
• Use a Risk Assesment framework before data is put on the cloud.• Cloud forensics, being younger than Cloud computing, ha...
•   Cloud Security Alliance, a non Profit Cloud Evangelists Group                                     https://cloudsecurit...
Drop me a mail : govindmaheswaran@gmail.com
Cloud Computing : Security and Forensics
Cloud Computing : Security and Forensics
Cloud Computing : Security and Forensics
Cloud Computing : Security and Forensics
Upcoming SlideShare
Loading in...5
×

Cloud Computing : Security and Forensics

1,527
-1

Published on

The presentation deals with the security and forensic factors of Cloud computing paradigm..

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,527
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
168
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Cloud Computing : Security and Forensics

  1. 1. Seminar onCloud Computing : Security and Forensics Govind Maheswaran govindmaheswaran@gmail.com facebook.com/govindmaheswaran twitter.com/RestlessMystic
  2. 2. Cloud Computing Cloud security Risk Assesment Cloud ForensicsConclusion
  3. 3. “The cloud is for everyone.The cloud is a democracy.”
  4. 4. Cloud computing is a model for enabling convenient, on-demandnetwork access to a shared pool of configurable computing resources(e.g., networks, servers, storage, applications, and services) that canbe rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models In Simple English,I can get my data when I want, over some kind of network, and even though the data might be coming from different places and my computing power shared with others, somehow the back end is going to scale up or down to fulfill my needs, and interestingly, bills me for only what I use.
  5. 5. On-Demand • Unilaterally provision computing capabilities as needed automatically, without requiring human interaction with a Self-Service service provider Resource • The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model Pooling • Shared pools are assigned and reallocated as per requirement • Upgrade? More memory required? New software version?Rapid Elasticity Incompatibility with current version? • “The Cloud Almighty” has it all…Broad Network • Available over the network and accessed through standard Access mechanisms Measured • Metering capability • Resource usage can be monitored, controlled, and reported — Service providing transparency for both the provider and consumer
  6. 6. •Servers and Network •Cloud OS and Platforms •User gets the software as connections. •All the user needs is to a web service.•User needs to install put up his applications. •Eg : Google Docs, Office Required OS and Platform •Eg : Windows Hyper V 365, Amazon S3 and Applications.(some Cloud, Amazon EC2 vendors provide OS)•Eg: Windows AzureInfrastructure Platform as a Software as aas a Service Service Service[IaaS] [PaaS] [SaaS] Processor Runtime Application Operating Memory API Web Service System Storage Web Server Web UI
  7. 7. Public Cloud Community CloudPrivate Cloud Hybrid Cloud
  8. 8. Compute StorageDatabase Transaction
  9. 9. • Scale vs. Cost • Lack of ControlPros Cons • Multiplatform • Reliability support Issues • Encapsulated • Lock In Change • Data out of Management Premises • Next-Gen • Security Architecture
  10. 10. “Theyre certainly a threat, and would be easy to make malicious.” “The technology demands of the cybersecurity advisers job are relatively trivial..”
  11. 11. * Cloud is a relatively newer technology. So, its security domains are not fully known.* Cloud based Security Risks => CRISKS * Hardware * Data * Applications * (in short, everything in the cloud)Some major security Issues are discussed in the following slides
  12. 12. • Any kind of intentional and un-intentional malicious activity carried out or executed on a shared platform may affect the other tenants and associated stake holders.• Eg : Blocking of IP Ranges, Confiscation of resources etc• Sudden increase in the resource usage by one application can drastically affect the performance and availability of other applications shared in the same cloud infrastructure.
  13. 13. • Bankruptcy and catastrophes does not come with an early warning.• Such a run-on-the-cloud may lead to acquisitions or mergers.• Sudden take over can result in a deviation from the agreed Terms of Use & License Agreement which may lead to a Lock- In situation.
  14. 14. • Migrating from cloud is difficult, as different cloud providers use various OS n middleware and APIs• Also, sudden change of provider policies may make the user stuck with the cloud.• The user may want to quit, but he cannot as his data is in the cloud.• Lock-In Situation
  15. 15. • Handled by the Provider• User rarely has information about the protection facilities.• Prevent unauthorized access by the priviledged employees of Service Provider
  16. 16. • The service provider may be following good security procedures, but it is not visible to the customers and end users.• May be due to security reasons.• End user questions remains un-answered: • how the data is backed up, who back up the data,whether the cloud service provider does it or has they outsourced to some third party,
  17. 17. • Confidential data remains confidential.• The information deleted by the customer may be available to the cloud solution provider as part of their regular backups.• Insecure and inefficient deletion of data where true data wiping is not happening, exposing the sensitive information to other cloud users.
  18. 18. • Vulnerabilities applicable to programs running in the conventional systems & networks are also applicable to cloud infrastructure.• It also requires application security measures (application- level firewalls) be in place in the production environment.
  19. 19. • The cloud provider maintains logs of none/some/all of the cloud activities• The end user has no access to these logs,neither are they aware of what exactly are being logged.
  20. 20. • Security testing is a process to determine that an information system protects data and maintains functionality as intended.• Cloud security testing is futile, due to the following reasons.  Permission Issues  If a user traverse through unauthorised areas of a cloud, he may reach a black hole.  An application is tested today and found vulnerable or not, how do you know that the app tested tomorrow is the same one that was tested yesterday?
  21. 21. “Who protects my data?” “Are we to skip on-site inspections, discoverability, and complex encryption schemes..”
  22. 22. • Although Cloud can be considered a failure in terms of Security, there are still many takers for it.• This is mainly due to the Multi-tenancy(cost sharing) aspect.• A risk based approach needs to be adopted, after considering the profit and loss involved in moving the assets to the cloud. An RA Framework is presented in the coming slides…
  23. 23. Map the Evaluate asset to Cloud Sketch the Identify Evaluate Existing Service Potentialthe Asset The Asset cloud Models and Data Flow Deployment Providers Models
  24. 24. Map the Evaluate asset to Cloud Sketch the Identify Evaluate Existing Service Potentialthe Asset The Asset cloud Models and Data Flow Deployment Providers Models • Assets can be Data or Applications. Choose which all needs to be migrated to the cloud. • In cloud, data and application need not reside at the same location. • Thus,even parts of functions can be shifted to the cloud. • Make the choice based upon current data usage, and potential data usage.
  25. 25. Map the Evaluate asset to Cloud Sketch the Identify Evaluate Existing Service Potentialthe Asset The Asset cloud Models and Data Flow Deployment Providers Models • Determine how Important and sensitive the asset is to the organisation. • In short, evaluate the asset on the basis of Confidentiality and availability.
  26. 26. Map the Evaluate asset to Cloud Sketch the Identify Evaluate Existing Service Potentialthe Asset The Asset cloud Models and Data Flow Deployment Providers Models • Determine which deployment model is good for the organizational requirement • Decide whether the organization can accept the risks implicit to the various deployment models (private, public, community, or hybrid).
  27. 27. Map the Evaluate asset to Cloud Sketch the Identify Evaluate Existing Service Potentialthe Asset The Asset cloud Models and Data Flow Deployment Providers Models • Determine which service deployment model is good for the organizational requirement • Decide whether the organization is competent enough to implement the extra layers (in case of IaaS or PaaS)
  28. 28. Map the Evaluate asset to Cloud Sketch the Identify Evaluate Existing Service Potentialthe Asset The Asset cloud Models and Data Flow Deployment Providers Models • Required to analyse how and when data will move In and Out the cloud..
  29. 29. “Theyre certainly a threat, and would be easy to make malicious.” “Quiet as the forest”
  30. 30. DEFINITION: “The use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of digital evidence derived from digital sources for the purpose offacilitating or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations.”Cloud Forensics refers to the usage of Digital Forensics Science in Cloud computing models.
  31. 31. • Cloud forensics is more cost effective than conventional Digital forensic methodologies.• In case a cloud need to be shut down for data collection,it can be implemented with very less extra work (transfering data to another data center within the same cloud)• Forensics may be implemented as a Cloud Service.
  32. 32. Legal Regulations Legal & regulatory requirements and compliances may be lacking in the location(s) where the data is actually stored.Record Retention Policies There exists no standardized logging format for the cloud. Each provider logs in different formats, making log crunching for forensics difficult in case of Cloud.Identity Management There exists no proper KYC norms in case of Cloud Providers. Anyone with a credit card can purchase a cloud account.
  33. 33. Continously Overwriten Logs The cloud keeps working, and its logs are replicated and overwritten continously. So it poses a great challenge to the forensic scientist to spot the state of the log file at the time of an attempted crime..Admissibility Along with finding the evidence, the scientist must also prove it to a legal non technical person. This part is worser than the real forensics process.Privacy Someone hacked something somewhere. Why should a Forensic guy check the data that i have put in my cloud ..?
  34. 34. • Cloud is changing the way systems and services are provided and utilized.• The more informed IT departments are about the cloud, the better the position they will be in when making decisions about deploying, developing, and maintaining systems in the cloud.• With so many different cloud deployment and service models, and their hybrid permutations - no list of security controls can cover all these circumstances.• Cloud has just crossed its inception states, and Researches on cloud security are still going on.
  35. 35. • Use a Risk Assesment framework before data is put on the cloud.• Cloud forensics, being younger than Cloud computing, has very less to offer as of now.• Watch your activities, keep in touch with your cloud service provider, read the user manual carefully.
  36. 36. • Cloud Security Alliance, a non Profit Cloud Evangelists Group https://cloudsecurityalliance.org/• Microsoft Corporation, Windows Azure http://www.microsoft.com/windowsazure• IEEE Paper “Cloud Computing: The impact on digital forensic investigations “• IEEE Paper “Cloud computing: Forensic challenges for law enforcement “• Cyber Forensics by Albert J Marcella and Robert greenfield
  37. 37. Drop me a mail : govindmaheswaran@gmail.com
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×