Cloud Computing Security

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

more share options
Embed For WordPress.com

Without related presentations

Notes on slide 1

Hello everybody, I am Ninh Nguyen, a CS student. My seminar topic today is Cloud Computing Security.

First of all, just take a look how people concern about cloud computing. As you can see in this graph, people has been searching a lot for cloud computing in Google since 2007 especially since the first months of 2009. And other kind of computing such as grid computing is falling and cluster computing is still the same for years.

At the same time, cloud computing also attracts a lot attention of media and news volume still growing over the time.

So what is cloud computing? I take a quote from Larry Ellison – CEO of Oracle: “What the hell is Cloud Computing?” Why did he say that? Actually, cloud computing is too new and has a standard.

Look at history, we can say Cloud Computing is the 5th generation of computing, after monolithic, client-server, web, service-oriented architecture and now it’s cloud service.

I have to say that there is not any formal definition and you can find out many different definitions of cloud computing out there. Here I took definitions on Wikipedia through out the time, since 12/2007. You can see people define cloud computing quite differently through the evolution of it.

Simply, I can summarize some characteristics of cloud computing. The first characters build up the word CLOUD and it’s very easy to remember. They’re Common, Location-independent, Online, Utility implies and Demand implies.The on-demand, self-service, pay-by-use modelInfrastructure is programmableApplications are composed and are built to be composableServices are delivered over the network

Then, I want to introduce about infrastructure models of cloud computing.

Basically there are three types of models. Public Cloud, Private Cloud and another type that mixes of public cloud and private cloud is hybrid cloud.Public clouds are run by third parties, and applications from different customers are likely to be mixed together on the cloud’s servers, storage systems, and networks. Public clouds are most often hosted away from customer premises, and they provide a way to reduce customer risk and cost by providing a flexible, even temporary extension to enterprise infrastructure.Private clouds are built for the exclusive use of one client, providing the utmost control over data, security, and quality of service. The company owns the infrastructure and has control over how applications are deployed on it. Private clouds may be deployed in an enterprise datacenter, and they also may be deployed at a co-location facility.Hybrid clouds combine both public and private cloud models. They can help to provide on-demand, externally provisioned scale. The ability to augment a private cloud with the resources of a public cloud can be used to maintain service levels in the face of rapid workload fluctuations.

Now I will talk about architectural layers of cloud computing. There are also 3 types SaaS, PaaS and IaaS.

Software as a service features a complete application offered as a service on demand. A single instance of the software runs on the cloud and services multiple end users or client organizations.

Platform as a service encapsulates a layer of software and provides it as a service that can be used to build higher-level services.Someone producing PaaS might produce a platform by integrating an OS,middleware, application software, and even a development environment that is then provided to a customer as a serviceSomeone using PaaS would see an encapsulated service that is presented to them through an API. The customer interacts with the platform through the API, and the platform does what is necessary to manage and scale itself to provide a given level of service.

Infrastructure as a service delivers basic storage and compute capabilities as standardized services over the network. Servers, storage systems, switches, routers, and other systems are pooled and made available to handle workloads that range from application components to high-performance computing applications.

To summarize, here is a diagram cover relationships among SaaS, PaaS, IaaS.

To clarify, I will talk about characteristics of cloud computing including of some comparisons, benefits – disadvantages and goal of cloud computing.

Grid computing has been used in environments where users make few but large allocation requestsCloud computing really is about lots of small allocation requests.

Diagram showing economics of cloud computing versus traditional IT, including capital expenditure (CapEx) and operational expenditure (OpEx)Cloud computing users can avoid capital expenditure (CapEx) on hardware, software, and services when they pay a provider only for what they use. Consumption is usually billed on a utility (e.g. resources consumed, like electricity) or subscription (e.g. time based, like a newspaper) basis with little or no upfront cost.

And now I can sum up pros and cons of cloud computing. One of cons is Security which I will talk about right now.

Now this is the second part of my talk: cloud computing security.

First of all, I will describe an overview about a cloud technology reference model. You never can control everything with cloud computing. There are always two problems, yours and theirs.

In SaaS, it’s your data.

In PaaS, it’s your whole application.

With IaaS, it’s a lot of things.

Now I will list here some security issues in cloud computing.

There’re two broad categories of issues: governing in the cloud and operating in the cloud.

Due to limit of time, I only choose 1 selected issue which has relations with my course: cryptography to present today. It’s encryption and Key Management.

Cloud computing changes the way we think about computing by removing the specifics of location from its resources. In other word, it abstracts all computing and networking resources. However, in divorcing components from location, this creates security issues that result from this lack of any perimeter. In such a world, there is only one way to secure the computing resources: strong encryption and scalable key management.From a risk management perspective, unencrypted data existent in the cloud may be considered “lost” by the customer. Application providers who are not controlling backend systems should assure that data is encrypted when being stored on the backend. Use encryption to separate data holding from data usage. Segregate the key management from the cloud provider hosting the data, creating a chain of separation. This protects both the cloud provider and customer from conflict when being compelled to provide data due to a legal mandate and can potentially solve some problems.When stipulating encryption in contract language, assure that the encryption is adhering to existing industry or government standards, as applicable.

Now I will talk about a case-study: Amazon Web Service or AWS. Amazon provides 2 kinds of service: Cloud Computing Service and Support Services.Amazon Simple Storage Service (S3)Amazon Elastic Compute Cloud (EC2)Amazon SimpleDBAmazon CloudFrontAmazon Simple Queue Service (SQS)Amazon Flexible Payments Service (FPS)Amazon Mechanical Turk

An X.509 Certificate consists of Public Key and a Private Key. The file containing the public key, the certificate file, must contain a base64-encoded DER certificate body. The file containing the private key, the Private Key file, must contain a base64-encoded PKCS#8 private key. The Private Key is used to authenticate requests to AWS.AWS accepts any syntactically and cryptographically valid X.509 certificates. They do not need to be from a formal Certificate Authority (CA).

Here is a diagram of SHA-1 HMAC Generation.In cryptography, a keyed-Hash Message Authentication Code (HMAC or KHMAC), is a type of message authentication code (MAC) calculated using a specific algorithm involving a cryptographic hash function in combination with a secret key. Any iterative cryptographic hash function, such as MD5 or SHA-1, may be used in the calculation of an HMAC.The SHA hash functions are a set of cryptographic hash functions designed by the National Security Agency (NSA) and published by the NIST as a U.S. Federal Information Processing Standard. SHA stands for Secure Hash Algorithm.SHA-1 (as well as SHA-0) produces a 160-bit digest from a message with a maximum length of (264 − 1) bits. SHA-1 is based on principles similar to those used by Ronald L. Rivest of MIT in the design of the MD4 and MD5 message digest algorithms, but has a more conservative design.

To summary and predict, I take some quote here:Cloud Computing is more and more popular but Cloud Computing Security is a very important problem everybody or company going to use CC should be concern.

12 Favorites

wonusaka favorited this 1 week ago
bhalchandrakandukuri favorited this 2 weeks ago
Tags cloud
Simon Nam at CloudWave , favorited this 3 weeks ago
Sally Tudor, Self employed Consultant at Sallys Special Services, favorited this 1 month ago
markodell favorited this 1 month ago
Tags cloud computing security cant download but good
vashistvishal favorited this 1 month ago
Tags cloud
ymhuo favorited this 1 month ago
brentjackson favorited this 1 month ago
CIS at CIS, favorited this 1 month ago
Zhi Guan, PhD Student at Peking University, China, favorited this 1 month ago
Tags palo eg tech media' 'social alto
stoneys favorited this 1 month ago
Tags computing cloud
davidem favorited this 1 month ago
Tags computing security cloud

Cloud Computing Security - Presentation Transcript

Ninh V. Nguyen
ninh.nv@gmail.com
The Hype
Cluster Computing
Cloud Computing
Grid Computing
“What the hell is Cloud Computing?”
- Larry Ellison
5th Generation of Computing
1970s 1980s 1990s 2000s 2009+
Monolithic Client-Server Web SOA Cloud Services
Wikipedia’s Definitions
Cloud computing is a computing paradigm shift where computing is moved away
from personal computers or an individual server to a “cloud” of computers.
– 12/2007
Cloud computing is Internet-based ("cloud") development and use of computer
Technology ("computing"). The cloud is a metaphor for the Internet, based on how
it is depicted in computer network diagrams, and is an abstraction for the complex
infrastructure it conceals.
– 12/2008
Cloud computing is a style of computing in which dynamically scalable and often
virtualized resources are provided as a service over the Internet.
– 6/2009
Cloud computing is an example of computing in which dynamically scalable and
often virtualized resources are provided as a service over the Internet.
- Now
Common implies multi-tenancy, not single or isolated tenancy
Location-independent
Online
Utility implies pay-for-use pricing
Demand implies ~infinite, ~immediate, ~invisible scalability
Cloud Computing Infrastructure Models
Public Cloud
Public Cloud
The Cloud Provider
The Cloud Provider
SME
Hybrid Cloud
Connectivity
(Network Access)
SME
Enterprise
Private Cloud
Enterprise
SME
Private Cloud
Architectural Layers of Cloud Computing
Software as a Service (SaaS)
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)
Cloud Computing Characteristics
Comparisons
Cloud Computing Economics
Traditional IT
Variable Costs
(OpEx)
Cloud Computing
Fixed Costs
(CapEx)
Costs
Variable Costs
(OpEx)
Users
Pros and Cons
Cloud Computing Security
A Cloud Technology Reference Model
Your Application
Testing, Monitoring, Diagnostics and Verification
Governance
Architectural Views
Your
Problem
Life Cycle
(Birth, Growth, Failure, Recovery, Death)
Web of Metadata
Categories, Capabilities, Configuration and Dependencies
Resource Management
Basic Monitoring
Facilities & Logistics
Element Management
(Split Responsibility)
Their
Problem
Software & Hardware Infrastructure
Software as a Service
Application
Application
Server
Middleware
Database
Operating System
Hypervisor
CPU
Networking
Storage
YOUR DATA
Backup
Datacenter (Power, Cooling, Physical Security)
Your Problem
Their Problem
Platform as a Service
Your Application
Application
Server
Middleware
Database
Operating System
Hypervisor
CPU
Networking
Storage
Backup
Datacenter (Power, Cooling, Physical Security)
Your Problem
Their Problem
Infrastructure as a Service
Your Application
Your
Application
Server
Your
Middleware
Your
Database
Your Operating System
Hypervisor
CPU
Networking
Storage
Backup
Datacenter (Power, Cooling, Physical Security)
Your Problem
Their Problem
Security Issues
Overview
Selected Issues
Encryption & Key Management
Encryption on Storage
Storage
Encryption on Transmission
Key Management
Internet
Case Study
Amazon Web Services (AWS)
AWS Registration and Security
X.509 Certificate
Multi-Factor Authentication
AWS Multi-Factor Authentication (AWS MFA)
Request Authentication
with HMAC-SHA1 (1)
Request Authentication
with HMAC-SHA1 (2)
HMAC-SHA1
Summary & Predictions
.. We think everyone on the planet deserves to have their own
virtual data center in the cloud ..
- Lew Tucker
..Cloud Computing Will Be As Influential As E-business..
- Gartner
.. one of the most important transformations the federal
government will go through in the next decade ..
- Obama’s TIGR Team
.. Who knew that the concept of security in cloud computing was
even possible to imagine?..
- Scott Bradner
Thank You