2. Cloud Computing
Cloud computing involves distributed computing over
a network, where a program or application may run on
many connected computers at the same time.
It has been considered as one of the most promising
solutions to our increasing demand for accessing and
using resources provisioned over the Internet.
The concept of this new trend originated in 1960 was
used by telecommunication companies
3. A study by Gartner considered Cloud Computing as the
first among the top 10 most important technologies.
Cloud computing exhibits the following key
characteristics.
a. Broad Network Access
b. Rapid Elasticity
c. Measured Service
d. On demand self service
e. Resource Pooling
4. Service Delivery Model
Cloud Software as a Service(SaaS): SaaS also referred as "on-
demand software" is a software delivery model in which software
and associated data are centrally hosted in the cloud.
Cloud Platform as a Service(PaaS): PaaS is a cloud computing
service providing computing platform and solution stack s a service. It
provides capability to consumer to deploy onto the cloud
infrastructure.
Cloud Infrastructure as a Service(IaaS): IaaS service model
provides the consumer the efficiency to provision storage, network,
processing and other computing resources
5. Cloud Deployed models
Public Cloud: In this type of cloud, the cloud infrastructure is
managed by an organization selling cloud services. Various service
providers like Amazon, Microsoft, Google own all infrastructure at
their data centre. Public cloud services may be free or offered on a pay
per-usage model.
Private Cloud: In this type of cloud the infrastructure is available
only to specific customer and placed within the internal data center of
an organization. It is managed either by an organization itself or third
party service provider.
6. Community Cloud: This type of cloud infrastructure is
controlled and shared by various organizations from the same
community with common community concerns.
Hybrid Cloud: The cloud infrastructure is a mixture of two or
more clouds either public, private or community that are
managed centrally and circumscribed by a secure network. It
allows multiple entities to access the cloud through Internet in
a secure way than public clouds.
8. Cloud Computing Security
Scenario
The fame of cloud computing is due to the fact that many enterprise
applications and data are moving towards cloud platforms but lack of
security is the major obstacle for cloud adoption.
According to a recent survey by International Data Corporation (IDC)
87.5 % of the masses belonging to varied levels starting from IT
executives to CEOs have said that security is the top most challenge to
be dealt with in every cloud service. Security is the primary concern
and the greatest inhibitor in cloud computing.
9. VARIOUS THREATS
Threat is a potential cause of an incident, that may result in harm of
systems and organization. Following are the threats that illustrate
possibility of compromising an entire cloud network.
1.Abuse of cloud computing: This threat is related to shortcomings of
registration process associated with cloud. Examples includes
Info Stealer Trojan horses and downloads for Microsoft Office and
Adobe PDF exploits.
2. Insecure interfaces and API: Sometimes in cloud the information
that is not deleted could reside in insecure locations which may cause
inconsistency. Examples including flexible access controls ad improper
authorizations, limited monitoring and logging capabilities
10. Continued….
3. Data Loss or Leakage: Threats related to data loss or
leakage depends upon how data is organized or structured.
Following terms that should keep in mind while protecting
data from any loss or leakage.
The data of organizations should reside in servers of other
nations.
Unauthorized parties must be prevented from gaining access
to sensitive data.
The data retained on Cloud provider should reside on
provider's server for the same duration even after it has been
deleted by client.
Examples are insufficient client authentication, authorization
and audit controls (AAA)
11. Continued..
4. Malevolence: This threat originates due to lack of transparency into
provider's process and procedures. If the factors affecting hiring of new
employee are not considered it may provide opportunity to adversary to
harvest confidential data or gain complete control over the cloud services
with little or no risk of detection.
5. Virtualization threats: It introduces some kind of risks to its applications:
Dependency on Secure Hypervisor: The security can be
breached here as all the information is stored with a common storage
system. By gaining access to this information, adversary can launch
many attacks like VM Hijack attack.
12. RISKS INVOLVED
Risk is an expose to danger, harm, or loss. Their are
certain risks in residing data at providers
infrastructure which are as follows:
Shared Access
Vulnerabilities
Virtual Exploits
Authentication, Authorization & Access Control
Availability
Ownership
13. Service & Security Offerings and
Compliance
Google apps & Google Engine
Amazon Web Services
14.
15. Google Apps & Google
Engine
Google Apps is a service from Google that
provides independently customizable versions
of several Google products using a domain
name provided by the customer.
Features several Web applications with similar
functionality including Gmail, Google Calendar,
Docs, Drive, Groups, News, Play, Sites, Talk.
Google Apps has passed FISMA certification
meaning that they are compliant with federal law
for holding data for government agencies.
16. Google Apps controls &
Protocols
Logical security
Privacy
Data center physical security
Incident management and availability
Change management
Organization and administration
17. Two factor authentication
First Step: login using the username and
password. This is an application of the
knowledge factor.
Implementation of second step:
Phone's IMEI International Mobile Station
Equipement Identity
Access to their services is HTTPS enabled so
data can be protected in transit.
18. Continued…
Data stored on Google’s servers is replicated
to several data centers so even a major outage
to a data center does not destroy the data.
Google also performs internal audits of their
application code, as well as having external
audits.
Physical access to data centers is restricted to
an as-needed basis and the data centers
themselves have network and power
redundancies.
21. Control Environment
Amazon Web Services abbreviated as AWS is
a collection of remote computing services that
together make up a cloud computing platform.
Amazon Elastic compute cloud is meant for
providing a complete rented computer that can
be used by users for its computer utility.
Goal is to protect data against unauthorized
systems or users and to provide Amazon EC2
instances
23. Multiple levels of security
Host Operating system
Guest Operating system
Firewall
24. Services
Well known services are Amazon EC2, S3 and
Amazon SimpleDB
Elastic Compute Cloud(EC2): It provides a virtual
rented computer with the help of Xen.
Simple Storage Service: It provides storage to
various applications so that users can do
computations and developments onto that space
and store them for further use.
Amazon Virtual Private Cloud: It creates a
logically isolated set of Amazon EC2 instances
which can be connected to an existing network
using a VPN connection.
25. Hypervisor
It is conceptually one level higher than a
supervisory program.
The hypervisor presents to the guest operating
systems a virtual operating platform and manages
the execution of the guest operating systems.
Multiple instances of a variety of operating
systems may share the virtualized hardware
resources
Amazon EC2 currently utilizes a highly
customized version of the Xen hypervisor, taking
advantage of paravirtualization
26. Instance Isolation
Different instances running on the same
physical machine are isolated from each other
via the Xen hypervisor.
AWS firewall resides within the hypervisor
layer, between the physical network interface
and the instance's virtual interface
All packets must pass through this layer, thus
an instances neighbors have no more access
to that instance
29. Conclusion & Future Scope
The classification of various threats discussed
in this paper helps the cloud users to make out
proper choice and also help cloud providers to
handle such threats efficiently.
Various Cloud Providers like Amazon, Google
& Windows Azure are liable to users in their
services.
The future work done by authors would
comprise developing a model to detect and
prevent the most common Virtualization
related threats various risks.