3. Possible attack in every
services;
interruption, interception, mod
ification, fabrication
Insecure
cloud
services
Insecure
Secure cloud
cloud
services
services
4. Confidentiality
• Access to data must be protected from
unauthorized entity
• Cloud computing susceptibe to
– Interception
– Data archived in unknown places (must trust
service providers’ personnels)
– Traffic analysis leading to business intelligence
5. Confidentiality (cont.)
• Protected by cryptography
– End-to-end encryption
– Encrypted pipe (difficult in cloud because we
don’t have control over pipes)
– Does not work if cloud needs data to process.
How to distribute keys?
– Can we protect data from provider’s admin?
• Granular encryption?
7. process?
Message encrypted at the
origin and decrypted in the
receiving end.
But, what if cloud needs
data to process? Data must
be decrypted in cloud.
8. Integrity
• Data must not be
changed, modified, tampered by
unauthorized entity
• Must protect data by by digital
signature, message authenticated code
(MAC), hashing function
– Attached as part of message(s)
– Granularity?
10. Availability
• Make sure that data is available when
needed
• Centralized (cloud) services means
putting everything in one basket
– One service provider
– One type of operating system
– Easier to manage, but concentration of risks
11. Availability
• Possible attack
– Interruption, Denial of Service (DoS)
– But, adversary’s attack may be reduced through
black box and layering approach
• Best effort is not good enough. Quality of
Service (QoS) must be guaranteed
12. Availability (cont.)
• Improving availability
– (Network) redundancy
– Backup, data recovery
– Business continuity
– Business partner redundancy?
13. Concluding Remarks
• Security (trust) is still an issue for cloud
computing
• If cloud computing is cheaper, then
unfortunately people will use it (regardless
of security problems)
• Partial solutions (perhaps not elegant) are
available
• The devils are in details