SlideShare a Scribd company logo

Secure Cloud Issues

Download as PPTX, PDF
D
Devyani Vaidya

this ppt gives you basic information about Securiy Issues in Cloud computing

Education
1 of 24
Security Issues in Cloud Computin g Ms.Devyani Bharat Vaidya Polytechnic student
Talk Objectives • Present cloud issues/characteristics that cr eate interesting security problems • Identify a few security issues within this fra mework • Propose some approaches to addressing t hese issues – Preliminary ideas to think about
Cloud Computing Background • Features – Use of internet-based services to support business process – Rent IT-services on a utility-like basis • Attributes – Rapid deployment – Low startup costs/ capital investments – Costs based on usage or subscription – Multi-tenant sharing of services/ resources • Essential characteristics – On demand self-service – Ubiquitous network access – Location independent resource pooling – Rapid elasticity – Measured service • “Cloud computing is a compilation of existing techniques and technologies, packaged within a new infrastructure paradigm that offers improved scalabili ty, elasticity, business agility, faster startup time, reduced management cost s, and just-in-time availability of resources” Source: NIST
Cloud Models • Delivery Models – SaaS – PaaS – IaaS • Deployment Models – Private cloud – Community cloud – Public cloud – Hybrid cloud • We propose one more Model: Management Models (trus t and tenancy issues) – Self-managed – 3rd party managed (e.g. public clouds and VPC) Source: NIST
Cloud Computing: A Massive Concentration of Resources • Also a massive concentration of risk – expected loss from a single breach can be signific antly larger – concentration of “users” represents a concentratio n of threats • “Ultimately, you can outsource responsibility but you can’t outsource accountability.” From John McDermott, ACSAC 09
Cloud Computing: who should us e it? • Cloud computing definitely makes sense if your ow n security is weak, missing features, or below avera ge. • Ultimately, if – the cloud provider’s security people are “better” than your s (and leveraged at least as efficiently), – the web-services interfaces don’t introduce too many new vulnerabilities, and – the cloud provider aims at least as high as you do, at secu rity goals, then cloud computing has better security. From John McDermott, ACSAC 09
Problems Associated with Cloud C omputing • Most security problems stem from: – Loss of control – Lack of trust (mechanisms) – Multi-tenancy • These problems exist mainly in 3rd party manage ment models – Self-managed clouds still have security issues, but no t related to above
Loss of Control in the Cloud • Consumer’s loss of control – Data, applications, resources are located with provide r – User identity management is handled by the cloud – User access control rules, security policies and enforc ement are managed by the cloud provider – Consumer relies on provider to ensure • Data security and privacy • Resource availability • Monitoring and repairing of services/resources
Lack of Trust in the Cloud • A brief deviation from the talk – (But still related) – Trusting a third party requires taking risks • Defining trust and risk – Opposite sides of the same coin (J. Camp) – People only trust when it pays (Economist’s view) – Need for trust arises only in risky situations • Defunct third party management schemes – Hard to balance trust and risk – e.g. Key Escrow (Clipper chip) – Is the cloud headed toward the same path?
Multi-tenancy Issues in the Cloud • Conflict between tenants’ opposing goals – Tenants share a pool of resources and have opposing goals • How does multi-tenancy deal with conflict of inter est? – Can tenants get along together and ‘play nicely’ ? – If they can’t, can we isolate them? • How to provide separation between tenants?
Security Issues in the Cloud • In theory, minimizing any of the issues would help: – Loss of Control • Take back control – Data and apps may still need to be on the cloud – But can they be managed in some way by the consumer? – Lack of trust • Increase trust (mechanisms) – Technology – Policy, regulation – Contracts (incentives): topic of a future talk – Multi-tenancy • Private cloud – Takes away the reasons to use a cloud in the first place • VPC: its still not a separate system • Strong separation
Minimize Lack of Trust: Policy Lang uage • Consumers have specific security needs but don’t have a say-so in how th ey are handled – What the heck is the provider doing for me? – Currently consumers cannot dictate their requirements to the provider (SLAs are one-sided) • Standard language to convey one’s policies and expectations – Agreed upon and upheld by both parties – Standard language for representing SLAs – Can be used in a intra-cloud environment to realize overarching security posture • Create policy language with the following characteristics: – Machine-understandable (or at least processable), – Easy to combine/merge and compare – Examples of policy statements are, “requires isolation between VMs”, “requires g eographical isolation between VMs”, “requires physical separation between other communities/tenants that are in the same industry,” etc. – Need a validation tool to check that the policy created in the standard language c orrectly reflects the policy creator’s intentions (i.e. that the policy language is sem antically equivalent to the user’s intentions).
Minimize Lack of Trust: Certificatio n • Certification – Some form of reputable, independent, comparable as sessment and description of security features and ass urance – Sarbanes-Oxley, DIACAP, DISTCAP, etc (are they su fficient for a cloud environment?) • Risk assessment – Performed by certified third parties – Provides consumers with additional assurance
Minimize Loss of Control in the Clo ud • Monitoring • Utilizing different clouds • Access control management
Minimize Loss of Control: Monitorin g • Cloud consumer needs situational awareness for critical applications – When underlying components fail, what is the effect of the failure to the mission l ogic – What recovery measures can be taken (by provider and consumer) • Requires an application-specific run-time monitoring and management tool f or the consumer – The cloud consumer and cloud provider have different views of the system – Enable both the provider and tenants to monitor the the components in the cloud that are under their control – Provide mechanisms that enable the provider to act on attacks he can handle. • infrastructure remapping (create new or move existing fault domains) • shutting down offending components or targets (and assisting tenants with porting if nec essary • Repairs – Provide mechanisms that enable the consumer to act on attacks that he can han dle (application-level monitoring). • RAdAC (Risk-adaptable Access Control) • VM porting with remote attestation of target physical host • Provide ability to move the user’s application to another cloud
Minimize Loss of Control: Utilize Dif ferent Clouds • The concept of ‘Don’t put all your eggs in one basket’ – Consumer may use services from different clouds through an intr a-cloud or multi-cloud architecture – Propose a multi-cloud or intra-cloud architecture in which consu mers • Spread the risk • Increase redundancy (per-task or per-application) • Increase chance of mission completion for critical applications – Possible issues to consider: • Policy incompatibility (combined, what is the overarching policy?) • Data dependency between clouds • Differing data semantics across clouds • Knowing when to utilize the redundancy feature (monitoring technol ogy) • Is it worth it to spread your sensitive data across multiple clouds? – Redundancy could increase risk of exposure
Minimize Loss of Control: Access C ontrol • Many possible layers of access control – E.g. access to the cloud, access to servers, access to services, access to databases (direct and queries via web services), access to VMs, and access to objects within a VM – Depending on the deployment model used, some of these will be controlled by the provider a nd others by the consumer • Regardless of deployment model, provider needs to manage the user authentication and access control procedures (to the cloud) – Federated Identity Management: access control management burden still lies with the provid er – Requires user to place a large amount of trust on the provider in terms of security, managem ent, and maintenance of access control policies. This can be burdensome when numerous u sers from different organizations with different access control policies, are involved • Consumer-managed access control – Consumer retains decision-making process to retain some control, requiring less trust of the provider (i.e. PDP is in consumer’s domain) – Requires the client and provider to have a pre-existing trust relationship, as well as a pre-neg otiated standard way of describing resources, users, and access decisions between the clou d provider and consumer. It also needs to be able to guarantee that the provider will uphold t he consumer-side’s access decisions. – Should be at least as secure as the traditional access control model. – Facebook and Google Apps do this to some degree, but not enough control – Applicability to privacy of patient health records
PEP (intercepts all resource access requests from all client domains) PDP for cloud resource on Domain A Cloud Consumer in Domain B ACM (XACML policies) . . . resources Cloud Provider in Domain A IDP 1. Authn request 2. SAML Assertion 3. Resource request (XACML Request) + SAML assertion 4. Redirect to domain of resource owner 7. Send signed and encrypted ticket 5. Retrieve policy for specified resource 6. Determine whether user can access specified resource 7. Create ticket for grant/deny 8. Decrypt and verify signature 9. Retrieve capability from ticket 10. Grant or deny access based on capability Minimize Loss of Control: Access C ontrol
Minimize Multi-tenancy in the Cloud • Can’t really force the provider to accept less te nants – Can try to increase isolation between tenants • Strong isolation techniques (VPC to some degree) – C.f. VM Side channel attacks (T. Ristenpart et al.) • QoS requirements need to be met • Policy specification – Can try to increase trust in the tenants • Who’s the insider, where’s the security boundary? Who can I trust? • Use SLAs to enforce trusted behavior
Last Thoughts: Local Host Security • Are local host machines part of the cloud infrastructure? – Outside the security perimeter – While cloud consumers worry about the security on the cloud provider’s site, they may easily forget to harden their own machines • The lack of security of local devices can – Provide a way for malicious services on the cloud to attack local networks through these term inal devices – Compromise the cloud and its resources for other users • With mobile devices, the threat may be even stronger – Users misplace or have the device stolen from them – Security mechanisms on handheld gadgets are often times insufficient compared to say, a de sktop computer – Provides a potential attacker an easy avenue into a cloud system. – If a user relies mainly on a mobile device to access cloud data, the threat to availability is als o increased as mobile devices malfunction or are lost • Devices that access the cloud should have – Strong authentication mechanisms – Tamper-resistant mechanisms – Strong isolation between applications – Methods to trust the OS – Cryptographic functionality when traffic confidentiality is required
Conclusion • Cloud computing is sometimes viewed as a reincarnation of the classic mainframe client-server model – However, resources are ubiquitous, scalable, highly virtualized – Contains all the traditional threats, as well as new ones • In developing solutions to cloud computing security issue s it may be helpful to identify the problems and approach es in terms of – Loss of control – Lack of trust – Multi-tenancy problems
References 1. NIST (Authors: P. Mell and T. Grance), "The NIST Definition of Cl oud Computing (ver. 15)," National Institute of Standards and Tec hnology, Information Technology Laboratory (October 7 2009). 2. J. McDermott, (2009) "Security Requirements for Virtualization in Cloud Computing," presented at the ACSAC Cloud Security Work shop, Honolulu, Hawaii, USA, 2009. 3. J. Camp. (2001), “Trust and Risk in Internet Commerce,” MIT P ress 4. T. Ristenpart et al. (2009) “Hey You Get Off My Cloud,” Procee dings of the 16th ACM conference on Computer and communicati ons security, Chicago, Illinois, USA
References for Cloud Security • M. Armbrust, et al., "Above the Clouds: A Berkeley View of Cloud Computing," UC Be rkeley Reliable Adaptive Distributed Systems LaboratoryFebruary 10 2009. • Cloud Security Alliance, "Security Guidance for Critical Areas of Focus in Cloud Com puting, ver. 2.1," 2009. • M. Jensen, et al., "On Technical Security Issues in Cloud Computing," presented at th e 2009 IEEE International Conference on Cloud Computing, Bangalore, India 2009. • P. Mell and T. Grance, "Effectively and Securely Using the Cloud Computing Paradig m," ed: National Institute of Standards and Technology, Information Technology Labo ratory, 2009. • N. Santos, et al., "Towards Trusted Cloud Computing," in Usenix 09 Hot Cloud Works hop, San Diego, CA, 2009. • R. G. Lennon, et al., "Best practices in cloud computing: designing for the cloud," pre sented at the Proceeding of the 24th ACM SIGPLAN conference companion on Obje ct oriented programming systems languages and applications, Orlando, Florida, USA, 2009. • P. Mell and T. Grance, "The NIST Definition of Cloud Computing (ver. 15)," National I nstitute of Standards and Technology, Information Technology LaboratoryOctober 7 2 009. • C. Cachin, et al., "Trusting the cloud," SIGACT News, vol. 40, pp. 81-86, 2009. • J. Heiser and M. Nicolett, "Assessing the Security Risks of Cloud Computing," Gartne r 2008. • A. Joch. (2009, June 18) Cloud Computing: Is It Secure Enough? Federal Computer Week.
Questions?

Recommended

Unit5
Unit5Unit5
Unit5Integral university, India
 
Cloud resilience, provisioning
Cloud resilience, provisioning Cloud resilience, provisioning
Cloud resilience, provisioning Integral university, India
 
Week 3 lecture material cc
Week 3 lecture material ccWeek 3 lecture material cc
Week 3 lecture material ccAnkit Gupta
 
Unit5 Cloud Federation,
Unit5 Cloud Federation,Unit5 Cloud Federation,
Unit5 Cloud Federation,Integral university, India
 
G0314043
G0314043G0314043
G0314043iosrjournals
 
Securing Apps & Data in the Cloud by Spyders & Netskope
Securing Apps & Data in the Cloud by Spyders & NetskopeSecuring Apps & Data in the Cloud by Spyders & Netskope
Securing Apps & Data in the Cloud by Spyders & NetskopeAhmad Abdalla
 
Cloud complete
Cloud completeCloud complete
Cloud completeNavriti
 
Securing Apps and Data in the Cloud - July 23 2014 Toronto Board of Trade
Securing Apps and Data in the Cloud - July 23 2014 Toronto Board of TradeSecuring Apps and Data in the Cloud - July 23 2014 Toronto Board of Trade
Securing Apps and Data in the Cloud - July 23 2014 Toronto Board of TradeLisa Abe-Oldenburg, B.Comm., JD.
 

Recommended

Unit5
Unit5Unit5
Unit5Integral university, India
 
Cloud resilience, provisioning
Cloud resilience, provisioning Cloud resilience, provisioning
Cloud resilience, provisioning Integral university, India
 
Week 3 lecture material cc
Week 3 lecture material ccWeek 3 lecture material cc
Week 3 lecture material ccAnkit Gupta
 
Unit5 Cloud Federation,
Unit5 Cloud Federation,Unit5 Cloud Federation,
Unit5 Cloud Federation,Integral university, India
 
G0314043
G0314043G0314043
G0314043iosrjournals
 
Securing Apps & Data in the Cloud by Spyders & Netskope
Securing Apps & Data in the Cloud by Spyders & NetskopeSecuring Apps & Data in the Cloud by Spyders & Netskope
Securing Apps & Data in the Cloud by Spyders & NetskopeAhmad Abdalla
 
Cloud complete
Cloud completeCloud complete
Cloud completeNavriti
 
Securing Apps and Data in the Cloud - July 23 2014 Toronto Board of Trade
Securing Apps and Data in the Cloud - July 23 2014 Toronto Board of TradeSecuring Apps and Data in the Cloud - July 23 2014 Toronto Board of Trade
Securing Apps and Data in the Cloud - July 23 2014 Toronto Board of TradeLisa Abe-Oldenburg, B.Comm., JD.
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityNithin Raj
 
Security issue in Cloud computing
Security issue in Cloud computingSecurity issue in Cloud computing
Security issue in Cloud computingSeema Kumari
 
Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...
Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...
Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...sadique_ghitm
 
Migrating To Cloud & Security @ FOBE 2011
Migrating To Cloud & Security @ FOBE 2011Migrating To Cloud & Security @ FOBE 2011
Migrating To Cloud & Security @ FOBE 2011commandersaini
 
Cloud bursting methodology
Cloud bursting methodologyCloud bursting methodology
Cloud bursting methodologyJonathan Spindel
 
Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computingAbhishek Kumar Sinha
 
Unit 5
Unit 5Unit 5
Unit 5DhanalakshmiVelusamy1
 
Cloud computing security
Cloud computing securityCloud computing security
Cloud computing securityAntonio Sanz Alcober
 
Lecture26 cc-security1
Lecture26 cc-security1Lecture26 cc-security1
Lecture26 cc-security1Ankit Gupta
 
Cloud Computing security Challenges for Defense Forces
Cloud Computing security Challenges for Defense ForcesCloud Computing security Challenges for Defense Forces
Cloud Computing security Challenges for Defense Forcescommandersaini
 
Cloud Cmputing Security
Cloud Cmputing SecurityCloud Cmputing Security
Cloud Cmputing SecurityDevyani Vaidya
 
Cloud Computing Security Issues
Cloud Computing Security IssuesCloud Computing Security Issues
Cloud Computing Security IssuesStelios Krasadakis
 
Mohammed Al Mulla - Best practices to secure working environments
Mohammed Al Mulla - Best practices to secure working environmentsMohammed Al Mulla - Best practices to secure working environments
Mohammed Al Mulla - Best practices to secure working environmentsnooralmousa
 
Security issues in cloud database
Security issues in cloud database Security issues in cloud database
Security issues in cloud database أحلام انصارى
 
Cloud computing Risk management
Cloud computing Risk management Cloud computing Risk management
Cloud computing Risk management Padma Jella
 
Gary Homeland Security Presentation 102114
Gary Homeland Security Presentation 102114Gary Homeland Security Presentation 102114
Gary Homeland Security Presentation 102114Gary Dischner
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDSweta Kumari Barnwal
 
Ibm marketing cloud social advertising oct 2016 summary
Ibm marketing cloud social advertising oct 2016 summaryIbm marketing cloud social advertising oct 2016 summary
Ibm marketing cloud social advertising oct 2016 summaryNimesh Bhatia
 
Wireless mobile charging using microwaves
Wireless mobile charging using microwavesWireless mobile charging using microwaves
Wireless mobile charging using microwavesDevyani Vaidya
 
Ppt on open and close door using Applet
Ppt on open and close door using Applet Ppt on open and close door using Applet
Ppt on open and close door using Applet Devyani Vaidya
 
Fuels Saver System
Fuels Saver SystemFuels Saver System
Fuels Saver SystemDevyani Vaidya
 
secued cloud
secued cloud secued cloud
secued cloudDevyani Vaidya
 

More Related Content

What's hot

Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityNithin Raj
 
Security issue in Cloud computing
Security issue in Cloud computingSecurity issue in Cloud computing
Security issue in Cloud computingSeema Kumari
 
Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...
Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...
Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...sadique_ghitm
 
Migrating To Cloud & Security @ FOBE 2011
Migrating To Cloud & Security @ FOBE 2011Migrating To Cloud & Security @ FOBE 2011
Migrating To Cloud & Security @ FOBE 2011commandersaini
 
Cloud bursting methodology
Cloud bursting methodologyCloud bursting methodology
Cloud bursting methodologyJonathan Spindel
 
Lecture26 cc-security1
Lecture26 cc-security1Lecture26 cc-security1
Lecture26 cc-security1Ankit Gupta
 
Cloud Computing security Challenges for Defense Forces
Cloud Computing security Challenges for Defense ForcesCloud Computing security Challenges for Defense Forces
Cloud Computing security Challenges for Defense Forcescommandersaini
 
Cloud Cmputing Security
Cloud Cmputing SecurityCloud Cmputing Security
Cloud Cmputing SecurityDevyani Vaidya
 
Cloud Computing Security Issues
Cloud Computing Security IssuesCloud Computing Security Issues
Cloud Computing Security IssuesStelios Krasadakis
 
Mohammed Al Mulla - Best practices to secure working environments
Mohammed Al Mulla - Best practices to secure working environmentsMohammed Al Mulla - Best practices to secure working environments
Mohammed Al Mulla - Best practices to secure working environmentsnooralmousa
 
Cloud computing Risk management
Cloud computing Risk management Cloud computing Risk management
Cloud computing Risk management Padma Jella
 
Gary Homeland Security Presentation 102114
Gary Homeland Security Presentation 102114Gary Homeland Security Presentation 102114
Gary Homeland Security Presentation 102114Gary Dischner
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDSweta Kumari Barnwal
 

What's hot (17)

Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Security issue in Cloud computing
Security issue in Cloud computingSecurity issue in Cloud computing
Security issue in Cloud computing
 
Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...
Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...
Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...
 
Migrating To Cloud & Security @ FOBE 2011
Migrating To Cloud & Security @ FOBE 2011Migrating To Cloud & Security @ FOBE 2011
Migrating To Cloud & Security @ FOBE 2011
 
Cloud bursting methodology
Cloud bursting methodologyCloud bursting methodology
Cloud bursting methodology
 
Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computing
 
Unit 5
Unit 5Unit 5
Unit 5
 
Cloud computing security
Cloud computing securityCloud computing security
Cloud computing security
 
Lecture26 cc-security1
Lecture26 cc-security1Lecture26 cc-security1
Lecture26 cc-security1
 
Cloud Computing security Challenges for Defense Forces
Cloud Computing security Challenges for Defense ForcesCloud Computing security Challenges for Defense Forces
Cloud Computing security Challenges for Defense Forces
 
Cloud Cmputing Security
Cloud Cmputing SecurityCloud Cmputing Security
Cloud Cmputing Security
 
Cloud Computing Security Issues
Cloud Computing Security IssuesCloud Computing Security Issues
Cloud Computing Security Issues
 
Mohammed Al Mulla - Best practices to secure working environments
Mohammed Al Mulla - Best practices to secure working environmentsMohammed Al Mulla - Best practices to secure working environments
Mohammed Al Mulla - Best practices to secure working environments
 
Security issues in cloud database
Security issues in cloud database Security issues in cloud database
Security issues in cloud database
 
Cloud computing Risk management
Cloud computing Risk management Cloud computing Risk management
Cloud computing Risk management
 
Gary Homeland Security Presentation 102114
Gary Homeland Security Presentation 102114Gary Homeland Security Presentation 102114
Gary Homeland Security Presentation 102114
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUD
 

Viewers also liked

Ibm marketing cloud social advertising oct 2016 summary
Ibm marketing cloud social advertising oct 2016 summaryIbm marketing cloud social advertising oct 2016 summary
Ibm marketing cloud social advertising oct 2016 summaryNimesh Bhatia
 
Wireless mobile charging using microwaves
Wireless mobile charging using microwavesWireless mobile charging using microwaves
Wireless mobile charging using microwavesDevyani Vaidya
 
Ppt on open and close door using Applet
Ppt on open and close door using Applet Ppt on open and close door using Applet
Ppt on open and close door using Applet Devyani Vaidya
 
Ppt on use of biomatrix in secure e trasaction
Ppt on use of biomatrix in secure e trasactionPpt on use of biomatrix in secure e trasaction
Ppt on use of biomatrix in secure e trasactionDevyani Vaidya
 
Table of contents blue brain
Table of contents blue brainTable of contents blue brain
Table of contents blue brainkoustuba
 
Wireless Charging Of Mobile
Wireless Charging Of Mobile Wireless Charging Of Mobile
Wireless Charging Of Mobile Devyani Vaidya
 
Seminar on telephone directory
Seminar on telephone directorySeminar on telephone directory
Seminar on telephone directoryDevyani Vaidya
 
Energy Harvesing Through Reverse Electrowetting
Energy Harvesing Through Reverse Electrowetting Energy Harvesing Through Reverse Electrowetting
Energy Harvesing Through Reverse Electrowetting Devyani Vaidya
 

Viewers also liked (20)

Ibm marketing cloud social advertising oct 2016 summary
Ibm marketing cloud social advertising oct 2016 summaryIbm marketing cloud social advertising oct 2016 summary
Ibm marketing cloud social advertising oct 2016 summary
 
Wireless mobile charging using microwaves
Wireless mobile charging using microwavesWireless mobile charging using microwaves
Wireless mobile charging using microwaves
 
Ppt on open and close door using Applet
Ppt on open and close door using Applet Ppt on open and close door using Applet
Ppt on open and close door using Applet
 
Fuels Saver System
Fuels Saver SystemFuels Saver System
Fuels Saver System
 
secued cloud
secued cloud secued cloud
secued cloud
 
Ppt on use of biomatrix in secure e trasaction
Ppt on use of biomatrix in secure e trasactionPpt on use of biomatrix in secure e trasaction
Ppt on use of biomatrix in secure e trasaction
 
Data As A Service
Data As A ServiceData As A Service
Data As A Service
 
Wireless network
Wireless networkWireless network
Wireless network
 
Secued Cloud
Secued Cloud Secued Cloud
Secued Cloud
 
Digital Locker
Digital LockerDigital Locker
Digital Locker
 
Table of contents blue brain
Table of contents blue brainTable of contents blue brain
Table of contents blue brain
 
Wireless Charging Of Mobile
Wireless Charging Of Mobile Wireless Charging Of Mobile
Wireless Charging Of Mobile
 
Environmental law
Environmental lawEnvironmental law
Environmental law
 
Data warehousing
Data warehousingData warehousing
Data warehousing
 
Resource management
Resource managementResource management
Resource management
 
History of Laptop
History of LaptopHistory of Laptop
History of Laptop
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Seminar on telephone directory
Seminar on telephone directorySeminar on telephone directory
Seminar on telephone directory
 
Energy Harvesing Through Reverse Electrowetting
Energy Harvesing Through Reverse Electrowetting Energy Harvesing Through Reverse Electrowetting
Energy Harvesing Through Reverse Electrowetting
 
Applet programming
Applet programming Applet programming
Applet programming
 

Similar to Secure Cloud Issues

Anya-Kim-Bhargava-MCCWorkshop.ppt
Anya-Kim-Bhargava-MCCWorkshop.pptAnya-Kim-Bhargava-MCCWorkshop.ppt
Anya-Kim-Bhargava-MCCWorkshop.pptTaskinKhaleque
 
Security issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwariSecurity issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwaribhanu krishna
 
cloud-complete.ppt
cloud-complete.pptcloud-complete.ppt
cloud-complete.pptssuser3be95f
 
cloud-complete.ppt
cloud-complete.pptcloud-complete.ppt
cloud-complete.pptSameer Ali
 
cloud-complete power point presentation for digital signature
cloud-complete power point presentation for digital signaturecloud-complete power point presentation for digital signature
cloud-complete power point presentation for digital signatureArunsunaiComputer
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantageMoshe Ferber
 
Secure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your DataSecure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your DataGreat Wide Open
 
Cloud Computing basic concept to understand
Cloud Computing basic concept to understandCloud Computing basic concept to understand
Cloud Computing basic concept to understandRahulBhole12
 
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpointCloudPassage
 
12-cloud-security.ppt
12-cloud-security.ppt12-cloud-security.ppt
12-cloud-security.pptchelsi33
 
The most trusted, proven enterprise-class Cloud:Closer than you think
The most trusted, proven enterprise-class Cloud:Closer than you think The most trusted, proven enterprise-class Cloud:Closer than you think
The most trusted, proven enterprise-class Cloud:Closer than you think Uni Systems S.M.S.A.
 
The wonders of Cloud Computing.pptx
The wonders of Cloud Computing.pptxThe wonders of Cloud Computing.pptx
The wonders of Cloud Computing.pptxOmSatpathy
 
Cloud computing explained
Cloud computing explained Cloud computing explained
Cloud computing explained Juan Pablo
 
Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxLokNathRegmi1
 

Similar to Secure Cloud Issues (20)

Anya-Kim-Bhargava-MCCWorkshop.ppt
Anya-Kim-Bhargava-MCCWorkshop.pptAnya-Kim-Bhargava-MCCWorkshop.ppt
Anya-Kim-Bhargava-MCCWorkshop.ppt
 
Security issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwariSecurity issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwari
 
cloud-complete.ppt
cloud-complete.pptcloud-complete.ppt
cloud-complete.ppt
 
cloud-complete.ppt
cloud-complete.pptcloud-complete.ppt
cloud-complete.ppt
 
cloud-complete.ppt
cloud-complete.pptcloud-complete.ppt
cloud-complete.ppt
 
cloud-complete.ppt
cloud-complete.pptcloud-complete.ppt
cloud-complete.ppt
 
Cloud complete
Cloud completeCloud complete
Cloud complete
 
cloud-complete power point presentation for digital signature
cloud-complete power point presentation for digital signaturecloud-complete power point presentation for digital signature
cloud-complete power point presentation for digital signature
 
3.pptx
3.pptx3.pptx
3.pptx
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
 
Secure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your DataSecure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your Data
 
Cloud Computing basic concept to understand
Cloud Computing basic concept to understandCloud Computing basic concept to understand
Cloud Computing basic concept to understand
 
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpoint
 
12-cloud-security.ppt
12-cloud-security.ppt12-cloud-security.ppt
12-cloud-security.ppt
 
The most trusted, proven enterprise-class Cloud:Closer than you think
The most trusted, proven enterprise-class Cloud:Closer than you think The most trusted, proven enterprise-class Cloud:Closer than you think
The most trusted, proven enterprise-class Cloud:Closer than you think
 
cloud-complete.ppt
cloud-complete.pptcloud-complete.ppt
cloud-complete.ppt
 
The wonders of Cloud Computing.pptx
The wonders of Cloud Computing.pptxThe wonders of Cloud Computing.pptx
The wonders of Cloud Computing.pptx
 
Cloud computing explained
Cloud computing explained Cloud computing explained
Cloud computing explained
 
Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptx
 

More from Devyani Vaidya

Fundamental file structure concepts & managing files of records
Fundamental file structure concepts & managing files of recordsFundamental file structure concepts & managing files of records
Fundamental file structure concepts & managing files of recordsDevyani Vaidya
 
Cosequential processing and the sorting of large files
Cosequential processing and the sorting of large filesCosequential processing and the sorting of large files
Cosequential processing and the sorting of large filesDevyani Vaidya
 
Introduction to the design and specification of file structures
Introduction to the design and specification of file structuresIntroduction to the design and specification of file structures
Introduction to the design and specification of file structuresDevyani Vaidya
 
Bigtable a distributed storage system
Bigtable a distributed storage systemBigtable a distributed storage system
Bigtable a distributed storage systemDevyani Vaidya
 

More from Devyani Vaidya (10)

Hashing
HashingHashing
Hashing
 
Fundamental file structure concepts & managing files of records
Fundamental file structure concepts & managing files of recordsFundamental file structure concepts & managing files of records
Fundamental file structure concepts & managing files of records
 
Cosequential processing and the sorting of large files
Cosequential processing and the sorting of large filesCosequential processing and the sorting of large files
Cosequential processing and the sorting of large files
 
Introduction to the design and specification of file structures
Introduction to the design and specification of file structuresIntroduction to the design and specification of file structures
Introduction to the design and specification of file structures
 
Mobile Phone Cloning
Mobile Phone Cloning Mobile Phone Cloning
Mobile Phone Cloning
 
Barcode Technology
Barcode TechnologyBarcode Technology
Barcode Technology
 
3D- Doctor
3D- Doctor3D- Doctor
3D- Doctor
 
3D-Password
3D-Password 3D-Password
3D-Password
 
Cloud Security
Cloud Security Cloud Security
Cloud Security
 
Bigtable a distributed storage system
Bigtable a distributed storage systemBigtable a distributed storage system
Bigtable a distributed storage system
 

Recently uploaded

Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 

Recently uploaded (20)

Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 

Secure Cloud Issues

  • 1. Security Issues in Cloud Computin g Ms.Devyani Bharat Vaidya Polytechnic student
  • 2. Talk Objectives • Present cloud issues/characteristics that cr eate interesting security problems • Identify a few security issues within this fra mework • Propose some approaches to addressing t hese issues – Preliminary ideas to think about
  • 3. Cloud Computing Background • Features – Use of internet-based services to support business process – Rent IT-services on a utility-like basis • Attributes – Rapid deployment – Low startup costs/ capital investments – Costs based on usage or subscription – Multi-tenant sharing of services/ resources • Essential characteristics – On demand self-service – Ubiquitous network access – Location independent resource pooling – Rapid elasticity – Measured service • “Cloud computing is a compilation of existing techniques and technologies, packaged within a new infrastructure paradigm that offers improved scalabili ty, elasticity, business agility, faster startup time, reduced management cost s, and just-in-time availability of resources” Source: NIST
  • 4. Cloud Models • Delivery Models – SaaS – PaaS – IaaS • Deployment Models – Private cloud – Community cloud – Public cloud – Hybrid cloud • We propose one more Model: Management Models (trus t and tenancy issues) – Self-managed – 3rd party managed (e.g. public clouds and VPC) Source: NIST
  • 5. Cloud Computing: A Massive Concentration of Resources • Also a massive concentration of risk – expected loss from a single breach can be signific antly larger – concentration of “users” represents a concentratio n of threats • “Ultimately, you can outsource responsibility but you can’t outsource accountability.” From John McDermott, ACSAC 09
  • 6. Cloud Computing: who should us e it? • Cloud computing definitely makes sense if your ow n security is weak, missing features, or below avera ge. • Ultimately, if – the cloud provider’s security people are “better” than your s (and leveraged at least as efficiently), – the web-services interfaces don’t introduce too many new vulnerabilities, and – the cloud provider aims at least as high as you do, at secu rity goals, then cloud computing has better security. From John McDermott, ACSAC 09
  • 7. Problems Associated with Cloud C omputing • Most security problems stem from: – Loss of control – Lack of trust (mechanisms) – Multi-tenancy • These problems exist mainly in 3rd party manage ment models – Self-managed clouds still have security issues, but no t related to above
  • 8. Loss of Control in the Cloud • Consumer’s loss of control – Data, applications, resources are located with provide r – User identity management is handled by the cloud – User access control rules, security policies and enforc ement are managed by the cloud provider – Consumer relies on provider to ensure • Data security and privacy • Resource availability • Monitoring and repairing of services/resources
  • 9. Lack of Trust in the Cloud • A brief deviation from the talk – (But still related) – Trusting a third party requires taking risks • Defining trust and risk – Opposite sides of the same coin (J. Camp) – People only trust when it pays (Economist’s view) – Need for trust arises only in risky situations • Defunct third party management schemes – Hard to balance trust and risk – e.g. Key Escrow (Clipper chip) – Is the cloud headed toward the same path?
  • 10. Multi-tenancy Issues in the Cloud • Conflict between tenants’ opposing goals – Tenants share a pool of resources and have opposing goals • How does multi-tenancy deal with conflict of inter est? – Can tenants get along together and ‘play nicely’ ? – If they can’t, can we isolate them? • How to provide separation between tenants?
  • 11. Security Issues in the Cloud • In theory, minimizing any of the issues would help: – Loss of Control • Take back control – Data and apps may still need to be on the cloud – But can they be managed in some way by the consumer? – Lack of trust • Increase trust (mechanisms) – Technology – Policy, regulation – Contracts (incentives): topic of a future talk – Multi-tenancy • Private cloud – Takes away the reasons to use a cloud in the first place • VPC: its still not a separate system • Strong separation
  • 12. Minimize Lack of Trust: Policy Lang uage • Consumers have specific security needs but don’t have a say-so in how th ey are handled – What the heck is the provider doing for me? – Currently consumers cannot dictate their requirements to the provider (SLAs are one-sided) • Standard language to convey one’s policies and expectations – Agreed upon and upheld by both parties – Standard language for representing SLAs – Can be used in a intra-cloud environment to realize overarching security posture • Create policy language with the following characteristics: – Machine-understandable (or at least processable), – Easy to combine/merge and compare – Examples of policy statements are, “requires isolation between VMs”, “requires g eographical isolation between VMs”, “requires physical separation between other communities/tenants that are in the same industry,” etc. – Need a validation tool to check that the policy created in the standard language c orrectly reflects the policy creator’s intentions (i.e. that the policy language is sem antically equivalent to the user’s intentions).
  • 13. Minimize Lack of Trust: Certificatio n • Certification – Some form of reputable, independent, comparable as sessment and description of security features and ass urance – Sarbanes-Oxley, DIACAP, DISTCAP, etc (are they su fficient for a cloud environment?) • Risk assessment – Performed by certified third parties – Provides consumers with additional assurance
  • 14. Minimize Loss of Control in the Clo ud • Monitoring • Utilizing different clouds • Access control management
  • 15. Minimize Loss of Control: Monitorin g • Cloud consumer needs situational awareness for critical applications – When underlying components fail, what is the effect of the failure to the mission l ogic – What recovery measures can be taken (by provider and consumer) • Requires an application-specific run-time monitoring and management tool f or the consumer – The cloud consumer and cloud provider have different views of the system – Enable both the provider and tenants to monitor the the components in the cloud that are under their control – Provide mechanisms that enable the provider to act on attacks he can handle. • infrastructure remapping (create new or move existing fault domains) • shutting down offending components or targets (and assisting tenants with porting if nec essary • Repairs – Provide mechanisms that enable the consumer to act on attacks that he can han dle (application-level monitoring). • RAdAC (Risk-adaptable Access Control) • VM porting with remote attestation of target physical host • Provide ability to move the user’s application to another cloud
  • 16. Minimize Loss of Control: Utilize Dif ferent Clouds • The concept of ‘Don’t put all your eggs in one basket’ – Consumer may use services from different clouds through an intr a-cloud or multi-cloud architecture – Propose a multi-cloud or intra-cloud architecture in which consu mers • Spread the risk • Increase redundancy (per-task or per-application) • Increase chance of mission completion for critical applications – Possible issues to consider: • Policy incompatibility (combined, what is the overarching policy?) • Data dependency between clouds • Differing data semantics across clouds • Knowing when to utilize the redundancy feature (monitoring technol ogy) • Is it worth it to spread your sensitive data across multiple clouds? – Redundancy could increase risk of exposure
  • 17. Minimize Loss of Control: Access C ontrol • Many possible layers of access control – E.g. access to the cloud, access to servers, access to services, access to databases (direct and queries via web services), access to VMs, and access to objects within a VM – Depending on the deployment model used, some of these will be controlled by the provider a nd others by the consumer • Regardless of deployment model, provider needs to manage the user authentication and access control procedures (to the cloud) – Federated Identity Management: access control management burden still lies with the provid er – Requires user to place a large amount of trust on the provider in terms of security, managem ent, and maintenance of access control policies. This can be burdensome when numerous u sers from different organizations with different access control policies, are involved • Consumer-managed access control – Consumer retains decision-making process to retain some control, requiring less trust of the provider (i.e. PDP is in consumer’s domain) – Requires the client and provider to have a pre-existing trust relationship, as well as a pre-neg otiated standard way of describing resources, users, and access decisions between the clou d provider and consumer. It also needs to be able to guarantee that the provider will uphold t he consumer-side’s access decisions. – Should be at least as secure as the traditional access control model. – Facebook and Google Apps do this to some degree, but not enough control – Applicability to privacy of patient health records
  • 18. PEP (intercepts all resource access requests from all client domains) PDP for cloud resource on Domain A Cloud Consumer in Domain B ACM (XACML policies) . . . resources Cloud Provider in Domain A IDP 1. Authn request 2. SAML Assertion 3. Resource request (XACML Request) + SAML assertion 4. Redirect to domain of resource owner 7. Send signed and encrypted ticket 5. Retrieve policy for specified resource 6. Determine whether user can access specified resource 7. Create ticket for grant/deny 8. Decrypt and verify signature 9. Retrieve capability from ticket 10. Grant or deny access based on capability Minimize Loss of Control: Access C ontrol
  • 19. Minimize Multi-tenancy in the Cloud • Can’t really force the provider to accept less te nants – Can try to increase isolation between tenants • Strong isolation techniques (VPC to some degree) – C.f. VM Side channel attacks (T. Ristenpart et al.) • QoS requirements need to be met • Policy specification – Can try to increase trust in the tenants • Who’s the insider, where’s the security boundary? Who can I trust? • Use SLAs to enforce trusted behavior
  • 20. Last Thoughts: Local Host Security • Are local host machines part of the cloud infrastructure? – Outside the security perimeter – While cloud consumers worry about the security on the cloud provider’s site, they may easily forget to harden their own machines • The lack of security of local devices can – Provide a way for malicious services on the cloud to attack local networks through these term inal devices – Compromise the cloud and its resources for other users • With mobile devices, the threat may be even stronger – Users misplace or have the device stolen from them – Security mechanisms on handheld gadgets are often times insufficient compared to say, a de sktop computer – Provides a potential attacker an easy avenue into a cloud system. – If a user relies mainly on a mobile device to access cloud data, the threat to availability is als o increased as mobile devices malfunction or are lost • Devices that access the cloud should have – Strong authentication mechanisms – Tamper-resistant mechanisms – Strong isolation between applications – Methods to trust the OS – Cryptographic functionality when traffic confidentiality is required
  • 21. Conclusion • Cloud computing is sometimes viewed as a reincarnation of the classic mainframe client-server model – However, resources are ubiquitous, scalable, highly virtualized – Contains all the traditional threats, as well as new ones • In developing solutions to cloud computing security issue s it may be helpful to identify the problems and approach es in terms of – Loss of control – Lack of trust – Multi-tenancy problems
  • 22. References 1. NIST (Authors: P. Mell and T. Grance), "The NIST Definition of Cl oud Computing (ver. 15)," National Institute of Standards and Tec hnology, Information Technology Laboratory (October 7 2009). 2. J. McDermott, (2009) "Security Requirements for Virtualization in Cloud Computing," presented at the ACSAC Cloud Security Work shop, Honolulu, Hawaii, USA, 2009. 3. J. Camp. (2001), “Trust and Risk in Internet Commerce,” MIT P ress 4. T. Ristenpart et al. (2009) “Hey You Get Off My Cloud,” Procee dings of the 16th ACM conference on Computer and communicati ons security, Chicago, Illinois, USA
  • 23. References for Cloud Security • M. Armbrust, et al., "Above the Clouds: A Berkeley View of Cloud Computing," UC Be rkeley Reliable Adaptive Distributed Systems LaboratoryFebruary 10 2009. • Cloud Security Alliance, "Security Guidance for Critical Areas of Focus in Cloud Com puting, ver. 2.1," 2009. • M. Jensen, et al., "On Technical Security Issues in Cloud Computing," presented at th e 2009 IEEE International Conference on Cloud Computing, Bangalore, India 2009. • P. Mell and T. Grance, "Effectively and Securely Using the Cloud Computing Paradig m," ed: National Institute of Standards and Technology, Information Technology Labo ratory, 2009. • N. Santos, et al., "Towards Trusted Cloud Computing," in Usenix 09 Hot Cloud Works hop, San Diego, CA, 2009. • R. G. Lennon, et al., "Best practices in cloud computing: designing for the cloud," pre sented at the Proceeding of the 24th ACM SIGPLAN conference companion on Obje ct oriented programming systems languages and applications, Orlando, Florida, USA, 2009. • P. Mell and T. Grance, "The NIST Definition of Cloud Computing (ver. 15)," National I nstitute of Standards and Technology, Information Technology LaboratoryOctober 7 2 009. • C. Cachin, et al., "Trusting the cloud," SIGACT News, vol. 40, pp. 81-86, 2009. • J. Heiser and M. Nicolett, "Assessing the Security Risks of Cloud Computing," Gartne r 2008. • A. Joch. (2009, June 18) Cloud Computing: Is It Secure Enough? Federal Computer Week.

Editor's Notes

  1. 3
  2. 7