SlideShare a Scribd company logo

600.412.Lecture02

R
ragibhasan

CS 600.412 Security and Privacy in Cloud Computing

1 of 24
Security and Privacy in Cloud Computing Ragib HasanJohns Hopkins Universityen.600.412 Spring 2010 Lecture 2 02/01/2010
Threats, vulnerabilities, and enemies 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 2 Goal Learn the cloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud Technique Apply different threat modeling schemes
Assignment for next class Review: Thomas Ristenpart et al., Hey, You, Get Off of My Cloud! Exploring Information Leakage in Third-Party Compute Clouds, proc. ACM CCS 2009. Format: Summary: A brief overview of the paper, 1 paragraph (5 / 6 sentences) Pros: 3 or more issues Cons: 3 or more issues Possible improvements: Any possible suggestions to improve the work Due: 2.59 pm 2/8/2010 Submission: By email to rhasan7@jhu.edu (text only, no attachments please) 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 3
Threat Model A threat model helps in analyzing a security problem, design mitigation strategies, and evaluate solutions Steps: Identify attackers, assets, threats and other components Rank the threats Choose mitigation strategies Build solutions based on the strategies 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 4
Threat Model Basic components Attacker modeling Choose what attacker to consider Attacker motivation and capabilities Assets / Attacker Goals Vulnerabilities / threats 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 5
Recall: Cloud Computing Stack 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 6
Recall: Cloud Architecture 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 7 SaaS / PaaS Provider Client Cloud Provider (IaaS)
Attackers 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 8
Who is the attacker? 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 9 Insider? ,[object Object]
Malicious employees at Cloud provider
Cloud provider itselfOutsider? ,[object Object]
Network attackers?,[object Object]
Attacker Capability: Cloud Provider What? Can read unencrypted data Can possibly peek into VMs, or make copies of VMs Can monitor network communication, application patterns 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 11
Attacker motivation: Cloud Provider Why? Gain information about client data Gain information on client behavior Sell the information or use itself Why not? Cheaper to be honest? Why? (again) Third party clouds? 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 12
Attacker Capability: Outside attacker What? Listen to network traffic (passive) Insert malicious traffic (active) Probe cloud structure (active) Launch DoS 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 13
Attacker goals: Outside attackers Intrusion Network analysis Man in the middle Cartography 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 14
Assets 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 15
Assets (Attacker goals) Confidentiality: Data stored in the cloud Configuration of VMs running on the cloud Identity of the cloud users Location of the VMs running client code 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 16
Assets (Attacker goals) Integrity Data stored in the cloud Computations performed on the cloud 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 17
Assets (Attacker goals) Availability Cloud infrastructure SaaS / PaaS 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 18
Threats 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 19
Organizing the threats using STRIDE Spoofing identity Tampering with data Repudiation Information disclosure Denial of service Elevation of privilege 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 20
Typical threats 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 21 [STRIDE]
Typical threats (contd.) 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 22 [STRIDE]

Recommended

Multipath Dynamic Source Routing Protocol using Portfolio Selection
Multipath Dynamic Source Routing Protocol using Portfolio SelectionMultipath Dynamic Source Routing Protocol using Portfolio Selection
Multipath Dynamic Source Routing Protocol using Portfolio SelectionIRJET Journal
 
Cs6703 grid and cloud computing unit 5 questions
Cs6703 grid and cloud computing unit 5 questionsCs6703 grid and cloud computing unit 5 questions
Cs6703 grid and cloud computing unit 5 questionsRMK ENGINEERING COLLEGE, CHENNAI
 
Secure and efficient handover authentication and detection of spoofing attack
Secure and efficient handover authentication and detection of spoofing attackSecure and efficient handover authentication and detection of spoofing attack
Secure and efficient handover authentication and detection of spoofing attackeSAT Publishing House
 
Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Co...
Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Co...Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Co...
Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Co...Migrant Systems
 
A Distributed Trust Evaluation Protocol with Privacy Protection for Intercloud
A Distributed Trust Evaluation Protocol with Privacy Protection for IntercloudA Distributed Trust Evaluation Protocol with Privacy Protection for Intercloud
A Distributed Trust Evaluation Protocol with Privacy Protection for IntercloudJAYAPRAKASH JPINFOTECH
 
Lee Newcombe, Capgemini “Security threats associated with cloud computing”
Lee Newcombe, Capgemini “Security threats associated with cloud computing”Lee Newcombe, Capgemini “Security threats associated with cloud computing”
Lee Newcombe, Capgemini “Security threats associated with cloud computing”Chris Purrington
 
DECENTRALIZED ACCESS CONTROL OF DATA STORED IN CLOUD USING KEY POLICY ATTRIBU...
DECENTRALIZED ACCESS CONTROL OF DATA STORED IN CLOUD USING KEY POLICY ATTRIBU...DECENTRALIZED ACCESS CONTROL OF DATA STORED IN CLOUD USING KEY POLICY ATTRIBU...
DECENTRALIZED ACCESS CONTROL OF DATA STORED IN CLOUD USING KEY POLICY ATTRIBU...Migrant Systems
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperShakas Technologies
 

Recommended

Multipath Dynamic Source Routing Protocol using Portfolio Selection
Multipath Dynamic Source Routing Protocol using Portfolio SelectionMultipath Dynamic Source Routing Protocol using Portfolio Selection
Multipath Dynamic Source Routing Protocol using Portfolio SelectionIRJET Journal
 
Cs6703 grid and cloud computing unit 5 questions
Cs6703 grid and cloud computing unit 5 questionsCs6703 grid and cloud computing unit 5 questions
Cs6703 grid and cloud computing unit 5 questionsRMK ENGINEERING COLLEGE, CHENNAI
 
Secure and efficient handover authentication and detection of spoofing attack
Secure and efficient handover authentication and detection of spoofing attackSecure and efficient handover authentication and detection of spoofing attack
Secure and efficient handover authentication and detection of spoofing attackeSAT Publishing House
 
Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Co...
Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Co...Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Co...
Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Co...Migrant Systems
 
A Distributed Trust Evaluation Protocol with Privacy Protection for Intercloud
A Distributed Trust Evaluation Protocol with Privacy Protection for IntercloudA Distributed Trust Evaluation Protocol with Privacy Protection for Intercloud
A Distributed Trust Evaluation Protocol with Privacy Protection for IntercloudJAYAPRAKASH JPINFOTECH
 
Lee Newcombe, Capgemini “Security threats associated with cloud computing”
Lee Newcombe, Capgemini “Security threats associated with cloud computing”Lee Newcombe, Capgemini “Security threats associated with cloud computing”
Lee Newcombe, Capgemini “Security threats associated with cloud computing”Chris Purrington
 
DECENTRALIZED ACCESS CONTROL OF DATA STORED IN CLOUD USING KEY POLICY ATTRIBU...
DECENTRALIZED ACCESS CONTROL OF DATA STORED IN CLOUD USING KEY POLICY ATTRIBU...DECENTRALIZED ACCESS CONTROL OF DATA STORED IN CLOUD USING KEY POLICY ATTRIBU...
DECENTRALIZED ACCESS CONTROL OF DATA STORED IN CLOUD USING KEY POLICY ATTRIBU...Migrant Systems
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperShakas Technologies
 
V cnsms
V cnsmsV cnsms
V cnsmsGopinath Ramanna
 
Malware detection in cloud computing infrastructures
Malware detection in cloud computing infrastructuresMalware detection in cloud computing infrastructures
Malware detection in cloud computing infrastructuresieeepondy
 
Security issues in grid computing
Security issues in grid computingSecurity issues in grid computing
Security issues in grid computingijcsa
 
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTIONSECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTIONIJNSA Journal
 
Seminar
SeminarSeminar
SeminarKevin ITian
 
An improvement to trust based cross layer security protocol against sybil att...
An improvement to trust based cross layer security protocol against sybil att...An improvement to trust based cross layer security protocol against sybil att...
An improvement to trust based cross layer security protocol against sybil att...Alexander Decker
 
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...IJNSA Journal
 
Providing user security guarantees in public infrastructure clouds
Providing user security guarantees in public infrastructure cloudsProviding user security guarantees in public infrastructure clouds
Providing user security guarantees in public infrastructure cloudsFinalyearprojects Toall
 
Providing user security guarantees in public infrastructure clouds
Providing user security guarantees in public infrastructure cloudsProviding user security guarantees in public infrastructure clouds
Providing user security guarantees in public infrastructure cloudsShakas Technologies
 
PXpathV: Preventing XPath Injection Vulnerabilities in Web Applications
PXpathV: Preventing XPath Injection Vulnerabilities in Web ApplicationsPXpathV: Preventing XPath Injection Vulnerabilities in Web Applications
PXpathV: Preventing XPath Injection Vulnerabilities in Web Applicationsijwscjournal
 
Authentic Data Access Scheme for Variant Disruption- Tolerant Networks
Authentic Data Access Scheme for Variant Disruption- Tolerant NetworksAuthentic Data Access Scheme for Variant Disruption- Tolerant Networks
Authentic Data Access Scheme for Variant Disruption- Tolerant NetworksEditor IJCATR
 
IRJET-A Survey On Group Key Agreement for Securely Sharing a Secret Key
IRJET-A Survey On Group Key Agreement for Securely Sharing a Secret KeyIRJET-A Survey On Group Key Agreement for Securely Sharing a Secret Key
IRJET-A Survey On Group Key Agreement for Securely Sharing a Secret KeyIRJET Journal
 
Security Analysis and Improvement for IEEE 802.11i
Security Analysis and Improvement for IEEE 802.11iSecurity Analysis and Improvement for IEEE 802.11i
Security Analysis and Improvement for IEEE 802.11iinventionjournals
 
A game theoretical approach to defend against co resident attacks in cloud co...
A game theoretical approach to defend against co resident attacks in cloud co...A game theoretical approach to defend against co resident attacks in cloud co...
A game theoretical approach to defend against co resident attacks in cloud co...ieeepondy
 
02 - Topologies of Distributed Systems
02 - Topologies of Distributed Systems02 - Topologies of Distributed Systems
02 - Topologies of Distributed SystemsDilum Bandara
 
A Fully Anonymous Attribute-Based Encryption to Control Cloud Data Access and...
A Fully Anonymous Attribute-Based Encryption to Control Cloud Data Access and...A Fully Anonymous Attribute-Based Encryption to Control Cloud Data Access and...
A Fully Anonymous Attribute-Based Encryption to Control Cloud Data Access and...Pawan Arya
 
Single sign on mechanism for distributed computing
Single sign on mechanism for distributed computingSingle sign on mechanism for distributed computing
Single sign on mechanism for distributed computingeSAT Publishing House
 
Improving Cloud Security Using Multi Level Encryption and Authentication
Improving Cloud Security Using Multi Level Encryption and AuthenticationImproving Cloud Security Using Multi Level Encryption and Authentication
Improving Cloud Security Using Multi Level Encryption and AuthenticationAM Publications,India
 
A Study of SAAS Model for Security System
A Study of SAAS Model for Security SystemA Study of SAAS Model for Security System
A Study of SAAS Model for Security SystemIJSRD
 
A New Form of Dos attack in Cloud
A New Form of Dos attack in CloudA New Form of Dos attack in Cloud
A New Form of Dos attack in CloudSanoj Kumar
 
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case study
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case studyAvian flu Type A-H5N1 epidemiological model: Puerto Rico as a case study
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case studyMariangeles Rivera
 
Possessive adjectives
Possessive adjectivesPossessive adjectives
Possessive adjectivesbogomolova1879
 

More Related Content

What's hot

Malware detection in cloud computing infrastructures
Malware detection in cloud computing infrastructuresMalware detection in cloud computing infrastructures
Malware detection in cloud computing infrastructuresieeepondy
 
Security issues in grid computing
Security issues in grid computingSecurity issues in grid computing
Security issues in grid computingijcsa
 
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTIONSECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTIONIJNSA Journal
 
An improvement to trust based cross layer security protocol against sybil att...
An improvement to trust based cross layer security protocol against sybil att...An improvement to trust based cross layer security protocol against sybil att...
An improvement to trust based cross layer security protocol against sybil att...Alexander Decker
 
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...IJNSA Journal
 
Providing user security guarantees in public infrastructure clouds
Providing user security guarantees in public infrastructure cloudsProviding user security guarantees in public infrastructure clouds
Providing user security guarantees in public infrastructure cloudsFinalyearprojects Toall
 
Providing user security guarantees in public infrastructure clouds
Providing user security guarantees in public infrastructure cloudsProviding user security guarantees in public infrastructure clouds
Providing user security guarantees in public infrastructure cloudsShakas Technologies
 
PXpathV: Preventing XPath Injection Vulnerabilities in Web Applications
PXpathV: Preventing XPath Injection Vulnerabilities in Web ApplicationsPXpathV: Preventing XPath Injection Vulnerabilities in Web Applications
PXpathV: Preventing XPath Injection Vulnerabilities in Web Applicationsijwscjournal
 
Authentic Data Access Scheme for Variant Disruption- Tolerant Networks
Authentic Data Access Scheme for Variant Disruption- Tolerant NetworksAuthentic Data Access Scheme for Variant Disruption- Tolerant Networks
Authentic Data Access Scheme for Variant Disruption- Tolerant NetworksEditor IJCATR
 
IRJET-A Survey On Group Key Agreement for Securely Sharing a Secret Key
IRJET-A Survey On Group Key Agreement for Securely Sharing a Secret KeyIRJET-A Survey On Group Key Agreement for Securely Sharing a Secret Key
IRJET-A Survey On Group Key Agreement for Securely Sharing a Secret KeyIRJET Journal
 
Security Analysis and Improvement for IEEE 802.11i
Security Analysis and Improvement for IEEE 802.11iSecurity Analysis and Improvement for IEEE 802.11i
Security Analysis and Improvement for IEEE 802.11iinventionjournals
 
A game theoretical approach to defend against co resident attacks in cloud co...
A game theoretical approach to defend against co resident attacks in cloud co...A game theoretical approach to defend against co resident attacks in cloud co...
A game theoretical approach to defend against co resident attacks in cloud co...ieeepondy
 
02 - Topologies of Distributed Systems
02 - Topologies of Distributed Systems02 - Topologies of Distributed Systems
02 - Topologies of Distributed SystemsDilum Bandara
 
A Fully Anonymous Attribute-Based Encryption to Control Cloud Data Access and...
A Fully Anonymous Attribute-Based Encryption to Control Cloud Data Access and...A Fully Anonymous Attribute-Based Encryption to Control Cloud Data Access and...
A Fully Anonymous Attribute-Based Encryption to Control Cloud Data Access and...Pawan Arya
 
Single sign on mechanism for distributed computing
Single sign on mechanism for distributed computingSingle sign on mechanism for distributed computing
Single sign on mechanism for distributed computingeSAT Publishing House
 
Improving Cloud Security Using Multi Level Encryption and Authentication
Improving Cloud Security Using Multi Level Encryption and AuthenticationImproving Cloud Security Using Multi Level Encryption and Authentication
Improving Cloud Security Using Multi Level Encryption and AuthenticationAM Publications,India
 
A Study of SAAS Model for Security System
A Study of SAAS Model for Security SystemA Study of SAAS Model for Security System
A Study of SAAS Model for Security SystemIJSRD
 

What's hot (19)

V cnsms
V cnsmsV cnsms
V cnsms
 
Malware detection in cloud computing infrastructures
Malware detection in cloud computing infrastructuresMalware detection in cloud computing infrastructures
Malware detection in cloud computing infrastructures
 
Security issues in grid computing
Security issues in grid computingSecurity issues in grid computing
Security issues in grid computing
 
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTIONSECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
 
Seminar
SeminarSeminar
Seminar
 
An improvement to trust based cross layer security protocol against sybil att...
An improvement to trust based cross layer security protocol against sybil att...An improvement to trust based cross layer security protocol against sybil att...
An improvement to trust based cross layer security protocol against sybil att...
 
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...
 
Providing user security guarantees in public infrastructure clouds
Providing user security guarantees in public infrastructure cloudsProviding user security guarantees in public infrastructure clouds
Providing user security guarantees in public infrastructure clouds
 
Providing user security guarantees in public infrastructure clouds
Providing user security guarantees in public infrastructure cloudsProviding user security guarantees in public infrastructure clouds
Providing user security guarantees in public infrastructure clouds
 
PXpathV: Preventing XPath Injection Vulnerabilities in Web Applications
PXpathV: Preventing XPath Injection Vulnerabilities in Web ApplicationsPXpathV: Preventing XPath Injection Vulnerabilities in Web Applications
PXpathV: Preventing XPath Injection Vulnerabilities in Web Applications
 
Authentic Data Access Scheme for Variant Disruption- Tolerant Networks
Authentic Data Access Scheme for Variant Disruption- Tolerant NetworksAuthentic Data Access Scheme for Variant Disruption- Tolerant Networks
Authentic Data Access Scheme for Variant Disruption- Tolerant Networks
 
IRJET-A Survey On Group Key Agreement for Securely Sharing a Secret Key
IRJET-A Survey On Group Key Agreement for Securely Sharing a Secret KeyIRJET-A Survey On Group Key Agreement for Securely Sharing a Secret Key
IRJET-A Survey On Group Key Agreement for Securely Sharing a Secret Key
 
Security Analysis and Improvement for IEEE 802.11i
Security Analysis and Improvement for IEEE 802.11iSecurity Analysis and Improvement for IEEE 802.11i
Security Analysis and Improvement for IEEE 802.11i
 
A game theoretical approach to defend against co resident attacks in cloud co...
A game theoretical approach to defend against co resident attacks in cloud co...A game theoretical approach to defend against co resident attacks in cloud co...
A game theoretical approach to defend against co resident attacks in cloud co...
 
02 - Topologies of Distributed Systems
02 - Topologies of Distributed Systems02 - Topologies of Distributed Systems
02 - Topologies of Distributed Systems
 
A Fully Anonymous Attribute-Based Encryption to Control Cloud Data Access and...
A Fully Anonymous Attribute-Based Encryption to Control Cloud Data Access and...A Fully Anonymous Attribute-Based Encryption to Control Cloud Data Access and...
A Fully Anonymous Attribute-Based Encryption to Control Cloud Data Access and...
 
Single sign on mechanism for distributed computing
Single sign on mechanism for distributed computingSingle sign on mechanism for distributed computing
Single sign on mechanism for distributed computing
 
Improving Cloud Security Using Multi Level Encryption and Authentication
Improving Cloud Security Using Multi Level Encryption and AuthenticationImproving Cloud Security Using Multi Level Encryption and Authentication
Improving Cloud Security Using Multi Level Encryption and Authentication
 
A Study of SAAS Model for Security System
A Study of SAAS Model for Security SystemA Study of SAAS Model for Security System
A Study of SAAS Model for Security System
 

Viewers also liked

A New Form of Dos attack in Cloud
A New Form of Dos attack in CloudA New Form of Dos attack in Cloud
A New Form of Dos attack in CloudSanoj Kumar
 
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case study
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case studyAvian flu Type A-H5N1 epidemiological model: Puerto Rico as a case study
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case studyMariangeles Rivera
 
AIS Exposed. New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed. New vulnerabilities and attacks. (HITB AMS 2014)AIS Exposed. New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed. New vulnerabilities and attacks. (HITB AMS 2014)Marco Balduzzi
 
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...Marco Balduzzi
 
Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)Marco Balduzzi
 
чынгыз айтматов Small
чынгыз айтматов Smallчынгыз айтматов Small
чынгыз айтматов SmallKamchibekova Rakia
 
Softworx Enterprise Asset Management 101 - Presentation Template
Softworx Enterprise Asset Management 101 - Presentation TemplateSoftworx Enterprise Asset Management 101 - Presentation Template
Softworx Enterprise Asset Management 101 - Presentation TemplateEnterprise Softworx Solutions
 
Cloud computing security policy framework for mitigating denial of service at...
Cloud computing security policy framework for mitigating denial of service at...Cloud computing security policy framework for mitigating denial of service at...
Cloud computing security policy framework for mitigating denial of service at...Venkatesh Prabhu
 
Abusing Social Networks for Automated User Profiling
Abusing Social Networks for Automated User ProfilingAbusing Social Networks for Automated User Profiling
Abusing Social Networks for Automated User ProfilingMarco Balduzzi
 
Cctk support for setting hdd password
Cctk support for setting hdd passwordCctk support for setting hdd password
Cctk support for setting hdd passwordartisriva
 
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)Marco Balduzzi
 
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октября
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октябряОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октября
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октябряАсылбек Айтматов
 
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedBackup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedMazin Ahmed
 

Viewers also liked (20)

A New Form of Dos attack in Cloud
A New Form of Dos attack in CloudA New Form of Dos attack in Cloud
A New Form of Dos attack in Cloud
 
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case study
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case studyAvian flu Type A-H5N1 epidemiological model: Puerto Rico as a case study
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case study
 
Possessive adjectives
Possessive adjectivesPossessive adjectives
Possessive adjectives
 
Adauga un text
Adauga un textAdauga un text
Adauga un text
 
AIS Exposed. New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed. New vulnerabilities and attacks. (HITB AMS 2014)AIS Exposed. New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed. New vulnerabilities and attacks. (HITB AMS 2014)
 
Presentation1
Presentation1Presentation1
Presentation1
 
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
 
Family tree
Family treeFamily tree
Family tree
 
Why AIS is not always enough
Why AIS is not always enoughWhy AIS is not always enough
Why AIS is not always enough
 
Personal informatic
Personal informaticPersonal informatic
Personal informatic
 
Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)
 
чынгыз айтматов Small
чынгыз айтматов Smallчынгыз айтматов Small
чынгыз айтматов Small
 
Softworx Enterprise Asset Management 101 - Presentation Template
Softworx Enterprise Asset Management 101 - Presentation TemplateSoftworx Enterprise Asset Management 101 - Presentation Template
Softworx Enterprise Asset Management 101 - Presentation Template
 
Cloud computing security policy framework for mitigating denial of service at...
Cloud computing security policy framework for mitigating denial of service at...Cloud computing security policy framework for mitigating denial of service at...
Cloud computing security policy framework for mitigating denial of service at...
 
Abusing Social Networks for Automated User Profiling
Abusing Social Networks for Automated User ProfilingAbusing Social Networks for Automated User Profiling
Abusing Social Networks for Automated User Profiling
 
Pentru tine
Pentru tinePentru tine
Pentru tine
 
Cctk support for setting hdd password
Cctk support for setting hdd passwordCctk support for setting hdd password
Cctk support for setting hdd password
 
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
 
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октября
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октябряОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октября
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октября
 
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedBackup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
 

Similar to 600.412.Lecture02

600.412.Lecture03
600.412.Lecture03600.412.Lecture03
600.412.Lecture03ragibhasan
 
600.412.Lecture05
600.412.Lecture05600.412.Lecture05
600.412.Lecture05ragibhasan
 
76 s201913
76 s20191376 s201913
76 s201913IJRAT
 
Lecture01: Introduction to Security and Privacy in Cloud Computing
Lecture01: Introduction to Security and Privacy in Cloud ComputingLecture01: Introduction to Security and Privacy in Cloud Computing
Lecture01: Introduction to Security and Privacy in Cloud Computingragibhasan
 
600.412.Lecture07
600.412.Lecture07600.412.Lecture07
600.412.Lecture07ragibhasan
 
Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...
Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...
Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...Salam Shah
 
600.412.Lecture06
600.412.Lecture06600.412.Lecture06
600.412.Lecture06ragibhasan
 
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-Lillian Ekwosi-Egbulem
 
A Multi-Level Security for Preventing DDOS Attacks in Cloud Environments
A Multi-Level Security for Preventing DDOS Attacks in Cloud EnvironmentsA Multi-Level Security for Preventing DDOS Attacks in Cloud Environments
A Multi-Level Security for Preventing DDOS Attacks in Cloud Environmentsmlaij
 
07 20251 latest trends, challenges ed
07 20251 latest trends, challenges ed07 20251 latest trends, challenges ed
07 20251 latest trends, challenges edIAESIJEECS
 
Breast Tissue Identification in Digital Mammogram Using Edge Detection Techni...
Breast Tissue Identification in Digital Mammogram Using Edge Detection Techni...Breast Tissue Identification in Digital Mammogram Using Edge Detection Techni...
Breast Tissue Identification in Digital Mammogram Using Edge Detection Techni...IIRindia
 
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...ijccsa
 
AN ENHANCED USER AUTHENTICATION FRAMEWORK IN CLOUD COMPUTING
AN ENHANCED USER AUTHENTICATION FRAMEWORK IN CLOUD COMPUTINGAN ENHANCED USER AUTHENTICATION FRAMEWORK IN CLOUD COMPUTING
AN ENHANCED USER AUTHENTICATION FRAMEWORK IN CLOUD COMPUTINGIJNSA Journal
 
DDoS Attack Detection on Internet o Things using Unsupervised Algorithms
DDoS Attack Detection on Internet o Things using Unsupervised AlgorithmsDDoS Attack Detection on Internet o Things using Unsupervised Algorithms
DDoS Attack Detection on Internet o Things using Unsupervised Algorithmsijfls
 
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMSDDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMSijfls
 
An efficient and secure data storage in cloud computing using modified RSA pu...
An efficient and secure data storage in cloud computing using modified RSA pu...An efficient and secure data storage in cloud computing using modified RSA pu...
An efficient and secure data storage in cloud computing using modified RSA pu...IJECEIAES
 
Paper id 712019116
Paper id 712019116Paper id 712019116
Paper id 712019116IJRAT
 
Cloud computing challenges and solutions
Cloud computing challenges and solutionsCloud computing challenges and solutions
Cloud computing challenges and solutionsIJCNCJournal
 
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...IJNSA Journal
 
High security mechanism: Fragmentation and replication in the cloud with auto...
High security mechanism: Fragmentation and replication in the cloud with auto...High security mechanism: Fragmentation and replication in the cloud with auto...
High security mechanism: Fragmentation and replication in the cloud with auto...CSITiaesprime
 

Similar to 600.412.Lecture02 (20)

600.412.Lecture03
600.412.Lecture03600.412.Lecture03
600.412.Lecture03
 
600.412.Lecture05
600.412.Lecture05600.412.Lecture05
600.412.Lecture05
 
76 s201913
76 s20191376 s201913
76 s201913
 
Lecture01: Introduction to Security and Privacy in Cloud Computing
Lecture01: Introduction to Security and Privacy in Cloud ComputingLecture01: Introduction to Security and Privacy in Cloud Computing
Lecture01: Introduction to Security and Privacy in Cloud Computing
 
600.412.Lecture07
600.412.Lecture07600.412.Lecture07
600.412.Lecture07
 
Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...
Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...
Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...
 
600.412.Lecture06
600.412.Lecture06600.412.Lecture06
600.412.Lecture06
 
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
 
A Multi-Level Security for Preventing DDOS Attacks in Cloud Environments
A Multi-Level Security for Preventing DDOS Attacks in Cloud EnvironmentsA Multi-Level Security for Preventing DDOS Attacks in Cloud Environments
A Multi-Level Security for Preventing DDOS Attacks in Cloud Environments
 
07 20251 latest trends, challenges ed
07 20251 latest trends, challenges ed07 20251 latest trends, challenges ed
07 20251 latest trends, challenges ed
 
Breast Tissue Identification in Digital Mammogram Using Edge Detection Techni...
Breast Tissue Identification in Digital Mammogram Using Edge Detection Techni...Breast Tissue Identification in Digital Mammogram Using Edge Detection Techni...
Breast Tissue Identification in Digital Mammogram Using Edge Detection Techni...
 
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...
 
AN ENHANCED USER AUTHENTICATION FRAMEWORK IN CLOUD COMPUTING
AN ENHANCED USER AUTHENTICATION FRAMEWORK IN CLOUD COMPUTINGAN ENHANCED USER AUTHENTICATION FRAMEWORK IN CLOUD COMPUTING
AN ENHANCED USER AUTHENTICATION FRAMEWORK IN CLOUD COMPUTING
 
DDoS Attack Detection on Internet o Things using Unsupervised Algorithms
DDoS Attack Detection on Internet o Things using Unsupervised AlgorithmsDDoS Attack Detection on Internet o Things using Unsupervised Algorithms
DDoS Attack Detection on Internet o Things using Unsupervised Algorithms
 
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMSDDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
 
An efficient and secure data storage in cloud computing using modified RSA pu...
An efficient and secure data storage in cloud computing using modified RSA pu...An efficient and secure data storage in cloud computing using modified RSA pu...
An efficient and secure data storage in cloud computing using modified RSA pu...
 
Paper id 712019116
Paper id 712019116Paper id 712019116
Paper id 712019116
 
Cloud computing challenges and solutions
Cloud computing challenges and solutionsCloud computing challenges and solutions
Cloud computing challenges and solutions
 
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
 
High security mechanism: Fragmentation and replication in the cloud with auto...
High security mechanism: Fragmentation and replication in the cloud with auto...High security mechanism: Fragmentation and replication in the cloud with auto...
High security mechanism: Fragmentation and replication in the cloud with auto...
 

600.412.Lecture02

  • 1. Security and Privacy in Cloud Computing Ragib HasanJohns Hopkins Universityen.600.412 Spring 2010 Lecture 2 02/01/2010
  • 2. Threats, vulnerabilities, and enemies 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 2 Goal Learn the cloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud Technique Apply different threat modeling schemes
  • 3. Assignment for next class Review: Thomas Ristenpart et al., Hey, You, Get Off of My Cloud! Exploring Information Leakage in Third-Party Compute Clouds, proc. ACM CCS 2009. Format: Summary: A brief overview of the paper, 1 paragraph (5 / 6 sentences) Pros: 3 or more issues Cons: 3 or more issues Possible improvements: Any possible suggestions to improve the work Due: 2.59 pm 2/8/2010 Submission: By email to rhasan7@jhu.edu (text only, no attachments please) 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 3
  • 4. Threat Model A threat model helps in analyzing a security problem, design mitigation strategies, and evaluate solutions Steps: Identify attackers, assets, threats and other components Rank the threats Choose mitigation strategies Build solutions based on the strategies 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 4
  • 5. Threat Model Basic components Attacker modeling Choose what attacker to consider Attacker motivation and capabilities Assets / Attacker Goals Vulnerabilities / threats 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 5
  • 6. Recall: Cloud Computing Stack 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 6
  • 7. Recall: Cloud Architecture 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 7 SaaS / PaaS Provider Client Cloud Provider (IaaS)
  • 8. Attackers 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 8
  • 9.
  • 10. Malicious employees at Cloud provider
  • 11.
  • 12.
  • 13. Attacker Capability: Cloud Provider What? Can read unencrypted data Can possibly peek into VMs, or make copies of VMs Can monitor network communication, application patterns 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 11
  • 14. Attacker motivation: Cloud Provider Why? Gain information about client data Gain information on client behavior Sell the information or use itself Why not? Cheaper to be honest? Why? (again) Third party clouds? 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 12
  • 15. Attacker Capability: Outside attacker What? Listen to network traffic (passive) Insert malicious traffic (active) Probe cloud structure (active) Launch DoS 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 13
  • 16. Attacker goals: Outside attackers Intrusion Network analysis Man in the middle Cartography 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 14
  • 17. Assets 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 15
  • 18. Assets (Attacker goals) Confidentiality: Data stored in the cloud Configuration of VMs running on the cloud Identity of the cloud users Location of the VMs running client code 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 16
  • 19. Assets (Attacker goals) Integrity Data stored in the cloud Computations performed on the cloud 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 17
  • 20. Assets (Attacker goals) Availability Cloud infrastructure SaaS / PaaS 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 18
  • 21. Threats 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 19
  • 22. Organizing the threats using STRIDE Spoofing identity Tampering with data Repudiation Information disclosure Denial of service Elevation of privilege 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 20
  • 23. Typical threats 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 21 [STRIDE]
  • 24. Typical threats (contd.) 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 22 [STRIDE]
  • 25. Summary A threat model helps in designing appropriate defenses against particular attackers Your solution and security countermeasures will depend on the particular threat model you want to address 2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 23
  • 26. 2/1/2010 24 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan Further Reading Frank Swiderski and Window Snyder , “Threat Modeling “, Microsoft Press, 2004 The STRIDE Threat Model