ahmad abdelhafeez, profile picture
Uploaded byahmad abdelhafeez
PPT, PDF456 views

Cloud computing final show

This document provides an overview of cloud computing. It begins with an introduction and defines cloud computing, discussing its history and key attributes. It then covers the different cloud models including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). The document also discusses cloud security and privacy concerns, outlining various security threats and solutions. It concludes by emphasizing the importance of cloud computing and its future.

Embed presentation

Download to read offline
Wave of the Future… Presented by: Ahmed Taha Abdel_kariem Mahmoud Mohamed Abd El Salam Ahmed Kandil Supervised by: Dr. Ashraf Tamam 03/01/15
Demo Contents INTRODUCTION DEFINITION – HISTORY – ATTRIBUTES – CHARCTERSITICS – ADVANTAGE – DISADVENTAGE CLOUD MODELS DELIVERY MODEL – DEPLOYMENT MODEL CLOUD SECURITY AND PRIVACY SECURITY – PRIVACY – THREAT - TAXNOMY OF FEAR – PROBLEM – SOLUTION COMMENTS OTHER ISSUE WHY CC IMPORTANT – FUTURE WORK – CONCLUSION
What is Cloud Computing? new class of network based computing that takes place over the Internet. hide the complexity and details of the underlying infrastructure.
• Shared pool of configurable computing resources • Just a web browser and your account with password! – Once you login, the device is “yours”. What is Cloud Computing(Other)?
History of Cloud Computing? concept dated in 1960’s . term ‘Cloud’ used in early 1990’s. IBM detailed it in 2001.Amazon datacenters in 2005. In 2007 Google, IBM stated large scale CC research project .in 2008 CC gained popularity.
Components of Cloud Computing :
Attributes  Rapid deployment  Low startup costs  Costs based on usage  Multi-tenant sharing
 Cost (Sold on Demand)  Ubiquitous:“always on!,anywhere,any place”  Device and Location Independence  Reliability  Scalability  Security Cloud Computing characteristics
 Sustainability  Service is fully managed by the provider  Homogeneity  Virtualization  Resilient Computing Cloud Computing characteristics
Lower computer costs Improved performance(boot & run) Reduced software costs Latest version availability
Instant software updates Increased data reliability(sys crash &data) Improved document format compatibility Universal document access
Requires constant Internet – intranet connection Features might be limited Stored data might not be secure Stored data can be lost General Concerns(different protocols):
Infrastructure as a Service (IaaS) : Consumers gets access to the infrastructure to deploy their stuff.
Platform as a Service (PaaS) : User Deploys customer-created applications to a cloud .
Software as a Service (SaaS) : Use provider’s applications over a network .
Public : Cloud infrastructure is available to the general public, owned by org selling cloud services
Private : Cloud infrastructure for single org only, may be managed by the organization or a 3rd party
Hybrid : Combo of >=2 clouds bound by standard technology (composition of two or more clouds )
Community : Cloud infrastructure shared by several orgs, managed by org or 3rd party
Public Cloud Cloud infrastructure made available to the general public. Private Cloud Cloud infrastructure operated solely for an organization. Hybrid Cloud Cloud infrastructure composed of two or more clouds Community Cloud Cloud infrastructure shared by several organizations and supporting a specific community
Security is the necessary steps to protect a person or property from harm. (direct action - indirect action). [Reference: Lecture Notes] Privacy rights are related to collection, use, disclosure, storage, and destruction of personal data , PII (Personally Identifiable Information).
1. Storage. 2. Retention. 3. Destruction. 4. Auditing, monitoring and risk management. 5. Privacy Breaches. 40
You can Full reliance on a third party to protect personal data (Data breaches have a cascading effects) Many new risks and unknowns appears (complexity) 41
42 • Personal information should be managed as part of the data used by the organization • Protection of personal information should consider the impact of the cloud on each phase
Research conducted by Cloud Security Alliance (CSA) in 2010 and 2013. The aim was to aid both cloud customers and cloud providers is to provide needed context to assist organizations in making educated risk management decisions regarding their cloud adoption strategies. 43
1. Threat #1: Abuse and Nefarious Use of Cloud Computing 2. Threat #2: Insecure Interfaces and APIs 3. Threat #3: Malicious Insiders 4. Threat #4: Shared Technology Issues 5. Threat #5: Data Loss or Leakage 6. Threat #6: Account or Service Hijacking 7. Threat #7: Unknown Risk Profile [Reference: CSA: Top Threats to Cloud Computing V1.0 Prepared by the Cloud Security Alliance March 2010] 44
Problem: Criminals continue to leverage new technologies to improve their reach, avoid detection, and improve the effectiveness of their activities Affected Layers: Suggested Solutions: 1. Stricter initial registration and validation processes. 2. Enhanced credit card fraud monitoring and coordination. 3. Comprehensive introspection of customer network traffic. 4. Monitoring public blacklists for one’s own network blocks. 45
46 Problem: CSP expose a set of software interfaces or APIs that customers use to manage and interact with cloud services. The security and availability of general cloud services is dependent upon the security of these basic APIs. From authentication and access control to encryption. Affected Layers: Suggested Solutions: 1. Analyze the security model of cloud provider interfaces. 2. Ensure strong authentication and access controls are 3. Implemented in concert with encrypted transmission. 4. Understand the dependency chain associated with the API.
47 Problem: A CSP may not reveal how it grants employees access to physical and virtual assets, how it monitors these employees, or how it analyzes and reports on policy compliance. To complicate matters, there is often little or no visibility into the hiring standards and practices for cloud employees. Affected Layers: Suggested Solutions: 1. Enforce strict supply chain management and conduct a comprehensive supplier assessment. 2. Specify human resource requirements as part of legal contracts. 3. Require transparency into overall information security and management practices, as well as compliance reporting. 4. Determine security breach notification processes.
48 Problem: IaaS vendors deliver their services in a scalable way by sharing infrastructure. Often, the underlying components that make up this infrastructure (e.g.CPU caches, GPUs, etc.) were not designed to offer strong isolation properties for a multi-tenant architecture. Affected Layers: Suggested Solutions: 1. Implement security best practices for installation/configuration. 2. Monitor environment for unauthorized changes/activity. 3. Promote strong authentication and access control for administrative access and operations. 4. Enforce service level agreements for patching and vulnerability remediation. 5. Conduct vulnerability scanning and configuration audits
49 Problem: There are many ways to compromise data. Deletion or alteration of records without a backup of the original content is an obvious example. Unlinking a record from a larger context may render it unrecoverable, as can storage on unreliable media. Affected Layers: Suggested Solutions: 1. Implement strong API access control. 2. Encrypt and protect integrity of data in transit. 3. Analyzes data protection at both design and run time. 4. Implement strong key generation, storage and management, and destruction practices. 5. Contractually demand providers wipe persistent media before it is released into the pool. 6. Contractually specify provider backup and retention strategies.
50 Problem: Account and service hijacking, usually with stolen credentials, remains a top threat. Attack methods such as phishing, fraud, and exploitation of software vulnerabilities still achieve results. Credentials and passwords are often reused, which amplifies the impact of such attacks. Affected Layers: Suggested Solutions: 1. Prohibit the sharing of account credentials between users and services. 2. Leverage strong two-factor authentication techniques where possible. 3. Employ proactive monitoring to detect unauthorized activity. 4. Understand cloud provider security policies and SLAs.
Problem: When adopting a cloud service, the features and functionality may be well advertised, but what about details or compliance of the internal security procedures, configuration hardening, patching, auditing, and logging? How are your data and related logs stored and who has access to them? What information if any will the vendor disclose in the event of a security incident? Affected Layers: Suggested Solutions: 1. Disclosure of applicable logs and data. 2. Partial/full disclosure of infrastructure details (e.g., patch levels, firewalls, etc.). 3. Monitoring and alerting on necessary information.
1. Threat #1: Data Breaches (aka: Leakage) 2. Threat #2: Data Loss 3. Threat #3: Account or Service Hijacking 4. Threat #4: Insecure Interfaces and APIs 5. Threat #5: Denial of Service 6. Threat #6: Malicious Insiders 7. Threat #7: Abuse and Nefarious Use of Cloud Computing 8. Threat #8: Unknown Risk Profile 9. Threat #9: Shared Technology Issues [Reference: CSA, Top Threats Working Group, "The Notorious Nine", Cloud Computing Top Threats in 2013, February 2013] 52
Problem: Denial of Service attacks to prevent the users from using/accessing the Cloud Service either their data or applications. Affected Layers: Controls: 1. CCM IS-04: Information Secuirty - Baseline Requirements 2. CCM OP-03: Operations Management - Capacity/Resource Planning 3. CCM RS-07: Resiliency - Equipment Power Failures 4. CCM SA-04: Security Archtecture - Application Se.
Confidentiality Fear of loss of control over data Will sensitive data stored on a cloud remain confidential? Will the cloud provider itself be honest and won’t peek into the data? 55
Integrity How do I know that the cloud provider is doing the computations correctly? How do I ensure that the cloud provider really stored my data without tampering with it? 56
Availability Will critical systems go down at the client, if the provider is attacked in a Denial of Service attack? What happens if cloud provider goes out of business? Would cloud scale well-enough? 57
Auditability and forensics it is Difficult to audit data held outside organization in a cloud also Forensics made difficult
•Privacy issues raised via massive data mining Cloud now stores data from a lot of clients, and can run data mining algorithms to get large amounts of information on clients
• Increased attack surface o Attackers can now target the communication link between cloud provider and client 60
Legal quagmire and transitive trust issues If cloud provider subcontracts to third party clouds, will the data still be secure? (complying with regulations)
Most security problems comes from 3 reasons: Loss of control Lack of trust Multi-tenancy
Consumer’s loss of control : Data, applications, resources , User access control rules, security policies are managed by CSP
Consumer relies on provider to ensure : Data security and privacy - Resource availability - Monitoring and repairing of services/resources
People only trust when it pays Need for trust arises only in risky situations Trusting a third party requires taking risks
Cloud Computing brings new threats science users share same physical infrastructure so attacker can be in same physical machine as target There is Conflict between tenants’ opposing goals so How to provide strong separation between tenants?
Minimize Loss of Control Monitoring - Utilizing different clouds - Access control management Minimize Lack of Trust Policy Language - Certification Minimize Multi-tenancy Private cloud - Strong separation 68
 Requires an application-specific run-time monitoring and management tool for the consumer ( Enable both the provider and tenants to monitor the components in the cloud that are under their control)
Propose a multi-cloud (use services from different clouds) in which users Spread the risk - Increase redundancy - Increase chance of mission completion for critical apps. Issues :Policy incompatibility - Data dependency between clouds - Data redundancy - spread your sensitive data .
Many possible layers of access control ( access to the cloud - access to servers - access to services .. etc )  Federated Identity Management: access control management burden still lies with the provider .  Consumer-managed access control : requiring less trust of the provider.
User on Amazon Cloud 1. Name 2. E-mail 3. Password 4. Billing Address 5. Shipping Address 6. Credit Card 1. Name 2. E-mail 3. Shipping Address 1. Name 2. Billing Address 3. Credit Card 1. Name 2. E-mail 3. Password 4. Billing Address 5. Shipping Address 6. Credit Card 1. Name 2. E-mail 3. Shipping Address
User on Amazon Cloud 1. Name 2. E-mail 3. Password 4. Billing Address 5. Shipping Address 6. Credit Card 1. Name 2. Billing Address 3. Credit Card
Create policy language which is :(Machine-understandable - Easy to combine/merge and compare - Need a validation tool to check that the policy created in the standard language correctly reflects the policy creator’s intentions
• Create Some Certification : Some form of reputable, independent, comparable assessment and description of security features and assurance. • Risk assessment : Performed by certified third parties
Can’t really force the provider to accept less tenants  Use Private cloud  Use Strong isolation techniques.  increase trust in the tenants  Use SLAs (A service level agreement ) to enforce trusted behavior
Big black box, nothing is visible , complexity. CSP can have malicious system admins who can violate confidentiality and integrity confidentiality, integrity, availability, and privacy issues. 78
79
Future works The mainstream adoption of cloud computing could cause many problems for users Trend of large vendors entering CC will accelerate rapidly.  Still have to look for too many areas in open researches like security, management … etc. Commercial offerings are proprietary and usually not open for cloud systems research and development
Cloud computing is sometimes viewed as a reincarnation of the classic mainframe client-server model, However, it has too many attributes ,characteristics , advantages and disadvantages. Cloud delivery models are Saas , Paas and Iaas, while Cloud deployment models are Public , Private , Hybrid and Community. In Cloud computing security issues it may be helpful to identify the problems and approaches in terms of : Loss of control - Lack of trust - Multi-tenancy problems Future works in CC are still have big issue in terms of security – management ….etc.
82
Cloud computing final show
Cloud computing final show
Cloud computing final show

More Related Content

PDF
Security Issues in Cloud Computing by rahul abhishek
byEr. rahul abhishek
 
PDF
Cisco SAFE_Wireless LAN Security in Depth v2
byLinkedIn
 
PPTX
Security on Cloud Computing
byReza Pahlava
 
PDF
Cloud Security - Kloudlearn
byKloudLearn
 
PDF
Networking and communications security – network architecture design
byEnterpriseGRC Solutions, Inc.
 
PDF
Cloud technology to ensure the protection of fundamental methods and use of i...
bySubmissionResearchpa
 
PDF
Cloud Security Guide - Ref Architecture and Gov. Model
byVishal Sharma
 
PDF
Security policy enforcement in cloud infrastructure
bycsandit
 
Security Issues in Cloud Computing by rahul abhishek
byEr. rahul abhishek
 
Cisco SAFE_Wireless LAN Security in Depth v2
byLinkedIn
 
Security on Cloud Computing
byReza Pahlava
 
Cloud Security - Kloudlearn
byKloudLearn
 
Networking and communications security – network architecture design
byEnterpriseGRC Solutions, Inc.
 
Cloud technology to ensure the protection of fundamental methods and use of i...
bySubmissionResearchpa
 
Cloud Security Guide - Ref Architecture and Gov. Model
byVishal Sharma
 
Security policy enforcement in cloud infrastructure
bycsandit
 

What's hot

PDF
Cyber Security and Cloud Computing
byKeet Sugathadasa
 
PDF
Investigative analysis of security issues and challenges in cloud computing a...
byIAEME Publication
 
PDF
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...
byIJERA Editor
 
PPT
Infrastructure Security by Sivamurthy Hiremath
byClubHack
 
PPTX
Cloud security and security architecture
byVladimir Jirasek
 
PPTX
Fundamental cloud security
byAsmaa Ibrahim
 
PDF
Cloud Security - Emerging Facets and Frontiers
byGokul Alex
 
PDF
IRJET- Security Concern: Analysis of Cloud Security Mechanism
byIRJET Journal
 
PDF
Toward Continuous Cybersecurity with Network Automation
byE.S.G. JR. Consulting, Inc.
 
PDF
Mcafee data loss_prevention_11.6.x_product_guide_9-28-2021
byChaitanya chandra sekhar
 
PPTX
Nagios Conference 2014 - Sean Falzon - Nagios as a PC Health Monitor
byNagios
 
PPTX
Network Security Architecture
byInnoTech
 
PPT
Cloud security
byTushar Kayande
 
PPTX
Managing Cloud Security Risks in Your Organization
byCharles Lim
 
PDF
A survey on cloud security issues and techniques
byijcsa
 
PPTX
Cloud security From Infrastructure to People-ware
byTzar Umang
 
PDF
1784 1788
byEditor IJARCET
 
Cyber Security and Cloud Computing
byKeet Sugathadasa
 
Investigative analysis of security issues and challenges in cloud computing a...
byIAEME Publication
 
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...
byIJERA Editor
 
Infrastructure Security by Sivamurthy Hiremath
byClubHack
 
Cloud security and security architecture
byVladimir Jirasek
 
Fundamental cloud security
byAsmaa Ibrahim
 
Cloud Security - Emerging Facets and Frontiers
byGokul Alex
 
IRJET- Security Concern: Analysis of Cloud Security Mechanism
byIRJET Journal
 
Toward Continuous Cybersecurity with Network Automation
byE.S.G. JR. Consulting, Inc.
 
Mcafee data loss_prevention_11.6.x_product_guide_9-28-2021
byChaitanya chandra sekhar
 
Nagios Conference 2014 - Sean Falzon - Nagios as a PC Health Monitor
byNagios
 
Network Security Architecture
byInnoTech
 
Cloud security
byTushar Kayande
 
Managing Cloud Security Risks in Your Organization
byCharles Lim
 
A survey on cloud security issues and techniques
byijcsa
 
Cloud security From Infrastructure to People-ware
byTzar Umang
 
1784 1788
byEditor IJARCET
 

Similar to Cloud computing final show

PPTX
security_and_privacy_in_cloud_computing (1).pptx
bythumilvannan
 
PPTX
Myppt1.pptx on ics subject for 6th semester
byMayuraD1
 
PPT
Cloud Security and their classifications
byKENNEDYDONATO1
 
PPTX
Trust is the firm belief in the competence of an entity
bydelphincarolina29
 
PDF
Lecture27 cc-security2
byAnkit Gupta
 
PDF
Unit - 5 Cloud Security and Monitoring.pdf fjda;dsflkn; dlfkjldfh hf lakh
bymajixoc607
 
PPT
CC RiskChallenges power point presentation
by30523u09088
 
DOC
Cloud security
byMohamed Shalash
 
PPTX
Cloud is not an option, but is security?
byJody Keyser
 
PPT
security and privacy in cloud computing.ppt
byShahidSultan24
 
PPT
securing the cloud with different policies.ppt
byShahidSultan24
 
PPT
Tutorial-security-privacy-cloud-computing
bySISTechnologies
 
PPT
Tutorial-security-privacy-cloud intro duction about cloud compting its services
byHEmansuSingh
 
PPT
cloud-complete.ppt
byARJUNMUKHERJEE27
 
PPT
cloud-complete.ppt
byssuser3be95f
 
PPT
cloud-complete.ppt
bySameer Ali
 
PPT
cloud-complete power point presentation for digital signature
byArunsunaiComputer
 
PPT
cloud-complete.ppt
byNaradaDilshan
 
PPT
Cloud complete
byMuhammad Rehan
 
PDF
Cloud Computing Security
byArunvignesh Venkatesh
 
security_and_privacy_in_cloud_computing (1).pptx
bythumilvannan
 
Myppt1.pptx on ics subject for 6th semester
byMayuraD1
 
Cloud Security and their classifications
byKENNEDYDONATO1
 
Trust is the firm belief in the competence of an entity
bydelphincarolina29
 
Lecture27 cc-security2
byAnkit Gupta
 
Unit - 5 Cloud Security and Monitoring.pdf fjda;dsflkn; dlfkjldfh hf lakh
bymajixoc607
 
CC RiskChallenges power point presentation
by30523u09088
 
Cloud security
byMohamed Shalash
 
Cloud is not an option, but is security?
byJody Keyser
 
security and privacy in cloud computing.ppt
byShahidSultan24
 
securing the cloud with different policies.ppt
byShahidSultan24
 
Tutorial-security-privacy-cloud-computing
bySISTechnologies
 
Tutorial-security-privacy-cloud intro duction about cloud compting its services
byHEmansuSingh
 
cloud-complete.ppt
byARJUNMUKHERJEE27
 
cloud-complete.ppt
byssuser3be95f
 
cloud-complete.ppt
bySameer Ali
 
cloud-complete power point presentation for digital signature
byArunsunaiComputer
 
cloud-complete.ppt
byNaradaDilshan
 
Cloud complete
byMuhammad Rehan
 
Cloud Computing Security
byArunvignesh Venkatesh
 

More from ahmad abdelhafeez

PPTX
Surveying cross layer protocols in ws ns
byahmad abdelhafeez
 
PDF
Service level management
byahmad abdelhafeez
 
PDF
Energy harvesting sensor nodes
byahmad abdelhafeez
 
PDF
V5I3_IJERTV5IS031157
byahmad abdelhafeez
 
DOC
Robust Breast Cancer Diagnosis on Four Different Datasets Using Multi-Classif...
byahmad abdelhafeez
 
PDF
Robust Breast Cancer Diagnosis on Four Different Datasets Using Multi-Classif...
byahmad abdelhafeez
 
PPTX
Energy conservation in wireless sensor networks
byahmad abdelhafeez
 
PPT
Localization in wsn
byahmad abdelhafeez
 
PPTX
Routing
byahmad abdelhafeez
 
PPTX
Wsn security issues
byahmad abdelhafeez
 
PPTX
Trusted systems
byahmad abdelhafeez
 
PPTX
opnet
byahmad abdelhafeez
 
PPTX
Wsn security issues
byahmad abdelhafeez
 
PPTX
Sdn pres v2-Software-defined networks
byahmad abdelhafeez
 
PPSX
Intrusion prevension
byahmad abdelhafeez
 
PPTX
Digital forensics ahmed emam
byahmad abdelhafeez
 
PDF
Digital forensics.abdallah
byahmad abdelhafeez
 
PPT
Incident handling.final
byahmad abdelhafeez
 
PPTX
Malewareanalysis presentation
byahmad abdelhafeez
 
PPTX
pentration testing
byahmad abdelhafeez
 
Surveying cross layer protocols in ws ns
byahmad abdelhafeez
 
Service level management
byahmad abdelhafeez
 
Energy harvesting sensor nodes
byahmad abdelhafeez
 
V5I3_IJERTV5IS031157
byahmad abdelhafeez
 
Robust Breast Cancer Diagnosis on Four Different Datasets Using Multi-Classif...
byahmad abdelhafeez
 
Robust Breast Cancer Diagnosis on Four Different Datasets Using Multi-Classif...
byahmad abdelhafeez
 
Energy conservation in wireless sensor networks
byahmad abdelhafeez
 
Localization in wsn
byahmad abdelhafeez
 
Routing
byahmad abdelhafeez
 
Wsn security issues
byahmad abdelhafeez
 
Trusted systems
byahmad abdelhafeez
 
opnet
byahmad abdelhafeez
 
Wsn security issues
byahmad abdelhafeez
 
Sdn pres v2-Software-defined networks
byahmad abdelhafeez
 
Intrusion prevension
byahmad abdelhafeez
 
Digital forensics ahmed emam
byahmad abdelhafeez
 
Digital forensics.abdallah
byahmad abdelhafeez
 
Incident handling.final
byahmad abdelhafeez
 
Malewareanalysis presentation
byahmad abdelhafeez
 
pentration testing
byahmad abdelhafeez
 

Recently uploaded

PPTX
Every Plant Has a Weak Link: How AI CMMS Exposes Hidden Reliability Risks
byMaintWiz Technologies Private Limited
 
PDF
PROBLEM SLOVING AND PYTHON PROGRAMMING UNIT 3.pdf
byA R SIVANESH M.E., QIP-PG (Cyber Security)., (Ph.D)
 
PPTX
Batch-1(End Semester) Student Of Shree Durga Tech. PPT.pptx
byrashesw1122s
 
PPTX
unit v awp IN ANTENNA AND WAVE PROP IN JNTUH
byTCEKPEDDAPALLI
 
PDF
Microcontroller Notes Final 2016 April june.pdf
bypmuiruri768
 
PDF
Basics of Electronics Task by Vivaan Jo Varghese.pdf
byVivaan Jo Varghese
 
PDF
(en/zhTW) Heterogeneous System Architecture: Design & Performance
byDanny Jiang
 
PDF
Shear Strength of Soil (Direct shear test).pdf
byMahmoodKhalid11
 
PDF
Plasticity and Structure of Soil/Atterberg Limits.pdf
byMahmoodKhalid11
 
PPTX
INTEGRATED COMMUNICATION AND SENSING Presentation.pptx
byNanaAgyeman13
 
PPTX
Fuel Injection Pump Test Bench – Precision Testing & Calibration for Diesel E...
byNeometrix_Engineering_Pvt_Ltd
 
PPTX
traffic safety section seven (Traffic Control and Management) of Act
byazeRakeshSunariMagar
 
PPTX
A professional presentation on Cosmos Bank Heist
byssuser7f0075
 
PPTX
Why TPM Succeeds in Some Plants and Struggles in Others | MaintWiz
byMaintWiz Technologies Private Limited
 
PPTX
How Does LNG Regasification Work | INOXCVA
byINOXCVA
 
PDF
Unit Weight in Term of Volumetric Water Content.pdf
byMahmoodKhalid11
 
PDF
Unit-I Process Management 1.9 Scheduling Criteria, Scheduling Algorithms
bySanjay Gunjal
 
PDF
MoD_2.pptx solid rockets of the rocket.pdf
byrajaashish82988
 
PDF
Computer Network Lab Manual ssit -kavya r.pdf or Computer Network Lab Manual ...
bykavya R
 
PDF
Creating a Multi-Agent Flow: Orchestrate multiple specialized agents into a p...
byJhonatan Salazar
 
Every Plant Has a Weak Link: How AI CMMS Exposes Hidden Reliability Risks
byMaintWiz Technologies Private Limited
 
PROBLEM SLOVING AND PYTHON PROGRAMMING UNIT 3.pdf
byA R SIVANESH M.E., QIP-PG (Cyber Security)., (Ph.D)
 
Batch-1(End Semester) Student Of Shree Durga Tech. PPT.pptx
byrashesw1122s
 
unit v awp IN ANTENNA AND WAVE PROP IN JNTUH
byTCEKPEDDAPALLI
 
Microcontroller Notes Final 2016 April june.pdf
bypmuiruri768
 
Basics of Electronics Task by Vivaan Jo Varghese.pdf
byVivaan Jo Varghese
 
(en/zhTW) Heterogeneous System Architecture: Design & Performance
byDanny Jiang
 
Shear Strength of Soil (Direct shear test).pdf
byMahmoodKhalid11
 
Plasticity and Structure of Soil/Atterberg Limits.pdf
byMahmoodKhalid11
 
INTEGRATED COMMUNICATION AND SENSING Presentation.pptx
byNanaAgyeman13
 
Fuel Injection Pump Test Bench – Precision Testing & Calibration for Diesel E...
byNeometrix_Engineering_Pvt_Ltd
 
traffic safety section seven (Traffic Control and Management) of Act
byazeRakeshSunariMagar
 
A professional presentation on Cosmos Bank Heist
byssuser7f0075
 
Why TPM Succeeds in Some Plants and Struggles in Others | MaintWiz
byMaintWiz Technologies Private Limited
 
How Does LNG Regasification Work | INOXCVA
byINOXCVA
 
Unit Weight in Term of Volumetric Water Content.pdf
byMahmoodKhalid11
 
Unit-I Process Management 1.9 Scheduling Criteria, Scheduling Algorithms
bySanjay Gunjal
 
MoD_2.pptx solid rockets of the rocket.pdf
byrajaashish82988
 
Computer Network Lab Manual ssit -kavya r.pdf or Computer Network Lab Manual ...
bykavya R
 
Creating a Multi-Agent Flow: Orchestrate multiple specialized agents into a p...
byJhonatan Salazar
 

Cloud computing final show

  • 1.
    Wave of theFuture… Presented by: Ahmed Taha Abdel_kariem Mahmoud Mohamed Abd El Salam Ahmed Kandil Supervised by: Dr. Ashraf Tamam 03/01/15
  • 2.
    Demo Contents INTRODUCTION DEFINITION –HISTORY – ATTRIBUTES – CHARCTERSITICS – ADVANTAGE – DISADVENTAGE CLOUD MODELS DELIVERY MODEL – DEPLOYMENT MODEL CLOUD SECURITY AND PRIVACY SECURITY – PRIVACY – THREAT - TAXNOMY OF FEAR – PROBLEM – SOLUTION COMMENTS OTHER ISSUE WHY CC IMPORTANT – FUTURE WORK – CONCLUSION
  • 4.
    What is CloudComputing? new class of network based computing that takes place over the Internet. hide the complexity and details of the underlying infrastructure.
  • 5.
    • Shared poolof configurable computing resources • Just a web browser and your account with password! – Once you login, the device is “yours”. What is Cloud Computing(Other)?
  • 6.
    History of CloudComputing? concept dated in 1960’s . term ‘Cloud’ used in early 1990’s. IBM detailed it in 2001.Amazon datacenters in 2005. In 2007 Google, IBM stated large scale CC research project .in 2008 CC gained popularity.
  • 7.
  • 9.
    Attributes  Rapid deployment Low startup costs  Costs based on usage  Multi-tenant sharing
  • 10.
     Cost (Soldon Demand)  Ubiquitous:“always on!,anywhere,any place”  Device and Location Independence  Reliability  Scalability  Security Cloud Computing characteristics
  • 11.
     Sustainability  Serviceis fully managed by the provider  Homogeneity  Virtualization  Resilient Computing Cloud Computing characteristics
  • 13.
    Lower computer costs Improvedperformance(boot & run) Reduced software costs Latest version availability
  • 14.
    Instant software updates Increaseddata reliability(sys crash &data) Improved document format compatibility Universal document access
  • 15.
    Requires constant Internet– intranet connection Features might be limited Stored data might not be secure Stored data can be lost General Concerns(different protocols):
  • 19.
    Infrastructure as aService (IaaS) : Consumers gets access to the infrastructure to deploy their stuff.
  • 21.
    Platform as aService (PaaS) : User Deploys customer-created applications to a cloud .
  • 23.
    Software as aService (SaaS) : Use provider’s applications over a network .
  • 31.
    Public : Cloudinfrastructure is available to the general public, owned by org selling cloud services
  • 32.
    Private : Cloudinfrastructure for single org only, may be managed by the organization or a 3rd party
  • 33.
    Hybrid : Comboof >=2 clouds bound by standard technology (composition of two or more clouds )
  • 34.
    Community : Cloudinfrastructure shared by several orgs, managed by org or 3rd party
  • 35.
    Public Cloud Cloudinfrastructure made available to the general public. Private Cloud Cloud infrastructure operated solely for an organization. Hybrid Cloud Cloud infrastructure composed of two or more clouds Community Cloud Cloud infrastructure shared by several organizations and supporting a specific community
  • 39.
    Security is thenecessary steps to protect a person or property from harm. (direct action - indirect action). [Reference: Lecture Notes] Privacy rights are related to collection, use, disclosure, storage, and destruction of personal data , PII (Personally Identifiable Information).
  • 40.
    1. Storage. 2. Retention. 3.Destruction. 4. Auditing, monitoring and risk management. 5. Privacy Breaches. 40
  • 41.
    You can Fullreliance on a third party to protect personal data (Data breaches have a cascading effects) Many new risks and unknowns appears (complexity) 41
  • 42.
    42 • Personal informationshould be managed as part of the data used by the organization • Protection of personal information should consider the impact of the cloud on each phase
  • 43.
    Research conducted byCloud Security Alliance (CSA) in 2010 and 2013. The aim was to aid both cloud customers and cloud providers is to provide needed context to assist organizations in making educated risk management decisions regarding their cloud adoption strategies. 43
  • 44.
    1. Threat #1:Abuse and Nefarious Use of Cloud Computing 2. Threat #2: Insecure Interfaces and APIs 3. Threat #3: Malicious Insiders 4. Threat #4: Shared Technology Issues 5. Threat #5: Data Loss or Leakage 6. Threat #6: Account or Service Hijacking 7. Threat #7: Unknown Risk Profile [Reference: CSA: Top Threats to Cloud Computing V1.0 Prepared by the Cloud Security Alliance March 2010] 44
  • 45.
    Problem: Criminals continueto leverage new technologies to improve their reach, avoid detection, and improve the effectiveness of their activities Affected Layers: Suggested Solutions: 1. Stricter initial registration and validation processes. 2. Enhanced credit card fraud monitoring and coordination. 3. Comprehensive introspection of customer network traffic. 4. Monitoring public blacklists for one’s own network blocks. 45
  • 46.
    46 Problem: CSP exposea set of software interfaces or APIs that customers use to manage and interact with cloud services. The security and availability of general cloud services is dependent upon the security of these basic APIs. From authentication and access control to encryption. Affected Layers: Suggested Solutions: 1. Analyze the security model of cloud provider interfaces. 2. Ensure strong authentication and access controls are 3. Implemented in concert with encrypted transmission. 4. Understand the dependency chain associated with the API.
  • 47.
    47 Problem: A CSPmay not reveal how it grants employees access to physical and virtual assets, how it monitors these employees, or how it analyzes and reports on policy compliance. To complicate matters, there is often little or no visibility into the hiring standards and practices for cloud employees. Affected Layers: Suggested Solutions: 1. Enforce strict supply chain management and conduct a comprehensive supplier assessment. 2. Specify human resource requirements as part of legal contracts. 3. Require transparency into overall information security and management practices, as well as compliance reporting. 4. Determine security breach notification processes.
  • 48.
    48 Problem: IaaS vendorsdeliver their services in a scalable way by sharing infrastructure. Often, the underlying components that make up this infrastructure (e.g.CPU caches, GPUs, etc.) were not designed to offer strong isolation properties for a multi-tenant architecture. Affected Layers: Suggested Solutions: 1. Implement security best practices for installation/configuration. 2. Monitor environment for unauthorized changes/activity. 3. Promote strong authentication and access control for administrative access and operations. 4. Enforce service level agreements for patching and vulnerability remediation. 5. Conduct vulnerability scanning and configuration audits
  • 49.
    49 Problem: There aremany ways to compromise data. Deletion or alteration of records without a backup of the original content is an obvious example. Unlinking a record from a larger context may render it unrecoverable, as can storage on unreliable media. Affected Layers: Suggested Solutions: 1. Implement strong API access control. 2. Encrypt and protect integrity of data in transit. 3. Analyzes data protection at both design and run time. 4. Implement strong key generation, storage and management, and destruction practices. 5. Contractually demand providers wipe persistent media before it is released into the pool. 6. Contractually specify provider backup and retention strategies.
  • 50.
    50 Problem: Account andservice hijacking, usually with stolen credentials, remains a top threat. Attack methods such as phishing, fraud, and exploitation of software vulnerabilities still achieve results. Credentials and passwords are often reused, which amplifies the impact of such attacks. Affected Layers: Suggested Solutions: 1. Prohibit the sharing of account credentials between users and services. 2. Leverage strong two-factor authentication techniques where possible. 3. Employ proactive monitoring to detect unauthorized activity. 4. Understand cloud provider security policies and SLAs.
  • 51.
    Problem: When adoptinga cloud service, the features and functionality may be well advertised, but what about details or compliance of the internal security procedures, configuration hardening, patching, auditing, and logging? How are your data and related logs stored and who has access to them? What information if any will the vendor disclose in the event of a security incident? Affected Layers: Suggested Solutions: 1. Disclosure of applicable logs and data. 2. Partial/full disclosure of infrastructure details (e.g., patch levels, firewalls, etc.). 3. Monitoring and alerting on necessary information.
  • 52.
    1. Threat #1:Data Breaches (aka: Leakage) 2. Threat #2: Data Loss 3. Threat #3: Account or Service Hijacking 4. Threat #4: Insecure Interfaces and APIs 5. Threat #5: Denial of Service 6. Threat #6: Malicious Insiders 7. Threat #7: Abuse and Nefarious Use of Cloud Computing 8. Threat #8: Unknown Risk Profile 9. Threat #9: Shared Technology Issues [Reference: CSA, Top Threats Working Group, "The Notorious Nine", Cloud Computing Top Threats in 2013, February 2013] 52
  • 53.
    Problem: Denial ofService attacks to prevent the users from using/accessing the Cloud Service either their data or applications. Affected Layers: Controls: 1. CCM IS-04: Information Secuirty - Baseline Requirements 2. CCM OP-03: Operations Management - Capacity/Resource Planning 3. CCM RS-07: Resiliency - Equipment Power Failures 4. CCM SA-04: Security Archtecture - Application Se.
  • 55.
    Confidentiality Fear of lossof control over data Will sensitive data stored on a cloud remain confidential? Will the cloud provider itself be honest and won’t peek into the data? 55
  • 56.
    Integrity How do Iknow that the cloud provider is doing the computations correctly? How do I ensure that the cloud provider really stored my data without tampering with it? 56
  • 57.
    Availability Will critical systemsgo down at the client, if the provider is attacked in a Denial of Service attack? What happens if cloud provider goes out of business? Would cloud scale well-enough? 57
  • 58.
    Auditability and forensics itis Difficult to audit data held outside organization in a cloud also Forensics made difficult
  • 59.
    •Privacy issues raisedvia massive data mining Cloud now stores data from a lot of clients, and can run data mining algorithms to get large amounts of information on clients
  • 60.
    • Increased attacksurface o Attackers can now target the communication link between cloud provider and client 60
  • 61.
    Legal quagmire andtransitive trust issues If cloud provider subcontracts to third party clouds, will the data still be secure? (complying with regulations)
  • 63.
    Most security problemscomes from 3 reasons: Loss of control Lack of trust Multi-tenancy
  • 64.
    Consumer’s loss ofcontrol : Data, applications, resources , User access control rules, security policies are managed by CSP
  • 65.
    Consumer relies onprovider to ensure : Data security and privacy - Resource availability - Monitoring and repairing of services/resources
  • 66.
    People only trustwhen it pays Need for trust arises only in risky situations Trusting a third party requires taking risks
  • 67.
    Cloud Computing bringsnew threats science users share same physical infrastructure so attacker can be in same physical machine as target There is Conflict between tenants’ opposing goals so How to provide strong separation between tenants?
  • 68.
    Minimize Loss ofControl Monitoring - Utilizing different clouds - Access control management Minimize Lack of Trust Policy Language - Certification Minimize Multi-tenancy Private cloud - Strong separation 68
  • 69.
     Requires anapplication-specific run-time monitoring and management tool for the consumer ( Enable both the provider and tenants to monitor the components in the cloud that are under their control)
  • 70.
    Propose a multi-cloud(use services from different clouds) in which users Spread the risk - Increase redundancy - Increase chance of mission completion for critical apps. Issues :Policy incompatibility - Data dependency between clouds - Data redundancy - spread your sensitive data .
  • 71.
    Many possible layersof access control ( access to the cloud - access to servers - access to services .. etc )  Federated Identity Management: access control management burden still lies with the provider .  Consumer-managed access control : requiring less trust of the provider.
  • 72.
    User on Amazon Cloud 1.Name 2. E-mail 3. Password 4. Billing Address 5. Shipping Address 6. Credit Card 1. Name 2. E-mail 3. Shipping Address 1. Name 2. Billing Address 3. Credit Card 1. Name 2. E-mail 3. Password 4. Billing Address 5. Shipping Address 6. Credit Card 1. Name 2. E-mail 3. Shipping Address
  • 73.
    User on Amazon Cloud 1.Name 2. E-mail 3. Password 4. Billing Address 5. Shipping Address 6. Credit Card 1. Name 2. Billing Address 3. Credit Card
  • 74.
    Create policy languagewhich is :(Machine-understandable - Easy to combine/merge and compare - Need a validation tool to check that the policy created in the standard language correctly reflects the policy creator’s intentions
  • 75.
    • Create SomeCertification : Some form of reputable, independent, comparable assessment and description of security features and assurance. • Risk assessment : Performed by certified third parties
  • 76.
    Can’t really forcethe provider to accept less tenants  Use Private cloud  Use Strong isolation techniques.  increase trust in the tenants  Use SLAs (A service level agreement ) to enforce trusted behavior
  • 78.
    Big black box,nothing is visible , complexity. CSP can have malicious system admins who can violate confidentiality and integrity confidentiality, integrity, availability, and privacy issues. 78
  • 79.
  • 80.
    Future works The mainstreamadoption of cloud computing could cause many problems for users Trend of large vendors entering CC will accelerate rapidly.  Still have to look for too many areas in open researches like security, management … etc. Commercial offerings are proprietary and usually not open for cloud systems research and development
  • 81.
    Cloud computing issometimes viewed as a reincarnation of the classic mainframe client-server model, However, it has too many attributes ,characteristics , advantages and disadvantages. Cloud delivery models are Saas , Paas and Iaas, while Cloud deployment models are Public , Private , Hybrid and Community. In Cloud computing security issues it may be helpful to identify the problems and approaches in terms of : Loss of control - Lack of trust - Multi-tenancy problems Future works in CC are still have big issue in terms of security – management ….etc.
  • 82.

Editor's Notes

  • #6 Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. cloud computing customers do not own the physical infrastructure. Cloud computing users avoid capital expenditure (CapEx) on hardware, software, and services when they pay a provider only for what they use. Low shared infrastructure and costs, low management overhead, and immediate access to a broad range of applications
  • #10 Government and Military sectors: complicated procurement rules and stringent security requirements Cloud-based categories: Cloud-based applications (SAAS) Cloud-based development (e.g. Google App Engine) Cloud-based infrastructure (e.g. Amazon’s EC2)
  • #64 Data mobility: the ability to share data between cloud services Where does data reside? - out-of-state, out-of-country issues Security Concerns for government in particular FISMA How to certify and accredit cloud computing providers under FISMA (e.g. ISO 27001)
  • #67 Chiles and McMakin (1996) define trust as increasing one’s vulnerability to the risk of opportunistic behavior of another whose behavior is not under one’s control in a situation in which the costs of violating the trust are greater than the benefits of upholding the trust. Trust here means mostly lack of accountability and verifiability
  • #68 Who are my neighbors? What is their objective? They present another facet of risk and trust requirements
  • #70 When the underlying components fail in the cloud, the effect of the failures to the mission logic needs to be known so that correct recovery measures can be performed. We propose an application-specific run-time monitoring and management tool. With this tool, the application logic can remain on the consumer’s host computer. This allows the consumer to centrally monitor all aspects of the application as well as data flow. Since all outputs from underlying services are sent to the application logic, any data incompatibility between services is not an issue. The capabilities of the run-time monitoring and management tool are as follows: 1) Enable application user to determine the status of the cloud resources that may be used to run the application (across multiple clouds), 2)  Enable application user to determine the real-time security posture and situational awareness of the application, 3) Provide the application user with the ability to move user’s application (or part of it) to another site (other VM in same cloud or different cloud altogether), 4) Provide the application user with the ability to change the application logic on the fly, 5) Provide communicate capabilities with cloud providers. There are a few cloud vendors such as NimSoft [41] and Hyperic [42] that provide application-specific monitoring tools that provide some of the above functionality. These monitoring tools may be further enhanced or used in conjunction with other tools to provide the degree of monitoring required. However, any tool that is to be used for military purposes must also receive some type of accreditation and certification procedure.
  • #71 Differering data semantics example: does a data item labeled secret in one cloud have the same semantics as another piece of data also labeled secret in a different cloud?
  • #72 In cloud computing (as well as other systems), there are many possible layers of access control. For example, access to the cloud, access to servers, access to services, access to databases (direct and queries via web services), access to VMs, and access to objects within a VM. Depending on the deployment model used, some of these will be controlled by the provider and others by the consumer. For example, Google Apps, a representative SaaS Cloud controls authentication and access to its applications, but users themselves can control access to their documents through the provided interface to the access control mechanism. In IaaS type approaches, the user can create accounts on its virtual machines and create access control lists for these users for services located on the VM. Regardless of the deployment model, the provider needs to manage the user authentication and access control procedures (to the cloud). While some providers allow federated authentication – enabling the consumer-side to manage its users, the access control management burden still lies with the provider. This requires the user to place a large amount of trust on the provider in terms of security, management, and maintenance of access control policies. This can be burdensome when numerous users from different organizations with different access control policies, are involved. This proposal focuses on access control to the cloud. However, the concepts here could be applied to access control at any level, if deemed necessary. We propose a way for the consumer to manage the access control decision-making process to retain some control, requiring less trust of the provider. Approach: This approach requires the client and provider to have a pre-existing trust relationship, as well as a pre-negotiated standard way of describing resources, users, and access decisions between the cloud provider and consumer. It also needs to be able to guarantee that the provider will uphold the consumer-side’s access decisions. Furthermore, we need to show that this approach is at least as secure as the traditional access control model. This approach requires the data owner to be involved in all requests. Therefore, frequent access scenarios should not use this method if traffic is a concern. However, many secure data outsourcing schemes require the user to grant keys/certificates to the query side, so that every time the user queries a database, the owner needs to be involved. Therefore, not much different than that so may not be a problem.
  • #75 These SLAs typically state the high level policies of the provider (e.g. Will maintain uptime of 98%) and do not allow cloud consumers to dictate their requirements to the provider. COI clouds in particular have specific security policy requirements that must be met by the provider, due to the nature of COIs and the missions they are used for. These requirements need to be communicated to the provider and the provider needs to provide some way of stating that the requirements can be met. Cloud consumers and providers need a standard way of representing their security requirements and capabilities. Consumers also need a way to verify that the provided infrastructure and its purported security mechanisms meet the requirements stated in the consumer’s policy (proof of assertions). For example, if the consumer’s policy requires isolation of VMs, the provider can create an assertion statement that says it uses cache separation to support VM isolation.
  • #83 http://www.opencrowd.com/assets/images/views/views_cloud-tax-lrg.png