SlideShare a Scribd company logo

Cloud Computing Security Topics

Download as PPTX, PDF
I
insoonjo

The document discusses security issues related to cloud computing including traditional problems like data loss and downtime as well as new issues introduced by cloud architectures like lack of a security perimeter, increased attack surface from virtualization, and challenges around data confidentiality, integrity and availability when data is stored, processed and transmitted remotely in the cloud. Virtualization introduces additional security risks around hypervisor vulnerabilities, VM isolation, and state restoration that could allow compromised VMs to persist.

Technology
1 of 26
Cloud Computing Security 조인순
2 Topics 1. What is Cloud Computing? 2. The Same Old Security Problems 3. Virtualization Security 4. New Security Issues and Threat Model 5. Data Security
3 What is Cloud Computing? “Cloud computing is a model for enabling conveni- ent, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with mini- mal management effort or service provider interac- tion.” NIST definition of Cloud Computing
4 Cloud Service Architectures as Layers
5 Cloud Service Models Abstraction Layers
6 Multi-Tenancy
7 Cloud Deployment Architectures
8 Same Old Security Issues 1. Data Loss 2. Downtimes 3. Phishing 4. Password Cracking 5. Botnets and Other Malware
9 Data Loss "Regrettably, based on Microsoft/Danger's latest recovery assessment of their systems, we must now inform you that personal information stored on your device—such as contacts, calendar entries, to-do lists or photos—that is no longer on your Sidekick almost certainly has been lost as a result of a server failure at Microsoft/Danger.”
10 Downtimes
11 Phishing “hey! check out this funny blog about you”
12 Password Cracking
13 Botnets and Malware
14 Virtualization Security 1. Features 1. Isolation 2. Snapshots 2. Issues 1. State Restore 2. Hypervisor Security 3. Inner-VM Attacks 4. Scaling
15 Isolation • More than running 2 apps on same server • Less than running on 2 physical servers
16 Snapshots • VMs can record state • In event of security incident, revert VM back to an uncompromised state • Must be sure to patch VM to avoid recurrence of compromise
17 State Restore • VMs can be restored to an infected or vulnerable state using snapshots. • Patching becomes undone. • Worms persist at low level forever due to reappearance of infected and vulnerable VMs.
18 Hypervisor Security • Vulnerability consequences ▫ Guest code execution with privilege ▫ VM Escape (Host code execution) Vendor CVEs KVM 32 QEMU 23 VirtualBox 9 VMware 126 Xen 86
19 Inner-VM Attacks • Attack via shared clipboard • Use shared folder to alter other VM’s disk image
20 Scaling • Growth in physical machines limited by budget and setup time • Adding a VM is easy as copying a file, leading to explosive growth in VMs • Rapid scaling can exceed capacity of organization’s security systems
21 New Security Issues 1. No Security Perimeter 2. Larger Attack Surface 3. New Side Channels 4. Lack of Auditability 5. Data Security
22 No Security Perimeter • Little control over physical or network location of cloud instance VMs • Network access must be controlled on a host by host basis
23 Larger Attack Surface Cloud Provider Your Network
24 New Side Channels • You don’t know whose VMs are sharing the physical machine with you. ▫ Attackers can place their VMs on your machine. ▫ See “Hey, You, Get Off of My Cloud” paper for how. • Shared physical resources include ▫ CPU data cache: Bernstein 2005 ▫ CPU branch prediction: Onur Aciiçmez 2007 ▫ CPU instruction cache: Onur Aciiçmez 2007 • In single OS environment, people can extract crypto graphic keys with these attacks.
25 Lack of Auditability • Only cloud provider has access to full network tr affic, hypervisor logs, physical machine data. • Need mutual auditability ▫ Ability of cloud provider to audit potentially malici ous or infected client VMs. ▫ Ability of cloud customer to audit cloud provider e nvironment.
26 Data Security Symmetric Homomorphic SSL Encryption Encryption Confidentiality MAC Homomorphic SSL Integrity Encryption Redundancy Redundancy Redundancy Availability Storage Processing Transmission

Recommended

Security in a Virtualised Environment
Security in a Virtualised EnvironmentSecurity in a Virtualised Environment
Security in a Virtualised EnvironmentPeter Wood
 
Virtualization security
Virtualization securityVirtualization security
Virtualization securityAhmed Nour
 
Virtualization Security
Virtualization SecurityVirtualization Security
Virtualization Securitysyrinxtech
 
Virtual machine security
Virtual machine securityVirtual machine security
Virtual machine securityJacob Zvirikuzhe
 
Virtually Secure: Uncovering the risks of virtualization
Virtually Secure: Uncovering the risks of virtualizationVirtually Secure: Uncovering the risks of virtualization
Virtually Secure: Uncovering the risks of virtualizationSeccuris Inc.
 
NSX 9 Core Use Cases
NSX 9 Core Use CasesNSX 9 Core Use Cases
NSX 9 Core Use CasesKevin Groat
 
WHITE PAPER: Threats to Virtual Environments - Symantec Security Response Team
WHITE PAPER: Threats to Virtual Environments - Symantec Security Response TeamWHITE PAPER: Threats to Virtual Environments - Symantec Security Response Team
WHITE PAPER: Threats to Virtual Environments - Symantec Security Response TeamSymantec
 
Virtualization securityv2
Virtualization securityv2Virtualization securityv2
Virtualization securityv2vivekbhat
 

Recommended

Security in a Virtualised Environment
Security in a Virtualised EnvironmentSecurity in a Virtualised Environment
Security in a Virtualised EnvironmentPeter Wood
 
Virtualization security
Virtualization securityVirtualization security
Virtualization securityAhmed Nour
 
Virtualization Security
Virtualization SecurityVirtualization Security
Virtualization Securitysyrinxtech
 
Virtual machine security
Virtual machine securityVirtual machine security
Virtual machine securityJacob Zvirikuzhe
 
Virtually Secure: Uncovering the risks of virtualization
Virtually Secure: Uncovering the risks of virtualizationVirtually Secure: Uncovering the risks of virtualization
Virtually Secure: Uncovering the risks of virtualizationSeccuris Inc.
 
NSX 9 Core Use Cases
NSX 9 Core Use CasesNSX 9 Core Use Cases
NSX 9 Core Use CasesKevin Groat
 
WHITE PAPER: Threats to Virtual Environments - Symantec Security Response Team
WHITE PAPER: Threats to Virtual Environments - Symantec Security Response TeamWHITE PAPER: Threats to Virtual Environments - Symantec Security Response Team
WHITE PAPER: Threats to Virtual Environments - Symantec Security Response TeamSymantec
 
Virtualization securityv2
Virtualization securityv2Virtualization securityv2
Virtualization securityv2vivekbhat
 
Virtualization security and threat
Virtualization security and threatVirtualization security and threat
Virtualization security and threatAmmarit Thongthua ,CISSP CISM GXPN CSSLP CCNP
 
VMworld 2014: ESXi Hypervisor Security
VMworld 2014: ESXi Hypervisor SecurityVMworld 2014: ESXi Hypervisor Security
VMworld 2014: ESXi Hypervisor SecurityVMworld
 
Detecting virtual machine co residency in cloud computing with active traffic...
Detecting virtual machine co residency in cloud computing with active traffic...Detecting virtual machine co residency in cloud computing with active traffic...
Detecting virtual machine co residency in cloud computing with active traffic...James A. Savage
 
Virtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit PerspectivesVirtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit PerspectivesJason Chan
 
Virtual Networking Security - Network Security
Virtual Networking Security - Network SecurityVirtual Networking Security - Network Security
Virtual Networking Security - Network SecurityEng Teong Cheah
 
VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...
VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...
VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...VMware
 
The Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSXThe Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSXScott Lowe
 
Security in windows azure
Security in windows azureSecurity in windows azure
Security in windows azurePatriek van Dorp
 
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld
 
What's New in VMware vSphere 5.0 - Storage
What's New in VMware vSphere 5.0 - StorageWhat's New in VMware vSphere 5.0 - Storage
What's New in VMware vSphere 5.0 - StorageVMware
 
µ-Xen
µ-Xenµ-Xen
µ-XenLars Kurth
 
NFV Security PPT
NFV Security PPTNFV Security PPT
NFV Security PPTNisarg Shah
 
Campus jueves
Campus juevesCampus jueves
Campus juevescampus party
 
3671 managing the v sphere distributed switch
3671 managing the v sphere distributed switch3671 managing the v sphere distributed switch
3671 managing the v sphere distributed switchMayotravels.com
 
VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture VMworld
 
What’s New in vCloud Director 1.5
What’s New in vCloud Director 1.5What’s New in vCloud Director 1.5
What’s New in vCloud Director 1.5Eric Sloof
 
Virtualization and Security: Complexity is a Virtual Certainty
Virtualization and Security: Complexity is a Virtual CertaintyVirtualization and Security: Complexity is a Virtual Certainty
Virtualization and Security: Complexity is a Virtual Certaintydigitallibrary
 
Network Function Virtualization - Security Best Practices AtlSecCon 2015
Network Function Virtualization - Security Best Practices AtlSecCon 2015Network Function Virtualization - Security Best Practices AtlSecCon 2015
Network Function Virtualization - Security Best Practices AtlSecCon 2015Winston Morton
 
VMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyVMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyFilip Verloy
 
Lock it Down with Nutanix Security
Lock it Down with Nutanix SecurityLock it Down with Nutanix Security
Lock it Down with Nutanix SecurityNEXTtour
 
O&C poster 3
O&C poster 3O&C poster 3
O&C poster 3minju-kim
 
O&c poster 1
O&c poster 1O&c poster 1
O&c poster 1minju-kim
 

More Related Content

What's hot

VMworld 2014: ESXi Hypervisor Security
VMworld 2014: ESXi Hypervisor SecurityVMworld 2014: ESXi Hypervisor Security
VMworld 2014: ESXi Hypervisor SecurityVMworld
 
Detecting virtual machine co residency in cloud computing with active traffic...
Detecting virtual machine co residency in cloud computing with active traffic...Detecting virtual machine co residency in cloud computing with active traffic...
Detecting virtual machine co residency in cloud computing with active traffic...James A. Savage
 
Virtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit PerspectivesVirtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit PerspectivesJason Chan
 
Virtual Networking Security - Network Security
Virtual Networking Security - Network SecurityVirtual Networking Security - Network Security
Virtual Networking Security - Network SecurityEng Teong Cheah
 
VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...
VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...
VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...VMware
 
The Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSXThe Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSXScott Lowe
 
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld
 
What's New in VMware vSphere 5.0 - Storage
What's New in VMware vSphere 5.0 - StorageWhat's New in VMware vSphere 5.0 - Storage
What's New in VMware vSphere 5.0 - StorageVMware
 
NFV Security PPT
NFV Security PPTNFV Security PPT
NFV Security PPTNisarg Shah
 
3671 managing the v sphere distributed switch
3671 managing the v sphere distributed switch3671 managing the v sphere distributed switch
3671 managing the v sphere distributed switchMayotravels.com
 
VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture VMworld
 
What’s New in vCloud Director 1.5
What’s New in vCloud Director 1.5What’s New in vCloud Director 1.5
What’s New in vCloud Director 1.5Eric Sloof
 
Virtualization and Security: Complexity is a Virtual Certainty
Virtualization and Security: Complexity is a Virtual CertaintyVirtualization and Security: Complexity is a Virtual Certainty
Virtualization and Security: Complexity is a Virtual Certaintydigitallibrary
 
Network Function Virtualization - Security Best Practices AtlSecCon 2015
Network Function Virtualization - Security Best Practices AtlSecCon 2015Network Function Virtualization - Security Best Practices AtlSecCon 2015
Network Function Virtualization - Security Best Practices AtlSecCon 2015Winston Morton
 
VMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyVMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyFilip Verloy
 
Lock it Down with Nutanix Security
Lock it Down with Nutanix SecurityLock it Down with Nutanix Security
Lock it Down with Nutanix SecurityNEXTtour
 

What's hot (20)

Virtualization security and threat
Virtualization security and threatVirtualization security and threat
Virtualization security and threat
 
VMworld 2014: ESXi Hypervisor Security
VMworld 2014: ESXi Hypervisor SecurityVMworld 2014: ESXi Hypervisor Security
VMworld 2014: ESXi Hypervisor Security
 
Detecting virtual machine co residency in cloud computing with active traffic...
Detecting virtual machine co residency in cloud computing with active traffic...Detecting virtual machine co residency in cloud computing with active traffic...
Detecting virtual machine co residency in cloud computing with active traffic...
 
Virtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit PerspectivesVirtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit Perspectives
 
Virtual Networking Security - Network Security
Virtual Networking Security - Network SecurityVirtual Networking Security - Network Security
Virtual Networking Security - Network Security
 
VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...
VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...
VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...
 
The Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSXThe Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSX
 
Security in windows azure
Security in windows azureSecurity in windows azure
Security in windows azure
 
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX
 
What's New in VMware vSphere 5.0 - Storage
What's New in VMware vSphere 5.0 - StorageWhat's New in VMware vSphere 5.0 - Storage
What's New in VMware vSphere 5.0 - Storage
 
µ-Xen
µ-Xenµ-Xen
µ-Xen
 
NFV Security PPT
NFV Security PPTNFV Security PPT
NFV Security PPT
 
Campus jueves
Campus juevesCampus jueves
Campus jueves
 
3671 managing the v sphere distributed switch
3671 managing the v sphere distributed switch3671 managing the v sphere distributed switch
3671 managing the v sphere distributed switch
 
VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture
 
What’s New in vCloud Director 1.5
What’s New in vCloud Director 1.5What’s New in vCloud Director 1.5
What’s New in vCloud Director 1.5
 
Virtualization and Security: Complexity is a Virtual Certainty
Virtualization and Security: Complexity is a Virtual CertaintyVirtualization and Security: Complexity is a Virtual Certainty
Virtualization and Security: Complexity is a Virtual Certainty
 
Network Function Virtualization - Security Best Practices AtlSecCon 2015
Network Function Virtualization - Security Best Practices AtlSecCon 2015Network Function Virtualization - Security Best Practices AtlSecCon 2015
Network Function Virtualization - Security Best Practices AtlSecCon 2015
 
VMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyVMUGbe 21 Filip Verloy
VMUGbe 21 Filip Verloy
 
Lock it Down with Nutanix Security
Lock it Down with Nutanix SecurityLock it Down with Nutanix Security
Lock it Down with Nutanix Security
 

Viewers also liked

O&C poster 3
O&C poster 3O&C poster 3
O&C poster 3minju-kim
 
O&c poster 1
O&c poster 1O&c poster 1
O&c poster 1minju-kim
 
Sunum gülçin kirca
Sunum gülçin kircaSunum gülçin kirca
Sunum gülçin kircadeniz44
 
O&c poster 2
O&c poster 2O&c poster 2
O&c poster 2minju-kim
 
NNSA CIO Bob Osborn Introduces the CSL at ISRCS 2012
NNSA CIO Bob Osborn Introduces the CSL at ISRCS 2012NNSA CIO Bob Osborn Introduces the CSL at ISRCS 2012
NNSA CIO Bob Osborn Introduces the CSL at ISRCS 2012Mike Fisk
 
O&C poster 2
O&C poster 2O&C poster 2
O&C poster 2minju-kim
 
Preliminary Research - Analysing Promotional Campaigns
Preliminary Research - Analysing Promotional Campaigns Preliminary Research - Analysing Promotional Campaigns
Preliminary Research - Analysing Promotional Campaigns minju-kim
 
구글을 지탱하는 기술
구글을 지탱하는 기술구글을 지탱하는 기술
구글을 지탱하는 기술semi06
 
구글을 지탱하는 기술
구글을 지탱하는 기술구글을 지탱하는 기술
구글을 지탱하는 기술JooWan
 
구글을 지탱하는 기술 요약 - Google 검색
구글을 지탱하는 기술 요약 - Google 검색구글을 지탱하는 기술 요약 - Google 검색
구글을 지탱하는 기술 요약 - Google 검색혜웅 박
 
Big table
Big tableBig table
Big tablePSIT
 
Google Bigtable Paper Presentation
Google Bigtable Paper PresentationGoogle Bigtable Paper Presentation
Google Bigtable Paper Presentationvanjakom
 

Viewers also liked (18)

O&C poster 3
O&C poster 3O&C poster 3
O&C poster 3
 
O&c poster 1
O&c poster 1O&c poster 1
O&c poster 1
 
Sunum gülçin kirca
Sunum gülçin kircaSunum gülçin kirca
Sunum gülçin kirca
 
O&c poster 2
O&c poster 2O&c poster 2
O&c poster 2
 
NNSA CIO Bob Osborn Introduces the CSL at ISRCS 2012
NNSA CIO Bob Osborn Introduces the CSL at ISRCS 2012NNSA CIO Bob Osborn Introduces the CSL at ISRCS 2012
NNSA CIO Bob Osborn Introduces the CSL at ISRCS 2012
 
Video o&c
Video o&cVideo o&c
Video o&c
 
O&C poster 2
O&C poster 2O&C poster 2
O&C poster 2
 
Preliminary Research - Analysing Promotional Campaigns
Preliminary Research - Analysing Promotional Campaigns Preliminary Research - Analysing Promotional Campaigns
Preliminary Research - Analysing Promotional Campaigns
 
google Bigtable
google Bigtablegoogle Bigtable
google Bigtable
 
Bigtable
BigtableBigtable
Bigtable
 
구글을 지탱하는 기술
구글을 지탱하는 기술구글을 지탱하는 기술
구글을 지탱하는 기술
 
구글을 지탱하는 기술
구글을 지탱하는 기술구글을 지탱하는 기술
구글을 지탱하는 기술
 
구글을 지탱하는 기술 요약 - Google 검색
구글을 지탱하는 기술 요약 - Google 검색구글을 지탱하는 기술 요약 - Google 검색
구글을 지탱하는 기술 요약 - Google 검색
 
Big table
Big tableBig table
Big table
 
The Google Bigtable
The Google BigtableThe Google Bigtable
The Google Bigtable
 
Google Bigtable Paper Presentation
Google Bigtable Paper PresentationGoogle Bigtable Paper Presentation
Google Bigtable Paper Presentation
 
Google Big Table
Google Big TableGoogle Big Table
Google Big Table
 
GOOGLE BIGTABLE
GOOGLE BIGTABLEGOOGLE BIGTABLE
GOOGLE BIGTABLE
 

Similar to Cloud Computing Security Topics

Introduction to Cloud Security.pptx
Introduction to Cloud Security.pptxIntroduction to Cloud Security.pptx
Introduction to Cloud Security.pptxssuser0fc2211
 
663187411-UNIT-III-Virtualization-System-Specific-Attacks-1.pdf
663187411-UNIT-III-Virtualization-System-Specific-Attacks-1.pdf663187411-UNIT-III-Virtualization-System-Specific-Attacks-1.pdf
663187411-UNIT-III-Virtualization-System-Specific-Attacks-1.pdfpivanon243
 
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...Ixia
 
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld
 
Vmug birmingham mar2013 trendmicro
Vmug birmingham mar2013 trendmicroVmug birmingham mar2013 trendmicro
Vmug birmingham mar2013 trendmicrodvmug1
 
Cloud Computing using virtulization
Cloud Computing using virtulizationCloud Computing using virtulization
Cloud Computing using virtulizationAJIT NEGI
 
Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...Khazret Sapenov
 
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroVmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroGraeme Wood
 
Vss Security And Compliance For The Cloud
Vss Security And Compliance For The CloudVss Security And Compliance For The Cloud
Vss Security And Compliance For The CloudGraeme Wood
 
Top Ten Private Cloud Risks
Top Ten Private Cloud RisksTop Ten Private Cloud Risks
Top Ten Private Cloud RisksSymantec
 
virtualization(1).pptx
virtualization(1).pptxvirtualization(1).pptx
virtualization(1).pptxAkashRajBehera
 
Dal Desktop Al Disco Parte 2 - Virtualizzazione E Sicurezza
Dal Desktop Al Disco Parte 2 - Virtualizzazione E Sicurezza Dal Desktop Al Disco Parte 2 - Virtualizzazione E Sicurezza
Dal Desktop Al Disco Parte 2 - Virtualizzazione E Sicurezza Walter Moriconi
 
Cloud servers-new-risk-considerations
Cloud servers-new-risk-considerationsCloud servers-new-risk-considerations
Cloud servers-new-risk-considerationsAccenture
 
10 Cloud Security.pptx
10 Cloud Security.pptx10 Cloud Security.pptx
10 Cloud Security.pptx2020kucp1072
 
Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012Symantec
 
Securing your Cloud with Xen - SUSECon 2013
Securing your Cloud with Xen - SUSECon 2013Securing your Cloud with Xen - SUSECon 2013
Securing your Cloud with Xen - SUSECon 2013The Linux Foundation
 

Similar to Cloud Computing Security Topics (20)

Introduction to Cloud Security.pptx
Introduction to Cloud Security.pptxIntroduction to Cloud Security.pptx
Introduction to Cloud Security.pptx
 
663187411-UNIT-III-Virtualization-System-Specific-Attacks-1.pdf
663187411-UNIT-III-Virtualization-System-Specific-Attacks-1.pdf663187411-UNIT-III-Virtualization-System-Specific-Attacks-1.pdf
663187411-UNIT-III-Virtualization-System-Specific-Attacks-1.pdf
 
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
 
Cloud Computing Tools
Cloud Computing ToolsCloud Computing Tools
Cloud Computing Tools
 
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
 
Vmug birmingham mar2013 trendmicro
Vmug birmingham mar2013 trendmicroVmug birmingham mar2013 trendmicro
Vmug birmingham mar2013 trendmicro
 
Cloud Computing using virtulization
Cloud Computing using virtulizationCloud Computing using virtulization
Cloud Computing using virtulization
 
Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...
 
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroVmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend Micro
 
Vss Security And Compliance For The Cloud
Vss Security And Compliance For The CloudVss Security And Compliance For The Cloud
Vss Security And Compliance For The Cloud
 
Top Ten Private Cloud Risks
Top Ten Private Cloud RisksTop Ten Private Cloud Risks
Top Ten Private Cloud Risks
 
unit-2.pptx
unit-2.pptxunit-2.pptx
unit-2.pptx
 
virtualization(1).pptx
virtualization(1).pptxvirtualization(1).pptx
virtualization(1).pptx
 
virtualization.pptx
virtualization.pptxvirtualization.pptx
virtualization.pptx
 
Virtualization
VirtualizationVirtualization
Virtualization
 
Dal Desktop Al Disco Parte 2 - Virtualizzazione E Sicurezza
Dal Desktop Al Disco Parte 2 - Virtualizzazione E Sicurezza Dal Desktop Al Disco Parte 2 - Virtualizzazione E Sicurezza
Dal Desktop Al Disco Parte 2 - Virtualizzazione E Sicurezza
 
Cloud servers-new-risk-considerations
Cloud servers-new-risk-considerationsCloud servers-new-risk-considerations
Cloud servers-new-risk-considerations
 
10 Cloud Security.pptx
10 Cloud Security.pptx10 Cloud Security.pptx
10 Cloud Security.pptx
 
Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012
 
Securing your Cloud with Xen - SUSECon 2013
Securing your Cloud with Xen - SUSECon 2013Securing your Cloud with Xen - SUSECon 2013
Securing your Cloud with Xen - SUSECon 2013
 

Recently uploaded

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 

Recently uploaded (20)

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 

Cloud Computing Security Topics

  • 2. 2 Topics 1. What is Cloud Computing? 2. The Same Old Security Problems 3. Virtualization Security 4. New Security Issues and Threat Model 5. Data Security
  • 3. 3 What is Cloud Computing? “Cloud computing is a model for enabling conveni- ent, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with mini- mal management effort or service provider interac- tion.” NIST definition of Cloud Computing
  • 5. 5 Cloud Service Models Abstraction Layers
  • 8. 8 Same Old Security Issues 1. Data Loss 2. Downtimes 3. Phishing 4. Password Cracking 5. Botnets and Other Malware
  • 9. 9 Data Loss "Regrettably, based on Microsoft/Danger's latest recovery assessment of their systems, we must now inform you that personal information stored on your device—such as contacts, calendar entries, to-do lists or photos—that is no longer on your Sidekick almost certainly has been lost as a result of a server failure at Microsoft/Danger.”
  • 11. 11 Phishing “hey! check out this funny blog about you”
  • 14. 14 Virtualization Security 1. Features 1. Isolation 2. Snapshots 2. Issues 1. State Restore 2. Hypervisor Security 3. Inner-VM Attacks 4. Scaling
  • 15. 15 Isolation • More than running 2 apps on same server • Less than running on 2 physical servers
  • 16. 16 Snapshots • VMs can record state • In event of security incident, revert VM back to an uncompromised state • Must be sure to patch VM to avoid recurrence of compromise
  • 17. 17 State Restore • VMs can be restored to an infected or vulnerable state using snapshots. • Patching becomes undone. • Worms persist at low level forever due to reappearance of infected and vulnerable VMs.
  • 18. 18 Hypervisor Security • Vulnerability consequences ▫ Guest code execution with privilege ▫ VM Escape (Host code execution) Vendor CVEs KVM 32 QEMU 23 VirtualBox 9 VMware 126 Xen 86
  • 19. 19 Inner-VM Attacks • Attack via shared clipboard • Use shared folder to alter other VM’s disk image
  • 20. 20 Scaling • Growth in physical machines limited by budget and setup time • Adding a VM is easy as copying a file, leading to explosive growth in VMs • Rapid scaling can exceed capacity of organization’s security systems
  • 21. 21 New Security Issues 1. No Security Perimeter 2. Larger Attack Surface 3. New Side Channels 4. Lack of Auditability 5. Data Security
  • 22. 22 No Security Perimeter • Little control over physical or network location of cloud instance VMs • Network access must be controlled on a host by host basis
  • 23. 23 Larger Attack Surface Cloud Provider Your Network
  • 24. 24 New Side Channels • You don’t know whose VMs are sharing the physical machine with you. ▫ Attackers can place their VMs on your machine. ▫ See “Hey, You, Get Off of My Cloud” paper for how. • Shared physical resources include ▫ CPU data cache: Bernstein 2005 ▫ CPU branch prediction: Onur Aciiçmez 2007 ▫ CPU instruction cache: Onur Aciiçmez 2007 • In single OS environment, people can extract crypto graphic keys with these attacks.
  • 25. 25 Lack of Auditability • Only cloud provider has access to full network tr affic, hypervisor logs, physical machine data. • Need mutual auditability ▫ Ability of cloud provider to audit potentially malici ous or infected client VMs. ▫ Ability of cloud customer to audit cloud provider e nvironment.
  • 26. 26 Data Security Symmetric Homomorphic SSL Encryption Encryption Confidentiality MAC Homomorphic SSL Integrity Encryption Redundancy Redundancy Redundancy Availability Storage Processing Transmission