SlideShare a Scribd company logo

O C T O B E R 2 0 1 4 V O L . 5 7 N O . 1 0 .docx

Download as DOCX, PDF
D
dunhamadell

O C T O B E R 2 0 1 4 | V O L . 5 7 | N O . 1 0 | C O M M U N I C AT I O N S O F T H E A C M 25 V viewpoints I M A G E B Y P O T A P O V A L E X A N D E R Inside Risks Risks and Myths of Cloud Computing and Cloud Storage Considering existing and new types of risks inherent in cloud services. insider misuse may create additional risks. All these risks are relevant to many different types of applications. As one example, from users’ perspectives, hav- ing unencrypted email maintained by a cloud provider may be particularly risky. The basic concept of cloud comput- ing and cloud storage has a lineage spanning two generations, with sig- nificant experience in designing and administering these systems. Time- C L O U D C O M P U T I N G A N D stor- age are often seen as gen- eral blessings, if not finan- cial salvations. There are good reasons behind this claim. Cloud services are indeed usu- ally much cheaper than their dedi- cated counterparts. Administration and management oversight are sim- pler under a single, central authority. Small businesses and startups have taken advantage, using low-cost cloud services during their first few years. Cloud platforms are critical avenues to getting started for many companies, giving them access to many customers at low cost. Many business leaders see the cloud as an engine for small busi- nesses and job creation. Cloud storage services are also a boon for individual users, most of whom do not back up their comput- ers and mobile devices regularly or at all. Cheap, automatic backup to cloud storage protects their valuable data from loss. Despite all these bounties, cloud ser- vices also present new kinds of risks, which are considered here. Prospective cloud users should evaluate these risks before making their decisions about how to use clouds. The main issue is that expectations of trustworthiness may be unrealistic. Confidentiality, system in- tegrity, data integrity, reliability, robust- ness, resilience may be questionable. Protection against surveillance, and denials of service are essential, as are perpetual access and long-term com- patibility of stored data. The integrity, accountability, and trustworthiness of potentially untrustworthy third parties and even unknown nth parties must also be considered. Those parties may have business models that are radically incompatible with user needs; further- more, they might go out of business— with users holding the bag. Moreover, DOI:10.1145/2661049 Peter G. Neumann http://dx.doi.org/10.1145/2661049 26 C O M M U N I C AT I O N S O F T H E A C M | O C T O B E R 2 0 1 4 | V O L . 5 7 | N O . 1 0 viewpoints compromises can be found in the ACM Risks Forum: http://www.risks.org.) ˲ Dropbox’s sharing services were hacked, resulting from a security hole in its link-sharing scheme. The ex- ploits were also disseminated by the perpetrator.

1 of 15
O C T O B E R 2 0 1 4 | V O L . 5 7 | N O . 1 0 | C O M M U N I C AT I O N S O F T H E A C M 25 V viewpoints I M A G E B Y P O T A P O V A L E X
A N D E R Inside Risks Risks and Myths of Cloud Computing and Cloud Storage Considering existing and new types of risks inherent in cloud services. insider misuse may create additional risks. All these risks are relevant to many different types of applications. As one example, from users’ perspectives, hav- ing unencrypted email maintained by a cloud provider may be particularly risky. The basic concept of cloud comput- ing and cloud storage has a lineage spanning two generations, with sig- nificant experience in designing and administering these systems. Time- C L O U D C O M P U T I N G A N D stor- age are often seen as gen- eral blessings, if not finan- cial salvations. There are good reasons behind this
claim. Cloud services are indeed usu- ally much cheaper than their dedi- cated counterparts. Administration and management oversight are sim- pler under a single, central authority. Small businesses and startups have taken advantage, using low-cost cloud services during their first few years. Cloud platforms are critical avenues to getting started for many companies, giving them access to many customers at low cost. Many business leaders see the cloud as an engine for small busi- nesses and job creation. Cloud storage services are also a boon for individual users, most of whom do not back up their comput- ers and mobile devices regularly or at all. Cheap, automatic backup to cloud storage protects their valuable data from loss. Despite all these bounties, cloud ser- vices also present new kinds of risks, which are considered here. Prospective cloud users should evaluate these risks before making their decisions about how to use clouds. The main issue is that expectations of trustworthiness may be unrealistic. Confidentiality, system in- tegrity, data integrity, reliability, robust- ness, resilience may be questionable. Protection against surveillance, and
denials of service are essential, as are perpetual access and long-term com- patibility of stored data. The integrity, accountability, and trustworthiness of potentially untrustworthy third parties and even unknown nth parties must also be considered. Those parties may have business models that are radically incompatible with user needs; further- more, they might go out of business— with users holding the bag. Moreover, DOI:10.1145/2661049 Peter G. Neumann http://dx.doi.org/10.1145/2661049 26 C O M M U N I C AT I O N S O F T H E A C M | O C T O B E R 2 0 1 4 | V O L . 5 7 | N O . 1 0 viewpoints compromises can be found in the ACM Risks Forum: http://www.risks.org.) ˲ Dropbox’s sharing services were hacked, resulting from a security hole in its link-sharing scheme. The ex- ploits were also disseminated by the perpetrators. ˲ No-IP had 22 of its most frequently used domains taken down by Micro- soft, under a seemingly overreaching federal court order.
˲ Amazon Web services have gone down (briefly) several times. Code Spaces (a valued source-code reposi- tory built using Amazon’s AWS facili- ties) was effectively destroyed by an at- tacker demanding ransom. ˲ Cisco Systems had a private crypto key embedded in their VoIP manager that allowed unauthorized control of sensitive messaging gear. ˲ Cryptolocker and other ransom- ware programs have forcibly encrypted stored information, and demanded payment to decrypt it (although in some cases have never done so even after receiving the ransom!). Although most of these attacks have been on in- dividual users, the opportunity for at- tacks on remote storage repositories is clearly a risk. (Recently, an antidote website has reportedly been created.) ˲ TrueCrypt (full disk encryption) was discontinued as source-available software by its pseudonymous authors, “as it may contain unfixed security is- sues.” (Uncertainty remains as to the severity and impact of those possible issues, and how they found their way into the codebase.) ˲ Similar things happened to Lavabit, which provided privacy and security fea- tures in email services to over 400,000
customers, but was then withdrawn after prolonged legal harassment that attempted to coerce the installation of surveillance equipment. ˲ Megaupload.com was taken down by authorities, blocking both illicit and legitimate users. ˲ Nirvanix went belly-up financially, giving its users two weeks to exit. ˲ Various talks at Black Hat and DEF CON in August were rather disenchant- ing. In short, essentially every device seems to be compromisable, often with a fixed master password embed- ded in the system, but with many more subtle vulnerabilities as well. This is old news to Inside Risks readers, but sharing systems with common com- puting resources and possibilities for collaborative data access have been around since the 1960s (CTSS, Mul- tics, Tymshare), with varying types of sharing. Since the 1980s, Project Athena at MIT has employed the Sun Network File System, and later the Andrew File System, to provide three services that would be identified with today’s cloud services: remote stor- age of application programs, remote storage of personal files, and remote backup of personal files. However, time-sharing and Athena’s three ser-
vices have been under single opera- tional administration, thus minimiz- ing the number of entities that users must trust (while at the same time providing a single point of failure). We know from experience how to off- set some of the risks when cloud ser- vices are the responsibility of a single administration. With respect to both local and remote servers, some of the risks can be reduced. For example, private systems and intranetworks under local control or more likely the control your own employers (with re- spect to hardware, software, certificate authorities, and pooled system and network administration) are likely to have greater trustworthiness. What is new—and the source of new risks—is the scale and distributivity of some of the clouds. They are large dis- tributed systems with few centralized controls. Clouds that provide access to vast amounts of information (such as Google and Amazon) are extremely valuable resources. However, other clouds that store your own data (along with everyone else’s) can present seri- ous problems relating to trusting po- tentially untrustworthy entities. Giving the “cloud” name to the old concept of large, shared, distributed systems is misleading. It creates a new buzzword, and hides the problems of
risks that designers and admins have otherwise grappled with for years. Some of the cloud providers have ig- nored many of the old risks and are evi- dently largely oblivious to newer risks as well. Clearly, cloud computing is sim- ply remote computing, which was one of the primary reasons for the creation of the ARPANET—to allow people in one coastal time zone to benefit from un- used resources in other time zones at certain hours of the day. This has clear- ly been an even greater benefit in the Internet, with its worldwide coverage. Similarly, cloud storage is simply remote storage, which in early days became common as off-site backup for obvious reasons of fault tolerance, emergency preparedness, and other reasons. One risk in identifying remote stor- age for offsite backup as “cloud stor- age” is that this term masks the exis- tence of in-house alternatives, such as the common practice of periodically re- cording file-system snapshots on small detachable media, and keeping them in a safe place. This can be particularly important after nasty penetration at- tacks that may have compromised a system with the insertion of malware, sniffers, and so on. Furthermore, re- mote archiving—especially if widely distributed among different reposito- ries—leaves users unsure of whether
their information is still retrievable in its original form (unless they have actu- ally retrieved it). Ron Rivest has been quoted as say- ing, “Cloud computing sounds so sweet and wonderful and safe … we should just be aware of the terminology; if we [are] calling it swamp computing. I think you might have the right mind-set.”2 To paraphrase a quote often attrib- uted to Roger Needham, Butler Lamp- son, or Jim Morris, if you think cloud computing and cloud storage are the answer to your problems, you do not un- derstand those would-be solutions, and you do not understand your problems. A few examples of relevant recent risky exploits are worth noting here. (Further background on the first nine items and other examples of cloud Some of the cloud providers have ignored many of the old risks and are evidently largely oblivious to newer risks as well. O C T O B E R 2 0 1 4 | V O L . 5 7 | N O . 1 0 | C O M M U N I C AT I O N S O F T H E A C M 27
viewpoints and also provide a means for sharing the information through out-of-band shared cryptographic keys. However, they remain vulnerable to other com- promises such as accidental or mali- cious deletion, lapse of contracts with remote providers, loss of cryptographic keys, unavailability of servers, invasive usage monitoring, and so on. As is true in general, key management becomes a fundamental risk in itself. Further- more, convenient schemes for recovery of lost keys (for example, backdoors) are always vulnerable to misuse—as are any backdoors that can be misused by insiders or external attacks. Virgil Gligor1 has considered some of the risks inherent in virtualization in a context very similar to what is exam- ined in this column. Virtualization has certain aspects that are common to the abstractions provided by remote execu- tion and remote access, in the sense that there are well-defined interfaces for dealing with both cases—whether they are virtually remote or physically remote. There are also questions of the trustworthiness of the underlying mechanisms for enforcing the virtu- alization abstractions—for example, encapsulating, avoiding, or otherwise masking lower-layer vulnerabilities.
Gligor’s article implicitly addresses some of the topics noted here, and de- serves a careful reading for those read- ers who would like further background than that included here. I emphasize that clouds can of- fer real and significant benefits. They also bring many risks, which can be masked by the simplicity of the cloud abstraction. You should weigh these risks when designing, selecting, and configuring your cloud services. References 1. Gligor, V. Security limitations of virtualization and how to overcome them. Security Protocols Workshop, SPW 2010, Cambridge, U.K., 2010. 2. McMillan, R. Cloud computing a security nightmare, says Cisco CEO. Computerworld; http://www. computerworld.com/s/article/9131998/Cloud_ computing_a_security_nightmare_says_Cisco_CEO. Peter G. Neumann ([email protected]) is Senior Principal Scientist in the Computer Science Lab at SRI International, and moderator of the ACM Risks Forum. The author is enormously grateful to the members of the ACM Committee on Computers and Public Policy for their continued wisdom and counsel in acting as an advisory group for risks-related activities. This column gained significantly from their feedback. Copyright held by author.
could be shocking to everyone else. Among old risks that are still per- vasive, even in-house use of local stor- age can result in hardware outages and database software failures. Redundant copies might actually all wind up in a single vulnerable cloud repository. Furthermore, older data formats may no longer be supported. Local storage still requires attention to backup that can be successfully retrieved—in some cases many years later. Furthermore, if the original information is encrypted, the ability to manage and recover old keys becomes critical. Recently, increasingly efficient cryp- tographic schemes are emerging in re- search communities for proof of data possession and proof of data retriev- ability. Unfortunately, simple and in- expensive techniques along these lines have not yet found their way from theory to practice. Perhaps more useful are the efforts cloud providers make to ensure their own data storage is recoverable. It may well be that, on average, cloud providers’ systems are better adminis- tered than the information technology groups of many organizations and agen- cies. At least, cloud users certainly hope so! Nevertheless, various risks remain. Another old problem that has been
exacerbated involves the ability to de- lete information ubiquitously. The existence of pervasive copies and dif- ferent versions has clearly exploded as a result of copies that have been repli- cated for resilience. Internet mirrors have proliferated far beyond anyone’s ability to keep track of unsearchable versions. With storage in some unac- countable remote repository, pervasive deletion will always seem to be ques- tionable. Besides, approaches that may succeed in pervasive deletion may also be victimized by accidental or mali- cious deletion. In this case, some sort of time machine would be desirable. Many socially relevant risks also need to be considered, such as differ- ent versions of unauthentic data; the presence of misinformation in not quite identical searchable versions of what purports to be the same informa- tion; and situations in which people or organizations desire that certain infor- mation disappear completely. Of course, international laws and regulations also present numerous problems—first by their imprecision or overextension, and second by the uncertainty surrounding the origins and destinations of data and other resource requests. For example, if a nation insists that all information be-
longing to its citizens must be stored within systems under its own legal jurisdiction, how can that be assured when it is so easy to subvert, and when ownership is itself murky? In addition, we must be cognizant of the risks of ubiquitous surveillance in unaccount- able and in some cases unknown re- mote resources. As noted in many past Inside Risks columns (this is the 234th in the series), almost every computer or human en- tity is potentially untrustworthy, with respect to accidents, intentional mis- use, and attacks. As an example that remains problematic, the outsourcing of elections with regard to dependence on proprietary systems and software, computing resources, registration da- tabases, networks (whether open or pri- vate), and—above all—dependence on potentially untrustworthy people, aptly illustrates the end-to-end nature of the risks from the very beginning of the election cycle to the disputes that result from sources of error, fraud, and confu- sion—with concomitant fear, uncertain- ty, and doubt. Insider misuse is serious in all shared resources, but particularly in elections (numerous cases have been noted in the Risks Forum and else- where). In this example, outsourcing to unaccountable entities is problematic. Despite the risks discussed here,
there are some hopes for constructive alternatives. Research communities have various approaches to pieces of this puzzle, but rarely to systems as a whole. As a result, many of the previ- ous columns in this series are relevant to the use or misuse of remote resourc- es—even if they focused on problems that were previously considered as lo- cal. For example, cryptography that is managed solely by end users for infor- mation stored remotely in encrypted forms is often touted as a solution to the problem of having to trust an un- trustworthy remote storage provider. Homomorphic cryptography has the potential to allow computations on en- crypted information, without the need for that information to be decrypted. These approaches can improve the confidentiality of the information,

Recommended

Iirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environmentIirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environment
Iaetsd Iaetsd
 
Cloud security Deep Dive 2011
Cloud security Deep Dive 2011Cloud security Deep Dive 2011
Cloud security Deep Dive 2011
Kim Jensen
 
Outsourcing control
Outsourcing controlOutsourcing control
Outsourcing control
Shahbaz Sidhu
 
Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011
Kim Jensen
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Arunvignesh Venkatesh
 
Proposed Model for Enhancing Data Storage Security in Cloud Computing Systems
Proposed Model for Enhancing Data Storage Security in Cloud Computing SystemsProposed Model for Enhancing Data Storage Security in Cloud Computing Systems
Proposed Model for Enhancing Data Storage Security in Cloud Computing Systems
Hossam Al-Ansary
 
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
cscpconf
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...
csandit
 

Recommended

Iirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environmentIirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environment
Iaetsd Iaetsd
 
Cloud security Deep Dive 2011
Cloud security Deep Dive 2011Cloud security Deep Dive 2011
Cloud security Deep Dive 2011
Kim Jensen
 
Outsourcing control
Outsourcing controlOutsourcing control
Outsourcing control
Shahbaz Sidhu
 
Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011
Kim Jensen
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Arunvignesh Venkatesh
 
Proposed Model for Enhancing Data Storage Security in Cloud Computing Systems
Proposed Model for Enhancing Data Storage Security in Cloud Computing SystemsProposed Model for Enhancing Data Storage Security in Cloud Computing Systems
Proposed Model for Enhancing Data Storage Security in Cloud Computing Systems
Hossam Al-Ansary
 
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
cscpconf
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...
csandit
 
Cloud computing seminar report
Cloud computing seminar reportCloud computing seminar report
Cloud computing seminar report
shafzonly
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishek
Er. rahul abhishek
 
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
Lillian Ekwosi-Egbulem
 
B018211016
B018211016B018211016
B018211016
IOSR Journals
 
Project 3
Project 3Project 3
Project 3
Priyanka Goswami
 
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
IJNSA Journal
 
Science international journal
Science international journalScience international journal
Science international journal
Sarita30844
 
fog computing provide security to the data in cloud
fog computing provide security to the data in cloudfog computing provide security to the data in cloud
fog computing provide security to the data in cloud
priyanka reddy
 
Fog doc
Fog doc Fog doc
Fog doc
priyanka reddy
 
A Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud ComputingA Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud Computing
IRJET Journal
 
wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125
Gabor Bokor
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishek
Er. rahul abhishek
 
Solutions of cloud computing security issues
Solutions of cloud computing security issuesSolutions of cloud computing security issues
Solutions of cloud computing security issues
Jahangeer Qadiree
 
Fog computing document
Fog computing documentFog computing document
Fog computing document
sravya raju
 
Cloudsecurity
CloudsecurityCloudsecurity
Cloudsecurity
drewz lin
 
Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...
Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...
Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...
Editor IJMTER
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURE
acijjournal
 
SECURE DATA TRANSFER BASED ON CLOUD COMPUTING
SECURE DATA TRANSFER BASED ON CLOUD COMPUTINGSECURE DATA TRANSFER BASED ON CLOUD COMPUTING
SECURE DATA TRANSFER BASED ON CLOUD COMPUTING
IRJET Journal
 
Cloud computing final format(1)
Cloud computing final format(1)Cloud computing final format(1)
Cloud computing final format(1)
ahmed elmeghiny
 
Cloud computing
Cloud computingCloud computing
Cloud computing
Kshitij Mittal
 
One of the most important ways we can strengthen our relationships w.docx
One of the most important ways we can strengthen our relationships w.docxOne of the most important ways we can strengthen our relationships w.docx
One of the most important ways we can strengthen our relationships w.docx
dunhamadell
 
One of the five elements of emotional intelligence is self-awareness.docx
One of the five elements of emotional intelligence is self-awareness.docxOne of the five elements of emotional intelligence is self-awareness.docx
One of the five elements of emotional intelligence is self-awareness.docx
dunhamadell
 

More Related Content

Similar to O C T O B E R 2 0 1 4 V O L . 5 7 N O . 1 0 .docx

Cloud computing seminar report
Cloud computing seminar reportCloud computing seminar report
Cloud computing seminar report
shafzonly
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishek
Er. rahul abhishek
 
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
Lillian Ekwosi-Egbulem
 
B018211016
B018211016B018211016
B018211016
IOSR Journals
 
Project 3
Project 3Project 3
Project 3
Priyanka Goswami
 
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
IJNSA Journal
 
Science international journal
Science international journalScience international journal
Science international journal
Sarita30844
 
fog computing provide security to the data in cloud
fog computing provide security to the data in cloudfog computing provide security to the data in cloud
fog computing provide security to the data in cloud
priyanka reddy
 
Fog doc
Fog doc Fog doc
Fog doc
priyanka reddy
 
A Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud ComputingA Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud Computing
IRJET Journal
 
wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125
Gabor Bokor
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishek
Er. rahul abhishek
 
Solutions of cloud computing security issues
Solutions of cloud computing security issuesSolutions of cloud computing security issues
Solutions of cloud computing security issues
Jahangeer Qadiree
 
Fog computing document
Fog computing documentFog computing document
Fog computing document
sravya raju
 
Cloudsecurity
CloudsecurityCloudsecurity
Cloudsecurity
drewz lin
 
Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...
Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...
Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...
Editor IJMTER
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURE
acijjournal
 
SECURE DATA TRANSFER BASED ON CLOUD COMPUTING
SECURE DATA TRANSFER BASED ON CLOUD COMPUTINGSECURE DATA TRANSFER BASED ON CLOUD COMPUTING
SECURE DATA TRANSFER BASED ON CLOUD COMPUTING
IRJET Journal
 
Cloud computing final format(1)
Cloud computing final format(1)Cloud computing final format(1)
Cloud computing final format(1)
ahmed elmeghiny
 
Cloud computing
Cloud computingCloud computing
Cloud computing
Kshitij Mittal
 

Similar to O C T O B E R 2 0 1 4 V O L . 5 7 N O . 1 0 .docx (20)

Cloud computing seminar report
Cloud computing seminar reportCloud computing seminar report
Cloud computing seminar report
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishek
 
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
 
B018211016
B018211016B018211016
B018211016
 
Project 3
Project 3Project 3
Project 3
 
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...
 
Science international journal
Science international journalScience international journal
Science international journal
 
fog computing provide security to the data in cloud
fog computing provide security to the data in cloudfog computing provide security to the data in cloud
fog computing provide security to the data in cloud
 
Fog doc
Fog doc Fog doc
Fog doc
 
A Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud ComputingA Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud Computing
 
wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishek
 
Solutions of cloud computing security issues
Solutions of cloud computing security issuesSolutions of cloud computing security issues
Solutions of cloud computing security issues
 
Fog computing document
Fog computing documentFog computing document
Fog computing document
 
Cloudsecurity
CloudsecurityCloudsecurity
Cloudsecurity
 
Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...
Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...
Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURE
 
SECURE DATA TRANSFER BASED ON CLOUD COMPUTING
SECURE DATA TRANSFER BASED ON CLOUD COMPUTINGSECURE DATA TRANSFER BASED ON CLOUD COMPUTING
SECURE DATA TRANSFER BASED ON CLOUD COMPUTING
 
Cloud computing final format(1)
Cloud computing final format(1)Cloud computing final format(1)
Cloud computing final format(1)
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 

More from dunhamadell

One of the most important ways we can strengthen our relationships w.docx
One of the most important ways we can strengthen our relationships w.docxOne of the most important ways we can strengthen our relationships w.docx
One of the most important ways we can strengthen our relationships w.docx
dunhamadell
 
One of the five elements of emotional intelligence is self-awareness.docx
One of the five elements of emotional intelligence is self-awareness.docxOne of the five elements of emotional intelligence is self-awareness.docx
One of the five elements of emotional intelligence is self-awareness.docx
dunhamadell
 
One of the challenges facing the Public Information Officer (PIO.docx
One of the challenges facing the Public Information Officer (PIO.docxOne of the challenges facing the Public Information Officer (PIO.docx
One of the challenges facing the Public Information Officer (PIO.docx
dunhamadell
 
One popular measure of human capital today is employee engagement, w.docx
One popular measure of human capital today is employee engagement, w.docxOne popular measure of human capital today is employee engagement, w.docx
One popular measure of human capital today is employee engagement, w.docx
dunhamadell
 
one paragraph with intext citation and reference follow up discussio.docx
one paragraph with intext citation and reference follow up discussio.docxone paragraph with intext citation and reference follow up discussio.docx
one paragraph with intext citation and reference follow up discussio.docx
dunhamadell
 
One page please!!1. Using conflict perspective, discuss the ca.docx
One page please!!1. Using conflict perspective, discuss the ca.docxOne page please!!1. Using conflict perspective, discuss the ca.docx
One page please!!1. Using conflict perspective, discuss the ca.docx
dunhamadell
 
One page per question What is a political party How do the tw.docx
One page per question What is a political party How do the tw.docxOne page per question What is a political party How do the tw.docx
One page per question What is a political party How do the tw.docx
dunhamadell
 
One of the biggest challenges in serial killer investigation has.docx
One of the biggest challenges in serial killer investigation has.docxOne of the biggest challenges in serial killer investigation has.docx
One of the biggest challenges in serial killer investigation has.docx
dunhamadell
 
One of the main jobs of historians is to interpret the past by revie.docx
One of the main jobs of historians is to interpret the past by revie.docxOne of the main jobs of historians is to interpret the past by revie.docx
One of the main jobs of historians is to interpret the past by revie.docx
dunhamadell
 
One of the responsibilities of the medical administrator is hand.docx
One of the responsibilities of the medical administrator is hand.docxOne of the responsibilities of the medical administrator is hand.docx
One of the responsibilities of the medical administrator is hand.docx
dunhamadell
 
One of the examples I chose for my readings was, For Coloured .docx
One of the examples I chose for my readings was, For Coloured .docxOne of the examples I chose for my readings was, For Coloured .docx
One of the examples I chose for my readings was, For Coloured .docx
dunhamadell
 
One of the many reasons social workers conduct  needs assessment.docx
One of the many reasons social workers conduct  needs assessment.docxOne of the many reasons social workers conduct  needs assessment.docx
One of the many reasons social workers conduct  needs assessment.docx
dunhamadell
 
one 2-3 page essay (typed and double-spaced). Your essay should have.docx
one 2-3 page essay (typed and double-spaced). Your essay should have.docxone 2-3 page essay (typed and double-spaced). Your essay should have.docx
one 2-3 page essay (typed and double-spaced). Your essay should have.docx
dunhamadell
 
One complex issue that a public organization has to monitor on a.docx
One complex issue that a public organization has to monitor on a.docxOne complex issue that a public organization has to monitor on a.docx
One complex issue that a public organization has to monitor on a.docx
dunhamadell
 
One implication of diverse cultures is that elements of one cult.docx
One implication of diverse cultures is that elements of one cult.docxOne implication of diverse cultures is that elements of one cult.docx
One implication of diverse cultures is that elements of one cult.docx
dunhamadell
 
On the project topic of Phishing. Please complete the below tasks.docx
On the project topic of Phishing. Please complete the below tasks.docxOn the project topic of Phishing. Please complete the below tasks.docx
On the project topic of Phishing. Please complete the below tasks.docx
dunhamadell
 
On the tomcat drive in folder cosc210 you will find file named Paint.docx
On the tomcat drive in folder cosc210 you will find file named Paint.docxOn the tomcat drive in folder cosc210 you will find file named Paint.docx
On the tomcat drive in folder cosc210 you will find file named Paint.docx
dunhamadell
 
On November 3, 2020, Californias Privacy Rights Act is on the b.docx
On November 3, 2020, Californias Privacy Rights Act is on the b.docxOn November 3, 2020, Californias Privacy Rights Act is on the b.docx
On November 3, 2020, Californias Privacy Rights Act is on the b.docx
dunhamadell
 
On Human Capital (250 Words)The neoliberal understanding of h.docx
On Human Capital (250 Words)The neoliberal understanding of h.docxOn Human Capital (250 Words)The neoliberal understanding of h.docx
On Human Capital (250 Words)The neoliberal understanding of h.docx
dunhamadell
 
ompile the information you have gathered on your companies in weeks .docx
ompile the information you have gathered on your companies in weeks .docxompile the information you have gathered on your companies in weeks .docx
ompile the information you have gathered on your companies in weeks .docx
dunhamadell
 

More from dunhamadell (20)

One of the most important ways we can strengthen our relationships w.docx
One of the most important ways we can strengthen our relationships w.docxOne of the most important ways we can strengthen our relationships w.docx
One of the most important ways we can strengthen our relationships w.docx
 
One of the five elements of emotional intelligence is self-awareness.docx
One of the five elements of emotional intelligence is self-awareness.docxOne of the five elements of emotional intelligence is self-awareness.docx
One of the five elements of emotional intelligence is self-awareness.docx
 
One of the challenges facing the Public Information Officer (PIO.docx
One of the challenges facing the Public Information Officer (PIO.docxOne of the challenges facing the Public Information Officer (PIO.docx
One of the challenges facing the Public Information Officer (PIO.docx
 
One popular measure of human capital today is employee engagement, w.docx
One popular measure of human capital today is employee engagement, w.docxOne popular measure of human capital today is employee engagement, w.docx
One popular measure of human capital today is employee engagement, w.docx
 
one paragraph with intext citation and reference follow up discussio.docx
one paragraph with intext citation and reference follow up discussio.docxone paragraph with intext citation and reference follow up discussio.docx
one paragraph with intext citation and reference follow up discussio.docx
 
One page please!!1. Using conflict perspective, discuss the ca.docx
One page please!!1. Using conflict perspective, discuss the ca.docxOne page please!!1. Using conflict perspective, discuss the ca.docx
One page please!!1. Using conflict perspective, discuss the ca.docx
 
One page per question What is a political party How do the tw.docx
One page per question What is a political party How do the tw.docxOne page per question What is a political party How do the tw.docx
One page per question What is a political party How do the tw.docx
 
One of the biggest challenges in serial killer investigation has.docx
One of the biggest challenges in serial killer investigation has.docxOne of the biggest challenges in serial killer investigation has.docx
One of the biggest challenges in serial killer investigation has.docx
 
One of the main jobs of historians is to interpret the past by revie.docx
One of the main jobs of historians is to interpret the past by revie.docxOne of the main jobs of historians is to interpret the past by revie.docx
One of the main jobs of historians is to interpret the past by revie.docx
 
One of the responsibilities of the medical administrator is hand.docx
One of the responsibilities of the medical administrator is hand.docxOne of the responsibilities of the medical administrator is hand.docx
One of the responsibilities of the medical administrator is hand.docx
 
One of the examples I chose for my readings was, For Coloured .docx
One of the examples I chose for my readings was, For Coloured .docxOne of the examples I chose for my readings was, For Coloured .docx
One of the examples I chose for my readings was, For Coloured .docx
 
One of the many reasons social workers conduct  needs assessment.docx
One of the many reasons social workers conduct  needs assessment.docxOne of the many reasons social workers conduct  needs assessment.docx
One of the many reasons social workers conduct  needs assessment.docx
 
one 2-3 page essay (typed and double-spaced). Your essay should have.docx
one 2-3 page essay (typed and double-spaced). Your essay should have.docxone 2-3 page essay (typed and double-spaced). Your essay should have.docx
one 2-3 page essay (typed and double-spaced). Your essay should have.docx
 
One complex issue that a public organization has to monitor on a.docx
One complex issue that a public organization has to monitor on a.docxOne complex issue that a public organization has to monitor on a.docx
One complex issue that a public organization has to monitor on a.docx
 
One implication of diverse cultures is that elements of one cult.docx
One implication of diverse cultures is that elements of one cult.docxOne implication of diverse cultures is that elements of one cult.docx
One implication of diverse cultures is that elements of one cult.docx
 
On the project topic of Phishing. Please complete the below tasks.docx
On the project topic of Phishing. Please complete the below tasks.docxOn the project topic of Phishing. Please complete the below tasks.docx
On the project topic of Phishing. Please complete the below tasks.docx
 
On the tomcat drive in folder cosc210 you will find file named Paint.docx
On the tomcat drive in folder cosc210 you will find file named Paint.docxOn the tomcat drive in folder cosc210 you will find file named Paint.docx
On the tomcat drive in folder cosc210 you will find file named Paint.docx
 
On November 3, 2020, Californias Privacy Rights Act is on the b.docx
On November 3, 2020, Californias Privacy Rights Act is on the b.docxOn November 3, 2020, Californias Privacy Rights Act is on the b.docx
On November 3, 2020, Californias Privacy Rights Act is on the b.docx
 
On Human Capital (250 Words)The neoliberal understanding of h.docx
On Human Capital (250 Words)The neoliberal understanding of h.docxOn Human Capital (250 Words)The neoliberal understanding of h.docx
On Human Capital (250 Words)The neoliberal understanding of h.docx
 
ompile the information you have gathered on your companies in weeks .docx
ompile the information you have gathered on your companies in weeks .docxompile the information you have gathered on your companies in weeks .docx
ompile the information you have gathered on your companies in weeks .docx
 

Recently uploaded

ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
PECB
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
TechSoup
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
heathfieldcps1
 
How to Fix the Import Error in the Odoo 17
How to Fix the Import Error in the Odoo 17How to Fix the Import Error in the Odoo 17
How to Fix the Import Error in the Odoo 17
Celine George
 
Liberal Approach to the Study of Indian Politics.pdf
Liberal Approach to the Study of Indian Politics.pdfLiberal Approach to the Study of Indian Politics.pdf
Liberal Approach to the Study of Indian Politics.pdf
WaniBasim
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
David Douglas School District
 
A Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdfA Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdf
Jean Carlos Nunes Paixão
 
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdfANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
Priyankaranawat4
 
Smart-Money for SMC traders good time and ICT
Smart-Money for SMC traders good time and ICTSmart-Money for SMC traders good time and ICT
Smart-Money for SMC traders good time and ICT
simonomuemu
 
writing about opinions about Australia the movie
writing about opinions about Australia the moviewriting about opinions about Australia the movie
writing about opinions about Australia the movie
Nicholas Montgomery
 
Main Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docxMain Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docx
adhitya5119
 
Life upper-Intermediate B2 Workbook for student
Life upper-Intermediate B2 Workbook for studentLife upper-Intermediate B2 Workbook for student
Life upper-Intermediate B2 Workbook for student
NgcHiNguyn25
 
Hindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdfHindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdf
Dr. Mulla Adam Ali
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
Jean Carlos Nunes Paixão
 
How to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRMHow to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRM
Celine George
 
Digital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental DesignDigital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental Design
amberjdewit93
 
The basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptxThe basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptx
heathfieldcps1
 
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdfবাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
eBook.com.bd (প্রয়োজনীয় বাংলা বই)
 
The History of Stoke Newington Street Names
The History of Stoke Newington Street NamesThe History of Stoke Newington Street Names
The History of Stoke Newington Street Names
History of Stoke Newington
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
Peter Windle
 

Recently uploaded (20)

ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
 
How to Fix the Import Error in the Odoo 17
How to Fix the Import Error in the Odoo 17How to Fix the Import Error in the Odoo 17
How to Fix the Import Error in the Odoo 17
 
Liberal Approach to the Study of Indian Politics.pdf
Liberal Approach to the Study of Indian Politics.pdfLiberal Approach to the Study of Indian Politics.pdf
Liberal Approach to the Study of Indian Politics.pdf
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
 
A Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdfA Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdf
 
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdfANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
 
Smart-Money for SMC traders good time and ICT
Smart-Money for SMC traders good time and ICTSmart-Money for SMC traders good time and ICT
Smart-Money for SMC traders good time and ICT
 
writing about opinions about Australia the movie
writing about opinions about Australia the moviewriting about opinions about Australia the movie
writing about opinions about Australia the movie
 
Main Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docxMain Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docx
 
Life upper-Intermediate B2 Workbook for student
Life upper-Intermediate B2 Workbook for studentLife upper-Intermediate B2 Workbook for student
Life upper-Intermediate B2 Workbook for student
 
Hindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdfHindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdf
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
 
How to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRMHow to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRM
 
Digital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental DesignDigital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental Design
 
The basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptxThe basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptx
 
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdfবাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
 
The History of Stoke Newington Street Names
The History of Stoke Newington Street NamesThe History of Stoke Newington Street Names
The History of Stoke Newington Street Names
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
 

O C T O B E R 2 0 1 4 V O L . 5 7 N O . 1 0 .docx

  • 1. O C T O B E R 2 0 1 4 | V O L . 5 7 | N O . 1 0 | C O M M U N I C AT I O N S O F T H E A C M 25 V viewpoints I M A G E B Y P O T A P O V A L E X
  • 2. A N D E R Inside Risks Risks and Myths of Cloud Computing and Cloud Storage Considering existing and new types of risks inherent in cloud services. insider misuse may create additional risks. All these risks are relevant to many different types of applications. As one example, from users’ perspectives, hav- ing unencrypted email maintained by a cloud provider may be particularly risky. The basic concept of cloud comput- ing and cloud storage has a lineage spanning two generations, with sig- nificant experience in designing and administering these systems. Time- C L O U D C O M P U T I N G A N D stor- age are often seen as gen- eral blessings, if not finan- cial salvations. There are good reasons behind this
  • 3. claim. Cloud services are indeed usu- ally much cheaper than their dedi- cated counterparts. Administration and management oversight are sim- pler under a single, central authority. Small businesses and startups have taken advantage, using low-cost cloud services during their first few years. Cloud platforms are critical avenues to getting started for many companies, giving them access to many customers at low cost. Many business leaders see the cloud as an engine for small busi- nesses and job creation. Cloud storage services are also a boon for individual users, most of whom do not back up their comput- ers and mobile devices regularly or at all. Cheap, automatic backup to cloud storage protects their valuable data from loss. Despite all these bounties, cloud ser- vices also present new kinds of risks, which are considered here. Prospective cloud users should evaluate these risks before making their decisions about how to use clouds. The main issue is that expectations of trustworthiness may be unrealistic. Confidentiality, system in- tegrity, data integrity, reliability, robust- ness, resilience may be questionable. Protection against surveillance, and
  • 4. denials of service are essential, as are perpetual access and long-term com- patibility of stored data. The integrity, accountability, and trustworthiness of potentially untrustworthy third parties and even unknown nth parties must also be considered. Those parties may have business models that are radically incompatible with user needs; further- more, they might go out of business— with users holding the bag. Moreover, DOI:10.1145/2661049 Peter G. Neumann http://dx.doi.org/10.1145/2661049 26 C O M M U N I C AT I O N S O F T H E A C M | O C T O B E R 2 0 1 4 | V O L . 5 7 | N O . 1 0 viewpoints compromises can be found in the ACM Risks Forum: http://www.risks.org.) ˲ Dropbox’s sharing services were hacked, resulting from a security hole in its link-sharing scheme. The ex- ploits were also disseminated by the perpetrators. ˲ No-IP had 22 of its most frequently used domains taken down by Micro- soft, under a seemingly overreaching federal court order.
  • 5. ˲ Amazon Web services have gone down (briefly) several times. Code Spaces (a valued source-code reposi- tory built using Amazon’s AWS facili- ties) was effectively destroyed by an at- tacker demanding ransom. ˲ Cisco Systems had a private crypto key embedded in their VoIP manager that allowed unauthorized control of sensitive messaging gear. ˲ Cryptolocker and other ransom- ware programs have forcibly encrypted stored information, and demanded payment to decrypt it (although in some cases have never done so even after receiving the ransom!). Although most of these attacks have been on in- dividual users, the opportunity for at- tacks on remote storage repositories is clearly a risk. (Recently, an antidote website has reportedly been created.) ˲ TrueCrypt (full disk encryption) was discontinued as source-available software by its pseudonymous authors, “as it may contain unfixed security is- sues.” (Uncertainty remains as to the severity and impact of those possible issues, and how they found their way into the codebase.) ˲ Similar things happened to Lavabit, which provided privacy and security fea- tures in email services to over 400,000
  • 6. customers, but was then withdrawn after prolonged legal harassment that attempted to coerce the installation of surveillance equipment. ˲ Megaupload.com was taken down by authorities, blocking both illicit and legitimate users. ˲ Nirvanix went belly-up financially, giving its users two weeks to exit. ˲ Various talks at Black Hat and DEF CON in August were rather disenchant- ing. In short, essentially every device seems to be compromisable, often with a fixed master password embed- ded in the system, but with many more subtle vulnerabilities as well. This is old news to Inside Risks readers, but sharing systems with common com- puting resources and possibilities for collaborative data access have been around since the 1960s (CTSS, Mul- tics, Tymshare), with varying types of sharing. Since the 1980s, Project Athena at MIT has employed the Sun Network File System, and later the Andrew File System, to provide three services that would be identified with today’s cloud services: remote stor- age of application programs, remote storage of personal files, and remote backup of personal files. However, time-sharing and Athena’s three ser-
  • 7. vices have been under single opera- tional administration, thus minimiz- ing the number of entities that users must trust (while at the same time providing a single point of failure). We know from experience how to off- set some of the risks when cloud ser- vices are the responsibility of a single administration. With respect to both local and remote servers, some of the risks can be reduced. For example, private systems and intranetworks under local control or more likely the control your own employers (with re- spect to hardware, software, certificate authorities, and pooled system and network administration) are likely to have greater trustworthiness. What is new—and the source of new risks—is the scale and distributivity of some of the clouds. They are large dis- tributed systems with few centralized controls. Clouds that provide access to vast amounts of information (such as Google and Amazon) are extremely valuable resources. However, other clouds that store your own data (along with everyone else’s) can present seri- ous problems relating to trusting po- tentially untrustworthy entities. Giving the “cloud” name to the old concept of large, shared, distributed systems is misleading. It creates a new buzzword, and hides the problems of
  • 8. risks that designers and admins have otherwise grappled with for years. Some of the cloud providers have ig- nored many of the old risks and are evi- dently largely oblivious to newer risks as well. Clearly, cloud computing is sim- ply remote computing, which was one of the primary reasons for the creation of the ARPANET—to allow people in one coastal time zone to benefit from un- used resources in other time zones at certain hours of the day. This has clear- ly been an even greater benefit in the Internet, with its worldwide coverage. Similarly, cloud storage is simply remote storage, which in early days became common as off-site backup for obvious reasons of fault tolerance, emergency preparedness, and other reasons. One risk in identifying remote stor- age for offsite backup as “cloud stor- age” is that this term masks the exis- tence of in-house alternatives, such as the common practice of periodically re- cording file-system snapshots on small detachable media, and keeping them in a safe place. This can be particularly important after nasty penetration at- tacks that may have compromised a system with the insertion of malware, sniffers, and so on. Furthermore, re- mote archiving—especially if widely distributed among different reposito- ries—leaves users unsure of whether
  • 9. their information is still retrievable in its original form (unless they have actu- ally retrieved it). Ron Rivest has been quoted as say- ing, “Cloud computing sounds so sweet and wonderful and safe … we should just be aware of the terminology; if we [are] calling it swamp computing. I think you might have the right mind-set.”2 To paraphrase a quote often attrib- uted to Roger Needham, Butler Lamp- son, or Jim Morris, if you think cloud computing and cloud storage are the answer to your problems, you do not un- derstand those would-be solutions, and you do not understand your problems. A few examples of relevant recent risky exploits are worth noting here. (Further background on the first nine items and other examples of cloud Some of the cloud providers have ignored many of the old risks and are evidently largely oblivious to newer risks as well. O C T O B E R 2 0 1 4 | V O L . 5 7 | N O . 1 0 | C O M M U N I C AT I O N S O F T H E A C M 27
  • 10. viewpoints and also provide a means for sharing the information through out-of-band shared cryptographic keys. However, they remain vulnerable to other com- promises such as accidental or mali- cious deletion, lapse of contracts with remote providers, loss of cryptographic keys, unavailability of servers, invasive usage monitoring, and so on. As is true in general, key management becomes a fundamental risk in itself. Further- more, convenient schemes for recovery of lost keys (for example, backdoors) are always vulnerable to misuse—as are any backdoors that can be misused by insiders or external attacks. Virgil Gligor1 has considered some of the risks inherent in virtualization in a context very similar to what is exam- ined in this column. Virtualization has certain aspects that are common to the abstractions provided by remote execu- tion and remote access, in the sense that there are well-defined interfaces for dealing with both cases—whether they are virtually remote or physically remote. There are also questions of the trustworthiness of the underlying mechanisms for enforcing the virtu- alization abstractions—for example, encapsulating, avoiding, or otherwise masking lower-layer vulnerabilities.
  • 11. Gligor’s article implicitly addresses some of the topics noted here, and de- serves a careful reading for those read- ers who would like further background than that included here. I emphasize that clouds can of- fer real and significant benefits. They also bring many risks, which can be masked by the simplicity of the cloud abstraction. You should weigh these risks when designing, selecting, and configuring your cloud services. References 1. Gligor, V. Security limitations of virtualization and how to overcome them. Security Protocols Workshop, SPW 2010, Cambridge, U.K., 2010. 2. McMillan, R. Cloud computing a security nightmare, says Cisco CEO. Computerworld; http://www. computerworld.com/s/article/9131998/Cloud_ computing_a_security_nightmare_says_Cisco_CEO. Peter G. Neumann ([email protected]) is Senior Principal Scientist in the Computer Science Lab at SRI International, and moderator of the ACM Risks Forum. The author is enormously grateful to the members of the ACM Committee on Computers and Public Policy for their continued wisdom and counsel in acting as an advisory group for risks-related activities. This column gained significantly from their feedback. Copyright held by author.
  • 12. could be shocking to everyone else. Among old risks that are still per- vasive, even in-house use of local stor- age can result in hardware outages and database software failures. Redundant copies might actually all wind up in a single vulnerable cloud repository. Furthermore, older data formats may no longer be supported. Local storage still requires attention to backup that can be successfully retrieved—in some cases many years later. Furthermore, if the original information is encrypted, the ability to manage and recover old keys becomes critical. Recently, increasingly efficient cryp- tographic schemes are emerging in re- search communities for proof of data possession and proof of data retriev- ability. Unfortunately, simple and in- expensive techniques along these lines have not yet found their way from theory to practice. Perhaps more useful are the efforts cloud providers make to ensure their own data storage is recoverable. It may well be that, on average, cloud providers’ systems are better adminis- tered than the information technology groups of many organizations and agen- cies. At least, cloud users certainly hope so! Nevertheless, various risks remain. Another old problem that has been
  • 13. exacerbated involves the ability to de- lete information ubiquitously. The existence of pervasive copies and dif- ferent versions has clearly exploded as a result of copies that have been repli- cated for resilience. Internet mirrors have proliferated far beyond anyone’s ability to keep track of unsearchable versions. With storage in some unac- countable remote repository, pervasive deletion will always seem to be ques- tionable. Besides, approaches that may succeed in pervasive deletion may also be victimized by accidental or mali- cious deletion. In this case, some sort of time machine would be desirable. Many socially relevant risks also need to be considered, such as differ- ent versions of unauthentic data; the presence of misinformation in not quite identical searchable versions of what purports to be the same informa- tion; and situations in which people or organizations desire that certain infor- mation disappear completely. Of course, international laws and regulations also present numerous problems—first by their imprecision or overextension, and second by the uncertainty surrounding the origins and destinations of data and other resource requests. For example, if a nation insists that all information be-
  • 14. longing to its citizens must be stored within systems under its own legal jurisdiction, how can that be assured when it is so easy to subvert, and when ownership is itself murky? In addition, we must be cognizant of the risks of ubiquitous surveillance in unaccount- able and in some cases unknown re- mote resources. As noted in many past Inside Risks columns (this is the 234th in the series), almost every computer or human en- tity is potentially untrustworthy, with respect to accidents, intentional mis- use, and attacks. As an example that remains problematic, the outsourcing of elections with regard to dependence on proprietary systems and software, computing resources, registration da- tabases, networks (whether open or pri- vate), and—above all—dependence on potentially untrustworthy people, aptly illustrates the end-to-end nature of the risks from the very beginning of the election cycle to the disputes that result from sources of error, fraud, and confu- sion—with concomitant fear, uncertain- ty, and doubt. Insider misuse is serious in all shared resources, but particularly in elections (numerous cases have been noted in the Risks Forum and else- where). In this example, outsourcing to unaccountable entities is problematic. Despite the risks discussed here,
  • 15. there are some hopes for constructive alternatives. Research communities have various approaches to pieces of this puzzle, but rarely to systems as a whole. As a result, many of the previ- ous columns in this series are relevant to the use or misuse of remote resourc- es—even if they focused on problems that were previously considered as lo- cal. For example, cryptography that is managed solely by end users for infor- mation stored remotely in encrypted forms is often touted as a solution to the problem of having to trust an un- trustworthy remote storage provider. Homomorphic cryptography has the potential to allow computations on en- crypted information, without the need for that information to be decrypted. These approaches can improve the confidentiality of the information,