Uploaded by zayyad isa

Security Challenges in Cloud Computing (Seminar Slides by Zayyad Isa Sulaiman)

advertisement
Overview of Security Challenges in Cloud
Computing
Presented by
Zayyad Isa Sulaiman
Department of Computer Science
NICTM, Uromi
August, 2021
Introduction to Cloud Computing
• The National Institute of Standards and
Technology (NIST) defines cloud computing
as a model for enabling ubiquitous,
convenient, on-demand network access to
a shared pool of configurable computing
resources (e.g. networks, servers, storage,
applications and services) that can be
rapidly provisioned and released with
minimal management, effort or service
interaction.
• It could be web-based email systems like
google and yahoo, social networking sites
like twitter and Facebook, or on-demand
subscription services like Netflix and Hulu,
cloud storages like Dropbox or OneDrive, or
collaborative tools like google docs, or
online backup tools like jungle Disk and
Mozy.
Key Takeaways from the
presentation
1. General understanding of cloud
computing.
2. Cloud computing models.
3. Cloud computing features and
benefits.
4. Security threats in cloud computing.
5. Suggested solutions to threats.
Cloud Service Models
 Software as a Service (SaaS): In this model, software applications are provided to end
users (clients and customers) based on their requirements and needs. These are provided
through the web and can be accessed by clients from various devices through a web
browser. Companies such as Google, Zoho and Microsoft provide SaaS to users.
 Platform as a Service (PaaS): here, the cloud provider provides a platform for users and
clients to develop or customize their own software applications. This model provides tools
and libraries required by clients to develop, control and deploy their applications.
 Infrastructure as a Service (IaaS): here, resources including infrastructure of servers are
provided to clients and consumers to run and deploy their operating systems and
applications. With the use of virtualization technology, IaaS provides virtual machines that
allow clients to build computer network infrastructures. Amazon’s EC2 is a good example
of cloud computing that offers IaaS. It provides the user with the infrastructure that enables
him/her to deploy various OS on virtual computing environment and run different
applications.
Features and Benefits of Cloud Computing
 Broad Network Access and Ubiquity: users can access cloud services over the network
through their various devices. These devices could be laptops, mobile phones or PDAs –
regardless of the platform and location.
 Flexibility and Elasticity: Cloud computing’s ability to provide its clients with scalability
feature makes it possible for enterprises to rapidly scale up or down as the demand
change. This is made possible by the feature of scalability of infrastructure where very little
modification is needed on the infrastructure to allow scaling in or scaling out.
 Measured Service / pay-per-use: Resource usage is monitored and measured enabling
users to only pay for the services they subscribe to alone. This reduces the cost if cloud
computing usage, hence making it more attractive to individual users as well as
cooperate organizations and enterprises. Payments could be per minute, hourly, monthly
or by workload or per service.
Features and Benefits of Cloud Computing
 Reduced Cost: this is achieved by clients through the measured service, pay per usage,
and also the absence of the need and requirement to purchase in-house infrastructures.
 Self Service: with various services offered by the cloud computing infrastructures, users’
needs are met. On-demand self-service provides users with resources to meet their
demand regardless of type e.g. server time or storage.
 Increased Storage: in this age of big data and data mining, enterprise and organizational
needs for massive storage is taken care of. With large storage facilities and services
offered by cloud providers, storage of large quantity of data is no more a major concern.
These cloud providers also take responsibility of managing and maintaining such data and
infrastructures are well built to scale dynamically.
Challenges to Cloud Computing
 Data Security Threats: these are threats that directly or indirectly affect data’s integrity,
confidentiality and availability.
 Data Remanence Threat: (the residual physical representation of data that has been
deleted)
 Data Breach: due to multitenancy feature of cloud, It could be due to infrastructure
flaws or deliberate actions of a user or attacker.
 Data Loss: the intentional or unintentional deletion or corruption of data caused by
malicious user or employee. It could also be caused my malware attacks.
 Network Threats: attacking the vulnerability in the CSP’s network to commit further
malicious acts such as:
 Account or Service Hijacking: through phishing or fraud, this is an intentional
attempt to steal user credentials or login details in order to gain access to user
account and take control of user’s computing service and privileges.
 Denial of Service, DOS: As a form of attack that focuses on availability, DOS are
done to prevent legitimate users from accessing cloud network, storage, data and
other services.
Challenges to Cloud Computing
 Cloud Environment-Specific Threats: attacks and threats that arise primarily from the CSP
environment. Arguably the most dangerous of all the threats and it is on the rise. They are
as follows:
 Insecure Infrastructures and APIs: Application Programming Interface (API) is a set of
protocols and standards that define the communications between software
applications through the internet. They are a means of communication between cloud
services and within other local services. Inadequate security in these areas will make
cloud infrastructure to be vulnerable to attacks.
 Malicious Insider: A malicious insider is someone, employed by the CSP and has
privilege access to cloud resources such as network, applications, storage, etc, and
then misuses that privilege to commit questionable or illegal acts. Attack by malicious
insider could be intentional and unintentional.
Challenges to Cloud Computing
 Insufficient Due Diligence: this is most associated with the customers or individual
users of the cloud system. Due diligence in the parts of clients is them having the
intricate and proper understanding of the CSP environment. This is a form of
negligence in the part of the customer.
 Abuse of Cloud Services: this sort of attack and threat is perpetrated by users.
Users/customers with authorised access that tend to violate the terms of
agreement and contract to commit unethical and illegal activities and attacks
on cloud resources. Such attacks include brute force attacks to break passwords
or by launching trojans.
Defensive Measures Against Threats
 Data Remanence Threat: Encrypting the data initially before storage is a common one.
Overwriting is another technique. By targeting the particular part of the media and
overwriting the space with new data, that section can be blocked from recreation. Media
Destruction is a third and arguably the most certain and effective way to counter data
remanence.
 Data Breach Protection: : one of the many proposed techniques for this threat is to encrypt
data before storage on cloud and in the network by using robust and encryption
algorithm and key management. Another technique is by implementing proper isolation
among VMs to prevent information leakage. Additionally it is recommended that
encryption keys not be stored along with encrypted data.
 Data Loss prevention: Backing up data is the surest way to prevent data loss.
Defensive Measures Against Threats
 Account or Service Hijacking Prevention: The use of Intrusion Detection Systems (IDS) is
being practised to monitor network traffic. Identity and Access management should also
be implemented. This ensures that encrypted and more sophisticated passwords are used,
and at the same time making it more difficult to hijack. The use of multilevel authentication
is also used. Regular auditing of privileged activities and logins should be done and any
irregularity should be followed up and not be ignored.
 Denial of Service (DOS) Prevention: to avoid DOS attacks, it is important to identify and
implement all the basic security requirements of cloud network, applications, databases
and other service. This means better security and scalability of network. Use of IDS is also
recommended. Another proposed technique is hop count filtering that can be used to
filter spoofed IP packets, and helps in decreasing DOS attacks by 90 percent.
Defensive Measures Against Threats
 Insecure Interface and API protection: by securely designing APIs using the principles of
computing and double checking before deployment is critical. Regular updates and
changing API keys should be practised.
 Malicious Insider Protection: Vetting employees and contractors to avoid hiring potential
threat and also Legal contracts have to be drawn to make any defaulter liable if found
guilty. Limited access and privilege, and distribution of administrator power are some other
techniques. Use of machine learning and AI to monitor activities of employees are also
being practised my many companies today. Encryption can also be implemented in
storage, and public networks .
 Insufficient Due Diligence Protection: Customers and client need to ensure that they are
choosing the right and compatible cloud infrastructure and model that best suits their
organizations requirement and system. This allows them to understand the risks associated
with shifting data to cloud.
Defensive Measures Against Threats
 Abuse of Cloud Services Protection: it is important for CSPs to put measure in place to
restrict certain actions by certain users. This is possible by the implementation of
certain strict validation and registration procedures. Limiting activities and regular
monitoring is another way of protection against this threat. Machine learning for
proper monitoring can also be used on customers’ activities if flagged as suspicious
just as in protection of malicious insider threat.
Conclusion and Recommendations
 We’ve looked at the general overview of cloud computing, the basic features and a
number of security issues that threaten cloud computing.
 Important techniques to curb these threats have been presented in order for us to
understand and implement them when opting for cloud computing.
 Further investigation is needed in order to unearth more security threats not mentioned in
this work. At the same time more techniques are needed to counter these threats.
 The threat of the malicious insider is the most dangerous and hardest to detect due to
obvious reasons. This makes it an important research gap for future work.
 Finally, every user and provider of cloud services need to get better educated on the
basics of cloud computing security to ensure safety and security of data’s integrity,
confidentiality and availability.
Thank you.
Download