A Seminar on
Securities In Cloud Computing
Presented by
Sanjib Kumar Raul
Mtech(ICT)
Roll-10IT61B09
IIT Kharagpur
Under the supervision of
Prof. Indranil Sengupta
HOD,Computer Science
Content
 What is Cloud Computing
 Cloud Architecture
 Cloud Structure
 Types of security in cloud computing
 Security concern
 Data Confidentiality in cloud computing.
 Problem in cloud computing.
 Conclusion
 References
What is Cloud Computing
 It is an Internet-based computing technology, where shared resources
such as software, platform, storage and information are provided to
customers on demand.
 Cloud Computing is a computing platform for sharing resources that
include infrastructures, software, applications, and business
processes.
 Cloud Computing is a virtual pool of computing resources.It provides
computing resources in the pool for users through internet.
Cloud Architecture
A Basic Cloud Network
Cont..
 Components of cloud computing
 Front end
The front end is the client’s network or computer, and the
applications used to access the cloud.
 Back end
The back end is the ‘cloud’ itself, which comprises of various
computers, servers and data storage devices.
Cloud structure and Types
The user can access any service which he/she wants for a specific task
and for a specific amount of time.
Types
 Public cloud: In public clouds, multiple
customers share the computing resources
provided by a single service provider.
 Private cloud: In the private cloud, computing
resources are used and controlled by a private
enterprise.
Cont..
 Hybrid cloud: A third type can be hybrid cloud
that is typical combination of public and private
cloud.
 Community cloud: Several organizations jointly
construct and share the same cloud infrastructure
as well as policies,requirements, values, and
concerns.
Models of Cloud Computing
 Model 1:Infrastructure as a service(Iaas)
 Model 2:Platform as a Service(PaaS)
Cont..
 Model 3:Software as a Service(SaaS)
 Model 4:Business Process as a Service(BaaS)
Types of Security in Cloud Computing
1-Data Security
It focuses on protecting the software and
hardware associated with the cloud.
2-Network Security
Protecting the network over which cloud is
running from various attacks – DOS, DDOS, IP
Spoofing.
Security Concern
There are multiple issues in a cloud computing.
 Loss of Control
The first issue associated with cloud computing is
the loss of control of an organisation’s data.
 Data retention
Another issue associated with cloud computing can be
seen with how old data is managed. Once data is used it is
generally stored indefinitely in the cloud.
Implementing and achieving security
 The company secure the data by establish an
information security policy (InSPy).
 Security through password protection
Data Confidentiality Protection
Confidentiality is defined as the assurance that
sensitive information is not disclosed to
unauthorized persons, processes, or Devices.
Users’ confidential data is disclosed to a service
provider if all of the following three conditions are
satisfied simultaneously
Cont..
1) the service provider knows where the users’
confidential data is located in the cloud
computing systems.
2) the service provider has privilege to access and
collect the users’ confidential data in cloud.
3) the service provider can understand the
meaning of the users’ data.
Problems With Current
Cloud Computing
Cloud computing system architecture
Cont..
The following are the major problems of current
cloud computing system:
A. Each service provider has its own software layer,
platform layer and infrastructure layer. When a user
uses a cloud application from a service provider, the
user is forced to use
the platform and infrastructure provided by the
same service provider, and hence the service
provider knows where the users’ data is located and
has full access privileges to the data.
Cont..
 B. The user is forced to use the interfaces only
provided by the service provider, and users’ data
has to be in a fixed format specified by the service
provider, and hence the service provider knows all
the information required understanding users’
data.
Therefore, we cannot prevent service providers
from satisfying all of the three Conditions
Cont..
Approach to Protect Confidentiality:
In our approach,we have the following seven
entities: Software Cloud,Infrastructure Cloud,
Software Service Broker, Infrastructure Service
Broker, Software Service Attestation Authority,
DataObfuscator and Data De-obfuscator
McCabe’s Cyclomatic Complexity Measures
Approach to protect confidentiality
Cont..
Our approach makes sure that any of these entities in
a cloud computing system does not satisfy the three
conditions simultaneously.
Software Cloud: A Software Cloud provides
software as a service upon users’ requests. Each
software cloud may contain multiple software
services, and each software service can be discovered
and accessed by users through Software Service
Broker.
.
Cont..
Infrastructure Cloud: An Infrastructure Cloud
provides virtualized system resources, such as CPU,
memory, and network resources. An authenticated
user can request a virtual machine on which the
user can deploy any platform or operating system
to execute a software service instance.
Software Service Broker:It provides identity
anonymization service, by which users can use
pseudonyms instead of their true identities so that
the users can acquire service instances
without revealing their identities.
Infrastructure Service Broker:It helps users
automatically discover and useavailable infrastructure
services. It also provides identity anonymization
service to prevent the system from revealing users’
true identities.
The Software Service Attestation Authority
(SSAA):The SSAA is a third party authority to verify
that a service instance does not perform any malicious
activity that may disclose users’ confidential data
Cont..
A Data Obfuscator: A Data Obfuscator is a
middleware provided by a user that can be
deployed on a virtual machine in an infrastructure
Cloud. The Data Obfuscator provides an operating
system environment for software service instance
to be run in an Infrastructure Cloud.
A Data De-obfuscator: It de-obfuscates
obfuscated data so that a user can see the plain
data. A Data De-obfuscator remains in the user’s
personal computer all the time.
Summary.
S1) a) A user requests a Software Service Broker to find
a software service by providing the specification of the
software service. b) The Software Service Broker
performs automatic service discovery to find a service
instance in the Software Cloud that satisfies the user’s
requested service requirement specification. c) The
Software Service Broker acquires the discovered
software instance using an anonymous credential.
S2) a) The Software Service Broker deploys the acquired
service instance to the testing platform of a
Cont..
SSAA. The SSAA verifies whether the service instance
performs according to the service description, and the
service instance does not transmit users’ data to any
unauthorized entity. b) After the verification procedure
the software service instance is sent back to the
Software Service Broker.
S3) a) The user asks the Infrastructure Service Broker
to find an infrastructure service compatible to the
service instance. b) The Infrastructure Service Broker
discovers an infrastructure service provider, who has
the capability to execute the acquired software
service instance.
Cont..
S4) The user requests the infrastructure service provider
to set up a virtual machine and then deploys the Data
Obfuscator on the virtual machine using the Agent
Deployment Plans (ADPs), for automated middleware
deployment and migration in service based systems .
S5) a) The service instance acquired in S1) is sent to
Infrastructure Service Broker. b) The service instance is
deployed on the workflow of the Data Obfuscator set up
in S4).
S6) a) The user sends his/her data to the workflow to
process.
An Illustrative Example
An example of online video conferencing to
illustrate our approach
Cont..
S1) a) The leader of the group requests a Software Service Broker
to find the Voice Communication Service, Video Communication
Service, File Sharing Service and Instant Messaging Service. b)
The Software Service Broker discovers the services. c) The
Software Service Broker downloads the service instances of the
five software services.
S2) a) The Software Service Broker deploys the service instances
to the testing platform of a SSAA. b) The SSAA verifies the
software service instances.
S3) a) The leader of the group requests an Infrastructure Service
Broker to find an infrastructure service compatible to the service
instances. b) The Infrastructure Service Broker discovers an
infrastructure service.
Cont..
S4) A virtual machine is set up in the infrastructure cloud. The
leader of the group deploys the Data Obfuscator on the virtual
Machine.
S5) a) The service instances are sent to the Infrastructure Service
Broker. b) The service instances are deployed on the Data
Obfuscator. The five service instances are composed to a
workflow. The workflow provides all the functionalities for
online conferencing.
S6) a) The users of the group send their input data to the
workflow to process. During the processing of the users’ input
data, the input data is obfuscated. After completing the processing,
a service response of the workflow is sent to all the users of the
group that the processing of their input data has been completed.
Conclusions
 Here an approach to protecting users’ confidential data in
cloud computing. Our approach is based on three features:
(1) separation of software service providers and
infrastructure service providers, (2) hiding information
about the owner of data and (3) data obfuscation.
References
 [1] Stephen S. Yau and Ho G, ”Protection of users’ data
confidentiality”from ACM digital library.
[2] J. Heiser and M. Nicolett, “Assessing the security risks of
cloud computing,”from ACM digital library.
[3] La’Quata Sumter,” Cloud Computing: Security Risk” from ACM digital
library.
[4] Gary Anthes,”Security in the Cloud” november 2010 | vol. 53 | no. 11 |
communications of the acm 11.
[5] S N Dhage, B B Meshram,” Cloud Computing Environment”
International Conference and Workshop on Emerging Trends in
Technology (ICWET 2011) – TCET, Mumbai, India.
Thank you
Any Query
?