The Cloud Computing Paradigm
Hassan Takabi
LERSAIS @ SIS @ PITT
01-27-2011
Agenda
•
•
•
•
•
Understanding Cloud Computing
Cloud Computing Security
Secure Cloud Migration Paths
Foundational Elements of Cloud Computing
Cloud Computing Case Studies and Security Models
2
Understanding Cloud Computing
3
Origin of the term “Cloud Computing”
• “Comes from the early days of the Internet where we drew
the network as a cloud… we didn’t care where the
messages went… the cloud hid it from us” – Kevin Marks,
Google
• First cloud around networking (TCP/IP abstraction)
• Second cloud around documents (WWW data abstraction)
• The emerging cloud abstracts infrastructure complexities of
servers, applications, data, and heterogeneous platforms
– (“muck” as Amazon’s CEO Jeff Bezos calls it)
4
A Working Definition of Cloud Computing
• Cloud computing is a model for enabling convenient,
on-demand network access to a shared pool of
configurable computing resources (e.g., networks,
servers, storage, applications, and services) that can
be rapidly provisioned and released with minimal
management effort or service provider interaction.
• This cloud model promotes availability and is composed of
five essential characteristics, three service models, and four
deployment models.
5
Essential Cloud Characteristics
• On-demand self-service
– Get computing capabilities as needed
automatically
• Broad network access
– Services available over the net using
desktop, laptop, PDA, mobile phone
6
Essential Cloud Characteristics (Cont.)
• Resource pooling
– Location independence
– Provider resources pooled to server multiple clients
• Rapid elasticity
– Ability to quickly scale in/out service
• Measured service
– control, optimize services based on metering
7
Cloud Service Models
• Cloud Software as a Service (SaaS)
– Use provider’s applications over a network
– User doesn’t manage or control the network, servers, OS,
storage or applications
• Cloud Platform as a Service (PaaS)
– Users deploy their applications on a cloud
– Users control their apps
– Users don’t manage servers, IS, storage
8
Cloud Service Models (Cont.)
• Cloud Infrastructure as a Service (IaaS)
– Rent processing, storage, network capacity, and other
fundamental computing resources
– Consumers gets access to the infrastructure to
deploy their stuff
– Don’t manage or control the infrastructure
– Do manage or control the OS, storage, apps,
selected network components
• To be considered “cloud” they must be deployed on
top of cloud infrastructure that has the key
characteristics
9
Service Model Architectures
Cloud Infrastructure
Cloud Infrastructure
Cloud Infrastructure
IaaS
PaaS
PaaS
SaaS
SaaS
SaaS
Cloud Infrastructure
Cloud Infrastructure
IaaS
PaaS
Cloud Infrastructure
IaaS
PaaS
Software as a Service
(SaaS)
Architectures
Platform as a Service (PaaS)
Architectures
Infrastructure as a Service (IaaS)
Architectures
10
Cloud Deployment Models
• Private cloud
– single org only,
– managed by the org or a 3rd party,
– on or off premise
• Community cloud
– shared infrastructure for specific community
– several orgs that have shared concerns,
– managed by org or a 3rd party
11
Cloud Deployment Models (Cont.)
• Public cloud
– Sold to the public, mega-scale infrastructure
– available to the general public
• Hybrid cloud
– composition of two or more clouds
– bound by standard or proprietary technology
12
Common Cloud Characteristics
• Cloud computing often leverages:
– Massive scale
– Homogeneity
– Virtualization
– Resilient computing
– Low cost software
– Geographic distribution
– Service orientation
– Advanced security technologies
13
The NIST Cloud Definition Framework
Hybrid Clouds
Deployment
Models
Service
Models
Community
Cloud
Private
Cloud
Software as a
Service (SaaS)
Public Cloud
Platform as a
Service (PaaS)
Infrastructure as a
Service (IaaS)
On Demand Self-Service
Essential
Characteristics
Common
Characteristics
Broad Network Access
Rapid Elasticity
Resource Pooling
Measured Service
Massive Scale
Resilient Computing
Homogeneity
Geographic Distribution
Virtualization
Service Orientation
Low Cost Software
Advanced Security
14
Cloud Computing Security
15
Security is the Major Issue
16
General Security Advantages
• Shifting public data to a external cloud
reduces the exposure of the internal sensitive
data
• Cloud homogeneity makes security
auditing/testing simpler
• Clouds enable automated security
management
• Redundancy / Disaster Recovery
17
General Security Challenges
•
•
•
•
•
•
Trusting vendor’s security model
Customer inability to respond to audit findings
Obtaining support for investigations
Indirect administrator accountability
Proprietary implementations can’t be examined
Loss of physical control
18
Security Relevant Cloud Components
•
•
•
•
•
•
Cloud Provisioning Services
Cloud Data Storage Services
Cloud Processing Infrastructure
Cloud Support Services
Cloud Network and Perimeter Security
Elastic Elements: Storage, Processing, and
Virtual Networks
19
Provisioning Service
• Advantages
– Rapid reconstitution of services
– Enables availability
• Provision in multiple data centers / multiple instances
– Advanced honey net capabilities
• Challenges
– Impact of compromising the provisioning service
20
Data Storage Services
• Advantages
–
–
–
–
–
Data fragmentation and dispersal
Automated replication
Provision of data zones (e.g., by country)
Encryption at rest and in transit
Automated data retention
• Challenges
– Isolation management / data multi-tenancy
– Storage controller
• Single point of failure / compromise?
– Exposure of data to foreign governments
21
Cloud Processing Infrastructure
• Advantages
– Ability to secure masters and push out secure
images
• Challenges
– Application multi-tenancy
– Reliance on hypervisors
– Process isolation / Application sandboxes
22
Cloud Support Services
• Advantages
– On demand security controls (e.g., authentication,
logging, firewalls…)
• Challenges
– Additional risk when integrated with customer
applications
– Needs certification and accreditation as a separate
application
– Code updates
23
Cloud Network and Perimeter Security
• Advantages
– Distributed denial of service protection
– VLAN capabilities
– Perimeter security (IDS, firewall, authentication)
• Challenges
– Virtual zoning with application mobility
24
Cloud Security Advantages
•
•
•
•
•
•
•
Data Fragmentation and Dispersal
Dedicated Security Team
Greater Investment in Security Infrastructure
Fault Tolerance and Reliability
Greater Resiliency
Hypervisor Protection Against Network Attacks
Possible Reduction of C&A Activities (Access to
Pre-Accredited Clouds)
25
Cloud Security Advantages (Cont.)
• Simplification of Compliance Analysis
• Data Held by Unbiased Party (cloud vendor
assertion)
• Low-Cost Disaster Recovery and Data Storage
Solutions
• On-Demand Security Controls
• Real-Time Detection of System Tampering
• Rapid Re-Constitution of Services
• Advanced Honeynet Capabilities
26
Cloud Security Challenges
•
Data dispersal and international privacy laws
–
–
–
•
•
•
•
•
EU Data Protection Directive and U.S. Safe Harbor
program
Exposure of data to foreign government and data
subpoenas
Data retention issues
Need for isolation management
Multi-tenancy
Logging challenges
Data ownership issues
Quality of service guarantees
27
Cloud Security Challenges (Cont.)
•
•
•
•
•
Dependence on secure hypervisors
Attraction to hackers (high value target)
Security of virtual OSs in the cloud
Possibility for massive outages
Encryption needs for cloud computing
–
–
–
–
•
•
Encrypting access to the cloud resource control interface
Encrypting administrative access to OS instances
Encrypting access to applications
Encrypting application data at rest
Public cloud vs internal cloud security
Lack of public SaaS version control
28
Additional Issues
•
Issues with moving PII and sensitive data to the cloud
–
•
Using SLAs to obtain cloud security
–
–
•
•
Privacy impact assessments
Suggested requirements for cloud SLAs
Issues with cloud forensics
Contingency planning and disaster recovery for cloud
implementations
Handling compliance
–
–
–
–
–
FISMA
HIPAA
SOX
PCI
SAS 70 Audits
29
Obstacles & Opportunities
30
31
Unique Features
•
•
•
•
•
•
•
Outsourcing Data and Applications
Extensibility and Shared Responsibility
Multi-tenancy
Service-Level Agreements
Virtualization and Hypervisors
Heterogeneity
Compliance and Regulations
32
Security Implications
33
Security and Privacy Challenges
• Authentication and Identity Management
– interoperability
– password-based: inherited limitation
– How multi-tenancy can affect the privacy of
identity information isn’t yet well understood.
– multi-jurisdiction issue
– integrated with other security components.
34
Security and Privacy Challenges
• Access Control and Accounting
– Heterogeneity and diversity of services, as well as
the domains’ diverse access requirements
– capture dynamic, context, or attribute- or
credential-based access requirements
– integrate privacy-protection requirements
– interoperability
– capture relevant aspects of SLAs
35
Security and Privacy Challenges
• Trust Management and Policy Integration
– compose multiple services to enable bigger
application services
– efficiently capturing a generic set of parameters
required for establishing trust and to manage
evolving trust and interaction/sharing
requirements
– address challenges such as semantic
heterogeneity, secure interoperability, and policyevolution management.
36
Security and Privacy Challenges
• Secure-Service Management
– WSDL can’t fully meet the requirements of cloud
computing services description
– issues such as quality of service, price, and SLAs
– automatic and systematic service provisioning and
composition framework that considers security
and privacy issues
37
Security and Privacy Challenges
• Privacy and Data Protection
– storing data and applications on systems that
reside outside of on-premise datacenters
– shared infrastructure, risk of potential
unauthorized access and exposure.
– Privacy-protection mechanisms must be
embedded in all security solutions.
– Provenance
– Balancing between data provenance and privacy
38
Security and Privacy Challenges
• Organizational Security Management
– shared governance can become a significant issue
if not properly addressed
– Dependence on external entities
– the possibility of an insider threat is significantly
extended when outsourcing data and processes to
clouds.
39
40
Security and Privacy Approaches
• Authentication and Identity Management
– User-centric IDM
– users control their digital identities and takes away
the complexity of IDM from the enterprises
– federated IDM solutions
– privacy-preserving protocols to verify various
identity attributes by using, for example, zeroknowledge proof-based techniques
41
Security and Privacy Approaches
• Access Control Needs
– RBAC
– policy-integration needs
– credential-based RBAC, GTRBAC,8 location-based
RBAC
42
Security and Privacy Approaches
• Secure Interoperation
– Multi-domain
– centralized approach
– decentralized approaches
– specification frameworks to ensure that the crossdomain accesses are properly specified, verified,
and enforced
– Policy engineering mechanisms
43
Security and Privacy Approaches
• Secure-Service Provisioning and Composition
– Open Services Gateway Initiative (OSGi)
– Declarative OWL-based language can be used to
provide a service definition manifest, including a
list of distinct component types that make up the
service, functional requirements, component
grouping and topology instructions
44
Security and Privacy Approaches
• Trust Management Framework
– trust-based policy integration
– Delegation
– must be incorporated in service composition
framework
45
Security and Privacy Approaches
• Data-Centric Security and Privacy
– shifts data protection from systems and
applications
– documents must be self-describing and defending
regardless of their environments.
46
Security and Privacy Approaches
• Managing Semantic Heterogeneity
– semantic heterogeneity among policies
– Use of an ontology is the most promising
approach
– policy framework and a policy enforcement
architecture
– inference engines
47
Questions?
48