Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Cloud Computing Security

advertisement 
Cloud Computing Security
Ritesh Kotekar Udupa
1
Topics to be discussed
• What is a cloud?
• Advantages of the cloud computing
• Service & Deployment models
• Levels of Security
• Security Concerns
• Identity Management
• InterCloud Identity Management Infrastructure
• Summary
2
What is a cloud?
Virtualized pool: Dynamically scalable shared resources accessed over a
network
• Resources: Storage, Computing, services, etc.
• Shared internally or with other customers
• Only pay for what you use
3
Advantages of the cloud computing
 Reduced Costs
 Efficient Resource Sharing
 Easy Expansion
 More Mobility
 Consumption based costs
 Instant software updates
 Contribution to Green computing
- Reducing the consumption of electricity
- Reducing emissions that damage the environment.
4
Service Model
• SaaS (Software as a Service)
• PaaS (Platform as a Service)
• IaaS (Infrastructure as a Service)
5
Service Model
SaaS
• Software as a
service
PaaS
• Platform as a
service
IaaS
• Infrastructure as
a service
• Productivity and collaboration apps
Eg: Google Apps
• CRM apps
Eg: Impel CRM, Salesforce.com, Microsoft Dynamics.
• Cloud based Storage and Sharing services
Eg: Dropbox, Skydrive, Amazon S3, Google Docs.
6
Service Model
SaaS
• Software as a
service
PaaS
• Platform as a
service
IaaS
• Infrastructure as
a service
 Individual Development Platforms
 GAE - Individual Java, Python developers.
 Microsoft Windows Azure - ASP.Net (C#,
VB.Net)
 Amazon’s Beanstalk - for Java developers
 Heroku - Facebook apps creation.
 PHP Fog and CloudControl - PHP.
 Multi-language application platform
 DotCloud.
7
Service Model
SaaS
• Software as a
service
PaaS
• Platform as a
service
IaaS
• Infrastructure as
a service
Virtualization
Eg: VMware, VirtualPC, VirtualBox, Amazon EC2 (Elastic
Compute Cloud)
- Execution on a virtual computer (instance).
- Configuration of CPU, memory & storage.
Cloud Infrastructure
Eg: Servers, Storage, routers etc
8
9
Deployment Models
Public Cloud
Private Cloud
Community Cloud
Hybrid Cloud
10
Levels of Security[7]




Facility Level
Network Level
OS & Application Level
Data Level Lists
 Access Control Lists
 User Level Access
 File/Data Integrity













Physical Controls
Access Controls
Video Surveillance
Background Checks
Multilayer Firewalls
Intrusion Detection
128 bit TLS Encryption
Dual Factor Authentication
ADFS & SAML
Access Control & monitoring (AD)
Antimalware & Anti Spam
Patch & Configuration Management
Secure Engineering
11
Security Concerns [1]
1.
2.
3.
4.
5.
6.
7.
Confidentiality
Integrity
Availability
Privacy
Authentication
Control
Audit
12
Confidentiality in the cloud [1]
 Virtual Physical Isolation
 Encrypted Storage
13
Availability [1]
 Annual Uptime Percentage
 QoS Guarantee
 Strategies
 Hardening
 Redundancy
14
Authentication
1. Every website/app needs credentials
• Username/Email
• Password
Resulting Problems
• So many apps so many passwords!!
• Indentity Scattered
• Trust
Is there a solution?
15
OpenID - Identity Management [5]
• Sharing single identity with different consumers
• Decentralized
• Some OpenID Providers
Google, Facebook, IBM, MySpace, VeriSign, Yahoo
• End User Privacy is not presently explicitly addressed
16
Single Sign-On – Identity Management [4]
• Authentication done only once
• Access to Multiple Applications
• Switch applications during a particular session
Eg: Google
17
Single Sign On - Flow Chart
18
SAML(Security Assertion Markup Language) [2],[6]
• IdM using IdP/SP Model
 End user
 User Agent
 Service Provider(SP)
 Identity Provider(IdP)
19
SAML (Security Assertion Markup Language) [2]
20
User Tracking[4]
•
Authentication
• Timeout check
• Recognition of a user
21
InterCloud Identity Management Infrastructure[2]
22
Trust relationship establishment
23
SOAP Message of IdP X
SOAP – Simple Object Access Protocol
24
Possible Attacks & Solutions[4]
Man in the Middle Attack (DNS Spoofing)
Solutions
• SSL/TLS
• Signature and Encryption of SOAP Messages
25
Possible Attacks & Solutions[4]
Message Modification
Solutions
• Inline Approach
26
Possible Attacks & Solutions[4]
•
Inline Approach
27
SOAP Account Info
· Number of children of Envelope is 2
· Number of Header is 2
· Number of Signed Elements is 3
· Immediate Predecessor of the 1st Signed Element is Envelope.
· Sibling Elements of the 1st Signed Element is Header.
28
Summary








Cloud Definition
Advantages of Cloud Computing
Service models (SaaS, PaaS, Iaas)
Deployment Models (Public, Private, Hybrid, Community)
Levels of security (facility, Network, OS & Appln, Data)
Security and Privacy concerns
Identity Management
ICIMI (InterCloud IdM Infrastructure)
29
References
[1] Minqi Zhou; Rong Zhang; Wei Xie; Weining Qian; Aoying Zhou; , "Security and Privacy in Cloud
Computing: A Survey," Semantics Knowledge and Grid (SKG), 2010 Sixth International Conference
on , vol., no., pp.105-112, 1-3 Nov. 2010
doi: 10.1109/SKG.2010.19
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5663489&isnumber=5663480
[2] Celesti, A.; Tusa, F.; Villari, M.; Puliafito, A.; , "Security and Cloud Computing: InterCloud Identity
Management Infrastructure," Enabling Technologies: Infrastructures for Collaborative Enterprises
(WETICE), 2010 19th IEEE International Workshop on , vol., no., pp.263-265, 28-30 June 2010
doi: 10.1109/WETICE.2010.49
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5541971&isnumber=5541771
[3] Jianfeng Yang; Zhibin Chen; , "Cloud Computing Research and Security Issues," Computational
Intelligence and Software Engineering (CiSE), 2010 International Conference on , vol., no., pp.1-3, 1012 Dec. 2010
doi: 10.1109/CISE.2010.5677076
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5677076&isnumber=5676710
[4] Jensen, M.; Schwenk, J.; Gruschka, N.; Iacono, L.L.; , "On Technical Security Issues in Cloud
Computing," Cloud Computing, 2009. CLOUD '09. IEEE International Conference on , vol., no.,
pp.109-116, 21-25 Sept. 2009
doi: 10.1109/CLOUD.2009.60
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5284165&isnumber=52835
45
30
References
[5] http://www.slideshare.net/rmetzler/identity-on-the-web-openid-vs-oauth
[6] http://en.wikipedia.org/wiki/Security_Assertion_Markup_Language
[7] http://www.youtube.com/watch?v=9do6ig6eg3E
[8] https://www.owasp.org/images/4/4b/AnInlineSOAPValidationApproach-
MohammadAshiqurRahaman.pdf
[9] “Security Guidance for critical Areas of Focus in Cloud Computing, V2.1,” December 2009, Cloud
Security Alliance, http://www.cloudsecurityalliance.org/csaguide.pdf
31
32
Related documents
Cloud Computing - Lutheran Services in America
Cloud Computing - Lutheran Services in America
Jordan University of Science and Technology Abstract: Authors
Jordan University of Science and Technology Abstract: Authors
Slide - People
Slide - People
Abstract
Abstract
Lisa Neal-Graves, Director Technology Insights, Intel
Lisa Neal-Graves, Director Technology Insights, Intel
Cisco Video Strategy - Distributed Computing Industry Association
Cisco Video Strategy - Distributed Computing Industry Association
More on the project
More on the project
Download
advertisement