Security Prospects through Cloud Computing by Adopting Multiple Clouds Meiko Jensen, Jorg Schwenk Jens-Matthias Bohli, Nils Gruschka Luigi Lo Iacono Presented by : Sheekha Khetan

Agenda Cloud computing Security issues How the issues can be addressed Case studies

Introduction Cloud computing offers dynamically scalable resources provisioned as a service over the Internet.

Categories of Cloud Computing SoftwarePlatformInfrastructure

Infrastructure as a Service (IaaS)

Platform as a Service (PaaS)

Software as a Service (SaaS)

TypeCustomerUnit of Deployment OfferingPricing Structure IaaSSoftware Owner Virtual Machine Image · Runtime environment for virtual machines · Cloud storage · May have Cloud Services All charges per billing period. · Compute usage per hour · Data transfer in per GB · Data transfer out per GB · I/O requests per million · Storage per GB · Storage transfer in per GB · Storage transfer out per GB · Storage I/O requests per thousand For more details see Figure 3. PaaSSoftware Owner Application Package· Runtime environment for application code · Cloud Storage · Cloud Services All charges per billing period. · Compute usage per hour · Data transfer in per GB · Data transfer out per GB · I/O requests per million · Storage per GB · Storage transfer in per GB · Storage transfer out per GB · Storage I/O requests per thousand For more details see Figure 3. SaaSEnd UserNot Applicable The SaaS vendor does business directly with the End User · Finished applications Per user, per month

Security Issues Scope of Cloud Security All data given to the cloud provider leaves the own control and protection sphere Cloud provider gains full control on these processes Attacks on Cloud Security Risk of the own cloud system getting compromised by third parties Example: virtualization of the Amazon EC2 IaaS service The threat of Compromised Clouds If an attacker is able to infiltrate the cloud system itself, all data and all processes of all users operating on that cloud system may become subject to malicious actions in an avalanche manner

Cloud Security Prospects How does a cloud customer know whether his data was processed correctly within the cloud? Replication of Application System How can a cloud user be sure, that the data access is implemented and henceforth enforced effectively and that errors in the application logic doesn’t affect user’ data? Partition of Application System into Tiers How can a cloud user avoid the full revealing of processing logic and data to the cloud provider? Partition of Application Tiers into Fragments

Replication of Application System

Partition of Application Tiers into Fragments

Partition of Application Service into Tiers

Obfuscating Splitting data and/or application parts are distributed to different clouds in such a way, that every single cloud gains only a limited knowledge and only the final result or the combined data at the user’s side must be classified as confidential Multi-party Computation Two distinct scenarios can be imagined: an application that intrinsically requires multi-party computation is outsourced to the multi-party cloud, or a single cloud user make use of a multi- party cloud for better protection of the secrecy of his data.

Conclusion In this paper a concept is introduced, which aims at reducing the required level of trust and which provides innovative cloud security mechanisms in form of architectural patterns. Each of the three presented architectures provides a framework for implementing practicable security services not available so far. The underlying idea is to deploy and distribute the tasks to multiple distinct cloud systems. The main advantage coming out of the presented architectures are security services which still hold in the presence of malicious or compromised clouds.