Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cloud computing issues

Published byLesley Garrison Modified over 6 years ago

Similar presentations

Presentation on theme: "Cloud computing issues"— Presentation transcript:

1 Cloud computing issues
Cs 595 Lecture 8

2 IAAs Cloud Architectures
Introduction to IaaS Hardware virtualization CPU Memory I/O Network Software virtualization Hypervisors KVM Xen VirtualBox Full Virtualization Para Virtualization Host OS Virtualization Container-based Virtualization IaaS Ecosystems Open Source Eucalyptus Openstack Cloudstack OpenNebula Public Clouds Amazon AWS Google App/Compute Engines Microsoft Azure Other Cloud Issues Live Migration Scalability/Elasticity Availability Management Performance Security

3 Cloud Computing Issues
Virtualization enabled cloud properties: Live migration of virtual machines Migrate a virtual machine from one physical machine to another in the run time with a small amount of performance down grade. Scalability Elasticity Availability Manageability Performance Security

4 Cloud Computing Scalability
Scalability is defined as: Ability of the cloud cluster to handle growing amounts of workloads without suffering degradation in quality of service. Ex: Adding network connections to cloud cluster overlay network nodes to isolate and improve performance on different types of network traffic. Compute nodes can have three Ethernet ports instead of one (2 VM traffic, 1 cloud middleware traffic) Storage nodes increase its number of Ethernet ports to improve performance when data is mapped to VMs hosted on many compute nodes.

5 Cloud Computing Scalability
Scalability Levels: Physical Servers The cloud cluster must be able to accommodate new heterogeneous compute, storage, or admin servers. Autonomous integration of these physical servers generally rely on: Network subnets to determine physical machine type. Physical connection to a specific network switch can specify a network subnet. Preboot Execution Environment (PXE) for loading an OS and applications to the physical server once it’s type has been defined. All Physical servers on x/24 are compute nodes (Load compute image) All Physical servers on x/24 are storage nodes (Load storage image) All Physical servers on x/24 are admin nodes (Load admin image)

6 Cloud Computing Scalability
Scalability Levels: Local and Software Defined Networks Cloud cluster networks are generally dynamically provisioned in two ways: Ethernet virtualization VMs attach to physical Ethernet adapters on the compute node by using a virtual bridge. Overlay networks Networks built on top of other networks. Nodes in the overlay network are connected by logical or virtual links. Ex: Compute Node1 has a software defined connection to Storage Node1 This logical connection corresponds to three physical Ethernet links.

7 Cloud Computing Elasticity
Elasticity defined as: Ability of the cloud cluster to adapt to increased/decreased workload demands over time by allocating and deallocating resources. Ex: e-commerce website 60% of the time, unpopular ( >100 hits/hour) 20% of the time, somewhat popular ( 1,000 hits/hour) 10% of the time, very popular ( 5,000 hits/hour) 8% of the time, extremely popular (10,000 hits/hour) 2% of the time, overwhelmingly popular (30,000 hits/hour) How to handle changes in workloads? Autonomous provisioning of resources to (try to) match workload at all times. Avoid over-provisioning and under-provisioning

8 Cloud Computing Elasticity
Issues with cloud elasticity: IaaS/PaaS/SaaS resource control: Problems emerge when workloads interact with different layers of the cloud. Fixing problems at one layer, SaaS, may cause unforeseen problems in another layer, PaaS. Workload monitoring applications: Traditional monitoring tools targeting specific resources are not suitable for monitoring performance of elastic cloud based applications. Cloud resource provisioning time: VMs take some amount of time to boot. Increasing storage performance based on media type takes time to move data.

9 Cloud Computing Resource Availability
Fault tolerance system: All Services and Applications can be protected against component and complete system failure. When system failure occurs, virtual machines will be automatic restarted on other physical servers. X

10 Cloud Computing Resource Availability
Disaster recovery: Site Recovery Managers enables an easy transition from a production site to a Disaster Recovery site. Some services may be interrupted and/or impaired, but core functionality will remain operational. X

11 Cloud Computing Resource Availability
Fail over technique Backup VM Backup VM X Application protection against hardware failures, with NO down time that is Application and Operating System Independent.

12 Cloud Computing Management
Physical to virtual translation: It is possible to take snapshots of non- virtualized environments and translate them to VMs for consolidation.

13 Cloud Computing Management
Physical to virtual (P2V) translations Popular, automated P2V software: Symantec System Recovery (P2V, V2P) PlateSpin (P2V, P2P, V2P, V2V) Veritas Backup Exec (P2V, V2P) P2V worth doing? Consider: Creating virtual appliances for software applications Network storage for data

14 Cloud computing Performance
Dynamic load balancing : Cloud distributed resource schedulers automatically balances the Workloads according to set limits and guarantees. Removes the need to predict resource assignment.

15 Cloud computing Performance
Types of load balancing: Static load balancing Typically referred to as a mapping problem. Map workloads (VMs, application requests) to a fixed set of hardware to minimize process load differences. Dynamic load balancing Maintain even system load across all (heterogeneous) nodes in the cloud cluster at all times. Requires the use of dynamic job schedulers and/or live VM migrations.

16 Security in Clouds The following slides introduce the top five most dangerous error in software development.

17 Programming secure software
Programs that interface with the outside world should be written in a manner that resists intrusion. (Web, , etc.) Insecure interactions between components Risky resource management Porous defences Project management and test procedures must ensure that programs avoid these errors. What are the most dangerous software errors?

18 Most dangerous Errors #1
Improper neutralization of special elements used in a SQL command (“SQL Injection”) SQL injection is a technique where malicious users can inject SQL commands using a web page input. Ex: UserID: admin or 1 = 1 Server result from input: SELECT * FROM Users WHERE UserID = admin or 1 = 1 The above SQL statement is valid. It will return all rows from the table Users, since WHERE 1 = 1 is always true. If the Users table contains names and passwords, security will be compromised.

19 Most dangerous Errors #1
Improper neutralization of special elements used in a SQL command (“SQL Injection”) Attack frequency: (how often the weakness occurs/attacker exploits) High Ease of Detection: (how easy the weakness can be found by an attacker) Easy Consequences: (results of weakness being exploited by attacker) Data loss, Security bypass Remediation Cost: (effort required to fix the weakness) Low

20 Most dangerous Errors #2
Improper neutralization of special elements used in an OS command (“OS Command Injection”) OS command injection is a technique that uses a web interface in order to execute OS commands on a web server. Ex: PHP $userName = $_POST["user"]; $command = 'ls -l /home/' . $userName; system($command); The $userName variable is not checked for malicious input. An attacker can set the variable to any OS command, such as: ;rm -rf / The semi-colon is a command separator in Unix/Linux. The OS would first execute the “ls” command, then execute the “rm” command, which would delete the entire filesystem from the root directory.

21 Most dangerous Errors #2
Improper neutralization of special elements used in an OS command (“OS Command Injection”) Attack frequency: (how often the weakness occurs/attacker exploits) Often Ease of Detection: (how easy the weakness can be found by an attacker) Easy Consequences: (results of weakness being exploited by attacker) Code execution, Data loss Remediation Cost: (effort required to fix the weakness) Medium

22 Most dangerous Errors #3
Buffer copy without checking size of input(“Classic Buffer Overflow”) Buffer overflow attacks are techniques where a program overwrites memory adjacent to a buffer that should not have been modified. C, C++, and Assembly programs are generally targets. Ex: C char last_name[20]; printf ("Enter your last name: "); scanf ("%s", last_name); The code above doesn’t limit the size of the name entered by the user. If the user enters "Very_very_long_last_name" which is 24 characters long, then a buffer overflow will occur since the array can only hold 20 characters total.

23 Most dangerous Errors #3
Buffer copy without checking size of input(“Classic Buffer Overflow”) Attack frequency: (how often the weakness occurs/attacker exploits) Often Ease of Detection: (how easy the weakness can be found by an attacker) Easy Consequences: (results of weakness being exploited by attacker) Code execution, Denial of Service, Data loss Remediation Cost: (effort required to fix the weakness) Low

24 Most dangerous Errors #4
Improper neutralization of input during web page generation (“Cross-site Scripting”) Attack technique where malicious users can inject Javascript or other client side content into a web page that your web server generates. Ex: PHP $username = $_GET['username']; echo '<div class="header"> Welcome, ' . $username . '</div>'; the parameter can be arbitrary, the url of the page could be modified so $username contains scripting syntax, such as Language="Javascript">alert("You've been attacked!");</Script>

25 Most dangerous Errors #4
Improper neutralization of input during web page generation (“Cross-site Scripting”) Attack frequency: (how often the weakness occurs/attacker exploits) Often Ease of Detection: (how easy the weakness can be found by an attacker) Easy Consequences: (results of weakness being exploited by attacker) Code execution, Security bypass Remediation Cost: (effort required to fix the weakness) Low

26 Most dangerous Error #5 Missing authentication for critical function
Attack technique that targets critical functions or modules of software that does not perform security checks before accepting and processing input. Ex: Java public BankAccount createBankAccount(String accountNumber, String accountType, String accountName, double balance) { BankAccount account = new BankAccount(); account.setAccountNumber(accountNumber); account.setAccountType(accountType); account.setAccountOwnerName(accountName); account.setBalance(balance); return account;} The above example has no authentication mechanism to ensure that the user creating the account has the authority to create new bank accounts.

27 Most dangerous Errors #5
Missing authentication for critical function Attack frequency: (how often the weakness occurs/attacker exploits) Sometimes Ease of Detection: (how easy the weakness can be found by an attacker) Moderate Consequences: (results of weakness being exploited by attacker) Security bypass Remediation Cost: (effort required to fix the weakness) Low to high

28 Programming secure software
For the top 25 programming errors, see:

Download ppt "Cloud computing issues"

Similar presentations

Cloud computing is used to describe a variety of computing concepts that involve a large number of computers connected through a real-time communication.

Cloud computing is used to describe a variety of computing concepts that involve a large number of computers connected through a real-time communication.
Database Architectures and the Web

Database Architectures and the Web
Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1.

Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1.
Adam Duffy Edina Public Schools.  The heart of virtualization is the “virtual machine” (VM), a tightly isolated software container with an operating.

Adam Duffy Edina Public Schools.  The heart of virtualization is the “virtual machine” (VM), a tightly isolated software container with an operating.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Cs238 Lecture 3 Operating System Structures Dr. Alan R. Davis.

Cs238 Lecture 3 Operating System Structures Dr. Alan R. Davis.
CS 290C: Formal Models for Web Software Lecture 1: Introduction Instructor: Tevfik Bultan.

CS 290C: Formal Models for Web Software Lecture 1: Introduction Instructor: Tevfik Bultan.
INTRODUCTION TO CLOUD COMPUTING CS 595 LECTURE 4.

INTRODUCTION TO CLOUD COMPUTING CS 595 LECTURE 4.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
Module 13: Configuring Availability of Network Resources and Content.

Module 13: Configuring Availability of Network Resources and Content.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 12 Slide 1 Distributed Systems Architectures.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 12 Slide 1 Distributed Systems Architectures.
9/14/2015B.Ramamurthy1 Operating Systems : Overview Bina Ramamurthy CSE421/521.

9/14/2015B.Ramamurthy1 Operating Systems : Overview Bina Ramamurthy CSE421/521.
+ CS 325: CS Hardware and Software Organization and Architecture Cloud Architectures.

+ CS 325: CS Hardware and Software Organization and Architecture Cloud Architectures.
Cloud Computing & Amazon Web Services – EC2 Arpita Patel Software Engineer.

Cloud Computing & Amazon Web Services – EC2 Arpita Patel Software Engineer.
Presented by: Sanketh Beerabbi University of Central Florida COP6087 - Cloud Computing.

Presented by: Sanketh Beerabbi University of Central Florida COP Cloud Computing.
Overview Abstract Vulnerability: An Overview Cloud Computing Cloud-Specific Vulnerabilities Architectural Components and Vulnerabilities Conclusion.

Overview Abstract Vulnerability: An Overview Cloud Computing Cloud-Specific Vulnerabilities Architectural Components and Vulnerabilities Conclusion.
COMS E6998-6 Cloud Computing and Data Center Networking Sambit Sahu

COMS E Cloud Computing and Data Center Networking Sambit Sahu
Web Application Security ECE 4112. ECE 4112 - Internetwork Security What is a Web Application? An application generally comprised of a collection of scripts.

Web Application Security ECE ECE Internetwork Security What is a Web Application? An application generally comprised of a collection of scripts.
Security Attacks CS 795. Buffer Overflow Problem Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program.

Security Attacks CS 795. Buffer Overflow Problem Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program.

Similar presentations

Ads by Google