Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Cloud Computing Paradigm Hassan Takabi PITT 01-27-2011.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "The Cloud Computing Paradigm Hassan Takabi PITT 01-27-2011."— Presentation transcript:

1 The Cloud Computing Paradigm Hassan Takabi LERSAIS @ SIS @ PITT 01-27-2011

2 2 Agenda Understanding Cloud Computing Cloud Computing Security Secure Cloud Migration Paths Foundational Elements of Cloud Computing Cloud Computing Case Studies and Security Models

3 Understanding Cloud Computing 3

4 4 Origin of the term “Cloud Computing” “Comes from the early days of the Internet where we drew the network as a cloud… we didn’t care where the messages went… the cloud hid it from us” – Kevin Marks, Google First cloud around networking (TCP/IP abstraction) Second cloud around documents (WWW data abstraction) The emerging cloud abstracts infrastructure complexities of servers, applications, data, and heterogeneous platforms – (“muck” as Amazon’s CEO Jeff Bezos calls it)

5 5 A Working Definition of Cloud Computing Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.

6 Essential Cloud Characteristics On-demand self-service – Get computing capabilities as needed automatically Broad network access – Services available over the net using desktop, laptop, PDA, mobile phone 6

7 Essential Cloud Characteristics (Cont.) Resource pooling – Location independence – Provider resources pooled to server multiple clients Rapid elasticity – Ability to quickly scale in/out service Measured service – control, optimize services based on metering 7

8 Cloud Service Models Cloud Software as a Service (SaaS) – Use provider’s applications over a network – User doesn’t manage or control the network, servers, OS, storage or applications Cloud Platform as a Service (PaaS) – Users deploy their applications on a cloud – Users control their apps – Users don’t manage servers, IS, storage 8

9 Cloud Service Models (Cont.) Cloud Infrastructure as a Service (IaaS) – Rent processing, storage, network capacity, and other fundamental computing resources – Consumers gets access to the infrastructure to deploy their stuff – Don’t manage or control the infrastructure – Do manage or control the OS, storage, apps, selected network components To be considered “cloud” they must be deployed on top of cloud infrastructure that has the key characteristics 9

10 Service Model Architectures 10

11 Cloud Deployment Models Private cloud – single org only, – managed by the org or a 3 rd party, – on or off premise Community cloud – shared infrastructure for specific community – several orgs that have shared concerns, – managed by org or a 3 rd party 11

12 Cloud Deployment Models (Cont.) Public cloud – Sold to the public, mega-scale infrastructure – available to the general public Hybrid cloud – composition of two or more clouds – bound by standard or proprietary technology 12

13 Common Cloud Characteristics Cloud computing often leverages: – Massive scale – Homogeneity – Virtualization – Resilient computing – Low cost software – Geographic distribution – Service orientation – Advanced security technologies 13

14 The NIST Cloud Definition Framework 14 CommunityCloud Private Cloud Public Cloud Hybrid Clouds Deployment Models Service Models Essential Characteristics Common Characteristics Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS) Resource Pooling Broad Network AccessRapid Elasticity Measured Service On Demand Self-Service Low Cost Software VirtualizationService Orientation Advanced Security Homogeneity Massive ScaleResilient Computing Geographic Distribution

15 15 Cloud Computing Security

16 Security is the Major Issue 16

17 General Security Advantages Shifting public data to a external cloud reduces the exposure of the internal sensitive data Cloud homogeneity makes security auditing/testing simpler Clouds enable automated security management Redundancy / Disaster Recovery 17

18 General Security Challenges Trusting vendor’s security model Customer inability to respond to audit findings Obtaining support for investigations Indirect administrator accountability Proprietary implementations can’t be examined Loss of physical control 18

19 Security Relevant Cloud Components Cloud Provisioning Services Cloud Data Storage Services Cloud Processing Infrastructure Cloud Support Services Cloud Network and Perimeter Security Elastic Elements: Storage, Processing, and Virtual Networks 19

20 Provisioning Service Advantages – Rapid reconstitution of services – Enables availability Provision in multiple data centers / multiple instances – Advanced honey net capabilities Challenges – Impact of compromising the provisioning service 20

21 Data Storage Services Advantages – Data fragmentation and dispersal – Automated replication – Provision of data zones (e.g., by country) – Encryption at rest and in transit – Automated data retention Challenges – Isolation management / data multi-tenancy – Storage controller Single point of failure / compromise? – Exposure of data to foreign governments 21

22 Cloud Processing Infrastructure Advantages – Ability to secure masters and push out secure images Challenges – Application multi-tenancy – Reliance on hypervisors – Process isolation / Application sandboxes 22

23 Cloud Support Services Advantages – On demand security controls (e.g., authentication, logging, firewalls…) Challenges – Additional risk when integrated with customer applications – Needs certification and accreditation as a separate application – Code updates 23

24 Cloud Network and Perimeter Security Advantages – Distributed denial of service protection – VLAN capabilities – Perimeter security (IDS, firewall, authentication) Challenges – Virtual zoning with application mobility 24

25 Cloud Security Advantages Data Fragmentation and Dispersal Dedicated Security Team Greater Investment in Security Infrastructure Fault Tolerance and Reliability Greater Resiliency Hypervisor Protection Against Network Attacks Possible Reduction of C&A Activities (Access to Pre-Accredited Clouds) 25

26 Cloud Security Advantages (Cont.) Simplification of Compliance Analysis Data Held by Unbiased Party (cloud vendor assertion) Low-Cost Disaster Recovery and Data Storage Solutions On-Demand Security Controls Real-Time Detection of System Tampering Rapid Re-Constitution of Services Advanced Honeynet Capabilities 26

27 Cloud Security Challenges Data dispersal and international privacy laws – EU Data Protection Directive and U.S. Safe Harbor program – Exposure of data to foreign government and data subpoenas – Data retention issues Need for isolation management Multi-tenancy Logging challenges Data ownership issues Quality of service guarantees 27

28 Cloud Security Challenges (Cont.) Dependence on secure hypervisors Attraction to hackers (high value target) Security of virtual OSs in the cloud Possibility for massive outages Encryption needs for cloud computing – Encrypting access to the cloud resource control interface – Encrypting administrative access to OS instances – Encrypting access to applications – Encrypting application data at rest Public cloud vs internal cloud security Lack of public SaaS version control 28

29 Additional Issues Issues with moving PII and sensitive data to the cloud – Privacy impact assessments Using SLAs to obtain cloud security – Suggested requirements for cloud SLAs – Issues with cloud forensics Contingency planning and disaster recovery for cloud implementations Handling compliance – FISMA – HIPAA – SOX – PCI – SAS 70 Audits 29

30 Obstacles & Opportunities 30

31 31

32 Unique Features Outsourcing Data and Applications Extensibility and Shared Responsibility Multi-tenancy Service-Level Agreements Virtualization and Hypervisors Heterogeneity Compliance and Regulations 32

33 Security Implications 33

34 Security and Privacy Challenges Authentication and Identity Management – interoperability – password-based: inherited limitation – How multi-tenancy can affect the privacy of identity information isn’t yet well understood. – multi-jurisdiction issue – integrated with other security components. 34

35 Security and Privacy Challenges Access Control and Accounting – Heterogeneity and diversity of services, as well as the domains’ diverse access requirements – capture dynamic, context, or attribute- or credential-based access requirements – integrate privacy-protection requirements – interoperability – capture relevant aspects of SLAs 35

36 Security and Privacy Challenges Trust Management and Policy Integration – compose multiple services to enable bigger application services – efficiently capturing a generic set of parameters required for establishing trust and to manage evolving trust and interaction/sharing requirements – address challenges such as semantic heterogeneity, secure interoperability, and policy- evolution management. 36

37 Security and Privacy Challenges Secure-Service Management – WSDL can’t fully meet the requirements of cloud computing services description – issues such as quality of service, price, and SLAs – automatic and systematic service provisioning and composition framework that considers security and privacy issues 37

38 Security and Privacy Challenges Privacy and Data Protection – storing data and applications on systems that reside outside of on-premise datacenters – shared infrastructure, risk of potential unauthorized access and exposure. – Privacy-protection mechanisms must be embedded in all security solutions. – Provenance – Balancing between data provenance and privacy 38

39 Security and Privacy Challenges Organizational Security Management – shared governance can become a significant issue if not properly addressed – Dependence on external entities – the possibility of an insider threat is significantly extended when outsourcing data and processes to clouds. 39

40 40

41 Security and Privacy Approaches Authentication and Identity Management – User-centric IDM – users control their digital identities and takes away the complexity of IDM from the enterprises – federated IDM solutions – privacy-preserving protocols to verify various identity attributes by using, for example, zero- knowledge proof-based techniques 41

42 Security and Privacy Approaches Access Control Needs – RBAC – policy-integration needs – credential-based RBAC, GTRBAC,8 location-based RBAC 42

43 Security and Privacy Approaches Secure Interoperation – Multi-domain – centralized approach – decentralized approaches – specification frameworks to ensure that the cross- domain accesses are properly specified, verified, and enforced – Policy engineering mechanisms 43

44 Security and Privacy Approaches Secure-Service Provisioning and Composition – Open Services Gateway Initiative (OSGi) – Declarative OWL-based language can be used to provide a service definition manifest, including a list of distinct component types that make up the service, functional requirements, component grouping and topology instructions 44

45 Security and Privacy Approaches Trust Management Framework – trust-based policy integration – Delegation – must be incorporated in service composition framework 45

46 Security and Privacy Approaches Data-Centric Security and Privacy – shifts data protection from systems and applications – documents must be self-describing and defending regardless of their environments. 46

47 Security and Privacy Approaches Managing Semantic Heterogeneity – semantic heterogeneity among policies – Use of an ontology is the most promising approach – policy framework and a policy enforcement architecture – inference engines 47

48 48 Questions?

Download ppt "The Cloud Computing Paradigm Hassan Takabi PITT 01-27-2011."

Similar presentations

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Chapter 22: Cloud Computing and Related Security Issues Guide to Computer Network Security.

Chapter 22: Cloud Computing and Related Security Issues Guide to Computer Network Security.
Cloud Computing to Satisfy Peak Capacity Needs Case Study.

Cloud Computing to Satisfy Peak Capacity Needs Case Study.
Clouds C. Vuerli Contributed by Zsolt Nemeth. As it started.

Clouds C. Vuerli Contributed by Zsolt Nemeth. As it started.
Security in the Cloud: Can You Trust What You Can’t Touch? Rob Johnson Security Architect, Cloud Engineering Unisys Corp.

Security in the Cloud: Can You Trust What You Can’t Touch? Rob Johnson Security Architect, Cloud Engineering Unisys Corp.
BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.

BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.
Cloud Usability Framework

Cloud Usability Framework
Day 3. 2 An Introduction to Cloud Dr David Wallom, Associate Director - Innovation (Oxford e-Research Centre) Technical Director (UK NGS) Thanks to NIST.

Day 3. 2 An Introduction to Cloud Dr David Wallom, Associate Director - Innovation (Oxford e-Research Centre) Technical Director (UK NGS) Thanks to NIST.
Wally Kowal, President and Founder Canadian Cloud Computing Inc.

Wally Kowal, President and Founder Canadian Cloud Computing Inc.
Be Smart, Use PwrSmart What Is The Cloud?. Where Did The Cloud Come From? We get the term “Cloud” from the early days of the internet where we drew a.

Be Smart, Use PwrSmart What Is The Cloud?. Where Did The Cloud Come From? We get the term “Cloud” from the early days of the internet where we drew a.
M.A.Doman 2011. Model for enabling the delivery of computing as a SERVICE.

M.A.Doman Model for enabling the delivery of computing as a SERVICE.
Cloud Computing Guide & Handbook SAI USA Madhav Panwar.

Cloud Computing Guide & Handbook SAI USA Madhav Panwar.
SPRING 2011 CLOUD COMPUTING Cloud Computing San José State University Computer Architecture (CS 147) Professor Sin-Min Lee Presentation by Vladimir Serdyukov.

SPRING 2011 CLOUD COMPUTING Cloud Computing San José State University Computer Architecture (CS 147) Professor Sin-Min Lee Presentation by Vladimir Serdyukov.
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.

Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.
Cloud computing Tahani aljehani.

Cloud computing Tahani aljehani.
EA and IT Infrastructure - 1© Minder Chen, 1995-2014 Enterprise Architecture, IT Infrastructure, and Cloud Computing Minder Chen, Ph.D. CSU Channel Islands.

EA and IT Infrastructure - 1© Minder Chen, Enterprise Architecture, IT Infrastructure, and Cloud Computing Minder Chen, Ph.D. CSU Channel Islands.
EA and IT Infrastructure - 1© Minder Chen, 1995-2011 Stages in IT Infrastructure Evolution Mainframe/Mini Computers Personal Computer Client/Sever Computing.

EA and IT Infrastructure - 1© Minder Chen, Stages in IT Infrastructure Evolution Mainframe/Mini Computers Personal Computer Client/Sever Computing.
Discussion on LI for Mobile Clouds

Discussion on LI for Mobile Clouds
Plan Introduction What is Cloud Computing?

Plan Introduction What is Cloud Computing?
A day in the cloud.

A day in the cloud.

Similar presentations

Ads by Google