Download presentation
Presentation is loading. Please wait.
Published byRalf Dawson Modified over 9 years ago
1
A Seminar on Securities In Cloud Computing Presented by Sanjib Kumar Raul Mtech(ICT) Roll-10IT61B09 IIT Kharagpur Under the supervision of Prof. Indranil Sengupta HOD,Computer Science
2
Content What is Cloud Computing Cloud Architecture Cloud Structure Types of security in cloud computing Security concern Data Confidentiality in cloud computing. Problem in cloud computing. Conclusion References
3
What is Cloud Computing It is an Internet-based computing technology, where shared resources such as software, platform, storage and information are provided to customers on demand. Cloud Computing is a computing platform for sharing resources that include infrastructures, software, applications, and business processes. Cloud Computing is a virtual pool of computing resources.It provides computing resources in the pool for users through internet.
4
Cloud Architecture A Basic Cloud Network
5
Cont.. Components of cloud computing Front end The front end is the client’s network or computer, and the applications used to access the cloud. Back end The back end is the ‘cloud’ itself, which comprises of various computers, servers and data storage devices.
6
Cloud structure and Types The user can access any service which he/she wants for a specific task and for a specific amount of time.
7
Types Public cloud: In public clouds, multiple customers share the computing resources provided by a single service provider. Private cloud: In the private cloud, computing resources are used and controlled by a private enterprise.
8
Cont.. Hybrid cloud: A third type can be hybrid cloud that is typical combination of public and private cloud. Community cloud: Several organizations jointly construct and share the same cloud infrastructure as well as policies,requirements, values, and concerns.
9
Models of Cloud Computing Model 1:Infrastructure as a service(Iaas) Model 2:Platform as a Service(PaaS)
10
Cont.. Model 3:Software as a Service(SaaS) Model 4:Business Process as a Service(BaaS)
11
Types of Security in Cloud Computing 1-Data Security It focuses on protecting the software and hardware associated with the cloud. 2-Network Security Protecting the network over which cloud is running from various attacks – DOS, DDOS, IP Spoofing.
12
Security Concern There are multiple issues in a cloud computing. Loss of Control The first issue associated with cloud computing is the loss of control of an organisation’s data. Data retention Another issue associated with cloud computing can be seen with how old data is managed. Once data is used it is generally stored indefinitely in the cloud.
13
Implementing and achieving security The company secure the data by establish an information security policy (InSPy). Security through password protection
14
Data Confidentiality Protection Confidentiality is defined as the assurance that sensitive information is not disclosed to unauthorized persons, processes, or Devices. Users’ confidential data is disclosed to a service provider if all of the following three conditions are satisfied simultaneously
15
Cont.. 1) the service provider knows where the users’ confidential data is located in the cloud computing systems. 2) the service provider has privilege to access and collect the users’ confidential data in cloud. 3) the service provider can understand the meaning of the users’ data.
16
Problems With Current Cloud Computing Cloud computing system architecture
17
Cont.. The following are the major problems of current cloud computing system: A. Each service provider has its own software layer, platform layer and infrastructure layer. When a user uses a cloud application from a service provider, the user is forced to use the platform and infrastructure provided by the same service provider, and hence the service provider knows where the users’ data is located and has full access privileges to the data.
18
Cont.. B. The user is forced to use the interfaces only provided by the service provider, and users’ data has to be in a fixed format specified by the service provider, and hence the service provider knows all the information required understanding users’ data. Therefore, we cannot prevent service providers from satisfying all of the three Conditions
19
Cont.. Approach to Protect Confidentiality: In our approach,we have the following seven entities : Software Cloud,Infrastructure Cloud, Software Service Broker, Infrastructure Service Broker, Software Service Attestation Authority, DataObfuscator and Data De-obfuscator
20
McCabe’s Cyclomatic Complexity Measures Approach to protect confidentiality
21
Cont.. Our approach makes sure that any of these entities in a cloud computing system does not satisfy the three conditions simultaneously. Software Cloud: A Software Cloud provides software as a service upon users’ requests. Each software cloud may contain multiple software services, and each software service can be discovered and accessed by users through Software Service Broker..
22
Cont.. Infrastructure Cloud: An Infrastructure Cloud provides virtualized system resources, such as CPU, memory, and network resources. An authenticated user can request a virtual machine on which the user can deploy any platform or operating system to execute a software service instance. Software Service Broker:It provides identity anonymization service, by which users can use pseudonyms instead of their true identities so that the users can acquire service instances
23
without revealing their identities. Infrastructure Service Broker:It helps users automatically discover and useavailable infrastructure services. It also provides identity anonymization service to prevent the system from revealing users’ true identities. The Software Service Attestation Authority (SSAA):The SSAA is a third party authority to verify that a service instance does not perform any malicious activity that may disclose users’ confidential data
24
Cont.. A Data Obfuscator: A Data Obfuscator is a middleware provided by a user that can be deployed on a virtual machine in an infrastructure Cloud. The Data Obfuscator provides an operating system environment for software service instance to be run in an Infrastructure Cloud. A Data De-obfuscator: It de-obfuscates obfuscated data so that a user can see the plain data. A Data De-obfuscator remains in the user’s personal computer all the time.
25
S1) a) A user requests a Software Service Broker to find a software service by providing the specification of the software service. b) The Software Service Broker performs automatic service discovery to find a service instance in the Software Cloud that satisfies the user’s requested service requirement specification. c) The Software Service Broker acquires the discovered software instance using an anonymous credential. S2) a) The Software Service Broker deploys the acquired service instance to the testing platform of a Summary.
26
SSAA. The SSAA verifies whether the service instance performs according to the service description, and the service instance does not transmit users’ data to any unauthorized entity. b) After the verification procedure, the software service instance is sent back to the Software Service Broker. S3) a) The user asks the Infrastructure Service Broker to find an infrastructure service compatible to the service instance. b) The Infrastructure Service Broker discovers an infrastructure service provider, who has the capability to execute the acquired software service instance. Cont..
27
S4) The user requests the infrastructure service provider to set up a virtual machine and then deploys the Data Obfuscator on the virtual machine using the Agent Deployment Plans (ADPs), for automated middleware deployment and migration in service based systems. S5) a) The service instance acquired in S1) is sent to Infrastructure Service Broker. b) The service instance is deployed on the workflow of the Data Obfuscator set up in S4). S6) a) The user sends his/her data to the workflow to process.
28
An Illustrative Example An example of online video conferencing to illustrate our approach
29
Cont.. S1) a) The leader of the group requests a Software Service Broker to find the Voice Communication Service, Video Communication Service, File Sharing Service and Instant Messaging Service. b) The Software Service Broker discovers the services. c) The Software Service Broker downloads the service instances of the five software services. S2) a) The Software Service Broker deploys the service instances to the testing platform of a SSAA. b) The SSAA verifies the software service instances. S3) a) The leader of the group requests an Infrastructure Service Broker to find an infrastructure service compatible to the service instances. b) The Infrastructure Service Broker discovers an infrastructure service.
30
Cont.. S4) A virtual machine is set up in the infrastructure cloud. The leader of the group deploys the Data Obfuscator on the virtual Machine. S5) a) The service instances are sent to the Infrastructure Service Broker. b) The service instances are deployed on the Data Obfuscator. The five service instances are composed to a workflow. The workflow provides all the functionalities for online conferencing. S6) a) The users of the group send their input data to the workflow to process. During the processing of the users’ input data, the input data is obfuscated. After completing the processing, a service response of the workflow is sent to all the users of the group that the processing of their input data has been completed.
31
Conclusions Here an approach to protecting users’ confidential data in cloud computing. Our approach is based on three features: (1) separation of software service providers and infrastructure service providers, (2) hiding information about the owner of data and (3) data obfuscation.
32
References [1] Stephen S. Yau and Ho G, ”Protection of users’ data confidentiality”from ACM digital library. [2] J. Heiser and M. Nicolett, “Assessing the security risks of cloud computing,”from ACM digital library. [3] La’Quata Sumter,” Cloud Computing: Security Risk” from ACM digital library. [4] Gary Anthes,”Security in the Cloud” november 2010 | vol. 53 | no. 11 | communications of the acm 11. [5] S N Dhage, B B Meshram,” Cloud Computing Environment” International Conference and Workshop on Emerging Trends in Technology (ICWET 2011) – TCET, Mumbai, India.
33
Thank you Any Query ?
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.