Presentation is loading. Please wait.

Presentation is loading. Please wait.

Tunis, Tunisia, 28 April 2014 Security Issues for Cloud and Future Networks Noureddine Boudriga, Director CN&S, University of Carthage

Published byVanessa Snow Modified over 9 years ago

Similar presentations

Presentation on theme: "Tunis, Tunisia, 28 April 2014 Security Issues for Cloud and Future Networks Noureddine Boudriga, Director CN&S, University of Carthage"— Presentation transcript:

1 Tunis, Tunisia, 28 April 2014 Security Issues for Cloud and Future Networks Noureddine Boudriga, Director CN&S, University of Carthage Noure.boudriga2@gmail.com 2 nd SG 13 Regional Workshop for Africa on “Future Networks: Cloud Computing, Energy Saving, Security & Virtualization” (Tunis, Tunisia, 28 April 2014)

2 Talk Objectives Present a discussion of common fundamental challenges and issues/characteristics of cloud computing and future networks Identify security and privacy issues challenging future networks Discuss approaches to address the security issues Explain the need for a new security engineering Tunis, Tunisia, 28 April 2014 2

3 3 Summary Introduction Security Issues in Cloud Computing Security and Privacy Issues in Future Networks Security Solutions Towards new security engineering Global Cybersecurity

4 Tunis, Tunisia, 28 April 2014 4 1. Introduction “Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources” (NIST) Attributes: Rapid deployment, Low startup costs/ capital investments, Costs based on utilization or subscription, Multi-tenant sharing of services/resources Characteristics: On demand service, Ubiquitous network access, Location independent resource pooling, Rapid elasticity.

5 Introduction: Cloud and FN Models Delivery Models: SaaS, PaaS, and IaaS, for cloud Service Delivery workflows and control, services’ Brokering and composition, and Flow and Content mapping to Services, for FN Deployment Models: Private, Community, Public, Hybrid Management Models: Self-managed or 3rd party managed (e.g. public clouds, VPN/C) Tunis, Tunisia, 28 April 2014 5

6 Introduction: features Common features: massive concentration of shared resources and an important emergence of risk, since any loss from a single breach can significantly affect larger structures/pools. Additional features for FNs: a massive data to transmit, a massive traffic to relay, a large node mobility Hidden concepts: network topology, perimeter, traffic granularity. Tunis, Tunisia, 28 April 2014 6

7 7 2. Security Issues in Cloud Computing Notorious threats include: Data Breaches, Data Loss, Account or Service Traffic Hijacking, Insecure Interfaces and APIs, Denial of Service Malicious Insiders, Abuse of Cloud, Services Insufficient due Diligence, Shared Technology Vulnerabilities Most security problems stem from: Loss of control, weak trust relationships, and Multi- tenancy. Problems exist mainly with 3rd party management models. Little involvement of the operators

8 Tunis, Tunisia, 28 April 2014 8 Security issues: loss of control Data, applications, and resources are located within the provider controlled infrastructure Customer identity management is handled by the cloud. Cyustomer access control rules, security policies, and enforcement are managed by the cloud provider Consumer relies on provider to address: Data security and Privacy, Resource availability control, Monitoring of resources, and Repairing.

9 Tunis, Tunisia, 28 April 2014 9 Security issues: weak trust relashionships Trust relationships at any point of the delivery chain may be weak due to the loss of control in passing sensitive data Trust along the delivery chain from customer to cloud providers may be non transitive due to the lack transparency The lack of consensus about what trust management techniques should be utilized for cloud environments Standardized trust models are needed; but, none of trust models related to data is acceptable

10 Security issues: Multi-tenancy Conflict between tenants’ opposing goals and goals Tenants can share pools of resources and apply conflicting rules Limited efficiency techniques to provide separation/interoperation between tenants Cloud Computing brings new threats Multiple independent users share the same physical infrastructure Attackers can legitimately be managed by the same physical machine as their target Tunis, Tunisia, 28 April 2014 10

11 3. Security and Privacy Issues in FNs Availability: Questions about what happens for customer critical systems/data, if the provider is attacked or when it goes out of business. Confidentiality: Questions about whether the sensitive/private data stored (on a cloud, for instance) remain confidential, and about leaking of confidential customer information Integrity: Questions about How the cloud/FN provider performs correctly integrity computations, and How the cloud provider really stores user data without altering it. Tunis, Tunisia, 28 April 2014 11

12 Security and Privacy issues Massive data mining: Providers store data from a large number of customers, and run data mining algorithms to retrieve large amounts of information. New classes of harmful attacks: Attackers can target the communication link between provider and customer, and Provider employees can be phished Digital forensics: Audit data and forensics are hard to perform since customers don’t maintain data locally. Legal and transitive trust issues: Who is responsible for complying with regulations. Tunis, Tunisia, 28 April 2014 12

13 Security and privacy issues in FNs AT the customer side, an attacker can Learn passwords/authentication information and gain control of the VMs, if any At the provider side, an attacker can Log customer communication, read non encrypted data, look into VMs, make copies of VMs, or monitor network communication and application patterns. External attackers can Listen to network traffic, Insert malicious traffic, Investigate (cloud) structure, or launch DoS, Intrusion, and Network analysis. Tunis, Tunisia, 28 April 2014 13

14 Tunis, Tunisia, 28 April 2014 14 4. Security solutions Minimize Loss of Control Activity Monitoring (e.g. payment, delegation, usage, and storage control) Access control and interoperation management Minimize the weakness of Trust relationships Security Policy (description language, policy validation, and conflict mgt) Certification infrastructure (integrity and authentication) Identity Management, Coordination and interoperation of Multi-tenancy

15 Security solutions: Monitoring Provide mechanisms that enable the providers to act on the attacks they can handle: infrastructure remapping and fault repairing shutting down offending components or targets Provide mechanisms that enable the consumer to act on attacks targeting application-level. Risk-adaptable Access Control Provide ability to move the user’s application to another provider Tunis, Tunisia, 28 April 2014 15

16 Security solutions: Identity management IdM in traditional application-centric model assumes each application to keep track of identifying information of its users. Existing systems assume the availability of a trusted third party. Users have multiple accounts associated with multiple service providers (in cloud). Sharing sensitive identity information between services can lead to undesirable mapping of the identities to the user. Tunis, Tunisia, 28 April 2014 16

17 Security solutions: goals for IdM Authenticate without disclosing identifying information Ability to securely use a service while on an untrusted host (VM on the cloud) Minimal disclosure and minimized risk of disclosure during communication between user and service provider (Man in the Middle, Side Channel and Correlation Attacks) Protection of Identity Information in Cloud and FNs without Trusted Third Party Tunis, Tunisia, 28 April 2014 17

18 5. Towards new security engineering Challenges: techniques for: Identifying cloud security-critical assets and evaluating the costs of their breaches. Identifying potential future network security threats and evaluating their feasibility. Identifying feasible (cloud) protections & countermeasures and evaluate their adequacy Verifying proper implementation, security policy, and investigating incidents Modelling threats and developing a useful framework for security measurement. Tunis, Tunisia, 28 April 2014 18

19 Tunis, Tunisia, 28 April 2014 19 Towards new security engineering Major tasks to perform: Design and analysis of robust security solution; Estimate solution costs, risk evolution Build techniques coping with “infinity” Tools for the analysis of robustness. Major models to provide: Security policy models Threat evolutionary modeling Verification, validation models Visibility modeling.

20 6. Security Cybersecurity: challenges Security breaches will be constant Password-based security will become essentially useless. Most services should offer a multi-factor authentication capability Mobile (smartphones) are used by people with minimal technical skill, virtually no attention to security. Cloud failures will result in substantial data loss. Security-as-a-Service becomes a new cloud market. Nation-state cyberwar escalates. Rogue nations use cybercrime Tunis, Tunisia, 28 April 2014 20

21 Global Cybersecurity: Objectives To create an assurance framework for design of security policies and promotion and enabling actions for compliance to global security standards To strengthen the Regulatory Framework for ensuring a SECURE CYBERSPACE To create workforce of skilled professionals To enable Protection of information while in process, handling, storage & transit To enable effective prevention, investigation and prosecution of cybercrimes Tunis, Tunisia, 28 April 2014 21

22 Tunis, Tunisia, 28 April 2014 22 GCS: Security factors limiting cloud and FN usage in Africa IT experts estimate an 80  infection rate on all PCs continent-wide (in Africa) including government computers. As internet and cloud penetration increases across Africa, so does the risk of sophisticated cyber-attacks, threatening African nations' security Increasing bandwidth and use of wireless technologies Lack of cyber security awareness. Ineffec-tive legislation and policies, Insufficient operator involvement.

23 Conclusion Cloud computing is evolving and future networks are merging Need for a new role for SPs and network oprators, as part of Cyber Security ecosystem. Need Extend the role of Computing incident Response Team Tunis, Tunisia, 28 April 2014 23

Download ppt "Tunis, Tunisia, 28 April 2014 Security Issues for Cloud and Future Networks Noureddine Boudriga, Director CN&S, University of Carthage"

Similar presentations

Cloud computing security related works in ITU-T SG17

Cloud computing security related works in ITU-T SG17
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing.

Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing.
Chapter 22: Cloud Computing and Related Security Issues Guide to Computer Network Security.

Chapter 22: Cloud Computing and Related Security Issues Guide to Computer Network Security.
Tunis, Tunisia, 28 April 2014 Business Values of Virtualization Mounir Ferjani, Senior Product Manager, Huawei Technologies 2.

Tunis, Tunisia, 28 April 2014 Business Values of Virtualization Mounir Ferjani, Senior Product Manager, Huawei Technologies 2.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
Security Controls – What Works

Security Controls – What Works
Bharat Bhargava Computer Science Purdue University Research in Cloud Computing YounSun Cho Computer Science Purdue.

Bharat Bhargava Computer Science Purdue University Research in Cloud Computing YounSun Cho Computer Science Purdue.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
CLOUD PRIVACY AND SECURITY CS 595 LECTURE 15 4/15/2015.

CLOUD PRIVACY AND SECURITY CS 595 LECTURE 15 4/15/2015.
Cloud Usability Framework

Cloud Usability Framework
Wally Kowal, President and Founder Canadian Cloud Computing Inc.

Wally Kowal, President and Founder Canadian Cloud Computing Inc.
Cloud Computing Guide & Handbook SAI USA Madhav Panwar.

Cloud Computing Guide & Handbook SAI USA Madhav Panwar.
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.

Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.
Cloud computing Tahani aljehani.

Cloud computing Tahani aljehani.
Discussion on LI for Mobile Clouds

Discussion on LI for Mobile Clouds
Plan Introduction What is Cloud Computing?

Plan Introduction What is Cloud Computing?
Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.

Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.
Security Framework For Cloud Computing -Sharath Reddy Gajjala.

Security Framework For Cloud Computing -Sharath Reddy Gajjala.

Similar presentations

Ads by Google