Download presentation
Presentation is loading. Please wait.
Published byHannah Pitts Modified over 9 years ago
1
SECURITY IN CLOUD COMPUTING By Bina Bhaskar Anand Mukundan
2
Startups & Small businesses Can use clouds for everything. SaaS, IaaS, collaboration services, online presence. Mid-Size Enterprises Can use clouds for many things. Compute cycles for R&D projects, online collaboration, partner integration, social networking, new business tools. Large Enterprises More likely to have hybrid models where they keep some things in house. On premises data for legal and risk management reasons. Courtesy : Juniper Networks Who is using Clouds today?
3
Problem Statement Image courtesy: Wikipedia VM SECURITY DATA SECURITY SW SECURITY
4
Identify Assets Which assets are we trying to protect? What properties of these assets must be maintained? Identify Threats What attacks can be mounted? What other threats are there (natural disasters, etc.)? Identify Countermeasures How can we counter those attacks? Appropriate for Organization-Independent Analysis We have no organizational context or policies Problem Statement Courtesy : Juniper Networks
5
Misconception Clouds can never be secure This is not true because cloud is like any other network we use currently. Image courtesy : http://www.accmanpro.com/2010/10/29/cloud-misconceptions-security-tops-the-list/
6
Cloud Service Deployment Image courtesy :http://www.rationalsurvivability.com/
7
Vulnerabilities exposed in cloud (1) National Database of Vulnerabilities lists over a hundred potential hypervisor flaws for one particular virtualization technology. Image courtesy: http://lpage.joyent.com/rs/joyent/images/Joyent_Security_Whitepaper_Final_20101001.pdf
8
Vulnerabilities exposed in cloud (2) Hypervisor Holes o Ability to insert code into virtual machines. o The disclosure of unauthorized information o Potential disruption of service. o Run several varieties of guest operating systems o One could use root access to the hypervisor to commit dirty deeds such as planting rootkits into the memory of running operating system kernels
9
Vulnerabilities exposed in cloud (3) Securing Data Storage o The data stored in the cloud may be frequently updated by the users. o Focus on single server scenario which does not consider dynamic data operations. o Traditional cryptographic primitives for the purpose of data security protection cannot be directly adopted due to the users’ loss of control of their data under Cloud Computing.
10
Vulnerabilities exposed in cloud (4) VM Placement attacks o Denial of Service o Measure cache usage (measure CPU utilization on the physical machine; or “how busy are their servers?”) o Load-based co-residence detection (aka detecting co-residence without relying on sending any network probes) o Estimating traffic rates (sounds harmless but can be used to deduce targets activity patterns, peak trading times for maximal DoS effect etc) o Keystroke timing attack (remote keystroke monitoring)
11
Vulnerabilities exposed in cloud (8) Metadata Spoofing attack o Adversary manipulates / re-engineers the metadata content of a web service so that the web service's intended operation is replaced by another operation. Original WSDL Modified WSDL
12
Vulnerabilities exposed in cloud (5) Malware Injection Attack o Adversary creates own instance of virtual machine or service module o Cloud system is manipulated by the adversary in such a way that it points to the adversary's implementation of the service or instance
13
Vulnerabilities exposed in cloud (7) XML Signature
14
Vulnerabilities exposed in cloud (6) Denial of Service o Direct DOS o Indirect DOS
15
Existing Cloud Security Models (1) Cloud Storage Model Multi-Party Non-Repudiation o Normal Mode o Resolve Mode
16
Existing Cloud Security Models (2) Three level security model Image courtesy: Data Security Model for Cloud Computing
17
Existing Cloud Security Models (3) Cloud Cube Model Image courtesy: Cloud Cube Model: Selecting Cloud Formations for Secure Collaboration by Jercho Forum
18
Policies related to Security Application security Maintaining Integrity Authentication / Access Control
19
Suggested Framework USER A USER B Data Application > FOREIGNFOREIGN ATTACKSATTACKS 3LS Data APP 3LS
20
Thank you!
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.