Presentation is loading. Please wait.

Presentation is loading. Please wait.

Overview Abstract Vulnerability: An Overview Cloud Computing Cloud-Specific Vulnerabilities Architectural Components and Vulnerabilities Conclusion.

Similar presentations


Presentation on theme: "Overview Abstract Vulnerability: An Overview Cloud Computing Cloud-Specific Vulnerabilities Architectural Components and Vulnerabilities Conclusion."— Presentation transcript:

1

2 Overview Abstract Vulnerability: An Overview Cloud Computing Cloud-Specific Vulnerabilities Architectural Components and Vulnerabilities Conclusion

3 Abstract Blog News Gmail Amazon Google Map Cloud Computing Plurk Facebook Twitter

4 Vulnerability: An Overview ISO 27005 defines risk as “the potential that a given threat will exploit vulnerabilities of an asset or group of assets and thereby cause harm to the organization” EX:DB Server SQL injection EX:Sony PSN

5 Vulnerability: An Overview Defining Vulnerability According to the Open Group’s risk taxonomy, Vulnerability is the probability that an asset will be unable to resist the actions of a threat agent. EX: Intranet V.S. Extranet

6 Cloud Computing Core Cloud Computing Technologies

7 Cloud Computing Essential Characteristics of Cloud Computing (NIST) description On-demand self-service. Ubiquitous network access. Resource pooling. Rapid elasticity. Measured service.

8 Cloud-Specific Vulnerabilities Core-Technology Vulnerabilities virtual machine escape EX:VM attack session riding and hijacking EX: Cross-site Request Forgery insecure or obsolete cryptography. EX:Password attack

9 Cloud-Specific Vulnerabilities Essential Cloud Characteristic Vulnerabilities Unauthorized access to management interface. EX: Azure management Internet protocol vulnerabilities. EX: Scan Host Protocol Data recovery vulnerability. EX: Natural disasters Metering and billing evasion. EX: Pay Money

10 Cloud-Specific Vulnerabilities Defects in Known Security Controls - IaaS virtualized networks offer insufficient network-based controls. EX: vulnerability scanning is invalid poor key management procedures. EX: many different kinds of keys security metrics aren’t adapted to cloud infrastructures. EX: cloud customers can’t monitor resources

11 Architectural Components and Vulnerabilities

12 Cloud Software Infrastructure and Environment - PaaS a development and runtime environment EX: more supported languages; storage services EX: database interface communication infrastructure EX: Azure AppFabric Service Bus

13 Architectural Components and Vulnerabilities Computational Resources concerns how virtual machine images are handled EX: VM is not a Free Resources EX: image can be taken from an untrustworthy source

14 Architectural Components and Vulnerabilities Storage obsolete cryptography and poor key management EX: physical disk destruction can’t be carried out

15 Architectural Components and Vulnerabilities Communication vulnerabilities of shared network infrastructure components

16 Architectural Components and Vulnerabilities Cloud Web Applications an application component operated somewhere in the cloud. a browser component running within the user’s browser. EX: session riding and hijacking vulnerabilities and injection vulnerabilities.

17 Architectural Components and Vulnerabilities Services and APIs application URL would only give the user a browser component

18 Architectural Components and Vulnerabilities Management Access management access is often realized using a Web application or service

19 Architectural Components and Vulnerabilities Identity, Authentication, Authorization, and Auditing Mechanisms Denial of service by account lockout. EX: Lock Account Weak credential-reset mechanisms. EX: not using federated authentication Insufficient or faulty authorization checks. EX: root cause of URL-guessing attacks Coarse authorization control. EX: duty separation Insufficient logging and monitoring possibilities. EX: no standards to logging and monitoring

20 Architectural Components and Vulnerabilities Provider users’ inability to control cloud infrastructure

21 Conclusion Cloud computing is in constant development

22 Any Question?


Download ppt "Overview Abstract Vulnerability: An Overview Cloud Computing Cloud-Specific Vulnerabilities Architectural Components and Vulnerabilities Conclusion."

Similar presentations


Ads by Google