An Introduction to Issues Regarding Data Integrity & Virtual Machine Security.
-
Upload
juan-milson -
Category
Documents
-
view
228 -
download
0
Transcript of An Introduction to Issues Regarding Data Integrity & Virtual Machine Security.
![Page 1: An Introduction to Issues Regarding Data Integrity & Virtual Machine Security.](https://reader035.fdocuments.net/reader035/viewer/2022062318/551be6af550346b9588b60b3/html5/thumbnails/1.jpg)
Security in the CloudAn Introduction to Issues Regarding Data Integrity & Virtual Machine Security
![Page 2: An Introduction to Issues Regarding Data Integrity & Virtual Machine Security.](https://reader035.fdocuments.net/reader035/viewer/2022062318/551be6af550346b9588b60b3/html5/thumbnails/2.jpg)
Outline
What is Cloud Computing? Data Management Issues
Data Integrity Data Provenance Data Remanence Data Availability
Virtual Machine Security Cloud Mapping Co-Residence Side-Channeling
![Page 3: An Introduction to Issues Regarding Data Integrity & Virtual Machine Security.](https://reader035.fdocuments.net/reader035/viewer/2022062318/551be6af550346b9588b60b3/html5/thumbnails/3.jpg)
What Is Cloud Computing?
Confusion Exists, Not Without Reason
The Future Of Computing for Business & Home
An Old Concept Revisited
“The interesting thing about cloud computing is that we’ve redefined cloud computing to include everything that we already do… I don’t understand what we would de differently in the light of cloud computing other than change the wording of some of our ads.” - Larry Ellison
![Page 4: An Introduction to Issues Regarding Data Integrity & Virtual Machine Security.](https://reader035.fdocuments.net/reader035/viewer/2022062318/551be6af550346b9588b60b3/html5/thumbnails/4.jpg)
What Is Cloud Computing?
Remote Access To Centrally Stored Data & Applications
Flexibility in Resource Sharing and Allocation
Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service
(IaaS)
Cloud Computing is a method in which the internet is used as a medium to enable resource and application sharing
![Page 5: An Introduction to Issues Regarding Data Integrity & Virtual Machine Security.](https://reader035.fdocuments.net/reader035/viewer/2022062318/551be6af550346b9588b60b3/html5/thumbnails/5.jpg)
![Page 6: An Introduction to Issues Regarding Data Integrity & Virtual Machine Security.](https://reader035.fdocuments.net/reader035/viewer/2022062318/551be6af550346b9588b60b3/html5/thumbnails/6.jpg)
IBM XForce Report
2013 Figure 2 – H1 (encrypted and locked!)2012 Sampling of Security Incidents by Attack Type, Time and Impact
Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses
![Page 7: An Introduction to Issues Regarding Data Integrity & Virtual Machine Security.](https://reader035.fdocuments.net/reader035/viewer/2022062318/551be6af550346b9588b60b3/html5/thumbnails/7.jpg)
IBM
Coverage20,000+ devices
under contract
3,700+ managed clients worldwide
13B+ events managed per day
133 monitored countries (MSS)
1,000+ security related patents
Depth14B analyzed web pages & images
40M spam & phishing attacks
64K documented vulnerabilities
Billions of intrusion attempts daily
Millions of unique malware samples
![Page 8: An Introduction to Issues Regarding Data Integrity & Virtual Machine Security.](https://reader035.fdocuments.net/reader035/viewer/2022062318/551be6af550346b9588b60b3/html5/thumbnails/8.jpg)
Data Concerns in the Cloud Data Integrity
Cloud Service Provider (CSP) Concerns Third Party Auditing (TPA) Encryption and Multitenancy
Data Provenance Data Remanence Data Availability
Elasticity CSP Related Downtime Malicious Attacks
![Page 9: An Introduction to Issues Regarding Data Integrity & Virtual Machine Security.](https://reader035.fdocuments.net/reader035/viewer/2022062318/551be6af550346b9588b60b3/html5/thumbnails/9.jpg)
Data Integrity
Cloud Service Provider (CSP) Concerns CSP Security
▪ Data Transfer▪ Data-at-Rest
CSP Data Loss▪ Unintentional▪ Intentional
Third Party Auditing▪ The Auditor▪ Support for Dynamic Data
![Page 10: An Introduction to Issues Regarding Data Integrity & Virtual Machine Security.](https://reader035.fdocuments.net/reader035/viewer/2022062318/551be6af550346b9588b60b3/html5/thumbnails/10.jpg)
Data Integrity
Encryption & Multitenancy Multitenancy – Storage of data from
multiple clients in a single repository Inability to use encryption in order to
support indexing Encryption largely irrelevant if data is
analyzed on the cloud, as analysis requires decryption.
![Page 11: An Introduction to Issues Regarding Data Integrity & Virtual Machine Security.](https://reader035.fdocuments.net/reader035/viewer/2022062318/551be6af550346b9588b60b3/html5/thumbnails/11.jpg)
Data Provenance & Remanence
Data Provenance – Calculation Accuracy Shared resources mean shared
responsibility Difficulty / Impossibility in tracking
involved machines
Data Remanence – Data Cleansing “Ghost Data” – Left behind after deletion No remanence security plan for any
major CSP
![Page 12: An Introduction to Issues Regarding Data Integrity & Virtual Machine Security.](https://reader035.fdocuments.net/reader035/viewer/2022062318/551be6af550346b9588b60b3/html5/thumbnails/12.jpg)
Availability
Total Downtime (HH:MM:SS)
Availability Per Day Per Month Per Year
99.999% 00:00:00.4 00:00:26 00:05:15
99.99% 00:00:08 00:04:22 00:52:35
99.9% 00:01:26 00:43:49 08:45:56
99% 00:14:23 07:18:17 87:39:29
Mather, Tim; Kumaraswamy, Subra; Latif, Shahed; Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance. O'Reilly Media, Inc., 2009
Cloud Service Provider (CSP) Concerns
![Page 13: An Introduction to Issues Regarding Data Integrity & Virtual Machine Security.](https://reader035.fdocuments.net/reader035/viewer/2022062318/551be6af550346b9588b60b3/html5/thumbnails/13.jpg)
Availability + Elasticity
http://blog.bkis.com/en/korea-and-us-ddos-attacks-the-attacking-source-located-in-united-kingdom/
Malicious Attacker Concerns
Distributed Denial of Service (DDoS)
Uses Port Flooding to Slow Systems or Force Server Resets.
• External Attack Models• Similar to Traditional
Strikes• Cloud Usage as Attacker
• Internal Attack Models• Protection Responsibility
Lies on the User• CSP Would Need to Detect
![Page 14: An Introduction to Issues Regarding Data Integrity & Virtual Machine Security.](https://reader035.fdocuments.net/reader035/viewer/2022062318/551be6af550346b9588b60b3/html5/thumbnails/14.jpg)
![Page 15: An Introduction to Issues Regarding Data Integrity & Virtual Machine Security.](https://reader035.fdocuments.net/reader035/viewer/2022062318/551be6af550346b9588b60b3/html5/thumbnails/15.jpg)
Contractual/Legal Agreements Up-Time Jurisdiction Data Ownership
Escrow Data? Metadata? Exit Clause Testing for
Disaster Recovery Incident Response E-Discovery
Right to Audit
![Page 16: An Introduction to Issues Regarding Data Integrity & Virtual Machine Security.](https://reader035.fdocuments.net/reader035/viewer/2022062318/551be6af550346b9588b60b3/html5/thumbnails/16.jpg)
Current Open Questions
Cloud Mapping Co-Residence Side-Channeling Certificate Management
![Page 17: An Introduction to Issues Regarding Data Integrity & Virtual Machine Security.](https://reader035.fdocuments.net/reader035/viewer/2022062318/551be6af550346b9588b60b3/html5/thumbnails/17.jpg)
Virtual Machine Security
Cloud Mapping
Ristenpart, Thomas; Tromer, Eran; Shacham, Hovav; Savage, Stefan. Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds.CCS '09, November9-13, 2009, Chicago, Illinois, USA. Copyright 2009.
![Page 18: An Introduction to Issues Regarding Data Integrity & Virtual Machine Security.](https://reader035.fdocuments.net/reader035/viewer/2022062318/551be6af550346b9588b60b3/html5/thumbnails/18.jpg)
Co-Residence
Virtual Machine Security
Ristenpart, Thomas; Tromer, Eran; Shacham, Hovav; Savage, Stefan. Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds.CCS '09, November9-13, 2009, Chicago, Illinois, USA. Copyright 2009.
![Page 19: An Introduction to Issues Regarding Data Integrity & Virtual Machine Security.](https://reader035.fdocuments.net/reader035/viewer/2022062318/551be6af550346b9588b60b3/html5/thumbnails/19.jpg)
Side-Channeling
Virtual Machine Security
Ristenpart, Thomas; Tromer, Eran; Shacham, Hovav; Savage, Stefan. Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds.CCS '09, November9-13, 2009, Chicago, Illinois, USA. Copyright 2009.
![Page 20: An Introduction to Issues Regarding Data Integrity & Virtual Machine Security.](https://reader035.fdocuments.net/reader035/viewer/2022062318/551be6af550346b9588b60b3/html5/thumbnails/20.jpg)
Cloud Security
![Page 21: An Introduction to Issues Regarding Data Integrity & Virtual Machine Security.](https://reader035.fdocuments.net/reader035/viewer/2022062318/551be6af550346b9588b60b3/html5/thumbnails/21.jpg)
Works Cited Armbrust, Michael; Fox, Armando; Griffith, Rean; Joseph, Anthony D.; Katz, Randy; Konwinski,
Andy; Lee, Gunho; Patterson, David; Rabkin, Ariel; Stoica, Ion; Zaharia, Matei. 2010. A view of cloud computing. Commun. ACM 53, 4 (April 2010), 50-58. DOI=10.1145/1721654.1721672 http://0-doi.acm.org.catalog.library.colostate.edu/10.1145/1721654.1721672
Brodkin, Jon; Gartner: Seven cloud-computing security risks. Network World. July 02, 2008 03:48 PM ET. http://www.networkworld.com/news/2008/070208-cloud.html"
Christodorescu, Mihai; Sailer, Reiner; Schales, Douglas Lee; Sgandurra, Daniele; Zamboni, Diego. 2009. Cloud security is not (just) virtualization security: a short paper. In Proceedings of the 2009 ACM workshop on Cloud computing security (CCSW '09). ACM, New York, NY, USA, 97-102. DOI=10.1145/1655008.1655022 http://doi.acm.org/10.1145/1655008.1655022
Cong Wang; Qian Wang; Kui Ren; Wenjing Lou; , "Privacy-Preserving Public Auditing for Data Storage Security in Cloud Computing," INFOCOM, 2010 Proceedings IEEE , vol., no., pp.1-9, 14-19 March 2010 doi: 10.1109/INFCOM.2010.5462173 URL: http://0-ieeexplore.ieee.org.catalog.library.colostate.edu/stamp/stamp.jsp?tp=&arnumber=5462173&isnumber=5461899
Cong Wang; Qian Wang; Kui Ren; Wenjing Lou; Dept. of ECE, Illinois Inst. of Technol., Chicago, IL, USA This paper appears in: Quality of Service, 2009. IWQoS. 17th International Workshop on Issue Date: 13-15 July 2009 On page(s): 1 - 9 Location: Charleston, SC ISSN: 1548-615X E-ISBN: 978-1-4244-3876-1 Print ISBN: 978-1-4244-3875-4 INSPEC Accession Number: 10834827 Digital Object Identifier: 10.1109/IWQoS.2009.5201385 Date of Current Version: 18 August 2009
Furht, Borko. “Cloud Computing Fundamentals.” Ed. B Furht & A Escalante. Handbook of Cloud Computing May (2010) : 3-19.
![Page 22: An Introduction to Issues Regarding Data Integrity & Virtual Machine Security.](https://reader035.fdocuments.net/reader035/viewer/2022062318/551be6af550346b9588b60b3/html5/thumbnails/22.jpg)
Works Cited cont. Grossman, R.L.; , "The Case for Cloud Computing," IT Professional , vol.11, no.2, pp.23-27,
March-April 2009 doi: URL: http://0-ieeexplore.ieee.org.catalog.library.colostate.edu/stamp/stamp.jsp?tp=&arnumber=4804045&isnumber=480403410.1109/MITP.2009.40
Jaeger, Paul T; Lin, Jimmy; Grimes, Justin M. Cloud Computing and Information Policy: Computing in a Policy Cloud? 933-1681, 2008, 5, 3, 269-283
Jensen, Meiko; Schwenk, Jörg; Gruschka, Nils; Lo Iacono, Luigi. "On Technical Security Issues in Cloud Computing," cloud, pp.109-116, 2009 IEEE International Conference on Cloud Computing, 2009
Jinpeng Wei, Xiaolan Zhang, Glenn Ammons, Vasanth Bala, and Peng Ning. 2009. Managing security of virtual machine images in a cloud environment. In Proceedings of the 2009 ACM workshop on Cloud computing security (CCSW '09). ACM, New York, NY, USA, 91-96. DOI=10.1145/1655008.1655021 http://doi.acm.org/10.1145/1655008.1655021
Kaufman, L.M.; , "Data Security in the World of Cloud Computing," Security & Privacy, IEEE , vol.7, no.4, pp.61-64, doi: 10.1109/MSP.2009.87 July-Aug. 2009 URL: http://0-ieeexplore.ieee.org.catalog.library.colostate.edu/stamp/stamp.jsp?tp=&arnumber=5189563&isnumber=5189548
Krautheim, John F. 2009. Private virtual infrastructure for cloud computing. In Proceedings of the 2009 conference on Hot topics in cloud computing (HotCloud'09). USENIX Association, Berkeley, CA, USA, 5-5.
Leavitt, Neal. 2009. Is Cloud Computing Really Ready for Prime Time?. Computer 42, 1 (January 2009), 15-20. DOI=10.1109/MC.2009.20 http://dx.doi.org/10.1109/MC.2009.20
![Page 23: An Introduction to Issues Regarding Data Integrity & Virtual Machine Security.](https://reader035.fdocuments.net/reader035/viewer/2022062318/551be6af550346b9588b60b3/html5/thumbnails/23.jpg)
Works Cited cont.
Lizhe Wang; Jie Tao; Kunze, M.; Castellanos, A.C.; Kramer, D.; Karl, W.; Res. Center Karlsruhe Hermann-von-Helmholtz-Platz 1, Inst. for Sci. Comput., Karlsruhe Scientific Cloud Computing: Early Definition and Experience.
Mather, Tim; Kumaraswamy, Subra; Latif, Shahed; Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance. O'Reilly Media, Inc., 2009
Reference Type: Book Chapter Editor: Backes, Michael Editor: Ning, Peng Author: Wang, Qian Author: Wang, Cong Author: Li, Jin Author: Ren, Kui Author: Lou, Wenjing Primary Title: Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing Book Title: Computer Security – ESORICS 2009 Book Series Title: Lecture Notes in Computer Science Copyright: 2009 Publisher: Springer Berlin / HeidelbergIsbn: Start Page: 355 End Page: 370 Volume: 5789 Url: http://dx.doi.org/10.1007/978-3-642-04444-1_22 Doi: 10.1007/978-3-642-04444-1_22
Ristenpart, Thomas; Tromer, Eran; Shacham, Hovav; Savage, Stefan. Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds.CCS '09, November9-13, 2009, Chicago, Illinois, USA. Copyright 2009.
Santos, Nuno. Gummadi, Krishna P.; Rodrigues, Rodrigo. 2009. Towards trusted cloud computing. In Proceedings of the 2009 conference on Hot topics in cloud computing(HotCloud'09). USENIX Association, Berkeley, CA, USA, 3-3.
White Paper: Author – Trend Micro Security. Cloud Computing Security: Making Virtual Machines Cloud-Ready. May, 2010.
![Page 24: An Introduction to Issues Regarding Data Integrity & Virtual Machine Security.](https://reader035.fdocuments.net/reader035/viewer/2022062318/551be6af550346b9588b60b3/html5/thumbnails/24.jpg)
Questions?