Cloud Computing

Part #3

Zigmunds Buliņš, Mg. sc. ing

1

Security in a cloud Traditional threats to a software Functional threats of cloud components Attacks on a client Virtualization threats Threat of cloud complexity Attacks on hypervisor Threats of VM migration Attacks on management systems Privacy, personal data

2

Traditional threats to a softwareThe traditional treads are related to the vulnerabilities of network protocols, operating systems, modular components and other similar weaknesses. This is a classic security threat, to solve that, it is sufficient to use anti-virus software, firewall and other components discussed later. It is important that these tools are adapted to the cloud environment to run effectively in virtualization.

3

Functional threats of cloud components This type of attack is associated with

multiple layers of the "clouds", the main principle ofv security – the general level of security is the security of the weakest element.

4

Cloud element Means of security

Proxy server Protection against DoS-attacks

Web server Monitoring the integrity of the web pages

Application server Shielding of the applications

Data storage layer Protection against SQL injections

Data storage systems Access control and backups

Attacks on a client

These types of attacks have worked out in a web environment, but they are just as relevant in cloud environments, as users connect to the cloud through a web browser. Attacks include such types as Cross Site Scripting (XSS), DoS attacks, interception of web sessions, stealing passwords, "the man in the middle” and others.

5

Virtualization threats

Since the platform for the cloud elements, usually is a virtual environment, the attack on virtualization threatens the entire cloud as a whole. This type of attack is unique to cloud computing.

6

Threat of cloud complexityMonitoring the events in the "cloud" and management of them is also a security issue. How do we ensure that all resources are counted and that there is no rogue virtual machine that perform third-party processes and do not interfere in mutual configuration of the layers and elements of the "cloud"?

7

Attacks on hypervisor

In fact, a key element in the virtual system is a hypervisor which provides separation of physical computer resources among virtual machines. Interfering the work of the hypervisor or its breach may allow one virtual machine to access resources of other – network traffic, stored data. This can also lead to virtual machine displacement from the server.

8

Threats of VM migration

Note that the virtual machine itself is a file that can be executed on different nodes of the "cloud". The system of virtual machine management includes mechanisms for the transfer (migration) of virtual machines.

Nevertheless, it is possible to steal virtual machine file and run it out of the cloud. It is impossible to steal the physical server from the data centre, but you can steal files of virtual machines across the network without physical access to servers.

9

Attacks on management systemsA large number of virtual machines that are used in the "clouds", especially in public clouds require a management system that can reliably control the creation, transfer and utilization of virtual machines. The interference in the management system can lead to ghost virtual machines, blocking some of the machines and the substitution of elements or layers in the cloud to the rogue.

10

Privacy, personal data

When it comes to the privacy of data, there are a lot of problems with the legislation – such as the processing of personal data and its protection.

Choosing a cloud computing as a solution for business systems, it is important to take into account the confidentiality of the data that will be stored in a "cloud". To store secret and top secret data in the "cloud" environments is not absolutely safe – that's why government agencies are still not switched to “clouds”

11

Thank you!

12