Cloud Computing : Top to Bottom
-
Upload
istiyak-siddiquee -
Category
Education
-
view
230 -
download
4
description
Transcript of Cloud Computing : Top to Bottom
Cloud Computing:Security and Privacy
Prepared byIstiyak Hossain Siddiquee2009331009
Supervised byDr. Mohammed Jahirul Islam
Associate Professor
Dept. of Computer Science & EngineeringShahjalal University of Science & Technology
Sylhet, Bangladesh.
“Cloud Computing is an important transition, a paradigm shift in IT services delivery - one that has broad impact and can present significant challenges. “
---"Cloud Computing: Considerations and Next Steps", published by Intel
“It's stupidity. It's worse than stupidity. It's a marketing hype campaign.”
---Richard Stallman, President, Free Software Foundation
An IT model or computing environment composed of IT components (hardware, software, networking, and services) as well as the processes around the deployment of these elements that together enable us to develop and deliver cloud services via the Internet or a private network.
--- Securing the Cloud, Winkler Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services).
--- Security Guidance for Critical Areas of Focus in Cloud Computing v3.0,By Cloud Security Alliance, CSA
Cloud computing is an evolution in which IT consumption and delivery are made available in a self–service fashion via the Internet or internal network, with a flexible pay-as-you-go business model and requires a highly efficient and scalable architecture.
--- Cloud Computing: Considerations and Next Steps, Intel
“Cloud Computing refers to both the applications delivered as services over Internet and the hardware and systems software in the datacenters that provide those services.”
Above the Clouds A Berkeley View on Cloud Computing,University of California Berkeley
“A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”
National Institute of Standard and Technology (NIST)
Why Cloud
Source: IT PRO Cloud Survey By Microsoft TechNet Cloud Power
Source: The Future of Cloud Computing 3rd Annual Survey 2013 by NorthBridge and Gigaom
Source: 2013 Outlook on Technology, a survey conducted by PCConnection
Source: Leveraging the cloud for law enforcement Survey Result
IACP, SafeGov, January 31, 2013
Essential Characteristics of Cloud Computing According to NIST
On-demand Self Service Broad network access Resource pooling Rapid elasticity Measured service
• Cost containment• Innovation speed
• Availability• Scalability• Efficiency• Elasticity
Schweizerische Akademie der Technischen Wissenschaften (SATW)
Efficiency Scalability Elasticity Availability Agility Recovery No upfront
cost Pay as you go Innovation
speed
So, the attractive points of cloud computing are
Cloud Service Delivery Model
defined by NIST
Source: 2013 Outlook on Technology, PC Connection Survey
Source: IT PRO Cloud Survey By Microsoft TechNet Cloud Power
The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).
----According to NIST
provides virtual machines and other abstracted hardware and operating systems which may be controlled through a service API.
----According to ENISA
delivers computer infrastructure (typically a platform virtualization environment) as a service, along with raw storage and networking. Rather than purchasing servers, software, data-center space, or network equipment, clients instead buy those resources as a fully outsourced service.
----According to CSA
IaaS
Source: Schweizerische Akademie der Technischen Wissenschaften (SATW)
Examples of IaaS
Amazon EC2
Eucalyptus CSC GoGrid IBM OpenStack Rackspace Savvis Terremark VMWare
PaaS The capability provided to the consumer is to deploy onto the cloud
infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.
----According to NIST
allows customers to develop new applications using APIs deployed and configurable remotely. The platforms offered include development tools, configuration management, and deployment platforms.
----According to ENISA
the delivery of a computing platform and solution stack as a service. PaaS offerings facilitate deployment of applications without the cost and complexity of buying and managing the underlying hardware and software and provisioning hosting capabilities. This provides all of the facilities required to support the complete life cycle of building and delivering web applications and services entirely available from the Internet.
----According to CSA
Source: Schweizerische Akademie der Technischen Wissenschaften (SATW)
Examples of PaaS
Google App Engine
Windows Azure Force.com Engine Yard AT&T Synaptic Boomi Citrix Red Hat
OpenShift Heroku AppFog Amazon AWS Caspio
SaaS
The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user specific application configuration settings.
----According to NIST
is software offered by a third party provider, available on demand, usually via the Internet configurable remotely.
----According to ENISA
a software delivery model in which software and its associated data are hosted centrally (typically in the (Internet) cloud) and are typically accessed by users using a thin client, normally using a web browser over the Internet.
----According to CSA
Source: Schweizerische Akademie der Technischen Wissenschaften (SATW)
Web Mail Google Docs Facebook Salesforce LinkedIn Workday Netsuite ServiceNow Athenahealth Medidata Cornerstone
OnDemand
Examples of SaaS
Cloud Deployment Models
Among these models, which one is more popular ??
Source The Future of Cloud Computing, 3rd Annual Survey 2013 by NorthBridge and Gigaom
PC Connection CC Survey 2013 Results
Public Cloud
The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them.
---- According to NIST
The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.
----According to ENISA
public cloud refers to solutions where resources are dynamically provisioned over the Internet from an offsite third-party provider who shares resources and bills on a fine-grained utility computing basis.
----According to Ajilitee
Amazon Elastic Compute Cloud (EC2)
IBM’s Blue Cloud SunCloud Google AppEngine Windows Azure Services
Platform
Examples of Public Cloud
Private Cloud
The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g. business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises.
--- According to NIST The cloud infrastructure is operated solely for a single organization. It may be managed by the organization or by a third party and may be located on-premise or off-premise.
--- According to CSA
Amazon Virtual Private Cloud
IBM SmartCloud Foundation Microsoft Private Cloud Cisco Private Cloud
solutions VMware Private Cloud
Computing Dell Cloud Solutions Rackspace Private Cloud Citrix CloudPlatform
Examples of Private Cloud
Hybrid Cloud
The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g. cloud bursting for load balancing between clouds).
This cloud overlaps to grid to some extent. Several organizations with similar concerns about mission, security requirements, policy, and compliance considerations in a private community share cloud infrastructure.
The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g mission, security requirements, policy, or compliance considerations). It may be managed by the organizations or by a third party and may be located on premise or off-premise.
--- According to CSA
Community Cloud
Source: Luth research and Vanson Bourne, 2013
2013 Outlook on Technology Cloud Computing Survey Results by PC Connection
Are these survey results exaggerated ?
Let’s review this survey result...
Cloud Computing Vulnerability Incidents A Statistical Overview, by CSA
American information technology research and advisory firm Gartner have identified seven cloud computing risks. These are:
Privileged user access
Regulatory compliance
Data location Data segregation Recovery Investigative
support Long term viability
In 2013, CSA released a worth mentioning document with a title “The Notorious Nine: Cloud Computing Top Threats in 2013”. Here they idenfied nine security problem as top threat for the year 2013
Data Breaches Data Loss Account Hijacking Insecure APIs Denial of Service Malicious Insiders Abuse of Cloud
Services Insufficient Due
Diligence Shared Technology
Issues
So we can classify these threats into these categories
Confidentiality and Privacy
Availability Integrity Auditability and
Forensics Other Issues
Let us get through these point...
Confidentiality and Privacy
While considering cloud computing security, one word that comes most often is confidentiality of data. Privacy is also related to confidentiality as because revealation of a confidential data means the violation of privacy. Confidentiality and privacy leakages can occur in two wasys:
Loosing control over data Customers often become anxious about their data confidentiality, this is because of losing control over data. when they host their classified information to cloud they usually lose the control over their data, though they have the authorization to access data.
Privacy and Confidentiality Compromised One of the most common threat to computing technology as well as cloud computing technology is “compromise”. To describe this in detail we will sub-divide this point.
Threats from Insider There are two types of threat here.
Firstly, from a current or former employee, contractor, or other business partner who has or had authorized access to an
organization's network, system, or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization's information or information systems.
Secondly, from the company itself. What if the company is running a Cheap Data Mining process on your confidential data ? Or even they can espoinage on your data.
Threats from Outsider There are the threats that make companies worried. There can be many types of threat from outsider. These are
Cloud malware injection attack
Account or service hijacking
VMWare Secuirty Problem
Flooding Attacks Data Security Hypervisor
Vulnerability Shared Resources Issue Compliance
Cloud malware injection attack A research paper described this type of attack. They said, an attacker first attempts to inject malware service implementation of virtual machine into the cloud system. This instance then serves several purposes ranging from eavesdropping via subtle data modification to full functonality changes or blockings. Attacker may also apply sql injection, cross site scripting attacks to acquire sensitive data.
Account or service hijacking Account or service hijacking is not new. Attack methods such as phishing, fraud, and exploitation of software vulnerabilities still achieve results. Cloud solutions add a new threat to the landscape. If an attacker gains access to your credentials, they can eavesdrop on your activities and transactions, manipulate data, return falsified information, and redirect your clients to illegitimate sites. Your account or service instances may become a new base for the attacker.
VMWare Secuirty Problem Recent researches show that it is possible to locate a clients’ physical address on cloud precisely. So an attacker can use those algothims to locate a consumer and gather intelligence about his classified data in cloud. Again, another research showed that it is possible to place attacker’s virtual machine beside the victim’s virtual machine, physically and then create a side channel between both the machines which can enable the attacker to steal password information by initiating SSH keystroke timing attack.
Flooding Attacks It consists of DoS (Denial of Service), DDoS, and EDoS. It is a very old problem in computer technology and hence for cloud computing also, which basically consists in an attacker sending a huge amount of nonsense requests. As each of these requests need to be identified as nonsese some computation power is required to face such attacks. Thus sometimes the server doesn’t response in time that is it Denies of Service. Sometimes attacker attacks the cloud using botnets which we call Distributed Denial of service. It is much harder to tackle as there are huge amount of nonsense request at a time. There is another sort of DoS, this is called EDoS. In this, attacker attacks the billing system of a cloud service provide with an attemp to make the CSP a bankrupt.
Data Security Data can be hijacked while it is in transit. This problem is trivial actually. We may encrypt the data or secure the connection between browser and server.
Hypervisor Vulnerability Hypervisor is a critical piece of virtualized cloud infrastructure that provide the software layer that sits between the hardware and VMs and allows multiple VMs to share a single hardware platform. Not surprisingly, hypervisor vulnerabilities are a major source of concern for IT professionals. If a hypervisor is vulnerable to security attacks, then the integrity of the entire public or private cloud implementation is at serious risk.
Shared Resources Issues Sharing of resources arise some critical problems of unwanted data privacy leakages. This is because data remanence in an multi-tenant hardware implementation.
Another example of shared resources vulnerability is Reputaion Fate Sharing
Compliance From the former NSA Agent Edward Snowden we came to know that under long disputed PRISM Act, USA’s organization, National Security Agency (NSA) had been able to access the emails, Facebook accounts and videos of citizens across the world. Even, it had secretly acquired the phone records of millions of Americans and other important persons of the world like Angela Merkel etc. Through a secret court, it has been able to bend nine US internet companies to its demands for access to their users' data.
Availability
Integrity
Auditability & Forensics
Other Issues
Accidental Data Loss Insecure API Abuse of Cloud (DoS Attack Using
Cloud)
Future.....