SlideShare ist ein Scribd-Unternehmen logo

Cloud computing

Als PPTX, PDF herunterladen
akanksha botke
akanksha botke

Risk & Vulnerabilities in Cloud Computing Environment

Ingenieurwesen
1 von 30
1 Risk in Cloud Computing Environment Presented by, Akanksha Botke CEH, VAPT Auditor
22 Agenda  Introduction  Cloud Computing Models  Cloud Computing Architecture  Cloud Computing Characteristics  Purpose and Benefits  Cloud-Sourcing  Risk In Cloud Computing  Data Security In Cloud Computing  Vulnerabilities In Cloud Computing  Hardening Cloud Security  Conclusion
33 Introduction  Cloud computing is typically defined as a type of computing that relies on sharing computing resources rather than having local servers or personal devices to handle applications.  In cloud computing, the word cloud (also phrased as "the cloud") is used as a metaphor for "the Internet," so the phrase cloud computing means "a type of Internet-based computing," where different services — such as servers, storage and applications — are delivered to an organization's computers and devices through the Internet.
44 Cloud Computing Models 1. Software as a Service (Saas)  The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web  Characteristics of SaaS:  Its easy to work under administration  It can be globally access The software can be updated automatically All license holder user will have same version of software
55 Cloud Computing of Models 2. Platform as a Service (PaaS)  The capability provided to the consumer is to deploy onto the cloud infrastructure his own applications without installing any platform or tools on their local machines. PaaS refers to providing platform layer resources, including operating system support and software development frameworks that can be used to build higher-level services.  Characteristics of PaaS: No need of downloading and installing operating System. It saves Customers money. It mainly deals for delivering operating systems over Internet. Software can be developed, tested and deployed
66 Cloud Computing Models 3. Infrastructure as a Service (IaaS).  The capability provided the sharing of hardware resources for executing services, typically using Virtualization technology. Infrastructure as a Service is an equipment which is used to support hardware, software, storage, servers and mainly used for delivering software application environments  Characteristics of IaaS:  Policy based Services  Utility computing Services  Dynamic Scaling  Internet Connectivity
77 Cloud Computing Architecture
88 Cloud Computing Characteristics Common Characteristics: Massive Scale Homogeneity Virtualization Low Cost Software Resilient Computing Geographic Distribution Service Orientation Advanced Security
9 Data: Bibliographic, Digital, Administrative, License, Access and Preservation. Content: Collections, Subscriptions, Print, Publishing. Services: Library as Place, Content Access, Content Creation, Instruction, Research, Preservation. Experience: Research, Study Support, Peer based Collaboration, IT Exploration 9 Use of Cloud Computing in Library
1010 Purpose and Benefits  Cloud computing enables companies and applications, which are system infrastructure dependent, to be infrastructure-less.  By using the Cloud infrastructure on “Pay per use and On Demand”, which all of us can save in capital and operational investment! • Pay per use - Computing resources are measured at a granular level, allowing users to pay only for the resources and workloads they use. • On Demand - End users can spin up computing resources for almost any type of workload on-demand  Clients can: • Put their data on the platform instead of on their own desktop PCs and/or on their own servers. • They can put their applications on the cloud and use the servers within the cloud to do processing and data manipulations etc.
1111 Cloud-Sourcing  Why is it becoming a Big Deal: • Using high-scale/low-cost providers, • Any time/place access via web browser, • Rapid scalability; incremental cost and load sharing, • Can forget need to focus on local IT.  Concerns: • Performance, reliability, and SLAs, • Control of data, and service parameters, • Application features and choices, • Interaction between Cloud providers, • No standard API – mix of SOAP and REST! • Privacy, security, compliance, trust…
1212 Risk In Cloud Computing
1313 Data Security In Cloud Computing  Data outsourcing - Users are relieved from the burden of data storage and maintenance. When users put their data (of large size) on the cloud, the data integrity protection is challenging.  Cloud computing is built on top of virtualization, if there are security issues with virtualization, then there will also security issues with cloud computing.  Data segregation - Data in the cloud is typically in a shared environment alongside data from other customers. Encryption is effective but isn't a cure-all. The cloud provider should provide evidence that encryption schemes were designed and tested by experienced specialists.  A data center full of servers supporting cloud computing is internally and externally indistinguishable from a data center full of "regular" servers. In each case, it will be important for the data center to be physically secure against unauthorized access
1414 Data Security In Cloud Computing  Computer and network security is fundamentally about three goals/objectives: -- Confidentiality (C) -- Integrity (I) -- Availability (A)  Confidentiality – Its refers to keeping data private. Privacy is the amount importance as data leaves the borders of the organization. Not only internal secrets and sensitive personal data, but metadata and transactional data can also leak important details about firms or individuals. Confidentiality is supported by, technical tools such as encryption and access control, as well as legal protections.
1515 Data Security In Cloud Computing  Integrity is a degree confidence that the data in the cloud is protected against accidental or intentional alteration without authorization. It also extends to the hurdles of synchronizing multiple databases. Integrity is supported by well audited code, well-designed distributed systems, and robust access control mechanisms.  Availability means being able to use the system as anticipated. Cloud technologies can increase availability through widespread internet-enabled access, but the client is dependent on the timely and robust provision of resources. Availability is supported by capacity building and good architecture by the provider, as well as well-defined contracts and terms of agreement.
1616 Vulnerabilities In Cloud Computing  Insecure interfaces and APIs  Unlimited allocation of resources  Data-related vulnerabilities  Vulnerabilities in Virtual Machines  Vulnerabilities in Virtual Machine Images  Vulnerabilities in Virtual Networks  Vulnerabilities in Hypervisors  Local Host Security
1717 Vulnerabilities In Cloud Computing Insecure interfaces and APIs  Cloud providers offer services that can be accessed through APIs (SOAP, REST, or HTTP with XML/JSON) The security of the cloud depends upon the security of these interfaces. Some problems are: a) Weak credential b) Insufficient authorization checks c) Insufficient input-data validation  Also, cloud APIs are still immature which means that are frequently updated. A fixed bug can introduce another security hole in the application.
1818 Vulnerabilities In Cloud Computing Unlimited allocation of resources  Inaccurate modeling of resource usage can lead to overbooking or over- provisioning.  Due to the heterogeneous and time-variant environment in a Cloud, the resource provisioning becomes a complex task, forcing the mediation system to respond with minimal turnaround time in order to maintain the developer’s quality requirements.
1919 Vulnerabilities In Cloud Computing Data-related vulnerabilities  Data can be collocated with the data of unknown owners (competitors, or intruders) with a weak separation.  Data may be located in different jurisdictions which have different laws.  Incomplete data deletion – data cannot be completely removed.  Data backup done by untrusted third-party providers.  Information about the location of the data usually is unavailable or not disclosed to users.  Data is often stored, processed, and transferred in clear plain text.
2020 Vulnerabilities In Cloud Computing Vulnerabilities in Virtual Machines  Possible covert channels in the collocation of VMs.  Unrestricted allocation and deallocation of resources with VMs.  Uncontrolled Migration - VMs can be migrated from one server to another server due to fault tolerance, load balance, or hardware maintenance.  Uncontrolled snapshots – VMs can be copied in order to provide flexibility, which may lead to data leakage.  Uncontrolled rollback could lead to reset vulnerabilities - VMs can be backed up to a previous state for restoration, but patches applied after the previous state disappear.  VMs have IP addresses that are visible to anyone within the cloud - attackers can map where the target VM is located within the cloud (Cloud cartography).
2121 Vulnerabilities In Cloud Computing Vulnerabilities in Virtual Machine Images  Uncontrolled placement of VM images in public repositories.  VM images are not able to be patched since they are dormant artifacts. Vulnerabilities in Virtual Networks  The cloud characteristic ubiquitous network access means that cloud services are accessed via network using standard protocols. In most cases, this network is the Internet, which must be considered untrusted. Internet protocol vulnerabilities - such as vulnerabilities that allow man-in- the-middle attacks - are therefore relevant for cloud computing.  Sharing of virtual bridges by several virtual machines.
2222 Vulnerabilities In Cloud Computing Vulnerabilities in Hypervisors  Complex hypervisor code.  Flexible configuration of VMs or hypervisors to meet organization needs can be exploited.  Any remote user can initiate an attack on a Hypervisor and its guest VMs if it is located in a subnet from which the machine running the Hypervisor is reachable.  Almost any code can be executed from a guest VM’s Ring 3; however, some functionality will be limited by the OS or the Hypervisor (causing an exception). Nevertheless, it is easiest to get user-space code to run, so any exploits from this ring are attractive to an attacker.  An attack from a Guest VM’s Kernel-Space, as it requires control over the paravirtualized front-end driver.  The Hypervisor can access any resource in the host system (i.e. memory, peripherals, CPU state, etc.), which means that it can access every guest VM’s resources.
2323 Vulnerabilities In Cloud Computing Local Host Security  Are local host machines part of the cloud infrastructure? • Outside the security perimeter. • While cloud consumers worry about the security on the cloud provider’s site, they may easily forget to harden their own machines  The lack of security of local devices can • Provide a way for malicious services on the cloud to attack local networks through these terminal devices. • Compromise the cloud and its resources for other users.
2424 Vulnerabilities In Cloud Computing  With mobile devices, the threat may be even stronger • Users misplace or have the device stolen from them. • Security mechanisms on handheld gadgets are often times insufficient compared to say, a desktop computer. • Provides a potential attacker an easy avenue into a cloud system. • If a user relies mainly on a mobile device to access cloud data, the threat to availability is also increased as mobile devices malfunction or are lost .  Devices that access the cloud should have • Strong authentication mechanisms • Tamper-resistant mechanisms • Strong isolation between applications • Methods to trust the OS • Cryptographic functionality when traffic confidentiality is required.
2525 Hardening Cloud Security  Secure Logic Migration and Execution Technology  Data Traceability Technology  Authentication and Identity  Application of Encryption for Data in Motion:  Data Masking Technology
2626 Hardening Cloud Security  Secure Logic Migration and Execution Technology For confidential data that cannot be released outside of the company, even formed by concealing certain aspects of the data, by simply defining the security level of data.  Data Traceability Technology The information gateway tracks all information flowing into and out of the cloud, so these flows and their content can be checked. Data traceability technology uses the logs obtained on data traffic as well as the characteristics of the related text to make visible the data used in the cloud
2727 Hardening Cloud Security  Authentication and Identity Maintaining confidentiality, integrity, and availability for data security is a function of the correct application and configuration of familiar network, system, and application security mechanisms at various levels in the cloud infrastructure. Authentication of users takes several forms, but all are based on a combination of authentication factors: something an individual knows (such as a password), something they possess (such as a security token), or some measurable quality that is intrinsic to them (such as a fingerprint).
2828 Hardening Cloud Security  Application of Encryption for Data in Motion: Encryption is used to assure that if there was a breach of communication integrity between the two parties that the data remains confidential. Authentication is used to assure that the parties communicating data are who they say they are. Common means of authentication themselves employ cryptography in various ways.
2929 Hardening Cloud Security  Data Masking Technology Data masking is a technique that is intended to remove all identifiable and distinguishing characteristics from data in order to render it anonymous and yet still be operable. This technique is aimed at reducing the risk of exposing sensitive information. Data masking has also been known by such names as data obfuscation, de-identification, or depersonalization.
3030 Conclusion  Cloud computing is sometimes viewed as a re-creation of the classic mainframe client-server model.  However, resources are ubiquitous, scalable, highly virtualized.  Contains all the traditional threats, as well as new ones.  In developing solutions to cloud computing security issues it may be helpful to identify the problems and approaches in terms of CIA (Confidentially, Integrity and Availability ).

Empfohlen

Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud Computing
Ashish Patel
 
Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud Computing
Jim Geovedi
 
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Pushpa
 
Cloud Computing Security Issues
Cloud Computing Security IssuesCloud Computing Security Issues
Cloud Computing Security Issues
Stelios Krasadakis
 
Security issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwariSecurity issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwari
bhanu krishna
 
Cloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” reportCloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” report
Vivek Maurya
 
Cloud Computing Security Issues
Cloud Computing Security Issues Cloud Computing Security Issues
Cloud Computing Security Issues
Discover Cloud Computing
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
Falgun Rathod
 

Empfohlen

Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud Computing
Ashish Patel
 
Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud Computing
Jim Geovedi
 
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Pushpa
 
Cloud Computing Security Issues
Cloud Computing Security IssuesCloud Computing Security Issues
Cloud Computing Security Issues
Stelios Krasadakis
 
Security issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwariSecurity issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwari
bhanu krishna
 
Cloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” reportCloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” report
Vivek Maurya
 
Cloud Computing Security Issues
Cloud Computing Security Issues Cloud Computing Security Issues
Cloud Computing Security Issues
Discover Cloud Computing
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
Falgun Rathod
 
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
IJIR JOURNALS IJIRUSA
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
Kresimir Popovic
 
Cloud security (domain6 10)
Cloud security (domain6 10)Cloud security (domain6 10)
Cloud security (domain6 10)
Maganathin Veeraragaloo
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
swamipise14
 
security Issues of cloud computing
security Issues of cloud computingsecurity Issues of cloud computing
security Issues of cloud computing
prachupanchal
 
Authentication cloud
Authentication cloudAuthentication cloud
Authentication cloud
vidhya dharmarajan
 
Cloud Security Best Practices - Part 2
Cloud Security Best Practices - Part 2Cloud Security Best Practices - Part 2
Cloud Security Best Practices - Part 2
Cohesive Networks
 
Module 3-cloud computing
Module 3-cloud computingModule 3-cloud computing
Module 3-cloud computing
Sweta Kumari Barnwal
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
Vladimir Jirasek
 
On technical security issues in cloud computing
On technical security issues in cloud computingOn technical security issues in cloud computing
On technical security issues in cloud computing
sashi799
 
Cloud computing and its security issues
Cloud computing and its security issuesCloud computing and its security issues
Cloud computing and its security issues
Jyoti Srivastava
 
Cloud computing
Cloud computingCloud computing
Cloud computing
perfectican
 
Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)
ClubHack
 
Security Requirement Specification Model for Cloud Computing Services
Security Requirement Specification Model for Cloud Computing ServicesSecurity Requirement Specification Model for Cloud Computing Services
Security Requirement Specification Model for Cloud Computing Services
Matteo Leonetti
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security Challenges
Yateesh Yadav
 
Cloud Security Issues 1.04.10
Cloud Security Issues 1.04.10Cloud Security Issues 1.04.10
Cloud Security Issues 1.04.10
Rugby7277
 
Ensuring data storage security in cloud computing
Ensuring data storage security in cloud computingEnsuring data storage security in cloud computing
Ensuring data storage security in cloud computing
Uday Wankar
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Dhaval Dave
 
Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computing
veena venugopal
 
Cloud security
Cloud security Cloud security
Cloud security
Mohamed Shalash
 
The hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignmentsThe hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignments
n|u - The Open Security Community
 
Network security projects
Network security projectsNetwork security projects
Network security projects
tcpipguru
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
Kresimir Popovic
 
Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)
ClubHack
 
Security Requirement Specification Model for Cloud Computing Services
Security Requirement Specification Model for Cloud Computing ServicesSecurity Requirement Specification Model for Cloud Computing Services
Security Requirement Specification Model for Cloud Computing Services
Matteo Leonetti
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Dhaval Dave
 

Was ist angesagt? (20)

Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
 
Cloud security (domain6 10)
Cloud security (domain6 10)Cloud security (domain6 10)
Cloud security (domain6 10)
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
security Issues of cloud computing
security Issues of cloud computingsecurity Issues of cloud computing
security Issues of cloud computing
 
Authentication cloud
Authentication cloudAuthentication cloud
Authentication cloud
 
Cloud Security Best Practices - Part 2
Cloud Security Best Practices - Part 2Cloud Security Best Practices - Part 2
Cloud Security Best Practices - Part 2
 
Module 3-cloud computing
Module 3-cloud computingModule 3-cloud computing
Module 3-cloud computing
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
 
On technical security issues in cloud computing
On technical security issues in cloud computingOn technical security issues in cloud computing
On technical security issues in cloud computing
 
Cloud computing and its security issues
Cloud computing and its security issuesCloud computing and its security issues
Cloud computing and its security issues
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)
 
Security Requirement Specification Model for Cloud Computing Services
Security Requirement Specification Model for Cloud Computing ServicesSecurity Requirement Specification Model for Cloud Computing Services
Security Requirement Specification Model for Cloud Computing Services
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security Challenges
 
Cloud Security Issues 1.04.10
Cloud Security Issues 1.04.10Cloud Security Issues 1.04.10
Cloud Security Issues 1.04.10
 
Ensuring data storage security in cloud computing
Ensuring data storage security in cloud computingEnsuring data storage security in cloud computing
Ensuring data storage security in cloud computing
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computing
 
Cloud security
Cloud security Cloud security
Cloud security
 

Andere mochten auch

HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
Marco Balduzzi
 
Cloud computing security policy framework for mitigating denial of service at...
Cloud computing security policy framework for mitigating denial of service at...Cloud computing security policy framework for mitigating denial of service at...
Cloud computing security policy framework for mitigating denial of service at...
Venkatesh Prabhu
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Manas Das
 
A New Form of Dos attack in Cloud
A New Form of Dos attack in CloudA New Form of Dos attack in Cloud
A New Form of Dos attack in Cloud
Sanoj Kumar
 
Cloud computing ppt
Cloud computing pptCloud computing ppt
Cloud computing ppt
Liza Welch
 

Andere mochten auch (18)

The hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignmentsThe hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignments
 
Network security projects
Network security projectsNetwork security projects
Network security projects
 
Cloud computing in medical field
Cloud computing in medical fieldCloud computing in medical field
Cloud computing in medical field
 
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
 
Cloud computing security policy framework for mitigating denial of service at...
Cloud computing security policy framework for mitigating denial of service at...Cloud computing security policy framework for mitigating denial of service at...
Cloud computing security policy framework for mitigating denial of service at...
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
A New Form of Dos attack in Cloud
A New Form of Dos attack in CloudA New Form of Dos attack in Cloud
A New Form of Dos attack in Cloud
 
600.412.Lecture02
600.412.Lecture02600.412.Lecture02
600.412.Lecture02
 
firewalls
firewallsfirewalls
firewalls
 
Concepts of Distributed Computing & Cloud Computing
Concepts of Distributed Computing & Cloud Computing Concepts of Distributed Computing & Cloud Computing
Concepts of Distributed Computing & Cloud Computing
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Malware detection in cloud computing infrastructures
Malware detection in cloud computing infrastructuresMalware detection in cloud computing infrastructures
Malware detection in cloud computing infrastructures
 
Security on Cloud Computing
Security on Cloud Computing Security on Cloud Computing
Security on Cloud Computing
 
Seminar
SeminarSeminar
Seminar
 
Cloud computing ppt
Cloud computing pptCloud computing ppt
Cloud computing ppt
 
Cloud Management Mechanisms
Cloud Management MechanismsCloud Management Mechanisms
Cloud Management Mechanisms
 
Cloud Security Mechanisms
Cloud Security MechanismsCloud Security Mechanisms
Cloud Security Mechanisms
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
 

Ähnlich wie Cloud computing

Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computing
Prince Chandu
 
A STUDY OF THE ISSUES AND SECURITY OF CLOUD COMPUTING
A STUDY OF THE ISSUES AND SECURITY OF CLOUD COMPUTINGA STUDY OF THE ISSUES AND SECURITY OF CLOUD COMPUTING
A STUDY OF THE ISSUES AND SECURITY OF CLOUD COMPUTING
Er Piyush Gupta IN ⊞⌘
 

Ähnlich wie Cloud computing (20)

CLOUD COMPUTING AND STORAGE
CLOUD COMPUTING AND STORAGECLOUD COMPUTING AND STORAGE
CLOUD COMPUTING AND STORAGE
 
Issues in cloud computing
Issues in cloud computingIssues in cloud computing
Issues in cloud computing
 
Cloud management
Cloud managementCloud management
Cloud management
 
Introduction Of Cloud Computing
Introduction Of Cloud Computing Introduction Of Cloud Computing
Introduction Of Cloud Computing
 
Cloud Computing Using Encryption and Intrusion Detection
Cloud Computing Using Encryption and Intrusion DetectionCloud Computing Using Encryption and Intrusion Detection
Cloud Computing Using Encryption and Intrusion Detection
 
Cloud models and platforms
Cloud models and platformsCloud models and platforms
Cloud models and platforms
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Quiz 1 cloud computing
Quiz 1 cloud computing Quiz 1 cloud computing
Quiz 1 cloud computing
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computing
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computing
 
A STUDY OF THE ISSUES AND SECURITY OF CLOUD COMPUTING
A STUDY OF THE ISSUES AND SECURITY OF CLOUD COMPUTINGA STUDY OF THE ISSUES AND SECURITY OF CLOUD COMPUTING
A STUDY OF THE ISSUES AND SECURITY OF CLOUD COMPUTING
 
Security threats in cloud computing
Security threats in cloud computingSecurity threats in cloud computing
Security threats in cloud computing
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Lect15 cloud
Lect15 cloudLect15 cloud
Lect15 cloud
 
Cloud
CloudCloud
Cloud
 
Lect15 cloud
Lect15 cloudLect15 cloud
Lect15 cloud
 
Cloud computing ppt
Cloud computing pptCloud computing ppt
Cloud computing ppt
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 

Kürzlich hochgeladen

"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments""Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
mphochane1998
 
Integrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - NeometrixIntegrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - Neometrix
Neometrix_Engineering_Pvt_Ltd
 
Hospital management system project report.pdf
Hospital management system project report.pdfHospital management system project report.pdf
Hospital management system project report.pdf
Kamal Acharya
 
Verification of thevenin's theorem for BEEE Lab (1).pptx
Verification of thevenin's theorem for BEEE Lab (1).pptxVerification of thevenin's theorem for BEEE Lab (1).pptx
Verification of thevenin's theorem for BEEE Lab (1).pptx
chumtiyababu
 
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Online food ordering system project report.pdf
Online food ordering system project report.pdfOnline food ordering system project report.pdf
Online food ordering system project report.pdf
Kamal Acharya
 
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
AldoGarca30
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
Kamal Acharya
 

Kürzlich hochgeladen (20)

Wadi Rum luxhotel lodge Analysis case study.pptx
Wadi Rum luxhotel lodge Analysis case study.pptxWadi Rum luxhotel lodge Analysis case study.pptx
Wadi Rum luxhotel lodge Analysis case study.pptx
 
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments""Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
 
PE 459 LECTURE 2- natural gas basic concepts and properties
PE 459 LECTURE 2- natural gas basic concepts and propertiesPE 459 LECTURE 2- natural gas basic concepts and properties
PE 459 LECTURE 2- natural gas basic concepts and properties
 
Integrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - NeometrixIntegrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - Neometrix
 
Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...
Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...
Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...
 
Hospital management system project report.pdf
Hospital management system project report.pdfHospital management system project report.pdf
Hospital management system project report.pdf
 
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced LoadsFEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
 
Verification of thevenin's theorem for BEEE Lab (1).pptx
Verification of thevenin's theorem for BEEE Lab (1).pptxVerification of thevenin's theorem for BEEE Lab (1).pptx
Verification of thevenin's theorem for BEEE Lab (1).pptx
 
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptxS1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
 
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
 
Employee leave management system project.
Employee leave management system project.Employee leave management system project.
Employee leave management system project.
 
Online food ordering system project report.pdf
Online food ordering system project report.pdfOnline food ordering system project report.pdf
Online food ordering system project report.pdf
 
Engineering Drawing focus on projection of planes
Engineering Drawing focus on projection of planesEngineering Drawing focus on projection of planes
Engineering Drawing focus on projection of planes
 
A Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna MunicipalityA Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna Municipality
 
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptxOrlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
 
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - V
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
 
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...
 
Moment Distribution Method For Btech Civil
Moment Distribution Method For Btech CivilMoment Distribution Method For Btech Civil
Moment Distribution Method For Btech Civil
 

Cloud computing

  • 1. 1 Risk in Cloud Computing Environment Presented by, Akanksha Botke CEH, VAPT Auditor
  • 2. 22 Agenda  Introduction  Cloud Computing Models  Cloud Computing Architecture  Cloud Computing Characteristics  Purpose and Benefits  Cloud-Sourcing  Risk In Cloud Computing  Data Security In Cloud Computing  Vulnerabilities In Cloud Computing  Hardening Cloud Security  Conclusion
  • 3. 33 Introduction  Cloud computing is typically defined as a type of computing that relies on sharing computing resources rather than having local servers or personal devices to handle applications.  In cloud computing, the word cloud (also phrased as "the cloud") is used as a metaphor for "the Internet," so the phrase cloud computing means "a type of Internet-based computing," where different services — such as servers, storage and applications — are delivered to an organization's computers and devices through the Internet.
  • 4. 44 Cloud Computing Models 1. Software as a Service (Saas)  The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web  Characteristics of SaaS:  Its easy to work under administration  It can be globally access The software can be updated automatically All license holder user will have same version of software
  • 5. 55 Cloud Computing of Models 2. Platform as a Service (PaaS)  The capability provided to the consumer is to deploy onto the cloud infrastructure his own applications without installing any platform or tools on their local machines. PaaS refers to providing platform layer resources, including operating system support and software development frameworks that can be used to build higher-level services.  Characteristics of PaaS: No need of downloading and installing operating System. It saves Customers money. It mainly deals for delivering operating systems over Internet. Software can be developed, tested and deployed
  • 6. 66 Cloud Computing Models 3. Infrastructure as a Service (IaaS).  The capability provided the sharing of hardware resources for executing services, typically using Virtualization technology. Infrastructure as a Service is an equipment which is used to support hardware, software, storage, servers and mainly used for delivering software application environments  Characteristics of IaaS:  Policy based Services  Utility computing Services  Dynamic Scaling  Internet Connectivity
  • 8. 88 Cloud Computing Characteristics Common Characteristics: Massive Scale Homogeneity Virtualization Low Cost Software Resilient Computing Geographic Distribution Service Orientation Advanced Security
  • 9. 9 Data: Bibliographic, Digital, Administrative, License, Access and Preservation. Content: Collections, Subscriptions, Print, Publishing. Services: Library as Place, Content Access, Content Creation, Instruction, Research, Preservation. Experience: Research, Study Support, Peer based Collaboration, IT Exploration 9 Use of Cloud Computing in Library
  • 10. 1010 Purpose and Benefits  Cloud computing enables companies and applications, which are system infrastructure dependent, to be infrastructure-less.  By using the Cloud infrastructure on “Pay per use and On Demand”, which all of us can save in capital and operational investment! • Pay per use - Computing resources are measured at a granular level, allowing users to pay only for the resources and workloads they use. • On Demand - End users can spin up computing resources for almost any type of workload on-demand  Clients can: • Put their data on the platform instead of on their own desktop PCs and/or on their own servers. • They can put their applications on the cloud and use the servers within the cloud to do processing and data manipulations etc.
  • 11. 1111 Cloud-Sourcing  Why is it becoming a Big Deal: • Using high-scale/low-cost providers, • Any time/place access via web browser, • Rapid scalability; incremental cost and load sharing, • Can forget need to focus on local IT.  Concerns: • Performance, reliability, and SLAs, • Control of data, and service parameters, • Application features and choices, • Interaction between Cloud providers, • No standard API – mix of SOAP and REST! • Privacy, security, compliance, trust…
  • 12. 1212 Risk In Cloud Computing
  • 13. 1313 Data Security In Cloud Computing  Data outsourcing - Users are relieved from the burden of data storage and maintenance. When users put their data (of large size) on the cloud, the data integrity protection is challenging.  Cloud computing is built on top of virtualization, if there are security issues with virtualization, then there will also security issues with cloud computing.  Data segregation - Data in the cloud is typically in a shared environment alongside data from other customers. Encryption is effective but isn't a cure-all. The cloud provider should provide evidence that encryption schemes were designed and tested by experienced specialists.  A data center full of servers supporting cloud computing is internally and externally indistinguishable from a data center full of "regular" servers. In each case, it will be important for the data center to be physically secure against unauthorized access
  • 14. 1414 Data Security In Cloud Computing  Computer and network security is fundamentally about three goals/objectives: -- Confidentiality (C) -- Integrity (I) -- Availability (A)  Confidentiality – Its refers to keeping data private. Privacy is the amount importance as data leaves the borders of the organization. Not only internal secrets and sensitive personal data, but metadata and transactional data can also leak important details about firms or individuals. Confidentiality is supported by, technical tools such as encryption and access control, as well as legal protections.
  • 15. 1515 Data Security In Cloud Computing  Integrity is a degree confidence that the data in the cloud is protected against accidental or intentional alteration without authorization. It also extends to the hurdles of synchronizing multiple databases. Integrity is supported by well audited code, well-designed distributed systems, and robust access control mechanisms.  Availability means being able to use the system as anticipated. Cloud technologies can increase availability through widespread internet-enabled access, but the client is dependent on the timely and robust provision of resources. Availability is supported by capacity building and good architecture by the provider, as well as well-defined contracts and terms of agreement.
  • 16. 1616 Vulnerabilities In Cloud Computing  Insecure interfaces and APIs  Unlimited allocation of resources  Data-related vulnerabilities  Vulnerabilities in Virtual Machines  Vulnerabilities in Virtual Machine Images  Vulnerabilities in Virtual Networks  Vulnerabilities in Hypervisors  Local Host Security
  • 17. 1717 Vulnerabilities In Cloud Computing Insecure interfaces and APIs  Cloud providers offer services that can be accessed through APIs (SOAP, REST, or HTTP with XML/JSON) The security of the cloud depends upon the security of these interfaces. Some problems are: a) Weak credential b) Insufficient authorization checks c) Insufficient input-data validation  Also, cloud APIs are still immature which means that are frequently updated. A fixed bug can introduce another security hole in the application.
  • 18. 1818 Vulnerabilities In Cloud Computing Unlimited allocation of resources  Inaccurate modeling of resource usage can lead to overbooking or over- provisioning.  Due to the heterogeneous and time-variant environment in a Cloud, the resource provisioning becomes a complex task, forcing the mediation system to respond with minimal turnaround time in order to maintain the developer’s quality requirements.
  • 19. 1919 Vulnerabilities In Cloud Computing Data-related vulnerabilities  Data can be collocated with the data of unknown owners (competitors, or intruders) with a weak separation.  Data may be located in different jurisdictions which have different laws.  Incomplete data deletion – data cannot be completely removed.  Data backup done by untrusted third-party providers.  Information about the location of the data usually is unavailable or not disclosed to users.  Data is often stored, processed, and transferred in clear plain text.
  • 20. 2020 Vulnerabilities In Cloud Computing Vulnerabilities in Virtual Machines  Possible covert channels in the collocation of VMs.  Unrestricted allocation and deallocation of resources with VMs.  Uncontrolled Migration - VMs can be migrated from one server to another server due to fault tolerance, load balance, or hardware maintenance.  Uncontrolled snapshots – VMs can be copied in order to provide flexibility, which may lead to data leakage.  Uncontrolled rollback could lead to reset vulnerabilities - VMs can be backed up to a previous state for restoration, but patches applied after the previous state disappear.  VMs have IP addresses that are visible to anyone within the cloud - attackers can map where the target VM is located within the cloud (Cloud cartography).
  • 21. 2121 Vulnerabilities In Cloud Computing Vulnerabilities in Virtual Machine Images  Uncontrolled placement of VM images in public repositories.  VM images are not able to be patched since they are dormant artifacts. Vulnerabilities in Virtual Networks  The cloud characteristic ubiquitous network access means that cloud services are accessed via network using standard protocols. In most cases, this network is the Internet, which must be considered untrusted. Internet protocol vulnerabilities - such as vulnerabilities that allow man-in- the-middle attacks - are therefore relevant for cloud computing.  Sharing of virtual bridges by several virtual machines.
  • 22. 2222 Vulnerabilities In Cloud Computing Vulnerabilities in Hypervisors  Complex hypervisor code.  Flexible configuration of VMs or hypervisors to meet organization needs can be exploited.  Any remote user can initiate an attack on a Hypervisor and its guest VMs if it is located in a subnet from which the machine running the Hypervisor is reachable.  Almost any code can be executed from a guest VM’s Ring 3; however, some functionality will be limited by the OS or the Hypervisor (causing an exception). Nevertheless, it is easiest to get user-space code to run, so any exploits from this ring are attractive to an attacker.  An attack from a Guest VM’s Kernel-Space, as it requires control over the paravirtualized front-end driver.  The Hypervisor can access any resource in the host system (i.e. memory, peripherals, CPU state, etc.), which means that it can access every guest VM’s resources.
  • 23. 2323 Vulnerabilities In Cloud Computing Local Host Security  Are local host machines part of the cloud infrastructure? • Outside the security perimeter. • While cloud consumers worry about the security on the cloud provider’s site, they may easily forget to harden their own machines  The lack of security of local devices can • Provide a way for malicious services on the cloud to attack local networks through these terminal devices. • Compromise the cloud and its resources for other users.
  • 24. 2424 Vulnerabilities In Cloud Computing  With mobile devices, the threat may be even stronger • Users misplace or have the device stolen from them. • Security mechanisms on handheld gadgets are often times insufficient compared to say, a desktop computer. • Provides a potential attacker an easy avenue into a cloud system. • If a user relies mainly on a mobile device to access cloud data, the threat to availability is also increased as mobile devices malfunction or are lost .  Devices that access the cloud should have • Strong authentication mechanisms • Tamper-resistant mechanisms • Strong isolation between applications • Methods to trust the OS • Cryptographic functionality when traffic confidentiality is required.
  • 25. 2525 Hardening Cloud Security  Secure Logic Migration and Execution Technology  Data Traceability Technology  Authentication and Identity  Application of Encryption for Data in Motion:  Data Masking Technology
  • 26. 2626 Hardening Cloud Security  Secure Logic Migration and Execution Technology For confidential data that cannot be released outside of the company, even formed by concealing certain aspects of the data, by simply defining the security level of data.  Data Traceability Technology The information gateway tracks all information flowing into and out of the cloud, so these flows and their content can be checked. Data traceability technology uses the logs obtained on data traffic as well as the characteristics of the related text to make visible the data used in the cloud
  • 27. 2727 Hardening Cloud Security  Authentication and Identity Maintaining confidentiality, integrity, and availability for data security is a function of the correct application and configuration of familiar network, system, and application security mechanisms at various levels in the cloud infrastructure. Authentication of users takes several forms, but all are based on a combination of authentication factors: something an individual knows (such as a password), something they possess (such as a security token), or some measurable quality that is intrinsic to them (such as a fingerprint).
  • 28. 2828 Hardening Cloud Security  Application of Encryption for Data in Motion: Encryption is used to assure that if there was a breach of communication integrity between the two parties that the data remains confidential. Authentication is used to assure that the parties communicating data are who they say they are. Common means of authentication themselves employ cryptography in various ways.
  • 29. 2929 Hardening Cloud Security  Data Masking Technology Data masking is a technique that is intended to remove all identifiable and distinguishing characteristics from data in order to render it anonymous and yet still be operable. This technique is aimed at reducing the risk of exposing sensitive information. Data masking has also been known by such names as data obfuscation, de-identification, or depersonalization.
  • 30. 3030 Conclusion  Cloud computing is sometimes viewed as a re-creation of the classic mainframe client-server model.  However, resources are ubiquitous, scalable, highly virtualized.  Contains all the traditional threats, as well as new ones.  In developing solutions to cloud computing security issues it may be helpful to identify the problems and approaches in terms of CIA (Confidentially, Integrity and Availability ).