SlideShare ist ein Scribd-Unternehmen logo

Lecture27 cc-security2

A
Ankit Gupta

Cloud computing

Ingenieurwesen
1 von 26
Downloaden Sie, um offline zu lesen
CLOUD COMPUTING CLOUD SECURITY II PROF. SOUMYA K. GHOSH DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING IIT KHARAGPUR
Cloud Computing • Cloud computing is a new computing paradigm, involving data and/or computation outsourcing, with – Infinite and elastic resource scalability – On demand “just-in-time” provisioning – No upfront cost … pay-as-you-go • Use as much or as less you need, use only when you want, and pay only what you use 2
Economic Advantages of Cloud Computing • For consumers: – No upfront commitment in buying/leasing hardware – Can scale usage according to demand – Minimizing start-up costs • Small scale companies and startups can reduce CAPEX (Capital Expenditure) • For providers: – Increased utilization of datacenter resources 3
Why aren’t Everyone using Cloud? Clouds are still subject to traditional data confidentiality, integrity, availability, and privacy issues, plus some additional attacks 4
Concern… 5
Survey on Potential Cloud Barriers Source: IDC Ranking Security Challenges 6
Why Cloud Computing brings New Threats? • Traditional system security mostly means keeping attackers out • The attacker needs to either compromise the authentication/access control system, or impersonate existing users • But cloud allows co-tenancy: Multiple independent users share the same physical infrastructure – An attacker can legitimately be in the same physical machine as the target • Customer’s lack of control over his own data and application. • Reputation fate-sharing 7
Security Stack • IaaS: entire infrastructure from facilities to hardware • PaaS: application, middleware, database, messaging supported by IaaS – Customer-side system administrator manages the same with provider handling platform, infrastructure security • SaaS: self contained operating environment: content, presentation, apps, management – Service levels, security, governance, compliance, liability, expectations of the customer & provider are contractually defined IncreaseinProvider’sSecurity Responsibility IncreaseinCustomer’sSecurity Responsibility 8
Sample Clouds Source: “Security Guidance for Critical Areas of Focus in Cloud Computing” v2.1, p.18 9
Gartner’s Seven Cloud Computing Security Risks • Gartner: – http://www.gartner.com/technology/about.jsp – Cloud computing has “unique attributes that require risk assessment in areas such as data integrity, recovery and privacy, and an evaluation of legal issues in areas such as e- discovery, regulatory compliance and auditing,” Gartner says • Security Risks – Privileged User Access – Regulatory Compliance & Audit – Data Location – Data Segregation – Recovery – Investigative Support – Long-term Viability 10
Privileged User Access • Sensitive data processed outside the enterprise brings with it an inherent level of risk • Outsourced services bypass the “physical, logical and personnel controls” of traditional in-house deployments. • Get as much information as you can about the people who manage your data • “Ask providers to supply specific information on the hiring and oversight of privileged administrators, and the controls over their access,” Gartner says. 11
Regulatory Compliance & Audit • Traditional service providers are subjected to external audits and security certifications. • Cloud computing providers who refuse to undergo this scrutiny are “signaling that customers can only use them for the most trivial functions,” according to Gartner. • Shared infrastructure – isolation of user-specific log • No customer-side auditing facility • Difficult to audit data held outside organization in a cloud – Forensics also made difficult since now clients don’t maintain data locally • Trusted third-party auditor? 12
Data Location • Hosting of data, jurisdiction? • Data centers: located at geographically dispersed locations • Different jurisdiction & regulations – Laws for cross border data flows • Legal implications – Who is responsible for complying with regulations (e.g., SOX, HIPAA, etc.)? – If cloud provider subcontracts to third party clouds, will the data still be secure? 13
Data Segregation • Data in the cloud is typically in a shared environment alongside data from other customers. • Encryption is effective but isn’t a cure-all. “Find out what is done to segregate data at rest,” Gartner advises. • Encrypt data in transit, needs to be decrypted at the time of processing – Possibility of interception • Secure key store – Protect encryption keys – Limit access to key stores – Key backup & recoverability • The cloud provider should provide evidence that encryption schemes were designed and tested by experienced specialists. • “Encryption accidents can make data totally unusable, and even normal encryption can complicate availability,” Gartner says. 14
Recovery • Even if you don’t know where your data is, a cloud provider should tell you what will happen to your data and service in case of a disaster. • “Any offering that does not replicate the data and application infrastructure across multiple sites is vulnerable to a total failure,” Gartner says. Ask your provider if it has “the ability to do a complete restoration, and how long it will take.” • Recovery Point Objective (RPO): The maximum amount of data that will be lost following an interruption or disaster. • Recovery Time Objective (RTO): The period of time allowed for recovery i.e., the time that is allowed to elapse between the disaster and the activation of the secondary site. • Backup frequency • Fault tolerance – Replication: mirroring/sharing data over disks which are located in separate physical locations to maintain consistency – Redundancy: duplication of critical components of a system with the intention of increasing reliability of the system, usually in the case of a backup or fail-safe. 15
Investigative Support • Investigating inappropriate or illegal activity may be impossible in cloud computing • Monitoring – To eliminate the conflict of interest between the provider and the consumer, a neural third-party organization is the best solution to monitor performance. • Gartner warns. “Cloud services are especially difficult to investigate, because logging and data for multiple customers may be co-located and may also be spread across an ever-changing set of hosts and data centers.” 16
Long-term Viability • “Ask potential providers how you would get your data back and if it would be in a format that you could import into a replacement application,” Gartner says. • When to switch cloud providers ? – Contract price increase – Provider bankruptcy – Provider service shutdown – Decrease in service quality – Business dispute • Problem: vendor lock-in 17
Other Cloud Security Issues… • Virtualization • Access Control & Identity Management • Application Security • Data Life Cycle Management 18
Virtualization • Components: – Virtual machine (VM) – Virtual machine manager (VMM) or hypervisor • Two types: – Full virtualization: VMs run on hypervisor that interacts with the hardware – Para virtualization: VMs interact with the host OS. • Major functionality: resource isolation • Hypervisor vulnerabilities: – Shared clipboard technology– transferring malicious programs from VMs to host 19
Virtualization (contd…) • Hypervisor vulnerabilities: – Keystroke logging: Some VM technologies enable the logging of keystrokes and screen updates to be passed across virtual terminals in the virtual machine, writing to host files and permitting the monitoring of encrypted terminal connections inside the VM. – Virtual machine backdoors: covert communication channel – ARP Poisoning: redirect packets going to or from the other VM. • Hypervisor Risks – Rogue hypervisor rootkits • Initiate a ‘rogue’ hypervisor • Hide itself from normal malware detection systems • Create a covert channel to dump unauthorized code 20
Virtualization (contd…) • Hypervisor Risks – External modification to the hypervisor • Poorly protected or designed hypervisor: source of attack • May be subjected to direct modification by the external intruder – VM escape • Improper configuration of VM • Allows malicious code to completely bypass the virtual environment, and obtain full root or kernel access to the physical host • Some vulnerable virtual machine applications: Vmchat, VMftp, Vmcat etc. – Denial-of-service risk • Threats: – Unauthorized access to virtual resources – loss of confidentiality, integrity, availability 21
Access Control & Identity Management • Access control: similar to traditional in-house IT network • Proper access control: to address CIA tenets of information security • Prevention of identity theft – major challenge – Privacy issues raised via massive data mining • Cloud now stores data from a lot of clients, and can run data mining algorithms to get large amounts of information on clients • Identity Management (IDM) – authenticate users and services based on credentials and characteristics 22
Application Security • Cloud applications – Web service based • Similar attacks: – Injection attacks: introduce malicious code to change the course of execution – XML Signature Element Wrapping: By this attack, the original body of an XML message is moved to a newly inserted wrapping element inside the SOAP header, and a new body is created. – Cross-Site Scripting (XSS): XSS enables attackers to inject client-side script into Web pages viewed by other users to bypass access controls. – Flooding: Attacker sending huge amount of request to a certain service and causing denial of service. – DNS poisoning and phishing: browser-based security issues – Metadata (WSDL) spoofing attacks: Such attack involves malicious reengineering of Web Services’ metadata description • Insecure communication channel 23
Data Life Cycle Management • Data security – Confidentiality: • Will the sensitive data stored on a cloud remain confidential? • Will cloud compromise leak confidential client data (i.e., fear of loss of control over data) • Will the cloud provider itself be honest and won’t peek into the data? – Integrity: • How do I know that the cloud provider is doing the computations correctly? • How do I ensure that the cloud provider really stored my data without tampering with it? 24
Data Life Cycle Management (contd.) • Availability • Will critical systems go down at the client, if the provider is attacked in a Denial of Service attack? • What happens if cloud provider goes out of business? • Data Location • All copies, backups stored only at location allowed by contract, SLA and/or regulation • Archive • Access latency 25
26 Thank You! 26

Empfohlen

Lecture26 cc-security1
Lecture26 cc-security1Lecture26 cc-security1
Lecture26 cc-security1
Ankit Gupta
 
Week 1 lecture material cc
Week 1 lecture material ccWeek 1 lecture material cc
Week 1 lecture material cc
Ankit Gupta
 
Week2 cloud computing week2
Week2 cloud computing week2Week2 cloud computing week2
Week2 cloud computing week2
Ankit Gupta
 
Mod05lec25(resource mgmt ii)
Mod05lec25(resource mgmt ii)Mod05lec25(resource mgmt ii)
Mod05lec25(resource mgmt ii)
Ankit Gupta
 
Week 3 lecture material cc
Week 3 lecture material ccWeek 3 lecture material cc
Week 3 lecture material cc
Ankit Gupta
 
Week 4 lecture material cc (1)
Week 4 lecture material cc (1)Week 4 lecture material cc (1)
Week 4 lecture material cc (1)
Ankit Gupta
 
Lecture5
Lecture5Lecture5
Lecture5
josephineusha
 
Cloud security
Cloud securityCloud security
Cloud security
Niharika Varshney
 

Empfohlen

Lecture26 cc-security1
Lecture26 cc-security1Lecture26 cc-security1
Lecture26 cc-security1
Ankit Gupta
 
Week 1 lecture material cc
Week 1 lecture material ccWeek 1 lecture material cc
Week 1 lecture material cc
Ankit Gupta
 
Week2 cloud computing week2
Week2 cloud computing week2Week2 cloud computing week2
Week2 cloud computing week2
Ankit Gupta
 
Mod05lec25(resource mgmt ii)
Mod05lec25(resource mgmt ii)Mod05lec25(resource mgmt ii)
Mod05lec25(resource mgmt ii)
Ankit Gupta
 
Week 3 lecture material cc
Week 3 lecture material ccWeek 3 lecture material cc
Week 3 lecture material cc
Ankit Gupta
 
Week 4 lecture material cc (1)
Week 4 lecture material cc (1)Week 4 lecture material cc (1)
Week 4 lecture material cc (1)
Ankit Gupta
 
Lecture5
Lecture5Lecture5
Lecture5
josephineusha
 
Cloud security
Cloud securityCloud security
Cloud security
Niharika Varshney
 
06. security concept
06. security concept06. security concept
06. security concept
Muhammad Ahad
 
03. non-functional-attributes-introduction-4-slides
03. non-functional-attributes-introduction-4-slides03. non-functional-attributes-introduction-4-slides
03. non-functional-attributes-introduction-4-slides
Muhammad Ahad
 
Synchronization in distributed systems
Synchronization in distributed systems Synchronization in distributed systems
Synchronization in distributed systems
SHATHAN
 
Psychology of usable things
Psychology of usable thingsPsychology of usable things
Psychology of usable things
junaid54321
 
System and network administration network services
System and network administration network servicesSystem and network administration network services
System and network administration network services
Uc Man
 
Mod05lec23(map reduce tutorial)
Mod05lec23(map reduce tutorial)Mod05lec23(map reduce tutorial)
Mod05lec23(map reduce tutorial)
Ankit Gupta
 
Tcpip services and applications
Tcpip services and applicationsTcpip services and applications
Tcpip services and applications
Online
 
Class diagram
Class diagramClass diagram
Class diagram
SESP123
 
Service support process ppt
Service support process pptService support process ppt
Service support process ppt
Pawneshwar Datt Rai
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
Avinash Saklani
 
Human computer interaction -Design and software process
Human computer interaction -Design and software processHuman computer interaction -Design and software process
Human computer interaction -Design and software process
N.Jagadish Kumar
 
Sept 2017 network design
Sept 2017 network designSept 2017 network design
Sept 2017 network design
shahin raj
 
OIT552 Cloud Computing Material
OIT552 Cloud Computing MaterialOIT552 Cloud Computing Material
OIT552 Cloud Computing Material
pkaviya
 
IaaS, SaaS, PasS : Cloud Computing
IaaS, SaaS, PasS : Cloud ComputingIaaS, SaaS, PasS : Cloud Computing
IaaS, SaaS, PasS : Cloud Computing
Software Park Thailand
 
MapReduce in Cloud Computing
MapReduce in Cloud ComputingMapReduce in Cloud Computing
MapReduce in Cloud Computing
Mohammad Mustaqeem
 
Transactions and Concurrency Control
Transactions and Concurrency ControlTransactions and Concurrency Control
Transactions and Concurrency Control
Dilum Bandara
 
08. networking
08. networking08. networking
08. networking
Muhammad Ahad
 
Dynamic loading
Dynamic loadingDynamic loading
Dynamic loading
A. S. M. Shafi
 
Communication Patterns Using Data-Centric Publish/Subscribe
Communication Patterns Using Data-Centric Publish/SubscribeCommunication Patterns Using Data-Centric Publish/Subscribe
Communication Patterns Using Data-Centric Publish/Subscribe
Real-Time Innovations (RTI)
 
Multithreading
Multithreading Multithreading
Multithreading
WafaQKhan
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
Falgun Rathod
 
Cloud Cmputing Security
Cloud Cmputing SecurityCloud Cmputing Security
Cloud Cmputing Security
Devyani Vaidya
 

Weitere ähnliche Inhalte

Was ist angesagt?

Communication Patterns Using Data-Centric Publish/Subscribe
Communication Patterns Using Data-Centric Publish/SubscribeCommunication Patterns Using Data-Centric Publish/Subscribe
Communication Patterns Using Data-Centric Publish/Subscribe
Real-Time Innovations (RTI)
 

Was ist angesagt? (20)

06. security concept
06. security concept06. security concept
06. security concept
 
03. non-functional-attributes-introduction-4-slides
03. non-functional-attributes-introduction-4-slides03. non-functional-attributes-introduction-4-slides
03. non-functional-attributes-introduction-4-slides
 
Synchronization in distributed systems
Synchronization in distributed systems Synchronization in distributed systems
Synchronization in distributed systems
 
Psychology of usable things
Psychology of usable thingsPsychology of usable things
Psychology of usable things
 
System and network administration network services
System and network administration network servicesSystem and network administration network services
System and network administration network services
 
Mod05lec23(map reduce tutorial)
Mod05lec23(map reduce tutorial)Mod05lec23(map reduce tutorial)
Mod05lec23(map reduce tutorial)
 
Tcpip services and applications
Tcpip services and applicationsTcpip services and applications
Tcpip services and applications
 
Class diagram
Class diagramClass diagram
Class diagram
 
Service support process ppt
Service support process pptService support process ppt
Service support process ppt
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Human computer interaction -Design and software process
Human computer interaction -Design and software processHuman computer interaction -Design and software process
Human computer interaction -Design and software process
 
Sept 2017 network design
Sept 2017 network designSept 2017 network design
Sept 2017 network design
 
OIT552 Cloud Computing Material
OIT552 Cloud Computing MaterialOIT552 Cloud Computing Material
OIT552 Cloud Computing Material
 
IaaS, SaaS, PasS : Cloud Computing
IaaS, SaaS, PasS : Cloud ComputingIaaS, SaaS, PasS : Cloud Computing
IaaS, SaaS, PasS : Cloud Computing
 
MapReduce in Cloud Computing
MapReduce in Cloud ComputingMapReduce in Cloud Computing
MapReduce in Cloud Computing
 
Transactions and Concurrency Control
Transactions and Concurrency ControlTransactions and Concurrency Control
Transactions and Concurrency Control
 
08. networking
08. networking08. networking
08. networking
 
Dynamic loading
Dynamic loadingDynamic loading
Dynamic loading
 
Communication Patterns Using Data-Centric Publish/Subscribe
Communication Patterns Using Data-Centric Publish/SubscribeCommunication Patterns Using Data-Centric Publish/Subscribe
Communication Patterns Using Data-Centric Publish/Subscribe
 
Multithreading
Multithreading Multithreading
Multithreading
 

Ähnlich wie Lecture27 cc-security2

Cloud complete
Cloud completeCloud complete
Cloud complete
Navriti
 

Ähnlich wie Lecture27 cc-security2 (20)

Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
 
Cloud Cmputing Security
Cloud Cmputing SecurityCloud Cmputing Security
Cloud Cmputing Security
 
Myths of validation
Myths of validationMyths of validation
Myths of validation
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
cloud-complete.ppt
cloud-complete.pptcloud-complete.ppt
cloud-complete.ppt
 
12-cloud-security.ppt
12-cloud-security.ppt12-cloud-security.ppt
12-cloud-security.ppt
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
cloud-complete.ppt
cloud-complete.pptcloud-complete.ppt
cloud-complete.ppt
 
cloud-complete.ppt
cloud-complete.pptcloud-complete.ppt
cloud-complete.ppt
 
cloud-complete.ppt
cloud-complete.pptcloud-complete.ppt
cloud-complete.ppt
 
cloud-complete.ppt
cloud-complete.pptcloud-complete.ppt
cloud-complete.ppt
 
Cloud complete
Cloud completeCloud complete
Cloud complete
 
cloud-complete power point presentation for digital signature
cloud-complete power point presentation for digital signaturecloud-complete power point presentation for digital signature
cloud-complete power point presentation for digital signature
 
Cloud complete
Cloud completeCloud complete
Cloud complete
 
IT Series: Cloud Computing Done Right CISOA 2011
IT Series: Cloud Computing Done Right CISOA 2011IT Series: Cloud Computing Done Right CISOA 2011
IT Series: Cloud Computing Done Right CISOA 2011
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Trust and Cloud computing, removing the need for the consumer to trust their ...
Trust and Cloud computing, removing the need for the consumer to trust their ...Trust and Cloud computing, removing the need for the consumer to trust their ...
Trust and Cloud computing, removing the need for the consumer to trust their ...
 
Trust and Cloud Computing, removing the need to trust your cloud provider
Trust and Cloud Computing, removing the need to trust your cloud providerTrust and Cloud Computing, removing the need to trust your cloud provider
Trust and Cloud Computing, removing the need to trust your cloud provider
 
Trust and Cloud computing, removing the need for the consumer to trust their ...
Trust and Cloud computing, removing the need for the consumer to trust their ...Trust and Cloud computing, removing the need for the consumer to trust their ...
Trust and Cloud computing, removing the need for the consumer to trust their ...
 
IRJET- Continuous Auditing Approach to the Cloud Service Addressing Attri...
IRJET- Continuous Auditing Approach to the Cloud Service Addressing Attri...IRJET- Continuous Auditing Approach to the Cloud Service Addressing Attri...
IRJET- Continuous Auditing Approach to the Cloud Service Addressing Attri...
 

Mehr von Ankit Gupta

Mehr von Ankit Gupta (20)

Biometricstechnology in iot and machine learning
Biometricstechnology in iot and machine learningBiometricstechnology in iot and machine learning
Biometricstechnology in iot and machine learning
 
Week 8 lecture material
Week 8 lecture materialWeek 8 lecture material
Week 8 lecture material
 
Mod05lec24(resource mgmt i)
Mod05lec24(resource mgmt i)Mod05lec24(resource mgmt i)
Mod05lec24(resource mgmt i)
 
Mod05lec22(cloudonomics tutorial)
Mod05lec22(cloudonomics tutorial)Mod05lec22(cloudonomics tutorial)
Mod05lec22(cloudonomics tutorial)
 
Mod05lec21(sla tutorial)
Mod05lec21(sla tutorial)Mod05lec21(sla tutorial)
Mod05lec21(sla tutorial)
 
Lecture29 cc-security4
Lecture29 cc-security4Lecture29 cc-security4
Lecture29 cc-security4
 
Lecture28 cc-security3
Lecture28 cc-security3Lecture28 cc-security3
Lecture28 cc-security3
 
Lecture 30 cloud mktplace
Lecture 30 cloud mktplaceLecture 30 cloud mktplace
Lecture 30 cloud mktplace
 
Week 7 lecture material
Week 7 lecture materialWeek 7 lecture material
Week 7 lecture material
 
Gurukul Cse cbcs-2015-16
Gurukul Cse cbcs-2015-16Gurukul Cse cbcs-2015-16
Gurukul Cse cbcs-2015-16
 
Microprocessor full hand made notes
Microprocessor full hand made notesMicroprocessor full hand made notes
Microprocessor full hand made notes
 
Transfer Leaning Using Pytorch synopsis Minor project pptx
Transfer Leaning Using Pytorch synopsis Minor project pptxTransfer Leaning Using Pytorch synopsis Minor project pptx
Transfer Leaning Using Pytorch synopsis Minor project pptx
 
Intro/Overview on Machine Learning Presentation -2
Intro/Overview on Machine Learning Presentation -2Intro/Overview on Machine Learning Presentation -2
Intro/Overview on Machine Learning Presentation -2
 
Intro/Overview on Machine Learning Presentation
Intro/Overview on Machine Learning PresentationIntro/Overview on Machine Learning Presentation
Intro/Overview on Machine Learning Presentation
 
Cloud computing ebook
Cloud computing ebookCloud computing ebook
Cloud computing ebook
 
java program assigment -2
java program assigment -2java program assigment -2
java program assigment -2
 
java program assigment -1
java program assigment -1java program assigment -1
java program assigment -1
 
Other software processes (Software project Management)
Other software processes (Software project Management)Other software processes (Software project Management)
Other software processes (Software project Management)
 
Function and class templates
Function and class templatesFunction and class templates
Function and class templates
 
software project management
software project managementsoftware project management
software project management
 

Kürzlich hochgeladen

Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power Play
Epec Engineered Technologies
 
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.ppt
MsecMca
 
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
amitlee9823
 
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
roncy bisnoi
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Kandungan 087776558899
 
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ssuser89054b
 
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Arindam Chakraborty, Ph.D., P.E. (CA, TX)
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
 

Kürzlich hochgeladen (20)

Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power Play
 
Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...
Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...
Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...
 
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
 
2016EF22_0 solar project report rooftop projects
2016EF22_0 solar project report rooftop projects2016EF22_0 solar project report rooftop projects
2016EF22_0 solar project report rooftop projects
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.ppt
 
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
 
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
 
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptx
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
 
A Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna MunicipalityA Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna Municipality
 
Employee leave management system project.
Employee leave management system project.Employee leave management system project.
Employee leave management system project.
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghly
 
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 

Lecture27 cc-security2

  • 1. CLOUD COMPUTING CLOUD SECURITY II PROF. SOUMYA K. GHOSH DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING IIT KHARAGPUR
  • 2. Cloud Computing • Cloud computing is a new computing paradigm, involving data and/or computation outsourcing, with – Infinite and elastic resource scalability – On demand “just-in-time” provisioning – No upfront cost … pay-as-you-go • Use as much or as less you need, use only when you want, and pay only what you use 2
  • 3. Economic Advantages of Cloud Computing • For consumers: – No upfront commitment in buying/leasing hardware – Can scale usage according to demand – Minimizing start-up costs • Small scale companies and startups can reduce CAPEX (Capital Expenditure) • For providers: – Increased utilization of datacenter resources 3
  • 4. Why aren’t Everyone using Cloud? Clouds are still subject to traditional data confidentiality, integrity, availability, and privacy issues, plus some additional attacks 4
  • 6. Survey on Potential Cloud Barriers Source: IDC Ranking Security Challenges 6
  • 7. Why Cloud Computing brings New Threats? • Traditional system security mostly means keeping attackers out • The attacker needs to either compromise the authentication/access control system, or impersonate existing users • But cloud allows co-tenancy: Multiple independent users share the same physical infrastructure – An attacker can legitimately be in the same physical machine as the target • Customer’s lack of control over his own data and application. • Reputation fate-sharing 7
  • 8. Security Stack • IaaS: entire infrastructure from facilities to hardware • PaaS: application, middleware, database, messaging supported by IaaS – Customer-side system administrator manages the same with provider handling platform, infrastructure security • SaaS: self contained operating environment: content, presentation, apps, management – Service levels, security, governance, compliance, liability, expectations of the customer & provider are contractually defined IncreaseinProvider’sSecurity Responsibility IncreaseinCustomer’sSecurity Responsibility 8
  • 9. Sample Clouds Source: “Security Guidance for Critical Areas of Focus in Cloud Computing” v2.1, p.18 9
  • 10. Gartner’s Seven Cloud Computing Security Risks • Gartner: – http://www.gartner.com/technology/about.jsp – Cloud computing has “unique attributes that require risk assessment in areas such as data integrity, recovery and privacy, and an evaluation of legal issues in areas such as e- discovery, regulatory compliance and auditing,” Gartner says • Security Risks – Privileged User Access – Regulatory Compliance & Audit – Data Location – Data Segregation – Recovery – Investigative Support – Long-term Viability 10
  • 11. Privileged User Access • Sensitive data processed outside the enterprise brings with it an inherent level of risk • Outsourced services bypass the “physical, logical and personnel controls” of traditional in-house deployments. • Get as much information as you can about the people who manage your data • “Ask providers to supply specific information on the hiring and oversight of privileged administrators, and the controls over their access,” Gartner says. 11
  • 12. Regulatory Compliance & Audit • Traditional service providers are subjected to external audits and security certifications. • Cloud computing providers who refuse to undergo this scrutiny are “signaling that customers can only use them for the most trivial functions,” according to Gartner. • Shared infrastructure – isolation of user-specific log • No customer-side auditing facility • Difficult to audit data held outside organization in a cloud – Forensics also made difficult since now clients don’t maintain data locally • Trusted third-party auditor? 12
  • 13. Data Location • Hosting of data, jurisdiction? • Data centers: located at geographically dispersed locations • Different jurisdiction & regulations – Laws for cross border data flows • Legal implications – Who is responsible for complying with regulations (e.g., SOX, HIPAA, etc.)? – If cloud provider subcontracts to third party clouds, will the data still be secure? 13
  • 14. Data Segregation • Data in the cloud is typically in a shared environment alongside data from other customers. • Encryption is effective but isn’t a cure-all. “Find out what is done to segregate data at rest,” Gartner advises. • Encrypt data in transit, needs to be decrypted at the time of processing – Possibility of interception • Secure key store – Protect encryption keys – Limit access to key stores – Key backup & recoverability • The cloud provider should provide evidence that encryption schemes were designed and tested by experienced specialists. • “Encryption accidents can make data totally unusable, and even normal encryption can complicate availability,” Gartner says. 14
  • 15. Recovery • Even if you don’t know where your data is, a cloud provider should tell you what will happen to your data and service in case of a disaster. • “Any offering that does not replicate the data and application infrastructure across multiple sites is vulnerable to a total failure,” Gartner says. Ask your provider if it has “the ability to do a complete restoration, and how long it will take.” • Recovery Point Objective (RPO): The maximum amount of data that will be lost following an interruption or disaster. • Recovery Time Objective (RTO): The period of time allowed for recovery i.e., the time that is allowed to elapse between the disaster and the activation of the secondary site. • Backup frequency • Fault tolerance – Replication: mirroring/sharing data over disks which are located in separate physical locations to maintain consistency – Redundancy: duplication of critical components of a system with the intention of increasing reliability of the system, usually in the case of a backup or fail-safe. 15
  • 16. Investigative Support • Investigating inappropriate or illegal activity may be impossible in cloud computing • Monitoring – To eliminate the conflict of interest between the provider and the consumer, a neural third-party organization is the best solution to monitor performance. • Gartner warns. “Cloud services are especially difficult to investigate, because logging and data for multiple customers may be co-located and may also be spread across an ever-changing set of hosts and data centers.” 16
  • 17. Long-term Viability • “Ask potential providers how you would get your data back and if it would be in a format that you could import into a replacement application,” Gartner says. • When to switch cloud providers ? – Contract price increase – Provider bankruptcy – Provider service shutdown – Decrease in service quality – Business dispute • Problem: vendor lock-in 17
  • 18. Other Cloud Security Issues… • Virtualization • Access Control & Identity Management • Application Security • Data Life Cycle Management 18
  • 19. Virtualization • Components: – Virtual machine (VM) – Virtual machine manager (VMM) or hypervisor • Two types: – Full virtualization: VMs run on hypervisor that interacts with the hardware – Para virtualization: VMs interact with the host OS. • Major functionality: resource isolation • Hypervisor vulnerabilities: – Shared clipboard technology– transferring malicious programs from VMs to host 19
  • 20. Virtualization (contd…) • Hypervisor vulnerabilities: – Keystroke logging: Some VM technologies enable the logging of keystrokes and screen updates to be passed across virtual terminals in the virtual machine, writing to host files and permitting the monitoring of encrypted terminal connections inside the VM. – Virtual machine backdoors: covert communication channel – ARP Poisoning: redirect packets going to or from the other VM. • Hypervisor Risks – Rogue hypervisor rootkits • Initiate a ‘rogue’ hypervisor • Hide itself from normal malware detection systems • Create a covert channel to dump unauthorized code 20
  • 21. Virtualization (contd…) • Hypervisor Risks – External modification to the hypervisor • Poorly protected or designed hypervisor: source of attack • May be subjected to direct modification by the external intruder – VM escape • Improper configuration of VM • Allows malicious code to completely bypass the virtual environment, and obtain full root or kernel access to the physical host • Some vulnerable virtual machine applications: Vmchat, VMftp, Vmcat etc. – Denial-of-service risk • Threats: – Unauthorized access to virtual resources – loss of confidentiality, integrity, availability 21
  • 22. Access Control & Identity Management • Access control: similar to traditional in-house IT network • Proper access control: to address CIA tenets of information security • Prevention of identity theft – major challenge – Privacy issues raised via massive data mining • Cloud now stores data from a lot of clients, and can run data mining algorithms to get large amounts of information on clients • Identity Management (IDM) – authenticate users and services based on credentials and characteristics 22
  • 23. Application Security • Cloud applications – Web service based • Similar attacks: – Injection attacks: introduce malicious code to change the course of execution – XML Signature Element Wrapping: By this attack, the original body of an XML message is moved to a newly inserted wrapping element inside the SOAP header, and a new body is created. – Cross-Site Scripting (XSS): XSS enables attackers to inject client-side script into Web pages viewed by other users to bypass access controls. – Flooding: Attacker sending huge amount of request to a certain service and causing denial of service. – DNS poisoning and phishing: browser-based security issues – Metadata (WSDL) spoofing attacks: Such attack involves malicious reengineering of Web Services’ metadata description • Insecure communication channel 23
  • 24. Data Life Cycle Management • Data security – Confidentiality: • Will the sensitive data stored on a cloud remain confidential? • Will cloud compromise leak confidential client data (i.e., fear of loss of control over data) • Will the cloud provider itself be honest and won’t peek into the data? – Integrity: • How do I know that the cloud provider is doing the computations correctly? • How do I ensure that the cloud provider really stored my data without tampering with it? 24
  • 25. Data Life Cycle Management (contd.) • Availability • Will critical systems go down at the client, if the provider is attacked in a Denial of Service attack? • What happens if cloud provider goes out of business? • Data Location • All copies, backups stored only at location allowed by contract, SLA and/or regulation • Archive • Access latency 25