Cloud Computing - PowerPoint PPT Presentation

About This Presentation
Title:

Cloud Computing

Description:

... (TPM). The TPM is a cryptographic component that provides a root of trust for building a trusted computing base. – PowerPoint PPT presentation

Number of Views:602
Avg rating:3.0/5.0
Slides: 32
Provided by: csUccsEd7
Learn more at: http://cs.uccs.edu
Category:
Tags: cloud | computing

less

Transcript and Presenter's Notes

Title: Cloud Computing


1
Cloud Computing Security Issues
University of Colorado at Colorado
Springs Engineering Applied Science Department
Prepared by Hamoud Al-Shammari
CS6910 Professor Chow
July 25, 2011
2
First Part
  • What is Cloud Computing?
  • Layers of Cloud Computing.
  • Technical Security Issues in Cloud Computing.
  • Second Part
  • What are the problems?
  • Opportunities for Advancement.
  • The Idea of PVI model.

3
What is Cloud Computing?
  • It is a new paradigm for the provision of
    computing services.
  • Shifting the location of these services to the
    network causes reducing the costs of hardware and
    software resources.

4
Models of Cloud Computing
  • 1- Software as a Service.
  • 2- Platform as a Service.
  • 3- Infrastructure as a Service.

5
Models of Cloud Computing
  • 1- Software as a Service
  • Provides users to use the applications online.
  • Ex www.zoho.com
  • Mail, Writer, Projects etc.

6
Models of Cloud Computing
  • 2- Platform as a Service
  • To control the hosting environments to specific
    needs.
  • Ex Google App Engine to deploy and dynamically
    scale Python and Java based web applications.

7
Models of Cloud Computing
  • 3- Infrastructure as a Service (IaaS)
  • Provides basic infrastructure components such as
    CPU, memory and storage.
  • Ex Amazons Elastic Compute Cloud (EC2).

8
(No Transcript)
9
Two main technologies are used to access these
three Cloud services
  • 1- Web-Services
  • Provide access to (IaaS)
  • 2- Web-Browsers
  • Provide access to (SaaS)
  • Both provide the access to (PaaS)

10
Why we use Cloud Computing?
  • To reduce the costs (Pay As You Go)
  • 1- To reduce hardware costs (IaaS).
  • 2- To reduce software license costs (SaaS),
    (PaaS).
  • To support the Scalable Systems
  • - To NOT worry about increasing of users and
    requests.

11
Some Technical Security Issues in Cloud Computing
  • Cloud Security issues focus on
  • 1- Confidentiality.
  • 2- Integrity.
  • 3- Authentication.
  • Two places that must be secure in Cloud which
    are
  • 1- Web-Services (WS).
  • 2- Web-Browser (WB).

12
1- Web-Service Security
  • WS-Security it is a mechanism for web service
    working in message level.
  • How to provide Confidentiality, Integrity, and
    Authentication for messages?
  • 1- By using XML signature
  • For XML fragments to be digitally signed to
    ensure integrity and authentication.
  • 2- By using XML Encryption
  • For XML fragments to be encrypted to ensure data
    confidentiality.

13
2- Web-Browser Security
  • Also works with
  • 1- XML Signature.
  • 2- XML Encryption.
  • Modern Web-Browser are using AJAX techniques
    (Asynchronous Java Scripts and XML) to develop
    platform independent I/O tools.
  • New names for that techniques (Web Applications,
    Web 2.0, or SaaS).

14
3- Transport Layer Security (TLS) OR Secure
Sockets Layer (SSL)
  • 1- Record Layer
  • Encrypts/Decrypts TCP data stream.
  • 2- TLS Handshake
  • Used to authenticate the server and the client.
  • SSL became the most important cryptographic
    protocol worldwide, because it is implemented in
    every web browser.

15
4- Cloud Malware Injection Attack
  • Attacker adds his own system to the Cloud system.
  • To Solve the PROBLEM
  • Store a hash value in the cloud and compare any
    new service or request with the hash value.
  • WHAT if the attacker can create a valid hash
    value !!!

16
5- Flooding Attacks
  • Attacker sends a huge amount of nonsense requests
    to a certain service which make the problem by
    having the data traffic of different time zones
    operated by the same server.
  • That cause, the servers will NOT serve the other
    requests from another users.
  • To Solve The PROBLEM
  • Cloud Computing enables a dynamic adaptation of
    hardware requirements to the actual workload
    occurring by using Virtual Machines (VM).

17
Second Part What are the problems?
18
What is the problem with Web-Services?
  • XML Signature Element Wrapping
  • SOAP messages are generally transmitted through
    HTTP protocol with an XML format.
  • Attacker is able to manipulate a SOAP messages by
    copying the target element and inserting another
    value and moving the original element to
    somewhere on the SOAP message.
  • To Solve The Problem
  • Using a combination of WS-Security with XML
    signature to sign particular element and digital
    certificated such as X.509.
  • Create a list of elements that is used in the
    system, and reject any other messages.

19
What is the problem with Web-Browser?
  • The web-Browsers are not able to apply
    WS-Security concepts (XML signature and XML
    encryption).
  • BECAUSE
  • 1- Data can only be encrypted through (TLS)
  • which is Transport Layer Security.
  • 2- XML signatures are only used within the (TLS)
  • handshake.

20
What is the problem with TSL/SSL?
  • The TSL/SSL technique is point-to-point.
  • Messages will be Encrypted and Decrypted many
    times in the process.
  • possibility of breaking the security between the
    browser and the clouds.
  • Then, attacker can get the DECRYPTED message and
    change it !

21
Opportunities for Advancement
  • 1- For the problems in Web-Browsers / SSL
  • Create new web browsers that apply WS-Security
    concepts.
  • The WS-Security works in message level, so it
    appears to be more suitable than SSL/TLS.
  • Then, these web browsers are able to use XML
    Encryption in order to provide end-to-end
    encryption in SOAP messages.

22
Opportunities for Advancement
  • 2- Private Virtual Infrastructure (PVI)
  • Usually, cloud computing place an organizations
    data in the control of a third party.
  • PVI model is designed to separate the duties
    between the users and the providers
  • 1- The PVI datacenter is under control of the
  • information owner.
  • 2- The cloud fabric is under control of the
    service provider.

23
Opportunities for Advancement
  • Private Virtual Infrastructure (PVI)
  • Client CANNOT manipulate the security settings of
    the fabric.
  • Client CAN remove, destroy, or lock down their
    data at any time.
  • The Service Level Agreement (SLA) between the
    user and the provider determines the
    responsibilities of all parties.
  • In this model Client needs to
  • 1- Vision into the security settings and
    configuration of the fabric.
  • 2- Communicate to VPI through virtual private
    network and all
  • links should be encrypted with tunnels like
    SSL.

24
Opportunities for Advancement
  • Private Virtual Infrastructure (PVI)
  • Trusted Computing
  • Providers are required to use trusted computing
    technologies, so organizations can verify their
    security posture in the cloud and control their
    information.
  • The key component here is Trusted Platform Model
    (TPM) which is a cryptographic component that
    stores cryptographic keys.
  • Cryptographic keys can be used to attest the
    operating state of the platform.
  • Platform Configuration Registers (PCRs) are
    places where cryptographic keys are stored in.

25
Opportunities for Advancement
  • Private Virtual Infrastructure (PVI)
  • Trusted Computing
  • PROBLEM with TPM it only works for
    non-virtualized environment.
  • Virtual TPM (VTPM) is implemented by providing
    software instances of TPMs for each virtual
    machine.
  • The developers here developed an architecture
    that secures each VM by coupling a VTPM in its
    own sub domain called Locator Bot (LoBot).
  • LoBot allows each VM to be verifiable by its
    owner and provide secure provisioning and
    migration of the VM within the cloud as well.

26
Opportunities for Advancement
  • Private Virtual Infrastructure (PVI)
  • Five Tenets of Cloud Computing
  • 1- Trusted Cloud Platform the provider needs to
    provide security services

  • which protect and monitor the fabric.
  • 2- PVI Factory
  • - The most sensitive component of PVI.
  • - It is the root authority for
  • - Provisioning.
  • - VTPM key generation.
  • - Certificate generation management.
  • - Should be under full control of the
    information owner.
  • - It serves as the controller and policy
    decision point for the PVI.

27
Opportunities for Advancement
  • Private Virtual Infrastructure (PVI)
  • 3- Measurement and Secure Provisioning
  • Providers must allow clients transparent insight
    into their infrastructures.
  • LoBot can perform the fabric pre-measurement
    which allows PVI to share the responsibility of
    security management.
  • LoBot is a VM architecture and secure transfer
    protocol based on VTPM.
  • 4- Secure Shutdown and Data Destruction
  • This process is required to ensure all sensitive
    data is removed before new processes are allowed
    to run on it.
  • The PROBLEM the VM do not provide that, so the
    authors recommended to enclose that on future VM
    monitors or through LoBot.

28
Opportunities for Advancement
  • Private Virtual Infrastructure (PVI)
  • 5- Monitoring and Auditing
  • LoBot provide continuous monitoring of the cloud
    environment.
  • Clients provide the auditing process.
  • But with that number of users and amount of
    information the legal using of the information
    will be decreased.
  • The authors recommend the sharing of auditing
    responsibilities between the service providers
    and clients.
  • Locator Bot (LoBot) is the authors architecture
    and protocol for secure provisioning and secure
    migration of virtual machines within an IaaS
    cloud. LoBot provides many other security
    features for PVI such as environmental
    monitoring, tamper detection and secure shutdown.

29
Conclusion
  • Two main technical security points
  • 1. WS-Security Mechanism
  • XML Signature.
  • XML Encryption.
  • With developing new browsers this mechanism might
    be applied.
  • 2. Private Virtual Infrastructure (PVI) Model
  • Duties between provider and client.
  • Locator Bot (LoBot).
  • Because users are part of the solution, this
    model will face many problems to be applied well.

30
References
  • Cloud Computing Security Risk. LaQuata Sumter,
    Department of Computer and Information Sciences.
    Florida AM University.
  • Infrastructure As A Service Security Challenges
    and Solutions. Wesam Dawoud, Ibrahim Takouna,
    Christoph Meinel, Hasso Platter Institute.
    Postdam, Germany.
  • On Technical Security Issues in Cloud Computing.
    M. Jensen, J. Schwenk. Horst Gortz Institute for
    IT Security, Ruhr University Bochum, Germany.
  • Private Virtual Infrastructure for Cloud
    Computing. F. John Krautheim. University of
    Maryland.
  • Security Issues In Cloud Computing and
    Countermeasures. D. Jamil, H. Zaki. University of
    Engineering and Technology. Karachi, Pakistan.

31
Cloud Computing Security Issues
Thank you
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Cloud Computing" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!