Cloud Computing Security Research - PowerPoint PPT Presentation

Cloud Computing Security Research
1 / 22

  • Uploaded on
  • Presentation posted in: General

Cloud Computing Security Research. Shane Fry NSA September 28, 2011. Overview. Who am I? What is vulnerability analysis? What is the cloud? Who is the cloud? What are the security concerns? What are some malicious uses of the cloud?. Who am I?. What is Vulnerability Analysis?.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

Cloud Computing Security Research

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Cloud computing security research

Cloud Computing Security Research

Shane Fry


September 28, 2011



Who am I?

What is vulnerability analysis?

What is the cloud?

Who is the cloud?

What are the security concerns?

What are some malicious uses of the cloud?

Who am i

Who am I?

What is vulnerability analysis

What is Vulnerability Analysis?

  • Looking for vulnerabilities in software, hardware, or entire systems.

  • The goal:

    • Improve the security of hardware/software/systems

    • Create configuration guidance to mitigate vulnerabilities

  • Two kinds of vulnerability analysis

    • Black box

    • White box

What is vulnerability analysis1

What is Vulnerability Analysis?

Vulnerability analysis strategy

Vulnerability Analysis Strategy

Black box testing

Black box testing


No source code

Tests boundaries between components

Limited code coverage

Reverse Engineer code to determine where the problem code is, and what is going wrong

White box testing

White box testing

  • Time consuming

  • Greater code coverage

  • Static source code analysis

    • Automated

    • Manual

  • Specific tests for suspected problem code

Grey box testing

Grey box testing

  • Uses both White box and Black box techniques:

    • Fuzzing

    • Reverse Engineering

    • Source code analysis

Cloud computing security research

What do you think the cloud is?

Nist definition

NIST Definition

On-demand self-service

Broad network access

Resource pooling

Rapid elasticity

Measured service


Nist definition1

NIST Definition

Visual Model of NIST Working Definition of Cloud Computing








What is the cloud

What is the cloud?

  • Storage

    • Cheap

    • Distributed

    • Automated backups

  • Computing

    • Cheap

    • Scalable

    • No infrastructure to manage

  • Usually both are employed

Who is the cloud

Who is the cloud?


Security concerns

Security Concerns

What do you think the security concerns are when using the cloud?

Security concerns1

Security Concerns

  • Data center location

  • Network perimeter security

    • Packet replay attacks

    • Information disclosure

  • Infrastructure security

    • Patch process

    • Underlying protocol security

Security concerns2

Security Concerns

  • Physical security

  • Backup location

  • File scrubbing

    • Persistent data storage

    • VM Images

  • VM Image Security

    • OS Security

    • Known good state

    • Modified base image

Cloud architecture

Cloud Architecture

Malicious use

Malicious Use

WPA cracking [4]

Password cracking [5]

DDoS attacks [3]

Botnets [3]

Cloud computing security research











Cloud computing security research


  • Login