1 / 23

Security Issues for Cloud and Future Networks

This presentation discusses the common security challenges and issues in cloud computing and future networks, as well as approaches and solutions to address them. The need for new security engineering is also explained.

briancurtis
Download Presentation

Security Issues for Cloud and Future Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 2nd SG 13 Regional Workshop for Africa on“Future Networks: Cloud Computing, Energy Saving, Security & Virtualization” (Tunis, Tunisia, 28 April 2014) Security Issues for Cloud and Future Networks Noureddine Boudriga, Director CN&S, University of Carthage Noure.boudriga2@gmail.com

  2. Talk Objectives Present a discussion of common fundamental challenges and issues/characteristics of cloud computing and future networks Identify security and privacy issues challenging future networks Discuss approaches to address the security issues Explain the need for a new security engineering

  3. Summary • Introduction • Security Issues in Cloud Computing • Security and Privacy Issues in Future Networks • Security Solutions • Towards new security engineering • Global Cybersecurity

  4. 1. Introduction • “Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources” (NIST) • Attributes: Rapid deployment, Low startup costs/ capital investments, Costs based on utilization or subscription, Multi-tenant sharing of services/resources • Characteristics: On demand service, Ubiquitous network access, Location independent resource pooling, Rapid elasticity.

  5. Introduction: Cloud and FN Models • Delivery Models: • SaaS, PaaS, and IaaS, for cloud • Service Delivery workflows and control, services’ Brokering and composition, and Flow and Content mapping to Services, for FN • Deployment Models: Private, Community, Public, Hybrid • Management Models: Self-managed or 3rd party managed (e.g. public clouds, VPN/C)

  6. Introduction: features • Common features: massive concentration of shared resources and an important emergence of risk, since any loss from a single breach can significantly affect larger structures/pools. • Additional features for FNs: a massive data to transmit, a massive traffic to relay, a large node mobility • Hidden concepts: network topology, perimeter, traffic granularity.

  7. 2. Security Issues in Cloud Computing • Notorious threats include: • Data Breaches, Data Loss, Account or Service Traffic Hijacking, Insecure Interfaces and APIs, Denial of Service • Malicious Insiders, Abuse of Cloud, Services Insufficient due Diligence, Shared Technology Vulnerabilities • Most security problems stem from: Loss of control, weak trust relationships, and Multi-tenancy. • Problems exist mainly with 3rd party management models. Little involvement of the operators

  8. Security issues: loss of control • Data, applications, and resources are located within the provider controlled infrastructure • Customer identity management is handled by the cloud. Cyustomer access control rules, security policies, and enforcement are managed by the cloud provider • Consumer relies on provider to address: Data security and Privacy, Resource availability control, Monitoring of resources, and Repairing.

  9. Security issues: weak trust relashionships • Trust relationships at any point of the delivery chain may be weak due to the loss of control in passing sensitive data • Trust along the delivery chain from customer to cloud providers may be non transitive due to the lack transparency • The lack of consensus about what trust management techniques should be utilized for cloud environments • Standardized trust models are needed; but, none of trust models related to data is acceptable

  10. Security issues: Multi-tenancy • Conflict between tenants’ opposing goals and goals • Tenants can share pools of resources and apply conflicting rules • Limited efficiency techniques to provide separation/interoperation between tenants • Cloud Computing brings new threats • Multiple independent users share the same physical infrastructure • Attackers can legitimately be managed by the same physical machine as their target

  11. 3. Security and Privacy Issues in FNs Availability: Questions about what happens for customer critical systems/data, if the provider is attacked or when it goes out of business. Confidentiality: Questions about whether the sensitive/private data stored (on a cloud, for instance) remain confidential, and about leaking of confidential customer information Integrity: Questions about How the cloud/FN provider performs correctly integrity computations, and How the cloud provider really stores user data without altering it.

  12. Security and Privacy issues Massive data mining: Providers store data from a large number of customers, and run data mining algorithms to retrieve large amounts of information. New classes of harmful attacks: Attackers can target the communication link between provider and customer, and Provider employees can be phished Digital forensics: Audit data and forensics are hard to perform since customers don’t maintain data locally. Legal and transitive trust issues: Who is responsible for complying with regulations.

  13. Security and privacy issues in FNs AT the customer side, an attacker can Learn passwords/authentication information and gain control of the VMs, if any At the provider side, an attacker can Log customer communication, read non encrypted data, look into VMs, make copies of VMs, or monitor network communication and application patterns. External attackers can Listen to network traffic, Insert malicious traffic, Investigate (cloud) structure, or launch DoS, Intrusion, and Network analysis.

  14. 4. Security solutions • Minimize Loss of Control • Activity Monitoring (e.g. payment, delegation, usage, and storage control) • Access control and interoperation management • Minimize the weakness of Trust relationships • Security Policy (description language, policy validation, and conflict mgt) • Certification infrastructure (integrity and authentication) • Identity Management, Coordination and interoperation of Multi-tenancy

  15. Security solutions: Monitoring • Provide mechanisms that enable the providers to act on the attacks they can handle: • infrastructure remapping and fault repairing • shutting down offending components or targets • Provide mechanisms that enable the consumer to act on attacks targeting application-level. • Risk-adaptable Access Control • Provide ability to move the user’s application to another provider

  16. Security solutions: Identity management IdM in traditional application-centric model assumes each application to keep track of identifying information of its users. Existing systems assume the availability of a trusted third party. Users have multiple accounts associated with multiple service providers (in cloud). Sharing sensitive identity information between services can lead to undesirable mapping of the identities to the user.

  17. Security solutions: goals for IdM Authenticate without disclosing identifying information Ability to securely use a service while on an untrusted host (VM on the cloud) Minimal disclosure and minimized risk of disclosure during communication between user and service provider (Man in the Middle, Side Channel and Correlation Attacks) Protection of Identity Information in Cloud and FNs without Trusted Third Party

  18. 5. Towards new security engineering Challenges: techniques for: • Identifying cloud security-critical assets and evaluating the costs of their breaches. • Identifying potential future network security threats and evaluating their feasibility. • Identifying feasible (cloud) protections & countermeasures and evaluate their adequacy • Verifying proper implementation, security policy, and investigating incidents • Modelling threats and developing a useful framework for security measurement.

  19. Towards new security engineering • Major tasks to perform: • Design and analysis of robust security solution; • Estimate solution costs, risk evolution • Build techniques coping with “infinity” • Tools for the analysis of robustness. • Major models to provide: • Security policy models • Threat evolutionary modeling • Verification, validation models • Visibility modeling.

  20. 6. Security Cybersecurity: challenges Security breaches will be constant Password-based security will become essentially useless. Most services should offer a multi-factor authentication capability Mobile (smartphones) are used by people with minimal technical skill, virtually no attention to security. Cloud failures will result in substantial data loss. Security-as-a-Service becomes a new cloud market. Nation-state cyberwar escalates. Rogue nations use cybercrime

  21. Global Cybersecurity: Objectives To create an assurance framework for design of security policies and promotion and enabling actions for compliance to global security standards To strengthen the Regulatory Framework for ensuring a SECURE CYBERSPACE To create workforce of skilled professionals To enable Protection of information while in process, handling, storage & transit To enable effective prevention, investigation and prosecution of cybercrimes

  22. GCS: Security factors limiting cloud and FN usage in Africa • IT experts estimate an 80 infection rate on all PCs continent-wide (in Africa) including government computers. • As internet and cloud penetration increases across Africa, so does the risk of sophisticated cyber-attacks, threatening African nations' security • Increasing bandwidth and use of wireless technologies • Lack of cyber security awareness. Ineffec-tive legislation and policies, Insufficient operator involvement.

  23. Conclusion Cloud computing is evolving and future networks are merging Need for a new role for SPs and network oprators, as part of Cyber Security ecosystem. Need Extend the role of Computing incident Response Team

More Related