Security Framework For Cloud Computing. - Sharath Reddy Gajjala. INTRODUCTION. Cloud computing emerged as modern technology and considered as next big thing to come. It has grown up from just being a concept to a major part of IT industry. So requires new security issues and new challenges
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Security Framework For Cloud Computing -Sharath Reddy Gajjala
INTRODUCTION • Cloud computing emerged as modern technology and considered as next big thing to come. • It has grown up from just being a concept to a major part of IT industry. • So requires new security issues and new challenges • Changed the entire process of distributed computing.
INTRODUCTION • Generally works on three type of architecture namely. • SaaS (Software as a Service) • PaaS (Platform as a Service) • IaaS (Infrastructure as a Service) • Different issue and challenges with each technology.
Software as a Service (SaaS) • Hosts and manages a given application in their data center. • Makes it available to multiple users over the web. • Examples: • Oracles CRM on Demand, Salesforce.com
Platform as a Service (PaaS) • Application development and deployment platform for developers. • No cost and complexity of buying and managing the infrastructure. • All the facilities required for lifecycle are entirely available. • Includes Database, Middleware, development tools and infrastructure software. • Google App engine and Engine yard
Infrastructure as a Service (IaaS) • Delivery of hardware and software as a service. • Does not require any long-term commitment. • Allows users to provision resourseson demand.
Security Challenges • Cloud Service Security Accidents in Recent Years: • March 2009 Google leaked a large no of documents. Microsoft Azure stopped working for 22 hours. • April 2011 Amazon EC2 service disruptions Influences on the service of Quora, Reddit etc. • Caused a great loss even devastating blow.
Threats To Cloud Computing • Changes to business model • Abusive use of cloud computing • Insecure interfaces and API • Malicious insiders • Shared technology issues • Data loss and leakage • Service hijacking • Risk profiling • Identity theft
Attacks on Cloud Computing • Zombie Attack • Service injection attack • Attacks on virtualization • Man-in-the Middle attack • Metadata spoofing • Phishing • Backdoor channel attack
Proposed Security Model • User can be certified by 3rd party CA • Issued token for service by End User Service Portal. • User can use services provided by single service provider. • EUSP provides secure access control using VPN (Virtual Private Network) and cloud service managing and configuration.
Framework For Secure Cloud Computing • Based on security model • Describes each component • Apply needed technologies for implementation between components. • Access control process is done on each component for providing flexible service.
Framework Components • Client • End-User Service Portal • Single sign-on (SSO) • Service Configuration • Service Gateway, Service Broker • Security Control • Security Management • Trust Management • Service Monitoring
Conclusion • Cloud computing is a technology of rapid development. • Security is the main obstacle which must be solved. • security is not just a technical problem it also involves standardization, Supervising mode, laws and regulations and many other aspects. • Future research should be directed towards management of risks, developing risk assessment.