1 / 32

Cloud Computing Security

Cloud Computing Security. Ritesh Kotekar Udupa. Topics to be discussed. What is a cloud? Advantages of the cloud computing Service & Deployment models Levels of Security Security Concerns Identity Management InterCloud Identity Management Infrastructure Summary. What is a cloud?.

rune
Download Presentation

Cloud Computing Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cloud Computing Security RiteshKotekarUdupa

  2. Topics to be discussed What is a cloud? Advantages of the cloud computing Service & Deployment models Levels of Security Security Concerns Identity Management InterCloud Identity Management Infrastructure Summary

  3. What is a cloud? Virtualized pool: Dynamically scalable shared resources accessed over a network • Resources: Storage, Computing, services, etc. • Shared internally or with other customers • Only pay for what you use

  4. Advantages of the cloud computing • Reduced Costs • Efficient Resource Sharing • Easy Expansion • More Mobility • Consumption based costs • Instant software updates • Contribution to Green computing • Reducing the consumption of electricity • Reducing emissions that damage the environment.

  5. Service Model • SaaS (Software as a Service) • PaaS (Platform as a Service) • IaaS (Infrastructure as a Service)

  6. Service Model • Productivity and collaboration apps • Eg: Google Apps • CRM apps • Eg: Impel CRM, Salesforce.com, Microsoft Dynamics. • Cloud based Storage and Sharing services Eg: Dropbox, Skydrive, Amazon S3, Google Docs.

  7. Service Model • Individual Development Platforms • GAE  - Individual Java, Python developers. • Microsoft Windows Azure  - ASP.Net (C#, VB.Net) • Amazon’s  Beanstalk - for Java developers • Heroku - Facebook apps creation. • PHP Fog and CloudControl - PHP. • Multi-language application platform • DotCloud.

  8. Service Model Virtualization Eg: VMware, VirtualPC, VirtualBox, Amazon EC2 (Elastic Compute Cloud) - Execution on a virtual computer (instance). - Configuration of CPU, memory & storage. Cloud Infrastructure Eg: Servers, Storage, routers etc

  9. Deployment Models Public Cloud Private Cloud Community Cloud Hybrid Cloud

  10. Levels of Security[7] • Physical Controls • Access Controls • Video Surveillance • Background Checks • Facility Level • Network Level • OS & Application Level • Data Level Lists • Multilayer Firewalls • Intrusion Detection • 128 bit TLS Encryption • Dual Factor Authentication • Access Control Lists • User Level Access • File/Data Integrity • ADFS & SAML • Access Control & monitoring (AD) • Antimalware & Anti Spam • Patch & Configuration Management • Secure Engineering

  11. Security Concerns [1] • Confidentiality • Integrity • Availability • Privacy • Authentication • Control • Audit

  12. Confidentiality in the cloud [1] • Virtual Physical Isolation • Encrypted Storage

  13. Availability [1] • Annual Uptime Percentage • QoS Guarantee • Strategies • Hardening • Redundancy

  14. Authentication • Every website/app needs credentials • Username/Email • Password • Resulting Problems • So many apps so many passwords!! • Indentity Scattered • Trust • Is there a solution?

  15. OpenID - Identity Management [5] • Sharing single identity with different consumers • Decentralized • Some OpenID Providers • Google, Facebook, IBM, MySpace, VeriSign, Yahoo • End User Privacy is not presently explicitly addressed

  16. Single Sign-On – Identity Management [4] • Authentication done only once • Access to Multiple Applications •  Switch applications during a particular session • Eg: Google

  17. Single Sign On - Flow Chart

  18. SAML(Security Assertion Markup Language) [2],[6] • IdM using IdP/SP Model • End user • User Agent • Service Provider(SP) • Identity Provider(IdP)

  19. SAML (Security Assertion Markup Language) [2]

  20. User Tracking[4] • Authentication • Timeout check • Recognition of a user

  21. InterCloud Identity Management Infrastructure[2]

  22. Trustrelationship establishment

  23. SOAPMessage of IdP X SOAP – Simple Object Access Protocol

  24. PossibleAttacks & Solutions[4] • Man in the Middle Attack (DNS Spoofing) • Solutions • SSL/TLS • Signature and Encryption of SOAP Messages

  25. Possible Attacks & Solutions[4] Message Modification • Solutions • Inline Approach

  26. Possible Attacks & Solutions[4] • Inline Approach

  27. SOAP Account Info · Number of children of Envelope is 2 · Number of Header is 2 · Number of Signed Elements is 3 · Immediate Predecessor of the 1st Signed Element is Envelope. · Sibling Elements of the 1st Signed Element is Header.

  28. Summary • Cloud Definition • Advantages of Cloud Computing • Service models (SaaS, PaaS, Iaas) • Deployment Models (Public, Private, Hybrid, Community) • Levels of security (facility, Network, OS & Appln, Data) • Security and Privacy concerns • Identity Management • ICIMI (InterCloudIdM Infrastructure)

  29. References • [1] Minqi Zhou; Rong Zhang; Wei Xie; WeiningQian; Aoying Zhou; , "Security and Privacy in Cloud Computing: A Survey," Semantics Knowledge and Grid (SKG), 2010 Sixth International Conference on , vol., no., pp.105-112, 1-3 Nov. 2010doi: 10.1109/SKG.2010.19URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5663489&isnumber=5663480 • [2] Celesti, A.; Tusa, F.; Villari, M.; Puliafito, A.; , "Security and Cloud Computing: InterCloud Identity Management Infrastructure," Enabling Technologies: Infrastructures for Collaborative Enterprises (WETICE), 2010 19th IEEE International Workshop on , vol., no., pp.263-265, 28-30 June 2010doi: 10.1109/WETICE.2010.49URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5541971&isnumber=5541771 • [3] Jianfeng Yang; Zhibin Chen; , "Cloud Computing Research and Security Issues," Computational Intelligence and Software Engineering (CiSE), 2010 International Conference on , vol., no., pp.1-3, 10-12 Dec. 2010doi: 10.1109/CISE.2010.5677076URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5677076&isnumber=5676710 • [4] Jensen, M.; Schwenk, J.; Gruschka, N.; Iacono, L.L.; , "On Technical Security Issues in Cloud Computing," Cloud Computing, 2009. CLOUD '09. IEEE International Conference on , vol., no., pp.109-116, 21-25 Sept. 2009doi: 10.1109/CLOUD.2009.60URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5284165&isnumber=5283545

  30. References • [5] http://www.slideshare.net/rmetzler/identity-on-the-web-openid-vs-oauth • [6] http://en.wikipedia.org/wiki/Security_Assertion_Markup_Language • [7] http://www.youtube.com/watch?v=9do6ig6eg3E • [8] https://www.owasp.org/images/4/4b/AnInlineSOAPValidationApproach-MohammadAshiqurRahaman.pdf • [9] “Security Guidance for critical Areas of Focus in Cloud Computing, V2.1,” December 2009, Cloud Security Alliance, http://www.cloudsecurityalliance.org/csaguide.pdf

More Related