slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Security in the Clouds PowerPoint Presentation
Download Presentation
Security in the Clouds

Loading in 2 Seconds...

play fullscreen
1 / 18

Security in the Clouds - PowerPoint PPT Presentation


  • 119 Views
  • Uploaded on

Security in the Clouds. Professor Sadie Creese London Hopper 2010 May 2010. What is cloud computing?. Service Model. Gmail, Google Docs. Google App Engine. Amazon S3/SimpleDB. VMWare/XEN. Amazon EC2. 3. Cloud Market Drivers. Enterprise Drivers Compression of deployment cycles

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Security in the Clouds' - sheera


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Security in the Clouds

Professor Sadie Creese

London Hopper 2010

May 2010

slide3

Service Model

Gmail, Google Docs

Google App Engine

Amazon S3/SimpleDB

VMWare/XEN

Amazon EC2

3

slide4

Cloud Market Drivers

  • Enterprise Drivers
    • Compression of deployment cycles
    • Instant upgrade and try-it-out
    • Elasticity
    • Cost alignment
    • Reduction of IT team costs
    • Accessibility and sharing
    • Dependability
    • Waste reduction and carbon footprint
  • Consumer drivers
    • Up to speed with latest apps
    • Pay-as-you-use
    • Accessibility and sharing
    • Dependability
slide5

Cloud Ecosystems

User

Broker

VM

VM

VM

VM

VM

VM

VM

VM

VM

5

slide7

Significant investment

Services market currently at $56b, $150b in 2013 (Gartner March 09)

Services market to be worth $160b in 2011 (Merril Lynch May 08)

Services market currently worth $16.2b, $42b in 2012 (IDC Dec 08)

Hosted apps market currently at $6.4b, $14.8b in 2012 (Gartner Dec 08)

slide8

Large Cloud Application Service Provider Space

Extract from slides : “Prophet a Path out of the cloud”, Best Practical, Presented at O’Reilly Open Source Conf, 2008

8

slide9

People Are Worried

  • Key barriers to uptake, as recognised in the community:
  • Data security concerns
  • Privacy compromise/ practice
  • Service dependability and QoS
  • Loss of control over IT and data
  • Management difficulties around performance, support and maintenance
  • Service integration
  • Lock-in
  • Usability
  • Lack of market maturity
slide11

Scale and Business Models

  • Length and depth of relationships
  • Mobility of data
  • Volumes of data
  • Nature of data (more sensitive)
  • Lack of perimeter
  • Global nature
  • Location of control
slide12

Futures – Scenarios

High Cost/Low Payback for an attacker.

Most successful threat agents, likely to be insider’s within the silo

High Cost/High Payback for an attacker.

Most successful threat agent, likely to be insider managing resource distribution or a malicious service provider.

Low Cost/Low Payback for an attacker.

Threat agents will include external attackers utilising mixture of technology and social engineering.

Low Cost/High Payback for an attacker.

External attackers using the distributed scale to attack multiple systems and users simultaneously. E.G Bot and application framework based attacks.

slide14

(A few) potential future attack scenarios

  • Denial of service
    • resource consumption, traffic redirection, inter-cloud and user to cloud
  • Trojan Clouds
    • Imitate providers, infiltrate supply chains, sympathetic cloud
  • Inference Attacks
    • Due to privileged (~admin) roles, cohabiting risks (via hypervisor)
  • Application Framework attacks
    • Repeatable, pervasive
  • Sticky Clouds
    • Lack of responsiveness, complex portability
  • Onion storage
    • Moving global location, fragmenting, encrypting
  • Covert channels within the cloud network across services
slide16

(A few) Implications for Security

  • Regulatory/Legislation
    • Nothing is transparent about data handling in cloud, privacy protection
  • Investigations
    • Technical forensics and legal, across borders
  • Monitoring/Auditing
    • Mechanisms
  • Encryption
    • At some point decryption happens for anything other than storage...
    • Recent IBM breakthrough indicates potential for processing encrypted data but not practical yet..
  • Contracting/Due Diligence
    • Service Level Agreements
slide17

Our current research directions...

  • Digital Forensics
  • Vulnerability Models / Threat Models and Cascade Effects
  • Service Level Agreements
  • Enterprise Capability Maturity Model
  • Designing in Privacy -> via patterns and architectures
  • Insider Threat Detection
slide18

Thank-you

Questions?