1 / 45

서울과학기술대학교 Jeilyn Molina 121336101

Cloud Computing. 서울과학기술대학교 Jeilyn Molina 121336101. Cloud Computing is a general term used to describe a new class of network based computing that takes place over the Internet, basically a step on from Utility Computing

tadita
Download Presentation

서울과학기술대학교 Jeilyn Molina 121336101

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cloud Computing 서울과학기술대학교 Jeilyn Molina 121336101

  2. Cloud Computing is a general term used to describe a new class of network based computing that takes place over the Internet, • basically a step on from Utility Computing • a collection/group of integrated and networked hardware, software and Internet infrastructure. • Using the Internet for communication and transport provides hardware, software and networking services to clients

  3. Defines cloud computing by: • 5 essential characteristics • 3 cloud service models • 4 cloud deployment models

  4. Essential characteristics • On-demand service • Get computing capabilities as needed automatically • Broad Network Access • Services available over the net using desktop, laptop, PDA, mobile phone

  5. Essential characteristics • Resource pooling • Provider resources pooled to server multiple clients • Rapid Elasticity • Ability to quickly scale in/out service

  6. Essential characteristics • Measured service • Control, optimize services based on metering

  7. Cloud service models • Software as a Service (SaaS) • We use the provider apps • User doesn’t manage or control the network, servers, OS, storage or applications • Platform as a Service (PaaS) • User deploys their apps on the cloud • Controls their apps • User doesn’t manage servers, IS, storage

  8. Cloud service models • Infrastructure as a Service (IaaS) • Consumers gets access to the infrastructure to deploy their stuff • Doesn’t manage or control the infrastructure • Does manage or control the OS, storage, apps, selected network components

  9. Cloud Service SalesForce CRM

  10. Cloud deployment models • Public • Cloud infrastructure is available to the general public, owned by organization selling cloud services • Private • Cloud infrastructure for single organizationonly, may be managed by the organizationor a 3rd party, on or off premise

  11. Cloud deployment models • Community • Cloud infrastructure shared by several organizations that have shared concerns, managed by organizations or 3rd party • Hybrid • 2 or more clouds bound by standard or proprietary technology

  12. Problems Associated with Cloud Computing • Most security problems stem from: • Loss of control • Lack of trust • Multi-tenancy

  13. Loss of Control in the Cloud • Consumer’s loss of control • Data, applications, resources are located with provider • User identity management is handled by the cloud • User access control rules, security policies and enforcement are managed by the cloud provider • Consumer relies on provider to ensure • Data security and privacy • Resource availability • Monitoring and repairing of services/resources

  14. Lack of Trust in the Cloud • Defining trust and risk • Opposite sides of the same coin • People only trust when it pays • Need for trust arises only in risky situations • Defunct third party management schemes • Hard to balance trust and risk • Is the cloud headed toward the same path?

  15. Multi-tenancy Issues in the Cloud • Conflict between tenants’ opposing goals • Tenants share a pool of resources and have opposing goals • How does multi-tenancy deal with conflict of interest? • Can tenants get along together and ‘play nicely’ ? • If they can’t, can we isolate them?

  16. Security Issues in the Cloud • In theory, minimizing any of the issues would help: • Loss of Control • Take back control • Data and apps may still need to be on the cloud • But can they be managed in some way by the consumer? • Lack of trust • Increase trust (mechanisms) • Technology • Policy, regulation • Contracts • Multi-tenancy • Private cloud • Takes away the reasons to use a cloud in the first place • VPC: its still not a separate system • Strong separation

  17. Minimize Lack of Trust: Policy Language • Consumers have specific security needs but don’t have a say-so in how they are handled • What is the provider doing for me? • Currently consumers cannot dictate their requirements to the provider • Standard language to convey one’s policies and expectations • Agreed upon and upheld by both parties • Standard language for representing Service Level Agreement Can be used in a intra-cloud environment to realize overarching security posture

  18. Minimize Lack of Trust: Policy Language • Create policy language with the following characteristics: • Machine-understandable • Easy to combine/merge and compare • Examples of policy statements are, requires isolation between VMs, requires geographical isolation between VMs, requires physical separation between other communities/tenants that are in the same industry. • Need a validation tool to check that the policy created in the standard language correctly reflects the policy creator’s intentions.

  19. Minimize Lack of Trust: Certification • Certification • Some form of reputable, independent, comparable assessment and description of security features and assurance • Risk assessment • Performed by certified third parties • Provides consumers with additional assurance

  20. Minimize Loss of Control Monitoring Utilizing different clouds Access control management

  21. Monitoring • Cloud consumer needs situational awareness for critical applications • When underlying components fail, what is the effect of the failure to the mission logic • What recovery measures can be taken • Requires an application-specific run-time monitoring and management tool for the consumer • The cloud consumer and cloud provider have different views of the system • Enable both the provider and tenants to monitor the components in the cloud that are under their control • Provide mechanisms that enable the provider to act on attacks he can handle. • Provide mechanisms that enable the consumer to act on attacks that he can handle (application-level monitoring).

  22. Utilizing different clouds • Consumer may use services from different clouds through an intra-cloud or multi-cloud architecture • Propose a multi-cloud or intra-cloud architecture in which consumers • Spread the risk • Increase redundancy (per-task or per-application) • Increase chance of mission completion for critical applications • Possible issues to consider: • Policy incompatibility (combined, what is the overarching policy?) • Data dependency between clouds • Differing data semantics across clouds • Knowing when to utilize the redundancy feature (monitoring technology) • Is it worth it to spread your sensitive data across multiple clouds? • Redundancy could increase risk of exposure

  23. Access control management • Many possible layers of access control • E.g. access to the cloud, access to servers, access to services, access to databases, access to  Virtual Memory System, and access to objects within a  Virtual Memory • Depending on the deployment model used, some of these will be controlled by the provider and others by the consumer • Regardless of deployment model, provider needs to manage the user authentication and access control procedures • Federated Identity Management: access control management burden still lies with the provider • Requires user to place a large amount of trust on the provider in terms of security, management, and maintenance of access control policies. This can be burdensome when numerous users from different organizations with different access control policies, are involved

  24. Access control management • Consumer-managed access control • Consumer retains decision-making process to retain some control, requiring less trust of the provider (i.e. PDP is in consumer’s domain) • Requires the client and provider to have a pre-existing trust relationship, as well as a pre-negotiated standard way of describing resources, users, and access decisions between the cloud provider and consumer. It also needs to be able to guarantee that the provider will uphold the consumer-side’s access decisions. • Should be at least as secure as the traditional access control model. • Facebook and Google Apps do this to some degree, but not enough control • Applicability to privacy of patient health records

  25. Access Control Cloud Provider in Domain A Cloud Consumer in Domain B 1. Authn request IDP 3. Resource request (XACML Request) + SAML assertion PEP (intercepts all resource access requests from all client domains) 2. SAML Assertion 4. Redirect to domain of resource owner . . . PDP for cloud resource on Domain A ACM (XACML policies) resources 7. Send signed and encrypted ticket 5. Determine whether user can access specified resource 6. Create ticket for grant/deny 8. Decrypt and verify signature 9. Retrieve capability from ticket 10. Grant or deny access based on capability

  26. Cloud Domains • Service contracts should address these 13 domains • Architectural Framework • Governance, Enterprise Risk Management • Legal, e-Discovery • Compliance & Audit • Information Lifecycle Management • Portability & Interoperability

  27. Cloud Domains • Security, Business Continuity, Disaster Recovery • Data Center Operations • Incident Response Issues • Application Security • Encryption & Key Management • Identity & Access Management • Virtualization

  28. Cloud Architecture

  29. Governance • Identify, implement process, controls to maintain effective governance, risk management, compliance • Provider security governance should be assessed for sufficiency, maturity, consistency with user ITSEC process • Request clear docs on how facility & services are assessed • Require definition of what provider considers critical services, info • Perform full contract, terms of use due diligence to determine roles, accountability

  30. Legal, e-Discovery • Functional • which functions & services in the Cloud have legal implications for both parties • Jurisdictional • which governments administer laws and regulations impacting services, stakeholders, data assets • Contractual • terms & conditions

  31. Legal, e-Discovery • Both parties must understand each other’s roles • Litigation hold, Discovery searches • Expert testimony • Provider must save primary and secondary data • Where is the data stored? • laws for cross border data flows • Plan for unexpected contract termination and orderly return or secure disposal of assets • You should ensure you retain ownership of your data in its original form

  32. Incident Response • Cloud apps aren’t always designed with data integrity, security in mind • Provider keep app, firewall, IDS logs? • Provider deliver snapshots of your virtual environment? • Sensitive data must be encrypted for data breach regulations

  33. Encryption, Key Management • Encrypt data in transit, at rest, backup media • Secure key store • Protect encryption keys • Ensure encryption is based on industry/government standards. • Limit access to key stores • Key backup & recoverability

  34. ID, Access Management • Determine how provider handles: • Provisioning • Authentication • Federation • Authorization, user profile management

  35. Virtualization What type of virtualization is used by the provider? What 3rd party security technology augments the virtual OS? Which controls protect admin interfaces exposed to users?

  36. Opportunities and Challenges • The use of the cloud provides a number of opportunities: • It enables services to be used without any understanding of their infrastructure. • Cloud computing works using economies of scale: • It potentially lowers the outlay expense for start up companies, as they would no longer need to buy their own software or servers. • Cost would be by on-demand pricing. • Vendors and Service providers claim costs by establishing an on-going revenue stream. • Data and services are stored remotely but accessible from “anywhere”.

  37. Opportunities and Challenges • There has been backlash against cloud computing: • Use of cloud computing means dependence on others and that could possibly limit flexibility and innovation: • The others are likely become the bigger Internet companies like Google and IBM, who may monopolise the market. • Some argue that this use of supercomputers is a return to the time of mainframe computing that the PC was a reaction against. • Security could prove to be a big issue: • It is still unclear how safe out-sourced data is and when using these services ownership of data is not always clear. • There are also issues relating to policy and access: • If your data is stored abroad whose policy do you adhere to? • What happens if the remote server goes down? • How will you then access files? • There have been cases of users being locked out of accounts and losing access to data.

  38. Advantages of Cloud Computing • Lower computer costs: • Do not need a high-powered and high-priced computer to run cloud computing's web-based applications. • Since applications run in the cloud, not on the desktop PC, the desktop PC does not need the processing power or hard disk space demanded by traditional desktop software.

  39. Advantages of Cloud Computing • Reduced software costs: • Instead of purchasing expensive software applications • better than paying for similar commercial software • Improved performance: • With few large programs hogging the computer's memory, will see better performance from your PC. • Computers in a cloud computing system boot and run faster because they have fewer programs and processes loaded into memory…

  40. Advantages of Cloud Computing • Easier group collaboration: • Sharing documents leads directly to better collaboration. • Many users do this as it is an important advantages of cloud computing • Device independence. • You are no longer tethered to a single computer or network. • Changes to computers, applications and documents follow you through the cloud. • Move to a portable device, and your applications and documents are still available.

  41. Disadvantages of Cloud Computing • Requires a constant Internet connection: • Cloud computing is impossible if cannot connect to the Internet. • Since you use the Internet to connect to both your applications and documents, if do not have an Internet connection you cannot access anything, even the own documents. • Does not work well with low-speed connections: • Similarly, a low-speed Internet connection, such as that found with dial-up services, makes cloud computing painful at best and often impossible. • Web-based applications require a lot of bandwidth to download, as do large documents.

  42. Disadvantages of Cloud Computing • Features might be limited: • This situation is bound to change, but today many web-based applications simply are not as full-featured as their desktop-based applications. • For example, you can do a lot more with Microsoft PowerPoint than with Google Presentation's web-based offering • Can be slow: • Even with a fast connection, web-based applications can sometimes be slower than accessing a similar software program on the desktop PC. • Everything about the program, from the interface to the current document, has to be sent back and forth from the computer to the computers in the cloud.

  43. Disadvantages of Cloud Computing • Stored data might not be secure: • With cloud computing, all your data is stored on the cloud. • The questions is How secure is the cloud? • Can unauthorized users gain access to your confidential data? • Stored data can be lost: • Theoretically, data stored in the cloud is safe, replicated across multiple machines. • But on the off chance that your data goes missing, you have no physical or local backup.

  44. Reference http://www.nist.gov/index.html http://www.cloudsecurityalliance.org http://www.revistacloudcomputing.com http://www.ibm.com/co/services/cloud.phtml C. Cachin, et al., "Trusting the cloud," SIGACT News, vol. 40, pp. 81-86, 2009. R. G. Lennon, et al., "Best practices in cloud computing: designing for the cloud," presented at the Proceeding of the 24th ACM SIGPLAN conference companion on Object oriented programming systems languages and applications, Orlando, Florida, USA, 2009.

  45. Questions??

More Related