Cloud - Week 5
Cloud - Week 5
2
Companies are afraid to use clouds
[Chow09ccsw]
3
What is Privacy?
• Integrity
– How do I know that the cloud provider is doing the
computations correctly?
– How do I ensure that the cloud provider really stored
my data without tampering with it?
7
From [5] www.cs.jhu.edu/~ragib/sp10/cs412
Taxonomy of Fear (cont.)
• Availability
– Will critical systems go down at the client, if the
provider is attacked in a Denial of Service attack?
– What happens if cloud provider goes out of
business?
– Would cloud scale well-enough?
– Often-voiced concern
• Although cloud providers argue their downtime
compares well with cloud user’s own data centers
From [5] www.cs.jhu.edu/~ragib/sp10/cs412
8
Taxonomy of Fear (cont.)
• Privacy issues raised via massive data mining
– Cloud now stores data from a lot of clients, and
can run data mining algorithms to get large
amounts of information on clients
• Increased attack surface
– Entity outside the organization now stores and
computes data, and so
– Attackers can now target the communication link
between cloud provider and client
John Chambers
CISCO CEO
11
Threat Model
•A threat model helps in analyzing a security problem,
design mitigation strategies, and evaluate solutions
•Steps:
– Identify attackers, assets, threats and other
components
– Rank the threats
– Choose mitigation strategies
– Build solutions based on the strategies
• Basic components
– Attacker modeling
• Choose what attacker to consider
– insider vs. outsider?
– single vs. collaborator?
• Attacker motivation and capabilities
– Attacker goals
– Vulnerabilities / threats