CLOUD COMPUTING

Here are the answers to Module 3 questions in greater detail, strictly from the documents:

1. Explain about IaaS with all details

Infrastructure as a Service (IaaS) provides users with virtualized hardware resources, such as
servers, storage, and networking, enabling them to build their infrastructure in the cloud without
managing the physical hardware.
 Key Features:
o Virtual Machines (VMs): Users receive VMs configured with desired operating
systems and resources (CPU, memory, disk).
o Resource Management: IaaS solutions provide tools for resource monitoring, VM
pool management, and quality-of-service (QoS) handling.
o Infrastructure Flexibility: Users can modify, add, or remove resources as per their
workload.
o Virtualization: Enables workload isolation, sandboxing, and tuning of hardware to
maximize efficiency.
 Example Layers in an IaaS Solution:
o Physical Infrastructure: Datacenters, clusters, or heterogeneous computing
resources.
o Infrastructure Management Software: Responsible for scheduling, VM
provisioning, SLA management, and resource monitoring.
o User Interfaces: Web portals, RESTful APIs, or command-line tools allow users to
interact with the system.
 Advantages:
o Cost savings by avoiding hardware purchases.
o Pay-per-use pricing.
o Rapid deployment and scalability.
 Use Cases: Web hosting, data backup and recovery, and high-performance computing.
Example Vendors: Amazon EC2, Microsoft Azure, and Rackspace.

2. Discuss in detail about PaaS with a diagram

Platform as a Service (PaaS) provides a development platform that abstracts the complexities of
infrastructure management. It includes tools for building, deploying, and scaling applications in the
cloud.
 Components of PaaS:
o Development Tools and APIs: Includes libraries, frameworks, and command-line
tools to build and deploy applications.
 o Core Middleware: Handles resource scaling, QoS, billing, and runtime
environments.
o Web-Based Interfaces: Simplifies application management and deployment for
developers.
 Diagram Explanation:
A typical PaaS architecture includes:
1. Physical Infrastructure: The underlying hardware resources.
2. PaaS Middleware: Includes resource management, application management, and scaling
mechanisms.
3. Applications: User-developed software deployed on the platform.
 Key Features:
o Eliminates the need to manage hardware or OS-level concerns.
o Provides elasticity to scale applications on demand.
o Offers pre-configured development and runtime environments.
 Use Cases:
o Building scalable web applications.
o Collaborative software development.
Example Vendors: Google App Engine, Microsoft Azure, and Heroku.

3. Explain about SaaS with a detailed diagram

Software as a Service (SaaS) delivers software applications over the internet. It enables users to
access applications without installation or maintenance.
 Key Features:
o Multitenancy: One application serves multiple users while isolating their data.
o On-Demand Access: Applications are accessible via web browsers.
o Automatic Updates: SaaS providers handle updates, reducing maintenance efforts
for users.
 Diagram Explanation:
A SaaS stack typically includes:
1. Hardware and Infrastructure: Datacenters and virtualized resources managed by the
provider.
2. Application Platform: Middleware and runtime environments for hosting SaaS applications.
3. User-Facing Applications: Software accessed directly by end-users.
 Benefits:
o Cost-effective due to subscription-based pricing.
 o Easy collaboration with centralized data.
o Rapid deployment without requiring installation.
 Use Cases:
o Customer Relationship Management (CRM) tools like Salesforce.
o Office productivity suites like Google Workspace.

4. Economics of the Cloud

Cloud computing transforms IT operations into an on-demand utility model, providing significant
economic benefits.
 Cost Efficiency:
o Reduces upfront capital expenditure on hardware and software.
o Enables pay-per-use pricing models, minimizing idle resources.
 Operational Efficiency:
o Automates scaling and resource allocation.
o Reduces administrative overhead for hardware maintenance.
 Startups and SMEs:
o Cloud computing allows startups to launch quickly without heavy infrastructure
investments.
o Resources can scale with business growth.
 Economic Impacts:
o Enhanced productivity due to streamlined IT processes.
o Greater flexibility allows enterprises to respond faster to market demands.

5. Open Challenges of Cloud Computing

Despite its benefits, cloud computing faces several open challenges:
 Security Risks: Ensuring the safety of sensitive data in multitenant environments is a primary
concern.
 Service Availability: Dependence on internet connectivity can disrupt services during
outages.
 Interoperability: Integrating services across different providers can be difficult due to the
lack of standardization.
 Data Privacy: Protecting personal and business data in shared environments is critical.
 Vendor Lock-In: Migrating applications between cloud providers can be challenging.
Addressing these challenges is crucial for the widespread adoption of cloud technologies.
Let me know if further refinements are needed!

MODULE-4
Answers for Module 4 (Strictly from the documents)

1. Security in an interconnected world, cloud security risks

In an interconnected world, security becomes a major challenge as cloud environments are exposed to
global threats due to their shared and distributed nature.
 Cloud-Specific Risks:
1. Traditional Threats: Malware, phishing, and SQL injection attacks can compromise
systems.
2. System Availability: Power outages, failures, or attacks like Distributed Denial of
Service (DDoS) can disrupt cloud operations.
3. Third-Party Control: Data security is impacted by subcontracted resources or
poorly trusted providers.
 User Challenges:
o Authentication Issues: Proper role-based access and authorization mechanisms are
often lacking.
o Transparency Issues: Users lack insight into the cloud provider’s security practices.
 Shared Technology Risks: Multi-tenancy introduces vulnerabilities, as shared infrastructure
creates attack vectors.

2. Attacks in a Cloud Environment, Top Threats

Cloud environments face attacks at various levels involving users, services, and infrastructure:
1. Top Threats Identified by Cloud Security Alliance (CSA):
o Abuse of cloud resources (e.g., using cloud for DDoS or spam).
o Insecure APIs exposing applications to vulnerabilities.
o Data loss or leakage caused by replication or system failure.
o Account or service hijacking through credential theft.
o Malicious insiders exploiting access privileges.
2. Attack Surfaces in Cloud:
o User-Level Attacks: Phishing, SSL spoofing, or cross-site scripting.
o Service-Level Attacks: SQL injection or privilege escalation targeting cloud-hosted
applications.
 o Cloud-Level Attacks: Over-provisioning resources to cause exhaustion or injecting
operations to alter data integrity.

3. Security, a Major Concern for Cloud Users

Security remains the top concern among cloud users due to:
 Unauthorized Access: Risks of data theft or manipulation by rogue employees or hackers.
 Data Lifecycle Issues: Users cannot confirm whether data is deleted securely or backups are
adequately protected.
 Multitenancy Challenges: Shared infrastructure increases exposure to risks during
processing or storage.
 Regulatory Gaps: Variations in laws across countries add complexity in enforcing data
protection standards.
Users must rely on contracts with cloud service providers (CSPs) for security assurances, but
transparency and accountability remain limited.

4. Privacy
Privacy in cloud computing involves safeguarding sensitive user data from unauthorized access or
misuse:
 Major Concerns:
1. Lack of Control: Users lose direct control over where and how data is stored.
2. Secondary Use: CSPs may use data for purposes such as targeted advertising.
3. Data Proliferation: Dynamic provisioning and outsourcing make tracking data
difficult.
 Legislative Challenges: Different countries have varying privacy regulations, complicating
compliance for global CSPs.
 Best Practices: Encrypting sensitive data and evaluating CSP privacy policies can mitigate
risks.

5. Trust
Trust in cloud computing is vital due to the shared and outsourced nature of services:
 Trust Factors:
o Persistent trust is based on long-term behavior and proven reliability.
o Dynamic trust depends on current conditions and context.
 Challenges:
o The anonymity and lack of identity transparency in online environments hinder trust.
 o Users rely on CSP credentials, policies, and reputation for assurance.
Mechanisms to Foster Trust:
 Access control and identity verification.
 Intrusion detection and logging for accountability.

6. Operating Systems Security

Operating systems (OS) in the cloud must ensure secure resource sharing and application isolation.
 Key Mechanisms:
1. Access Control Policies: Define permissions for accessing system objects.
2. Authentication: Ensures that only authorized users gain access.
3. Cryptographic Security: Protects sensitive data at rest and in transit.
 Mandatory Security:
o Trusted applications with minimal privileges are employed for specific tasks.
o Type enforcement mechanisms restrict privileges to reduce risk.

7. Virtual Machine Security

Virtual machines (VMs) in the cloud provide isolated environments for applications but face unique
risks:
 Risks:
o Hypervisor Vulnerabilities: Can expose VMs to cross-tenant attacks.
o Unauthorized Access: Weak authentication can compromise VM instances.
 Mitigation Strategies:
o Secure hypervisor management.
o Isolation techniques like sandboxing and workload partitioning.

8. Security of Virtualization
Virtualization enables multiple VMs to run on shared physical infrastructure, but this introduces risks:
 Challenges:
o Malicious VMs exploiting hypervisor flaws.
o Lack of transparency in resource allocation.
 Best Practices:
o Regular hypervisor patching.
o Monitoring VM-to-VM communications for unusual activities.
9. Security Risks Posed by Shared Images
Shared VM images used in cloud environments can introduce vulnerabilities:
 Risks:
o Malware or backdoors embedded in shared images.
o Outdated or unpatched software within images.
 Mitigation:
o Thoroughly verify and scan shared images before use.
o Update and manage VM images periodically.

10. Security Risks Posed by a Management OS

The management operating system (OS) in a virtualized cloud manages hypervisor operations,
making it a critical security point:
 Risks:
o Exploits targeting the management OS can compromise all hosted VMs.
o Unauthorized access can enable administrative control over infrastructure.
 Mitigation:
o Harden management OS with strict access controls.
o Regularly audit and patch vulnerabilities.

11. XOAR – Breaking the Monolithic Design of TCB

XOAR redefines the Trusted Computing Base (TCB) to minimize vulnerabilities:
 Key Idea: Break down the monolithic TCB into smaller, isolated components.
 Benefits:
o Reduces the attack surface.
o Improves isolation between system processes.
 Applications: Used in virtualization systems to secure hypervisors and OS components.

12. Terra – A Trusted Virtual Machine Monitor

Terra is a trusted virtual machine monitor (TVMM) designed for secure computing in shared
environments:
 Features:
1. Provides isolated virtual machines with different security policies.
 2. Supports both "closed box" and "open box" VMs for user-specific needs.
3. Enables trusted computing through cryptographic attestation.
 Applications: Secure enterprise systems, multi-tenant cloud environments.

Let me know if more details are required!