We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 30
CORE COURSE- XI :
23PCA11- CLOUD COMPUTING
Dr. A. Kangaiammal, MCA, M.Phil., M.E., Ph.D.
AP/Computer Applications & Head Government Arts College(Autonomous) Salem – 636 007. COURSE OBJECTIVES At the end of this the learners will : – Understand the current trends and basics of Cloud computing. – Know the types of virtualization. – Understand the role and state of security in Cloud Computing – Understand the ways and means to manage Security in Cloud. – Explore the Cloud Migration solutions and challenges COURSE OUTCOMES On successful completion of the course, the students will be able to: – Collaborate the cloud services to any device. – Implement virtualization. – Explain the role and state of security in Cloud Computing – Outline the ways and means to manage Security in Cloud. – Connect the Cloud Migration solutions and challenges UNIT IV Security Issues and Challenges in Cloud Computing: Introduction – Security Issues and Challenges in Cloud Computing – Information Security in Cloud Computing. Security Management: Introduction – Security Reference Architecture –Security Issues in Cloud Computing – Types of Attackers- Security Risks in Cloud Computing - Security Threats against Cloud Computing – Novel Security Approaches – Emerging Trends in Security and Privacy. REFERENCE BOOKS: V.K. Pachghare, “Cloud Computing”, PHI, 2012. Introduction • Every system has some loopholes with respect tot security. • Security in cloud is as in traditional systems. • These security services are very important in CC to protect the data. • Challenges are well-defined security policies, models and protocols. • Privacy and Trust are most important which is subjected for lot of vulnerabilities and threats. Security Challenges in CC • CC introduces new concepts such as resource sharing, outsourcing the computation, etc. which increases the security concern. • Attackers part is easy due to the use of mobile use and direct cloud access. • Challenges to CSPs and Users. • Public, Private and Hybrid offers security. • In Ex. SSL in web browser usage at SaaS level. Security Challenges in CC • Security Challenges: – To investigate different security attributes. – To identify the security requirements of cloud model. – To correctly identify the different parties involved and their roles in CC. – Aware of effects of security policies on different models. – Trade-offs are in terms of integrated functionality, scalability, and security. Security Challenges in CC • In Saas Model, the security, observance, authority and accountability of the services be defined. • In PaaS and IaaS models, user or organization is responsible for the security aspect. Security Issues in CC • Standards for Security • Network • Access Control • Cloud Infrastructure • Data Security Issues in CC • Standards for Security: – Guarantee of security and Bodies to frame security policies – SLAs and agreements among users, CSPs and orgns. – In SLA, the relationship b/w the CSPs and users or organization are defined. • Network: – Medium of connection between users in network category like web browsers, internet, etc. which involves attacks like DoS. – Attackers come as legitimate users. • Access Control: – User authentication, authorization and identification. – Hijacking, phishing, etc. – attackers capture credentials. – Damages the integrity, availability and confidentiality of data. • Cloud Infrastructure – Related with virtualization – due to insecure API interface, QoS, sharing technical flaws, multi-tenancy and the location of server and storage. • Data – Integrity and confidentiality of data. – issues like redundancy, loss/leakage, location, recovery, availability, privacy and protection of data. Information Security in CC • Properties of secured software: – Dependability – even when attacks then also same performance – Trustworthiness – works without threats – Survivability – resistance power, possibility to recover. • Services that offer assurance for: – Security – Confidentiality – Authentication – Integrity – Access control – Privacy – Availability, etc. Information Security in CC – Confidentiality • IPR • Covert channels • Traffic Analysis • Encryption • Inference – Integrity – Availability – Authentication – Authorization – Auditing – Accountability Security, Privacy and Trust • Security – Services for Protecting the data. • Unauthorized access or disclosure. • Destruction • Modification of data • Unauthorized use of data – Security mechanisms focus on protection mechanisms. • Authentication, confidentiality, access controls, integrity, availability, storage, backup, recovery of data and incident response. Security, Privacy and Trust • Privacy: – Relevant with data/information collection, use of data, disclosure of information, protection and storage and destruction of individual sensitive data. • Trust: – Act of reliance and confidence – Soft trust – Hard trust Security Management Security Reference Architecture – Security Issues in Cloud Computing – Types of Attackers- Security Risks in Cloud Computing - Security Threats against Cloud Computing – Novel Security Approaches – Emerging Trends in Security and Privacy. Introduction • Data transmitted, processed and stored at the CSPs site. • Security is the major concern of owner. • Target of attackers is this data. • Attackers try to break the confidentiality and privacy. • These issues and solutions need to be studied. Security Reference Architecture • SRA addresses relationships of different components with respect to their locations and role in cloud computing. • Issues are: – Reduce or eliminate the vulnerabilities and. – Performance of the software. • Many tasks by CSP to provide services: – Catalogue of services by CSP. – Providing different resources-VMS, storages, LBs, – Maintain the account of services provided Security Reference Architecture Security Reference Architecture • Other tasks part of cloud security team: – Network Management – Reporting – Patch and Change management – System Management – Configuration Management – Application Management Security Architecture • With respect to CC platform, the parts are: – Authentication of users – Incident response – Security of data in transit – Cloud legal and regulatory issues – Security of data at rest – Robust partition between data of different users. Security Issues in Cloud Computing • Security issues in CC Environment: – Security threats against information access – Emerging Security Risk – Attackers type and their attacking capability. • Threats to CC Services: – Confidentiality – Data Integrity – Data Availability Classification of Security Issues • Traditional Security Issues – VM level attacks – CSP’s Vulnerabilities – Phishing Attack – Expanded network attack surface – Authentication and Authorization – Forensics in the Cloud • Availability Issues • Data Control by Third Party – Due carefulness – Auditability – Contractual Obligations – CSP surveillance – Transitive Nature of Contracts Types of Attackers • Internal attackers – Part of cloud system (employees of CSP, Users or 3rd party) – More access with existing privileges – Create Attacks against integrity, confidentiality and availability of data in cloud environment • External attackers – Attacks on CSPs, Users and 3rd party. – Attacks by exploiting operational, technical and social engineering vulnerabilities. – Create Attacks against integrity, confidentiality and availability of data in cloud environment Types of Attackers • External attackers – Threat types: • Random – Most commonly used technique. • Weak – Customizing existing tools; – Create advanced attacks using existing tools. • Strong – Group of well-organized, well- financed and skilled attackers. – Large scale attackers, attacking specific applications. • Substantial – Very strong, not easily detected by cyber security team even. – High intelligence and specialist resources required to detect. Security Risks in Cloud Computing • Data Location and Segregation • E-investigation and Protective Monitoring • Privileged User Access • Data Disposal • Assuring Cloud Security Security Threats against CC • DoS attacks • Side Channel attacks • Authentication attacks • Man-in-the-middle attacks • Insider and organized crime threat • Social networking attacks • Attack through mobile devices • Cheap data and data analysis • Cost effective defense of availability • Mash-up authorization Novel Security Approaches • Information-Centric Security – Intelligence inside the data itself for protection • High-assurance Remote Server Attestation – Remove or avoid, poor or no transparency – Audit required • Privacy-enhanced Business intelligence – Encryption is for control of data. – Stops use of data. – Identity spoofing, data tempering, repudiation, disclosure of information, DoS, Privilege Elevation Emerging Trends in Security and Privacy
• Security and Privacy issues:
– Trust Management and Policy Integration – Organizational Security Management – Authentication and Identity Management – Privacy and Data Protection – Access Control and Accounting – Secure Service Management Thank you