CORE COURSE- XI :

23PCA11- CLOUD COMPUTING

Dr. A. Kangaiammal, MCA, M.Phil., M.E., Ph.D.

AP/Computer Applications & Head
Government Arts College(Autonomous)
Salem – 636 007.
 COURSE OBJECTIVES
At the end of this the learners will :
– Understand the current trends and basics of Cloud
computing.
– Know the types of virtualization.
– Understand the role and state of security in Cloud
Computing
– Understand the ways and means to manage
Security in Cloud.
– Explore the Cloud Migration solutions and
challenges
 COURSE OUTCOMES
On successful completion of the course, the
students will be able to:
– Collaborate the cloud services to any device.
– Implement virtualization.
– Explain the role and state of security in Cloud
Computing
– Outline the ways and means to manage Security in
Cloud.
– Connect the Cloud Migration solutions and
challenges
 UNIT IV
Security Issues and Challenges in Cloud
Computing: Introduction – Security Issues and
Challenges in Cloud Computing – Information
Security in Cloud Computing.
Security Management: Introduction – Security
Reference Architecture –Security Issues in Cloud
Computing – Types of Attackers- Security Risks in
Cloud Computing - Security Threats against Cloud
Computing – Novel Security Approaches –
Emerging Trends in Security and Privacy.
REFERENCE BOOKS:
V.K. Pachghare, “Cloud Computing”, PHI, 2012.
 Introduction
• Every system has some loopholes with
respect tot security.
• Security in cloud is as in traditional systems.
• These security services are very important in
CC to protect the data.
• Challenges are well-defined security policies,
models and protocols.
• Privacy and Trust are most important which
is subjected for lot of vulnerabilities and
threats.
 Security Challenges in CC
• CC introduces new concepts such as resource
sharing, outsourcing the computation, etc.
which increases the security concern.
• Attackers part is easy due to the use of
mobile use and direct cloud access.
• Challenges to CSPs and Users.
• Public, Private and Hybrid offers security.
• In Ex. SSL in web browser usage at SaaS level.
 Security Challenges in CC
• Security Challenges:
– To investigate different security attributes.
– To identify the security requirements of cloud
model.
– To correctly identify the different parties involved
and their roles in CC.
– Aware of effects of security policies on different
models.
– Trade-offs are in terms of integrated functionality,
scalability, and security.
 Security Challenges in CC
• In Saas Model, the security, observance,
authority and accountability of the
services be defined.
• In PaaS and IaaS models, user or
organization is responsible for the
security aspect.
 Security Issues in CC
• Standards for Security
• Network
• Access Control
• Cloud Infrastructure
• Data
 Security Issues in CC
• Standards for Security:
– Guarantee of security and Bodies to frame security policies
– SLAs and agreements among users, CSPs and orgns.
– In SLA, the relationship b/w the CSPs and users or organization are defined.
• Network:
– Medium of connection between users in network category like web
browsers, internet, etc. which involves attacks like DoS.
– Attackers come as legitimate users.
• Access Control:
– User authentication, authorization and identification.
– Hijacking, phishing, etc. – attackers capture credentials.
– Damages the integrity, availability and confidentiality of data.
• Cloud Infrastructure
– Related with virtualization – due to insecure API interface, QoS, sharing
technical flaws, multi-tenancy and the location of server and storage.
• Data
– Integrity and confidentiality of data. – issues like redundancy, loss/leakage,
location, recovery, availability, privacy and protection of data.
 Information Security in CC
• Properties of secured software:
– Dependability – even when attacks then also same performance
– Trustworthiness – works without threats
– Survivability – resistance power, possibility to recover.
• Services that offer assurance for:
– Security
– Confidentiality
– Authentication
– Integrity
– Access control
– Privacy
– Availability, etc.
 Information Security in CC
– Confidentiality
• IPR
• Covert channels
• Traffic Analysis
• Encryption
• Inference
– Integrity
– Availability
– Authentication
– Authorization
– Auditing
– Accountability
 Security, Privacy and Trust
• Security
– Services for Protecting the data.
• Unauthorized access or disclosure.
• Destruction
• Modification of data
• Unauthorized use of data
– Security mechanisms focus on protection
mechanisms.
• Authentication, confidentiality, access controls,
integrity, availability, storage, backup, recovery of data
and incident response.
 Security, Privacy and Trust
• Privacy:
– Relevant with data/information collection, use of
data, disclosure of information, protection and
storage and destruction of individual sensitive
data.
• Trust:
– Act of reliance and confidence
– Soft trust
– Hard trust
Security Management
 Security Reference Architecture –
Security Issues in Cloud Computing
– Types of Attackers- Security Risks
in Cloud Computing - Security
Threats against Cloud Computing –
Novel Security Approaches –
Emerging Trends in Security and
Privacy.
 Introduction
• Data transmitted, processed and stored
at the CSPs site.
• Security is the major concern of owner.
• Target of attackers is this data.
• Attackers try to break the confidentiality
and privacy.
• These issues and solutions need to be
studied.
 Security Reference Architecture
• SRA addresses relationships of different
components with respect to their locations
and role in cloud computing.
• Issues are:
– Reduce or eliminate the vulnerabilities and.
– Performance of the software.
• Many tasks by CSP to provide services:
– Catalogue of services by CSP.
– Providing different resources-VMS, storages, LBs,
– Maintain the account of services provided
Security Reference Architecture
 Security Reference Architecture
• Other tasks part of cloud security team:
– Network Management
– Reporting
– Patch and Change management
– System Management
– Configuration Management
– Application Management
 Security Architecture
• With respect to CC platform, the parts
are:
– Authentication of users
– Incident response
– Security of data in transit
– Cloud legal and regulatory issues
– Security of data at rest
– Robust partition between data of different
users.
Security Issues in Cloud Computing
• Security issues in CC Environment:
– Security threats against information access
– Emerging Security Risk
– Attackers type and their attacking
capability.
• Threats to CC Services:
– Confidentiality
– Data Integrity
– Data Availability
 Classification of Security Issues
• Traditional Security Issues
– VM level attacks
– CSP’s Vulnerabilities
– Phishing Attack
– Expanded network attack surface
– Authentication and Authorization
– Forensics in the Cloud
• Availability Issues
• Data Control by Third Party
– Due carefulness
– Auditability
– Contractual Obligations
– CSP surveillance
– Transitive Nature of Contracts
 Types of Attackers
• Internal attackers
– Part of cloud system (employees of CSP, Users or 3rd
party)
– More access with existing privileges
– Create Attacks against integrity, confidentiality and
availability of data in cloud environment
• External attackers
– Attacks on CSPs, Users and 3rd party.
– Attacks by exploiting operational, technical and social
engineering vulnerabilities.
– Create Attacks against integrity, confidentiality and
availability of data in cloud environment
 Types of Attackers
• External attackers
– Threat types:
• Random
– Most commonly used technique.
• Weak
– Customizing existing tools;
– Create advanced attacks using existing tools.
• Strong
– Group of well-organized, well- financed and skilled attackers.
– Large scale attackers, attacking specific applications.
• Substantial
– Very strong, not easily detected by cyber security team even.
– High intelligence and specialist resources required to detect.
Security Risks in Cloud Computing
• Data Location and Segregation
• E-investigation and Protective
Monitoring
• Privileged User Access
• Data Disposal
• Assuring Cloud Security
 Security Threats against CC
• DoS attacks
• Side Channel attacks
• Authentication attacks
• Man-in-the-middle attacks
• Insider and organized crime threat
• Social networking attacks
• Attack through mobile devices
• Cheap data and data analysis
• Cost effective defense of availability
• Mash-up authorization
 Novel Security Approaches
• Information-Centric Security
– Intelligence inside the data itself for protection
• High-assurance Remote Server Attestation
– Remove or avoid, poor or no transparency
– Audit required
• Privacy-enhanced Business intelligence
– Encryption is for control of data.
– Stops use of data.
– Identity spoofing, data tempering, repudiation,
disclosure of information, DoS, Privilege Elevation
 Emerging Trends in Security and Privacy

• Security and Privacy issues:

– Trust Management and Policy Integration
– Organizational Security Management
– Authentication and Identity Management
– Privacy and Data Protection
– Access Control and Accounting
– Secure Service Management
Thank you