Cloud Computing Security Ritesh Kotekar Udupa 1. Topics to be discussed What is a cloud? Advantages...
-
Upload
oswald-hoover -
Category
Documents
-
view
226 -
download
0
Transcript of Cloud Computing Security Ritesh Kotekar Udupa 1. Topics to be discussed What is a cloud? Advantages...
1
Cloud Computing Security
Ritesh Kotekar Udupa
Topics to be discussed• What is a cloud?• Advantages of the cloud computing• Service & Deployment models• Levels of Security• Security Concerns• Identity Management• InterCloud Identity Management Infrastructure• Summary
2
3
What is a cloud?Virtualized pool: Dynamically scalable shared resources accessed over a network• Resources: Storage, Computing, services, etc.• Shared internally or with other customers• Only pay for what you use
4
Advantages of the cloud computing Reduced Costs Efficient Resource Sharing Easy Expansion More Mobility Consumption based costs Instant software updates Contribution to Green computing- Reducing the consumption of electricity - Reducing emissions that damage the environment.
5
Service Model• SaaS (Software as a Service)• PaaS (Platform as a Service)• IaaS (Infrastructure as a Service)
6
Service Model
• Software as a service
SaaS
• Platform as a service
PaaS
• Infrastructure as a service
IaaS
•Productivity and collaboration apps Eg: Google Apps
•CRM apps Eg: Impel CRM, Salesforce.com, Microsoft Dynamics.
•Cloud based Storage and Sharing services Eg: Dropbox, Skydrive, Amazon S3, Google Docs.
7
Service Model
• Software as a service
SaaS
• Platform as a service
PaaS
• Infrastructure as a service
IaaS
Individual Development Platforms GAE - Individual Java, Python developers. Microsoft Windows Azure - ASP.Net (C#,
VB.Net) Amazon’s Beanstalk - for Java developers Heroku - Facebook apps creation. PHP Fog and CloudControl - PHP.
Multi-language application platform DotCloud.
8
Service Model
• Software as a service
SaaS
• Platform as a service
PaaS
• Infrastructure as a service
IaaS
Virtualization Eg: VMware, VirtualPC, VirtualBox, Amazon EC2 (Elastic Compute Cloud) - Execution on a virtual computer (instance). - Configuration of CPU, memory & storage.
Cloud Infrastructure Eg: Servers, Storage, routers etc
9
10
Deployment ModelsPublic CloudPrivate CloudCommunity CloudHybrid Cloud
11
Levels of Security[7] Facility Level Network Level OS & Application Level Data Level Lists
Physical Controls Access Controls Video Surveillance Background Checks
Multilayer Firewalls Intrusion Detection 128 bit TLS Encryption Dual Factor Authentication
ADFS & SAML Access Control & monitoring (AD) Antimalware & Anti Spam Patch & Configuration Management Secure Engineering
Access Control Lists User Level Access File/Data Integrity
12
Security Concerns [1]1. Confidentiality2. Integrity3. Availability4. Privacy5. Authentication6. Control7. Audit
13
Confidentiality in the cloud [1] Virtual Physical Isolation Encrypted Storage
14
Availability [1]
Strategies Hardening Redundancy
Annual Uptime Percentage QoS Guarantee
15
Authentication1. Every website/app needs credentials• Username/Email• Password
Resulting Problems• So many apps so many passwords!!• Indentity Scattered• Trust
Is there a solution?
16
OpenID - Identity Management [5]• Sharing single identity with different consumers• Decentralized• Some OpenID Providers
Google, Facebook, IBM, MySpace, VeriSign, Yahoo• End User Privacy is not presently explicitly addressed
17
Single Sign-On – Identity Management [4]
• Authentication done only once• Access to Multiple Applications• Switch applications during a particular session
Eg: Google
18
Single Sign On - Flow Chart
19
SAML(Security Assertion Markup Language) [2],[6]
• IdM using IdP/SP Model End user User Agent Service Provider(SP) Identity Provider(IdP)
20
SAML (Security Assertion Markup Language) [2]
21
User Tracking[4]• Authentication• Timeout check• Recognition of a user
22
InterCloud Identity Management Infrastructure[2]
23
Trust relationship establishment
24
SOAP Message of IdP XSOAP – Simple Object Access Protocol
25
Possible Attacks & Solutions[4]Man in the Middle Attack (DNS Spoofing)
Solutions• SSL/TLS• Signature and Encryption of SOAP Messages
26
Possible Attacks & Solutions[4]Message Modification
Solutions• Inline Approach
27
Possible Attacks & Solutions[4]• Inline Approach
28
SOAP Account Info · Number of children of Envelope is 2· Number of Header is 2· Number of Signed Elements is 3· Immediate Predecessor of the 1st Signed Element is Envelope.· Sibling Elements of the 1st Signed Element is Header.
29
Summary
Cloud Definition Advantages of Cloud Computing Service models (SaaS, PaaS, Iaas) Deployment Models (Public, Private, Hybrid, Community) Levels of security (facility, Network, OS & Appln, Data) Security and Privacy concerns Identity Management ICIMI (InterCloud IdM Infrastructure)
30
References[1] Minqi Zhou; Rong Zhang; Wei Xie; Weining Qian; Aoying Zhou; , "Security and Privacy in Cloud
Computing: A Survey," Semantics Knowledge and Grid (SKG), 2010 Sixth International Conference on , vol., no., pp.105-112, 1-3 Nov. 2010doi: 10.1109/SKG.2010.19URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5663489&isnumber=5663480
[2] Celesti, A.; Tusa, F.; Villari, M.; Puliafito, A.; , "Security and Cloud Computing: InterCloud Identity Management Infrastructure," Enabling Technologies: Infrastructures for Collaborative Enterprises (WETICE), 2010 19th IEEE International Workshop on , vol., no., pp.263-265, 28-30 June 2010doi: 10.1109/WETICE.2010.49URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5541971&isnumber=5541771
[3] Jianfeng Yang; Zhibin Chen; , "Cloud Computing Research and Security Issues," Computational Intelligence and Software Engineering (CiSE), 2010 International Conference on , vol., no., pp.1-3, 10-12 Dec. 2010doi: 10.1109/CISE.2010.5677076URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5677076&isnumber=5676710
[4] Jensen, M.; Schwenk, J.; Gruschka, N.; Iacono, L.L.; , "On Technical Security Issues in Cloud Computing," Cloud Computing, 2009. CLOUD '09. IEEE International Conference on , vol., no., pp.109-116, 21-25 Sept. 2009doi: 10.1109/CLOUD.2009.60URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5284165&isnumber=5283545
31
References
[5] http://www.slideshare.net/rmetzler/identity-on-the-web-openid-vs-oauth[6] http://en.wikipedia.org/wiki/Security_Assertion_Markup_Language[7] http://www.youtube.com/watch?v=9do6ig6eg3E[8]
https://www.owasp.org/images/4/4b/AnInlineSOAPValidationApproach-MohammadAshiqurRahaman.pdf
[9] “Security Guidance for critical Areas of Focus in Cloud Computing, V2.1,” December 2009, Cloud Security Alliance, http://www.cloudsecurityalliance.org/csaguide.pdf
32