Security on Cloud Computing
-
Upload
reza-pahlava -
Category
Internet
-
view
59 -
download
1
Transcript of Security on Cloud Computing
![Page 1: Security on Cloud Computing](https://reader031.fdocuments.in/reader031/viewer/2022030213/589c2fde1a28ab65248b6ab7/html5/thumbnails/1.jpg)
SECURITY THREATS ON CLOUD COMPUTING VULNERABILITIES
REZA PAHLAVASTMIK RAHARJA
![Page 2: Security on Cloud Computing](https://reader031.fdocuments.in/reader031/viewer/2022030213/589c2fde1a28ab65248b6ab7/html5/thumbnails/2.jpg)
What is Cloud Computing? Cloud computing involves delivering computing
resources (hardware and software) as a service over a network (typically the Internet) by cloud computing service providers.
• A good understanding of cloud security threats is necessary in order to provide more secure services to cloud users.
![Page 3: Security on Cloud Computing](https://reader031.fdocuments.in/reader031/viewer/2022030213/589c2fde1a28ab65248b6ab7/html5/thumbnails/3.jpg)
CLOUD SERVICE MODELS
Cloud computing includes three layers:
• System layer: known as Infrastructure-as-a-Service (IaaS)
• Platform layer: known as Platform-as-a-Service (PaaS)
• Application layer: known as Software-as-a-Service (SaaS)
![Page 4: Security on Cloud Computing](https://reader031.fdocuments.in/reader031/viewer/2022030213/589c2fde1a28ab65248b6ab7/html5/thumbnails/4.jpg)
Layers of Cloud Computing
SalesForce CRMLotusLive
![Page 5: Security on Cloud Computing](https://reader031.fdocuments.in/reader031/viewer/2022030213/589c2fde1a28ab65248b6ab7/html5/thumbnails/5.jpg)
TAXONOMY OF CLOUD SECURITY THREATS
• SaaS, PaaS, and IaaS also disclose information security issues and risks of cloud computing systems.
• Hackers might abuse the forceful computing capability provided by clouds.
• Data loss is an important security risk of cloud models.
• Traditional network attack strategies can be applied to harass three layers of cloud systems.
![Page 6: Security on Cloud Computing](https://reader031.fdocuments.in/reader031/viewer/2022030213/589c2fde1a28ab65248b6ab7/html5/thumbnails/6.jpg)
Abuse Use of Cloud Computational Resources
• Previously, hackers used multiple computers or a botnet to produce a great amount of computing power in order to conduct cyber-attacks.
• Now, powerful computing infrastructure could be easily created using a simple registration process in a cloud computing service provider.
• Brute force attack
• Denial of Service attack
![Page 7: Security on Cloud Computing](https://reader031.fdocuments.in/reader031/viewer/2022030213/589c2fde1a28ab65248b6ab7/html5/thumbnails/7.jpg)
BRUTE FORCE ATTACK: THOMAS ROTH, A GERMAN RESEARCHER, MANAGED TO CRACK A WPA-PSK PROTECTED NETWORK BY RENTING A SERVER FROM AMAZON’S EC2. IN APPROXIMATELY 20 MINUTES, FIRED 400,000 PASSWORDS/SEC INTO THE SYSTEM AND THE COST WAS ONLY 28 CENTS/MINUTE.
DOS: BRYAN AND ANDERSON, LAUNCHED CLOUD-BASED DOS ATTACKS TO ONE OF THEIR CLIENTS IN ORDER TO TEST ITS CONNECTIVITY WITH THE HELP OF AMAZON’S EC2; SPENT $6 TO RENT VIRTUAL SERVERS, USED A HOMEMADE PROGRAM TO SUCCESSFULLY FLOOD THEIR CLIENT'S SERVER AND MADE IT UNAVAILABLE.
![Page 8: Security on Cloud Computing](https://reader031.fdocuments.in/reader031/viewer/2022030213/589c2fde1a28ab65248b6ab7/html5/thumbnails/8.jpg)
Data BreachesMalicious Insider: • insiders who exploit cloud vulnerabilities gaining
unauthorized access to confidential data or carry out attacks against its own employer’s IT infrastructure
Online Cyber Theft:• sensitive data stored on clouds have become an attractive
target to online cyber theft. • Incidents such as Zappos, LinkedIn, Sony Playstation
![Page 9: Security on Cloud Computing](https://reader031.fdocuments.in/reader031/viewer/2022030213/589c2fde1a28ab65248b6ab7/html5/thumbnails/9.jpg)
Cloud Security Attacks
• Malware Injection Attacks: • hackers exploit vulnerabilities of a web application and
embed malicious codes into it changing the course of its normal execution. The two common forms are SQL injection attack and cross-site scripting attack.
• Wrapping Attack: • use XML signature wrapping (or XML rewriting) to
exploit a weakness when web servers validate signed requests. An attacker is able to change the content of the signed part without invalidating the signature.
![Page 10: Security on Cloud Computing](https://reader031.fdocuments.in/reader031/viewer/2022030213/589c2fde1a28ab65248b6ab7/html5/thumbnails/10.jpg)
MALWARE INJECTION ATTACKS: HACKERS EXPLOIT VULNERABILITIES OF A WEB APPLICATION AND EMBED MALICIOUS CODES INTO IT CHANGING THE COURSE OF ITS NORMAL EXECUTION. THE TWO COMMON FORMS ARE SQL INJECTION ATTACK AND CROSS-SITE SCRIPTING ATTACK.
![Page 11: Security on Cloud Computing](https://reader031.fdocuments.in/reader031/viewer/2022030213/589c2fde1a28ab65248b6ab7/html5/thumbnails/11.jpg)
COUNTERMEASURES • Security Policy Enhancement: avoid weak registration
systems, credit card fraud monitoring, and block of public black lists could be applied.
• Access Management: continuous monitoring of physical computing systems, restricting traffic access to the data using firewalls and intrusion detection systems, and controlling access to cloud applications and data using SAML and XACML.
• Data Protection: data loss prevention systems, anomalous behavior pattern detection tools, format preserving and encryption tools, user behavior profiling, decoy technology, and authentication and authorization.
• Security Techniques Implementation: for malware injection attacks, use FAT system; also store a hash value on the original service instance’s image file and perform integrity check. For XML signature wrapping attacks, use XML Schema Hardening techniques i.e. a subset of XPath, called FastXPath.
![Page 12: Security on Cloud Computing](https://reader031.fdocuments.in/reader031/viewer/2022030213/589c2fde1a28ab65248b6ab7/html5/thumbnails/12.jpg)
CONCLUSIONS AND FUTURE WORK• Cloud Computing is in continual development, while people
enjoy the benefits cloud computing brings, security in clouds is a key challenge.
• Much vulnerability in clouds still exists and hackers continue to exploit these security holes.
• this paper has examined the security vulnerabilities in clouds from three perspectives), included related real world exploits, and introduced countermeasures to those security breaches.
• In the future, further efforts in studying cloud security risks and the countermeasures to cloud security breaches must continue.