SlideShare uma empresa Scribd logo

The Security and Privacy Threats to Cloud Computing

Ankit Singh
Ankit Singh
TecnologiaNegócios
1 de 21
Baixar para ler offline
Introduction to Cloud Computing In-depth Security Analysis for Cloud Computing [2] Project for Trustworthy Cloud Computing and Conclusion Bibliography The Security and Privacy Threats to Cloud Computing Ankit Singh Frankfurt am Main, Germany April 23, 2012 Ankit Singh The Security and Privacy Threats to Cloud Computing
Introduction to Cloud Computing In-depth Security Analysis for Cloud Computing [2] Project for Trustworthy Cloud Computing and Conclusion Bibliography 1 Introduction to Cloud Computing Cloud Computing Example Three Cloud Service Models Threats to Cloud Computing 2 In-depth Security Analysis for Cloud Computing [2] Security weakness in Cloud Computing Data protection requirements for cloud computing services Government and the Cloud 3 Project for Trustworthy Cloud Computing and Conclusion The TClouds Project Conclusion of the Talk 4 Bibliography Ankit Singh The Security and Privacy Threats to Cloud Computing
Introduction to Cloud Computing Cloud Computing Example In-depth Security Analysis for Cloud Computing [2] Three Cloud Service Models Project for Trustworthy Cloud Computing and Conclusion Threats to Cloud Computing Bibliography Quick Introduction to Cloud Computing I “Cloud computing is a term from information technology (IT) and means that software, memory capacity and computer power can be accessed via a network, for instance, the Internet or within a Virtual Private Network (VPN), as and when it is needed. The IT landscape (e.g. data processing centre, data storage facilities, e-mail and collaboration software, development environments and special software such as Customer Relationship Management [CRM]) is no longer owned and run by the company or institution, but is a service which can be rented from one or more cloud service providers” [1] Ankit Singh The Security and Privacy Threats to Cloud Computing
Introduction to Cloud Computing Cloud Computing Example In-depth Security Analysis for Cloud Computing [2] Three Cloud Service Models Project for Trustworthy Cloud Computing and Conclusion Threats to Cloud Computing Bibliography Cloud Computing Example I Figure: Cloud Computing Example (adapted from wikipedia) Ankit Singh The Security and Privacy Threats to Cloud Computing
Introduction to Cloud Computing Cloud Computing Example In-depth Security Analysis for Cloud Computing [2] Three Cloud Service Models Project for Trustworthy Cloud Computing and Conclusion Threats to Cloud Computing Bibliography Three Cloud Service Models [1] [2] I Software as a Service (SaaS): Users as consumers. e.g. Accounting, collaboration tools, CRM etc. Platform as Service (PaaS): Data processing services. e.g Google App Engine and Microsoft Azure Platform. Infrastructure as Service (IaaS): Hosting services. e.g webspaces like Amazon EC2, Go Daddy etc. - The Cloud Computing Service models viewed as layers in same sequence shown above. - These models are deployed on top of cloud infrastructure as defined by NIST’s [3]. Ankit Singh The Security and Privacy Threats to Cloud Computing
Introduction to Cloud Computing Cloud Computing Example In-depth Security Analysis for Cloud Computing [2] Three Cloud Service Models Project for Trustworthy Cloud Computing and Conclusion Threats to Cloud Computing Bibliography List of Threats to Cloud Computing [4] I 1 Abuse of Cloud computing: Effected Services:- Iaas, PaaS: - Absuing service due to anonymity due to loose registration and validation process. - Adversaries usage the models for spamming, writing malicious code etc. 2 Insecure Interfaces and APIs: Effected Services:- IaaS, Paas, SaaS: - Interfaces or APIs provided by service providers to customers to manage and interact with cloud services. - The security and availability of cloud services is dependent upon the security of these basic API’s. - Interfaces must be designed to protect against accidental and malicious attempts to mislead the policy. Ankit Singh The Security and Privacy Threats to Cloud Computing
Introduction to Cloud Computing Cloud Computing Example In-depth Security Analysis for Cloud Computing [2] Three Cloud Service Models Project for Trustworthy Cloud Computing and Conclusion Threats to Cloud Computing Bibliography List of Threats to Cloud Computing [4] II 3 Malicious Insiders: Effected Services:- Iaas, Paas, SaaS: - An adversary can harvest confidential data or gain complete controls over cloud services depending on the level of access. 4 Shared Technology Issues: Effected Services:- IaaS: - The disk partitions, CPU caches and GPUs and other shared elements were never designed for strong compartmentalization. - A virtualization hypervisor addresses this gap which mediates access between guest operating systems and physical compute resources. - The hypervisors have the flaw which may result in gaining inappropriate levels of control or influence on the underlying platform. Ankit Singh The Security and Privacy Threats to Cloud Computing
Introduction to Cloud Computing Cloud Computing Example In-depth Security Analysis for Cloud Computing [2] Three Cloud Service Models Project for Trustworthy Cloud Computing and Conclusion Threats to Cloud Computing Bibliography List of Threats to Cloud Computing [4] III 5 Data Loss or Leakage: Effected Services:- IaaS, PaaS, SaaS: - Deletion or alteration of records without a backup of the original content. - Unlinking a record from a larger context may render it unrecoverable. - Unauthorized parties must be prevented from gaining access to sensitive data. - Examples: Insufficient authentication, authorization and audit (AAA) controls Ankit Singh The Security and Privacy Threats to Cloud Computing
Introduction to Cloud Computing Cloud Computing Example In-depth Security Analysis for Cloud Computing [2] Three Cloud Service Models Project for Trustworthy Cloud Computing and Conclusion Threats to Cloud Computing Bibliography List of Threats to Cloud Computing [4] IV 6 Account or Service Hijacking: Effected Services:- IaaS, PaaS, SaaS: - Attack methods such as phishing, fraud and exploitation of software vulnerabilities still achieve results. Credentials and passwords are often reused. 7 Unknown Risk Profile: Effected Services:- IaaS, PaaS, SaaS: - Versions of software, code updates, security practices, vulnerability profiles, intrusion attempts are the factors for estimating company’s security posture. - Some questions which need to addressed like how data and related logs are stored and who has access to them? what information may be disclosed in case of security breach? etc. Ankit Singh The Security and Privacy Threats to Cloud Computing
Introduction to Cloud Computing Security weakness in Cloud Computing In-depth Security Analysis for Cloud Computing [2] Data protection requirements for cloud computing services Project for Trustworthy Cloud Computing and Conclusion Government and the Cloud Bibliography Security weakness in Cloud Computing I Cloud Providers fail to provide encryption to their users: - Cloud service providers not providing encrypted access to their Web applications Man in the middle attacks: -Attackers redirects traffic between a client and a server through him. - Achieved by forging DNS packets, DNS cache poisoning, or ARP spoofing. - Prevention: DNSSEC and HTTPS/TLS are two technologies which can prevent this attack. Ankit Singh The Security and Privacy Threats to Cloud Computing
Introduction to Cloud Computing Security weakness in Cloud Computing In-depth Security Analysis for Cloud Computing [2] Data protection requirements for cloud computing services Project for Trustworthy Cloud Computing and Conclusion Government and the Cloud Bibliography Security weakness in Cloud Computing II Data encryption caveats: - Where will the encryption key be stored? - Where will the encryption and decryption processes be performed? User interface attacks: - A Web browser is used for accessing Web applications. Thus, browser’s user interface becomes an important security factor. - Example: An attacker tries to fool the user into thinking that she is visiting a real website instead of a forgery. Techniques used here include fake HTTPS lock icons. Ankit Singh The Security and Privacy Threats to Cloud Computing
Introduction to Cloud Computing Security weakness in Cloud Computing In-depth Security Analysis for Cloud Computing [2] Data protection requirements for cloud computing services Project for Trustworthy Cloud Computing and Conclusion Government and the Cloud Bibliography Research Recommendations by ENISA [5] I Research recommendations by European Network and Information Security Agency (ENISA): Building Trust in the Cloud: Certification processes and standards for clouds: COBIT (52), ITIL (53) etc. Metrics for security in cloud computing Effects of different forms of reporting breaches on security Increasing transparency while maintaining appropriate levels of security End-to-end data confidentiality Extending cloud-based trust to client-based data and applications Data Protection in Large-Scale Cross-Organizational Systems: Ankit Singh The Security and Privacy Threats to Cloud Computing
Introduction to Cloud Computing Security weakness in Cloud Computing In-depth Security Analysis for Cloud Computing [2] Data protection requirements for cloud computing services Project for Trustworthy Cloud Computing and Conclusion Government and the Cloud Bibliography Research Recommendations by ENISA [5] II Data destruction and lifecycle management Integrity Verification - of backups and archives in the cloud and their version management Forensics and evidence gathering mechanisms Incident resolution and rules of evidence International differences in relevant regulations, including data protection and privacy i.e legal means to facilitate the smooth functioning of multi-national cloud infrastructures. Lage-Scale Computer Systems Engineering: Security in depth within large-scale distributed computer systems Security services in the cloud i.e adaptation of traditional security perimeter control technologies to the cloud like HSM, web filters, firewalls, IDS etc. Ankit Singh The Security and Privacy Threats to Cloud Computing
Introduction to Cloud Computing Security weakness in Cloud Computing In-depth Security Analysis for Cloud Computing [2] Data protection requirements for cloud computing services Project for Trustworthy Cloud Computing and Conclusion Government and the Cloud Bibliography Research Recommendations by ENISA [5] III Resource isolation mechanisms - data, processing, memory, logs, etc. Interoperability between cloud providers Portability of VM, data and VM security settings from one cloud provider to another (to avoid vendor lock-in), and maintaining state and session in VM backups. Standardization of interfaces to feed data, applications and whole systems to the cloud. Resource (bandwidth and CPU, etc) provisioning and allocation at scale (elasticity) Scalable security management (policy and operating procedures) within cloud platforms Ankit Singh The Security and Privacy Threats to Cloud Computing
Introduction to Cloud Computing Security weakness in Cloud Computing In-depth Security Analysis for Cloud Computing [2] Data protection requirements for cloud computing services Project for Trustworthy Cloud Computing and Conclusion Government and the Cloud Bibliography Government and the Cloud [2] I United States: One of the most important legal tools used by the U.S. Government to force cloud providers to hand them users’ private data is the third-party doctrine. Other relevant laws include the Wiretap Act, the All Writs Act and the Foreign Intelligence Surveillance Act. Example: Facebook can provide complete profile information and uploaded photos to law enforcement irrespective of her privacy Ankit Singh The Security and Privacy Threats to Cloud Computing
Introduction to Cloud Computing Security weakness in Cloud Computing In-depth Security Analysis for Cloud Computing [2] Data protection requirements for cloud computing services Project for Trustworthy Cloud Computing and Conclusion Government and the Cloud Bibliography Government and the Cloud [2] II Germany: §§111 and 112 of the 2004 Telecommunications Act (Telekommunikationsgesetz in German) allow the government to force telecommunication service providers (which include cloud service providers like webmail) to hand over information such as a customer’s name, address, birthdate, and email address, without a court order, through an automated query system that includes a search function in case law enforcement has incomplete request data. Example: court-ordered surveillance in Germany is the Java Anonymous Proxy (JAP), which is an open source software for anonymously browsing websites. Ankit Singh The Security and Privacy Threats to Cloud Computing
Introduction to Cloud Computing In-depth Security Analysis for Cloud Computing [2] The TClouds Project Project for Trustworthy Cloud Computing and Conclusion Conclusion of the Talk Bibliography The TClouds Project I Trustworthy Clouds - TClouds is a European Commission funded project. GOAL: To develop a trustworthy cloud computing infrastructure, which enables a comprehensible and audit proof processing of personal or otherwise sensitive data in a cloud without limiting the solution to just a physically separated private cloud [6]. Target Scenarios: Energy Sector: Potugal’s leading energy supplier Energias de Portugal (EDP) and electronics company EFACEC in field of smart power grid Healthcare Sector: Italian hospital San Raffaele in Milano Ankit Singh The Security and Privacy Threats to Cloud Computing
Introduction to Cloud Computing In-depth Security Analysis for Cloud Computing [2] The TClouds Project Project for Trustworthy Cloud Computing and Conclusion Conclusion of the Talk Bibliography The TClouds Project II Techinical Implementation: Focuses on communication protocols between different cloud service providers, new open security standards, APIs and effective management components for cloud security. Ankit Singh The Security and Privacy Threats to Cloud Computing
Introduction to Cloud Computing In-depth Security Analysis for Cloud Computing [2] The TClouds Project Project for Trustworthy Cloud Computing and Conclusion Conclusion of the Talk Bibliography Conclusion I Cloud computing is a upcoming field due to attractive services provided by cloud computing service providers. Privacy and data security are the biggest challenges when it comes to storing and processing critical business or personal data in a cloud. There are many challenges that we can only face if we understand what we are dealing with, how it may a affect us and which possible solutions exist. We must convince cloud providers and users of the importance of implementing available security technologies. Ankit Singh The Security and Privacy Threats to Cloud Computing
Introduction to Cloud Computing In-depth Security Analysis for Cloud Computing [2] The TClouds Project Project for Trustworthy Cloud Computing and Conclusion Conclusion of the Talk Bibliography Conclusion II The requirements of national and international data protection laws are a major concern. As a consequence, this leads to a stronger market growth of just so-called private and community clouds which are aligned more to the specific requirements of single customers or a narrowly defined user group. The data which are sensitive and private should be avoided to put on the cloud due to current security threats. Ankit Singh The Security and Privacy Threats to Cloud Computing
Introduction to Cloud Computing In-depth Security Analysis for Cloud Computing [2] Project for Trustworthy Cloud Computing and Conclusion Bibliography Bibliography I SWISS - Guide to cloud computing, Federal Data Protection and Information Commissioner FDPIC. Security, Privacy and Cloud Computing, Jose Tomas Robles Hahn, Future Internet Seminar - Winter Term 2010/2011, Chair for Network Architectures and Services, Faculty of Computer Science, Technische Universit¨t M¨nchen. a u National Institute of Standards and Technology, U.S. Department of Commerce, Guidelines on Securtiy and Privacy in Public Cloud Computing, Wayne Jansen, Timothy Grance. Top Threats to Cloud Computing 2010, Prepared by the Cloud Security Alliance, March 2010 Cloud Computing, Benefits, risks and recommendations for information security, European Network and Information Security Agency. Trustworthy Clouds (TClouds) - Privacy meets Innovation by Eva Schlehahn and Marit Hansen, Independent Centre for Privacy Protection Schleswig-Holstein, Germany. Cloud security alliance (CSA) https://cloudsecurityalliance.org/ Last Access: April 23, 2012 Ankit Singh The Security and Privacy Threats to Cloud Computing

Recomendados

Cloud Encryption
Cloud EncryptionCloud Encryption
Cloud Encryption
RituparnaNag
 
Security & Privacy in Cloud Computing
Security & Privacy in Cloud ComputingSecurity & Privacy in Cloud Computing
Security & Privacy in Cloud Computing
John D. Johnson
 
Security Issues in Cloud Computing
Security Issues in Cloud ComputingSecurity Issues in Cloud Computing
Security Issues in Cloud Computing
Jyotika Pandey
 
security Issues of cloud computing
security Issues of cloud computingsecurity Issues of cloud computing
security Issues of cloud computing
prachupanchal
 
SOME SECURITY CHALLENGES IN CLOUD COMPUTING
SOME SECURITY CHALLENGES IN CLOUD COMPUTINGSOME SECURITY CHALLENGES IN CLOUD COMPUTING
SOME SECURITY CHALLENGES IN CLOUD COMPUTING
Hoang Nguyen
 
Cloud Computing & Security Concerns
Cloud Computing & Security ConcernsCloud Computing & Security Concerns
Cloud Computing & Security Concerns
University of San Francisco
 
Data Confidentiality in Cloud Computing
Data Confidentiality in Cloud ComputingData Confidentiality in Cloud Computing
Data Confidentiality in Cloud Computing
Ritesh Dwivedi
 
Security and Privacy in Cloud Computing - a High-level view
Security and Privacy in Cloud Computing - a High-level viewSecurity and Privacy in Cloud Computing - a High-level view
Security and Privacy in Cloud Computing - a High-level view
ragibhasan
 

Recomendados

Cloud Encryption
Cloud EncryptionCloud Encryption
Cloud Encryption
RituparnaNag
 
Security & Privacy in Cloud Computing
Security & Privacy in Cloud ComputingSecurity & Privacy in Cloud Computing
Security & Privacy in Cloud Computing
John D. Johnson
 
Security Issues in Cloud Computing
Security Issues in Cloud ComputingSecurity Issues in Cloud Computing
Security Issues in Cloud Computing
Jyotika Pandey
 
security Issues of cloud computing
security Issues of cloud computingsecurity Issues of cloud computing
security Issues of cloud computing
prachupanchal
 
SOME SECURITY CHALLENGES IN CLOUD COMPUTING
SOME SECURITY CHALLENGES IN CLOUD COMPUTINGSOME SECURITY CHALLENGES IN CLOUD COMPUTING
SOME SECURITY CHALLENGES IN CLOUD COMPUTING
Hoang Nguyen
 
Cloud Computing & Security Concerns
Cloud Computing & Security ConcernsCloud Computing & Security Concerns
Cloud Computing & Security Concerns
University of San Francisco
 
Data Confidentiality in Cloud Computing
Data Confidentiality in Cloud ComputingData Confidentiality in Cloud Computing
Data Confidentiality in Cloud Computing
Ritesh Dwivedi
 
Security and Privacy in Cloud Computing - a High-level view
Security and Privacy in Cloud Computing - a High-level viewSecurity and Privacy in Cloud Computing - a High-level view
Security and Privacy in Cloud Computing - a High-level view
ragibhasan
 
Cloud Computing v.s. Cyber Security
Cloud Computing v.s. Cyber Security Cloud Computing v.s. Cyber Security
Cloud Computing v.s. Cyber Security
Bahtiyar Bircan
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
Falgun Rathod
 
Cloud computing security from single to multi clouds
Cloud computing security from single to multi cloudsCloud computing security from single to multi clouds
Cloud computing security from single to multi clouds
Cholavaram Sai
 
Cloud computing security
Cloud computing security Cloud computing security
Cloud computing security
Akhila Param
 
Cloud with Cyber Security
Cloud with Cyber SecurityCloud with Cyber Security
Cloud with Cyber Security
Niki Upadhyay
 
Cloud Computing Security From Single To Multicloud
Cloud Computing Security From Single To MulticloudCloud Computing Security From Single To Multicloud
Cloud Computing Security From Single To Multicloud
Sandip Karale
 
On technical security issues in cloud computing
On technical security issues in cloud computingOn technical security issues in cloud computing
On technical security issues in cloud computing
sashi799
 
Cloud computing security
Cloud computing securityCloud computing security
Cloud computing security
Gahya Pandian
 
Authentication cloud
Authentication cloudAuthentication cloud
Authentication cloud
vidhya dharmarajan
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security Challenges
Yateesh Yadav
 
Cloud computing and its security issues
Cloud computing and its security issuesCloud computing and its security issues
Cloud computing and its security issues
Jyoti Srivastava
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURE
acijjournal
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud Computing
Rohit Buddabathina
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
Kresimir Popovic
 
Cloud Computing and Security - ISACA Hyderabad Chapter Presentation
Cloud Computing and Security - ISACA Hyderabad Chapter PresentationCloud Computing and Security - ISACA Hyderabad Chapter Presentation
Cloud Computing and Security - ISACA Hyderabad Chapter Presentation
Venkateswar Reddy Melachervu
 
Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computing
Abhishek Kumar Sinha
 
Cloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” reportCloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” report
Vivek Maurya
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Dhaval Dave
 
Cloud computing security from single to multiple
Cloud computing security from single to multipleCloud computing security from single to multiple
Cloud computing security from single to multiple
Kiran Kumar
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Piyush Mittal
 
Security & Privacy In Cloud Computing
Security & Privacy In Cloud ComputingSecurity & Privacy In Cloud Computing
Security & Privacy In Cloud Computing
saurabh soni
 
Lecture01: Introduction to Security and Privacy in Cloud Computing
Lecture01: Introduction to Security and Privacy in Cloud ComputingLecture01: Introduction to Security and Privacy in Cloud Computing
Lecture01: Introduction to Security and Privacy in Cloud Computing
ragibhasan
 

Mais conteúdo relacionado

Mais procurados

Cloud computing security from single to multi clouds
Cloud computing security from single to multi cloudsCloud computing security from single to multi clouds
Cloud computing security from single to multi clouds
Cholavaram Sai
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURE
acijjournal
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud Computing
Rohit Buddabathina
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
Kresimir Popovic
 
Cloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” reportCloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” report
Vivek Maurya
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Dhaval Dave
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Piyush Mittal
 

Mais procurados (20)

Cloud Computing v.s. Cyber Security
Cloud Computing v.s. Cyber Security Cloud Computing v.s. Cyber Security
Cloud Computing v.s. Cyber Security
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
 
Cloud computing security from single to multi clouds
Cloud computing security from single to multi cloudsCloud computing security from single to multi clouds
Cloud computing security from single to multi clouds
 
Cloud computing security
Cloud computing security Cloud computing security
Cloud computing security
 
Cloud with Cyber Security
Cloud with Cyber SecurityCloud with Cyber Security
Cloud with Cyber Security
 
Cloud Computing Security From Single To Multicloud
Cloud Computing Security From Single To MulticloudCloud Computing Security From Single To Multicloud
Cloud Computing Security From Single To Multicloud
 
On technical security issues in cloud computing
On technical security issues in cloud computingOn technical security issues in cloud computing
On technical security issues in cloud computing
 
Cloud computing security
Cloud computing securityCloud computing security
Cloud computing security
 
Authentication cloud
Authentication cloudAuthentication cloud
Authentication cloud
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security Challenges
 
Cloud computing and its security issues
Cloud computing and its security issuesCloud computing and its security issues
Cloud computing and its security issues
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURE
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud Computing
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
 
Cloud Computing and Security - ISACA Hyderabad Chapter Presentation
Cloud Computing and Security - ISACA Hyderabad Chapter PresentationCloud Computing and Security - ISACA Hyderabad Chapter Presentation
Cloud Computing and Security - ISACA Hyderabad Chapter Presentation
 
Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computing
 
Cloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” reportCloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” report
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Cloud computing security from single to multiple
Cloud computing security from single to multipleCloud computing security from single to multiple
Cloud computing security from single to multiple
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 

Destaque

Dane presentation
Dane presentationDane presentation
Dane presentation
Ankit Singh
 
TINYOS Oscilloscope Application
TINYOS Oscilloscope ApplicationTINYOS Oscilloscope Application
TINYOS Oscilloscope Application
Ankit Singh
 
Mote Mote Radio Communication
Mote Mote Radio CommunicationMote Mote Radio Communication
Mote Mote Radio Communication
Ankit Singh
 
Restricted Usage of Anonymous Credentials in VANET for Misbehaviour Detection
Restricted Usage of Anonymous Credentials in VANET for Misbehaviour DetectionRestricted Usage of Anonymous Credentials in VANET for Misbehaviour Detection
Restricted Usage of Anonymous Credentials in VANET for Misbehaviour Detection
Ankit Singh
 
MicazXpl Intelligent Sensors Network Project Presentation
MicazXpl Intelligent Sensors Network Project PresentationMicazXpl Intelligent Sensors Network Project Presentation
MicazXpl Intelligent Sensors Network Project Presentation
Ankit Singh
 
DO-178B/ED-12B Presentation
DO-178B/ED-12B PresentationDO-178B/ED-12B Presentation
DO-178B/ED-12B Presentation
Ankit Singh
 
Indian German Unity
Indian German UnityIndian German Unity
Indian German Unity
Ankit Singh
 

Destaque (20)

Security & Privacy In Cloud Computing
Security & Privacy In Cloud ComputingSecurity & Privacy In Cloud Computing
Security & Privacy In Cloud Computing
 
Lecture01: Introduction to Security and Privacy in Cloud Computing
Lecture01: Introduction to Security and Privacy in Cloud ComputingLecture01: Introduction to Security and Privacy in Cloud Computing
Lecture01: Introduction to Security and Privacy in Cloud Computing
 
The Security and Privacy Requirements in VANET
The Security and Privacy Requirements in VANETThe Security and Privacy Requirements in VANET
The Security and Privacy Requirements in VANET
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
 
Dane presentation
Dane presentationDane presentation
Dane presentation
 
Simple Railroad Command Protocol
Simple Railroad Command ProtocolSimple Railroad Command Protocol
Simple Railroad Command Protocol
 
Design Alternative for Parallel Systems
Design Alternative for Parallel SystemsDesign Alternative for Parallel Systems
Design Alternative for Parallel Systems
 
TINYOS Oscilloscope Application
TINYOS Oscilloscope ApplicationTINYOS Oscilloscope Application
TINYOS Oscilloscope Application
 
Mote Mote Radio Communication
Mote Mote Radio CommunicationMote Mote Radio Communication
Mote Mote Radio Communication
 
Restricted Usage of Anonymous Credentials in VANET for Misbehaviour Detection
Restricted Usage of Anonymous Credentials in VANET for Misbehaviour DetectionRestricted Usage of Anonymous Credentials in VANET for Misbehaviour Detection
Restricted Usage of Anonymous Credentials in VANET for Misbehaviour Detection
 
MicazXpl Intelligent Sensors Network Project Presentation
MicazXpl Intelligent Sensors Network Project PresentationMicazXpl Intelligent Sensors Network Project Presentation
MicazXpl Intelligent Sensors Network Project Presentation
 
DO-178B/ED-12B Presentation
DO-178B/ED-12B PresentationDO-178B/ED-12B Presentation
DO-178B/ED-12B Presentation
 
Security Vision for Software on Wheels (Autonomous Vehicles)
Security Vision for Software on Wheels (Autonomous Vehicles)Security Vision for Software on Wheels (Autonomous Vehicles)
Security Vision for Software on Wheels (Autonomous Vehicles)
 
Software Fault Tolerance
Software Fault ToleranceSoftware Fault Tolerance
Software Fault Tolerance
 
Anti Collision Railways System
Anti Collision Railways SystemAnti Collision Railways System
Anti Collision Railways System
 
Indian German Unity
Indian German UnityIndian German Unity
Indian German Unity
 
Cloud Security Overview
Cloud Security OverviewCloud Security Overview
Cloud Security Overview
 
CSA Research: Mitigating Cloud Threats
CSA Research: Mitigating Cloud ThreatsCSA Research: Mitigating Cloud Threats
CSA Research: Mitigating Cloud Threats
 
Sofia Linux Bg Presentation 2009 09 26
Sofia Linux Bg Presentation 2009 09 26Sofia Linux Bg Presentation 2009 09 26
Sofia Linux Bg Presentation 2009 09 26
 

Semelhante a The Security and Privacy Threats to Cloud Computing

Security policy enforcement in cloud infrastructure
Security policy enforcement in cloud infrastructureSecurity policy enforcement in cloud infrastructure
Security policy enforcement in cloud infrastructure
csandit
 
SECURITY POLICY ENFORCEMENT IN CLOUD INFRASTRUCTURE
SECURITY POLICY ENFORCEMENT IN CLOUD INFRASTRUCTURESECURITY POLICY ENFORCEMENT IN CLOUD INFRASTRUCTURE
SECURITY POLICY ENFORCEMENT IN CLOUD INFRASTRUCTURE
cscpconf
 
A STUDY OF THE ISSUES AND SECURITY OF CLOUD COMPUTING
A STUDY OF THE ISSUES AND SECURITY OF CLOUD COMPUTINGA STUDY OF THE ISSUES AND SECURITY OF CLOUD COMPUTING
A STUDY OF THE ISSUES AND SECURITY OF CLOUD COMPUTING
Er Piyush Gupta IN ⊞⌘
 
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud ComputingChallenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
ijcnes
 
A220113
A220113A220113
A220113
irjes
 
The Riisk and Challllenges off Clloud Computtiing
The Riisk and Challllenges off Clloud ComputtiingThe Riisk and Challllenges off Clloud Computtiing
The Riisk and Challllenges off Clloud Computtiing
IJERA Editor
 
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTUREA SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
IJNSA Journal
 
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTUREA SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
IJNSA Journal
 

Semelhante a The Security and Privacy Threats to Cloud Computing (20)

D32035052
D32035052D32035052
D32035052
 
D32035052
D32035052D32035052
D32035052
 
Review on Security Techniques using Cloud Computing
Review on Security Techniques using Cloud ComputingReview on Security Techniques using Cloud Computing
Review on Security Techniques using Cloud Computing
 
Eb31854857
Eb31854857Eb31854857
Eb31854857
 
Security policy enforcement in cloud infrastructure
Security policy enforcement in cloud infrastructureSecurity policy enforcement in cloud infrastructure
Security policy enforcement in cloud infrastructure
 
SECURITY POLICY ENFORCEMENT IN CLOUD INFRASTRUCTURE
SECURITY POLICY ENFORCEMENT IN CLOUD INFRASTRUCTURESECURITY POLICY ENFORCEMENT IN CLOUD INFRASTRUCTURE
SECURITY POLICY ENFORCEMENT IN CLOUD INFRASTRUCTURE
 
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computingIjirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
 
Ijaprr vol1-1-1-5dr tejinder
Ijaprr vol1-1-1-5dr tejinderIjaprr vol1-1-1-5dr tejinder
Ijaprr vol1-1-1-5dr tejinder
 
489 493
489 493489 493
489 493
 
Ijaprr vol1-1-1-5dr tejinder
Ijaprr vol1-1-1-5dr tejinderIjaprr vol1-1-1-5dr tejinder
Ijaprr vol1-1-1-5dr tejinder
 
A STUDY OF THE ISSUES AND SECURITY OF CLOUD COMPUTING
A STUDY OF THE ISSUES AND SECURITY OF CLOUD COMPUTINGA STUDY OF THE ISSUES AND SECURITY OF CLOUD COMPUTING
A STUDY OF THE ISSUES AND SECURITY OF CLOUD COMPUTING
 
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud ComputingChallenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
 
Understanding Cloud Computing
Understanding Cloud ComputingUnderstanding Cloud Computing
Understanding Cloud Computing
 
A220113
A220113A220113
A220113
 
The Riisk and Challllenges off Clloud Computtiing
The Riisk and Challllenges off Clloud ComputtiingThe Riisk and Challllenges off Clloud Computtiing
The Riisk and Challllenges off Clloud Computtiing
 
Paper published
Paper published Paper published
Paper published
 
H046053944
H046053944H046053944
H046053944
 
Security of Cloud Computing Survey
Security of Cloud Computing SurveySecurity of Cloud Computing Survey
Security of Cloud Computing Survey
 
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTUREA SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
 
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTUREA SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
 

Mais de Ankit Singh

Toilet etiquettes
Toilet etiquettesToilet etiquettes
Toilet etiquettes
Ankit Singh
 

Mais de Ankit Singh (7)

IoT in Mining for Sensing, Monitoring and Prediction of Underground Mines Roo...
IoT in Mining for Sensing, Monitoring and Prediction of Underground Mines Roo...IoT in Mining for Sensing, Monitoring and Prediction of Underground Mines Roo...
IoT in Mining for Sensing, Monitoring and Prediction of Underground Mines Roo...
 
Parallex - The Supercomputer
Parallex - The SupercomputerParallex - The Supercomputer
Parallex - The Supercomputer
 
Cooperative Linux
Cooperative LinuxCooperative Linux
Cooperative Linux
 
Master Teset Specification SRCP
Master Teset Specification SRCPMaster Teset Specification SRCP
Master Teset Specification SRCP
 
Micazxpl - Intelligent Sensors Network project report
Micazxpl - Intelligent Sensors Network project reportMicazxpl - Intelligent Sensors Network project report
Micazxpl - Intelligent Sensors Network project report
 
Toilet etiquettes
Toilet etiquettesToilet etiquettes
Toilet etiquettes
 
TinyOS installation Guide And Manual
TinyOS installation Guide And ManualTinyOS installation Guide And Manual
TinyOS installation Guide And Manual
 

Último

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 

Último (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 

The Security and Privacy Threats to Cloud Computing

  • 1. Introduction to Cloud Computing In-depth Security Analysis for Cloud Computing [2] Project for Trustworthy Cloud Computing and Conclusion Bibliography The Security and Privacy Threats to Cloud Computing Ankit Singh Frankfurt am Main, Germany April 23, 2012 Ankit Singh The Security and Privacy Threats to Cloud Computing
  • 2. Introduction to Cloud Computing In-depth Security Analysis for Cloud Computing [2] Project for Trustworthy Cloud Computing and Conclusion Bibliography 1 Introduction to Cloud Computing Cloud Computing Example Three Cloud Service Models Threats to Cloud Computing 2 In-depth Security Analysis for Cloud Computing [2] Security weakness in Cloud Computing Data protection requirements for cloud computing services Government and the Cloud 3 Project for Trustworthy Cloud Computing and Conclusion The TClouds Project Conclusion of the Talk 4 Bibliography Ankit Singh The Security and Privacy Threats to Cloud Computing
  • 3. Introduction to Cloud Computing Cloud Computing Example In-depth Security Analysis for Cloud Computing [2] Three Cloud Service Models Project for Trustworthy Cloud Computing and Conclusion Threats to Cloud Computing Bibliography Quick Introduction to Cloud Computing I “Cloud computing is a term from information technology (IT) and means that software, memory capacity and computer power can be accessed via a network, for instance, the Internet or within a Virtual Private Network (VPN), as and when it is needed. The IT landscape (e.g. data processing centre, data storage facilities, e-mail and collaboration software, development environments and special software such as Customer Relationship Management [CRM]) is no longer owned and run by the company or institution, but is a service which can be rented from one or more cloud service providers” [1] Ankit Singh The Security and Privacy Threats to Cloud Computing
  • 4. Introduction to Cloud Computing Cloud Computing Example In-depth Security Analysis for Cloud Computing [2] Three Cloud Service Models Project for Trustworthy Cloud Computing and Conclusion Threats to Cloud Computing Bibliography Cloud Computing Example I Figure: Cloud Computing Example (adapted from wikipedia) Ankit Singh The Security and Privacy Threats to Cloud Computing
  • 5. Introduction to Cloud Computing Cloud Computing Example In-depth Security Analysis for Cloud Computing [2] Three Cloud Service Models Project for Trustworthy Cloud Computing and Conclusion Threats to Cloud Computing Bibliography Three Cloud Service Models [1] [2] I Software as a Service (SaaS): Users as consumers. e.g. Accounting, collaboration tools, CRM etc. Platform as Service (PaaS): Data processing services. e.g Google App Engine and Microsoft Azure Platform. Infrastructure as Service (IaaS): Hosting services. e.g webspaces like Amazon EC2, Go Daddy etc. - The Cloud Computing Service models viewed as layers in same sequence shown above. - These models are deployed on top of cloud infrastructure as defined by NIST’s [3]. Ankit Singh The Security and Privacy Threats to Cloud Computing
  • 6. Introduction to Cloud Computing Cloud Computing Example In-depth Security Analysis for Cloud Computing [2] Three Cloud Service Models Project for Trustworthy Cloud Computing and Conclusion Threats to Cloud Computing Bibliography List of Threats to Cloud Computing [4] I 1 Abuse of Cloud computing: Effected Services:- Iaas, PaaS: - Absuing service due to anonymity due to loose registration and validation process. - Adversaries usage the models for spamming, writing malicious code etc. 2 Insecure Interfaces and APIs: Effected Services:- IaaS, Paas, SaaS: - Interfaces or APIs provided by service providers to customers to manage and interact with cloud services. - The security and availability of cloud services is dependent upon the security of these basic API’s. - Interfaces must be designed to protect against accidental and malicious attempts to mislead the policy. Ankit Singh The Security and Privacy Threats to Cloud Computing
  • 7. Introduction to Cloud Computing Cloud Computing Example In-depth Security Analysis for Cloud Computing [2] Three Cloud Service Models Project for Trustworthy Cloud Computing and Conclusion Threats to Cloud Computing Bibliography List of Threats to Cloud Computing [4] II 3 Malicious Insiders: Effected Services:- Iaas, Paas, SaaS: - An adversary can harvest confidential data or gain complete controls over cloud services depending on the level of access. 4 Shared Technology Issues: Effected Services:- IaaS: - The disk partitions, CPU caches and GPUs and other shared elements were never designed for strong compartmentalization. - A virtualization hypervisor addresses this gap which mediates access between guest operating systems and physical compute resources. - The hypervisors have the flaw which may result in gaining inappropriate levels of control or influence on the underlying platform. Ankit Singh The Security and Privacy Threats to Cloud Computing
  • 8. Introduction to Cloud Computing Cloud Computing Example In-depth Security Analysis for Cloud Computing [2] Three Cloud Service Models Project for Trustworthy Cloud Computing and Conclusion Threats to Cloud Computing Bibliography List of Threats to Cloud Computing [4] III 5 Data Loss or Leakage: Effected Services:- IaaS, PaaS, SaaS: - Deletion or alteration of records without a backup of the original content. - Unlinking a record from a larger context may render it unrecoverable. - Unauthorized parties must be prevented from gaining access to sensitive data. - Examples: Insufficient authentication, authorization and audit (AAA) controls Ankit Singh The Security and Privacy Threats to Cloud Computing
  • 9. Introduction to Cloud Computing Cloud Computing Example In-depth Security Analysis for Cloud Computing [2] Three Cloud Service Models Project for Trustworthy Cloud Computing and Conclusion Threats to Cloud Computing Bibliography List of Threats to Cloud Computing [4] IV 6 Account or Service Hijacking: Effected Services:- IaaS, PaaS, SaaS: - Attack methods such as phishing, fraud and exploitation of software vulnerabilities still achieve results. Credentials and passwords are often reused. 7 Unknown Risk Profile: Effected Services:- IaaS, PaaS, SaaS: - Versions of software, code updates, security practices, vulnerability profiles, intrusion attempts are the factors for estimating company’s security posture. - Some questions which need to addressed like how data and related logs are stored and who has access to them? what information may be disclosed in case of security breach? etc. Ankit Singh The Security and Privacy Threats to Cloud Computing
  • 10. Introduction to Cloud Computing Security weakness in Cloud Computing In-depth Security Analysis for Cloud Computing [2] Data protection requirements for cloud computing services Project for Trustworthy Cloud Computing and Conclusion Government and the Cloud Bibliography Security weakness in Cloud Computing I Cloud Providers fail to provide encryption to their users: - Cloud service providers not providing encrypted access to their Web applications Man in the middle attacks: -Attackers redirects traffic between a client and a server through him. - Achieved by forging DNS packets, DNS cache poisoning, or ARP spoofing. - Prevention: DNSSEC and HTTPS/TLS are two technologies which can prevent this attack. Ankit Singh The Security and Privacy Threats to Cloud Computing
  • 11. Introduction to Cloud Computing Security weakness in Cloud Computing In-depth Security Analysis for Cloud Computing [2] Data protection requirements for cloud computing services Project for Trustworthy Cloud Computing and Conclusion Government and the Cloud Bibliography Security weakness in Cloud Computing II Data encryption caveats: - Where will the encryption key be stored? - Where will the encryption and decryption processes be performed? User interface attacks: - A Web browser is used for accessing Web applications. Thus, browser’s user interface becomes an important security factor. - Example: An attacker tries to fool the user into thinking that she is visiting a real website instead of a forgery. Techniques used here include fake HTTPS lock icons. Ankit Singh The Security and Privacy Threats to Cloud Computing
  • 12. Introduction to Cloud Computing Security weakness in Cloud Computing In-depth Security Analysis for Cloud Computing [2] Data protection requirements for cloud computing services Project for Trustworthy Cloud Computing and Conclusion Government and the Cloud Bibliography Research Recommendations by ENISA [5] I Research recommendations by European Network and Information Security Agency (ENISA): Building Trust in the Cloud: Certification processes and standards for clouds: COBIT (52), ITIL (53) etc. Metrics for security in cloud computing Effects of different forms of reporting breaches on security Increasing transparency while maintaining appropriate levels of security End-to-end data confidentiality Extending cloud-based trust to client-based data and applications Data Protection in Large-Scale Cross-Organizational Systems: Ankit Singh The Security and Privacy Threats to Cloud Computing
  • 13. Introduction to Cloud Computing Security weakness in Cloud Computing In-depth Security Analysis for Cloud Computing [2] Data protection requirements for cloud computing services Project for Trustworthy Cloud Computing and Conclusion Government and the Cloud Bibliography Research Recommendations by ENISA [5] II Data destruction and lifecycle management Integrity Verification - of backups and archives in the cloud and their version management Forensics and evidence gathering mechanisms Incident resolution and rules of evidence International differences in relevant regulations, including data protection and privacy i.e legal means to facilitate the smooth functioning of multi-national cloud infrastructures. Lage-Scale Computer Systems Engineering: Security in depth within large-scale distributed computer systems Security services in the cloud i.e adaptation of traditional security perimeter control technologies to the cloud like HSM, web filters, firewalls, IDS etc. Ankit Singh The Security and Privacy Threats to Cloud Computing
  • 14. Introduction to Cloud Computing Security weakness in Cloud Computing In-depth Security Analysis for Cloud Computing [2] Data protection requirements for cloud computing services Project for Trustworthy Cloud Computing and Conclusion Government and the Cloud Bibliography Research Recommendations by ENISA [5] III Resource isolation mechanisms - data, processing, memory, logs, etc. Interoperability between cloud providers Portability of VM, data and VM security settings from one cloud provider to another (to avoid vendor lock-in), and maintaining state and session in VM backups. Standardization of interfaces to feed data, applications and whole systems to the cloud. Resource (bandwidth and CPU, etc) provisioning and allocation at scale (elasticity) Scalable security management (policy and operating procedures) within cloud platforms Ankit Singh The Security and Privacy Threats to Cloud Computing
  • 15. Introduction to Cloud Computing Security weakness in Cloud Computing In-depth Security Analysis for Cloud Computing [2] Data protection requirements for cloud computing services Project for Trustworthy Cloud Computing and Conclusion Government and the Cloud Bibliography Government and the Cloud [2] I United States: One of the most important legal tools used by the U.S. Government to force cloud providers to hand them users’ private data is the third-party doctrine. Other relevant laws include the Wiretap Act, the All Writs Act and the Foreign Intelligence Surveillance Act. Example: Facebook can provide complete profile information and uploaded photos to law enforcement irrespective of her privacy Ankit Singh The Security and Privacy Threats to Cloud Computing
  • 16. Introduction to Cloud Computing Security weakness in Cloud Computing In-depth Security Analysis for Cloud Computing [2] Data protection requirements for cloud computing services Project for Trustworthy Cloud Computing and Conclusion Government and the Cloud Bibliography Government and the Cloud [2] II Germany: §§111 and 112 of the 2004 Telecommunications Act (Telekommunikationsgesetz in German) allow the government to force telecommunication service providers (which include cloud service providers like webmail) to hand over information such as a customer’s name, address, birthdate, and email address, without a court order, through an automated query system that includes a search function in case law enforcement has incomplete request data. Example: court-ordered surveillance in Germany is the Java Anonymous Proxy (JAP), which is an open source software for anonymously browsing websites. Ankit Singh The Security and Privacy Threats to Cloud Computing
  • 17. Introduction to Cloud Computing In-depth Security Analysis for Cloud Computing [2] The TClouds Project Project for Trustworthy Cloud Computing and Conclusion Conclusion of the Talk Bibliography The TClouds Project I Trustworthy Clouds - TClouds is a European Commission funded project. GOAL: To develop a trustworthy cloud computing infrastructure, which enables a comprehensible and audit proof processing of personal or otherwise sensitive data in a cloud without limiting the solution to just a physically separated private cloud [6]. Target Scenarios: Energy Sector: Potugal’s leading energy supplier Energias de Portugal (EDP) and electronics company EFACEC in field of smart power grid Healthcare Sector: Italian hospital San Raffaele in Milano Ankit Singh The Security and Privacy Threats to Cloud Computing
  • 18. Introduction to Cloud Computing In-depth Security Analysis for Cloud Computing [2] The TClouds Project Project for Trustworthy Cloud Computing and Conclusion Conclusion of the Talk Bibliography The TClouds Project II Techinical Implementation: Focuses on communication protocols between different cloud service providers, new open security standards, APIs and effective management components for cloud security. Ankit Singh The Security and Privacy Threats to Cloud Computing
  • 19. Introduction to Cloud Computing In-depth Security Analysis for Cloud Computing [2] The TClouds Project Project for Trustworthy Cloud Computing and Conclusion Conclusion of the Talk Bibliography Conclusion I Cloud computing is a upcoming field due to attractive services provided by cloud computing service providers. Privacy and data security are the biggest challenges when it comes to storing and processing critical business or personal data in a cloud. There are many challenges that we can only face if we understand what we are dealing with, how it may a affect us and which possible solutions exist. We must convince cloud providers and users of the importance of implementing available security technologies. Ankit Singh The Security and Privacy Threats to Cloud Computing
  • 20. Introduction to Cloud Computing In-depth Security Analysis for Cloud Computing [2] The TClouds Project Project for Trustworthy Cloud Computing and Conclusion Conclusion of the Talk Bibliography Conclusion II The requirements of national and international data protection laws are a major concern. As a consequence, this leads to a stronger market growth of just so-called private and community clouds which are aligned more to the specific requirements of single customers or a narrowly defined user group. The data which are sensitive and private should be avoided to put on the cloud due to current security threats. Ankit Singh The Security and Privacy Threats to Cloud Computing
  • 21. Introduction to Cloud Computing In-depth Security Analysis for Cloud Computing [2] Project for Trustworthy Cloud Computing and Conclusion Bibliography Bibliography I SWISS - Guide to cloud computing, Federal Data Protection and Information Commissioner FDPIC. Security, Privacy and Cloud Computing, Jose Tomas Robles Hahn, Future Internet Seminar - Winter Term 2010/2011, Chair for Network Architectures and Services, Faculty of Computer Science, Technische Universit¨t M¨nchen. a u National Institute of Standards and Technology, U.S. Department of Commerce, Guidelines on Securtiy and Privacy in Public Cloud Computing, Wayne Jansen, Timothy Grance. Top Threats to Cloud Computing 2010, Prepared by the Cloud Security Alliance, March 2010 Cloud Computing, Benefits, risks and recommendations for information security, European Network and Information Security Agency. Trustworthy Clouds (TClouds) - Privacy meets Innovation by Eva Schlehahn and Marit Hansen, Independent Centre for Privacy Protection Schleswig-Holstein, Germany. Cloud security alliance (CSA) https://cloudsecurityalliance.org/ Last Access: April 23, 2012 Ankit Singh The Security and Privacy Threats to Cloud Computing