Standards Acceleration to Jumpstart Adoption of Cloud Computing (SAJACC)
1. Standards Acceleration to Jumpstart
Adoption of Cloud Computing
(SAJACC)
Lee Badger
Tim Grance
May. 20, 2010
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov National Institute of
Standards and Technology
2. Outline
1 Brief review of clouds, and introduction to SAJACC.
(15 minutes)
2 Security issues in the cloud. (15 minutes)
3 Preliminary Cloud Computing Use Cases. (20 minutes)
4 Questions! (10 minutes)
more Note: Any mention of a vendor or product is NOT
feedback? an endorsement or recommendation.
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov 2 National Institute of
Standards and Technology
3. 1 Brief review of clouds, and introduction to SAJACC
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov 3 National Institute of
Standards and Technology
4. NIST Working Cloud Definition (1 of 3)
5 Key Characteristics
1 On-demand self service 4 Elasticity
$
$( × Jan Feb Mar …… Dec
)
renting takes minutes =
2 Ubiquitous network access
$( × Jan
)
rent it in any quantity
5 Resource pooling
anywhere / any device reduces cost
3 Metered use
= off off on
conserve resources
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov 4 National Institute of
Standards and Technology
5. NIST Working Cloud Definition (1 of 3)
5 Key Characteristics
1 On-demand self service 4 Elasticity
$
$( × Jan Feb Mar …… Dec
)
renting takes minutes =
2 Ubiquitous network access
$( × Jan
)
rent it in any quantity
5 Resource pooling
anywhere / any device reduces cost
3 Metered use
= off off on
conserve resources
where is my workload?
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov 5 National Institute of
Standards and Technology
6. NIST Working Cloud Definition (2 of 3)
3 Deployment Models
Cloud Provider Cloud Customer
Admin control Application e.g., mail Limited Admin control
1 Software Middleware e.g., .Net
as a Service
Total control Operating System No control
(SaaS)
Hardware
Application
2 Platform Admin control Limited programmability
as a Service Middleware
Operating System
(PaaS) Total control No control
Hardware
Application
3 Infrastructure Total control
No control Middleware
as a Service
(IaaS) Operating System
Hypervisor
Admin control No control
Hardware
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov 6 National Institute of
Standards and Technology
7. NIST Working Cloud Definition (3 of 3)
4 Delivery Models
Cloud Provider Infrastructure Cloud Customer Data Center
1 Private
management
2 Community
3 Public
4 Hybrid
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov 7 National Institute of
Standards and Technology
8. A Quick Trip Through the (simplified) API
Setting up: Steady state (simplified)
aws.amazon.com
create account RegisterImage
set password
email confirmation
PEM-encoded
RSA private key Configure Manage Configure Manage
TLS x.509 cert storage keypairs IP addresses Instances:
(routable) run
reboot
terminate
CreateKeyPair query
Use to talk with new VMs
DeregisterImage
Every operation digitally signed.
Credit: [8], aws.amazon.com [1] Every key pair public key stored in the cloud infrastructure.
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov 9 National Institute of
Standards and Technology
9. Important Cloud Computing
Requirements
• interoperability: clouds work together
• portability: workloads can move around
• security: customer workloads protected (to
the extent possible)
• Well-formulated standards could help, but…
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov 10 National Institute of
Standards and Technology
10. Standards Creation is Time Consuming
• Critical features (interoperability, portability)
require high quality, mature standards.
• But standards development is a consensus-
oriented process: often years to complete.
• Even longer for international standards.
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov 11 National Institute of
Standards and Technology
11. Shorter Term Standards Effort
• Until standards mature:
• What is needed is a process to test important cloud system
requirements --- NIST will provide that.
Portable
Interoperable
SAJACC Secure (as possible)
Standards Acceleration Jumpstarting Adoption of Cloud Computing
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov 12 National Institute of
Standards and Technology
12. SAJACC Communication Strategy
NIST will
deploy and
populate NIST Cloud Standards Portal
Use Cases specifications Standards
Development
Validated Organizations
Reference
Community
Specifications Implementations
Outreach
standards
• Populate a web portal that distributes cloud specifications
and reference implementations that are:
– Known to work for critical use cases (e.g., interoperability,
portability, bulk data transfer).
– Can be easily used by cloud service providers and consumers.
– Provide a basis for innovation i.e. are extensible.
• Enables future innovation.
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov 13 National Institute of
Standards and Technology
13. Populating the Portal
NIST Cloud Standards Portal
Use Cases
Validated Reference
Specifications Implementations
Three complementary activities, all performed in collaboration with other
agencies and standards development organizations:
(1) NIST inserts existing standards and de-facto interfaces as
specifications.
– NIST identifies and validates specifications using use cases.
(2) Organizations contribute open specifications.
– NIST receives and coordinates the prioritization of specifications, and
validates using use cases.
(3) NIST identifies gaps in cloud standards (and specifications) and
publishes the gaps on the portal: produces opportunity for outside
organizations to fill them.
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov 14 National Institute of
Standards and Technology
14. (1) NIST Inserts Existing Standards and De-facto
Interfaces
1
Initial Use Cases
NIST Cloud Standards Portal Provided by Gov.
Success? Use Cases 2
yes
Legacy
Validated specifications
Reference Identified by Gov.
4
Government-run Specifications Implementations
Validation Exercises
Spec 1 Test 1 3
Spec 2 Test 2 Proposed Reference Generate
…
Spec n
…
Test n Specifications Implementations Test cases
• specifications, use cases: provide insight on how clouds can work
• reference implementations: enable validation exercises
• continuously growing portal: new content added over time
• publically available: anyone can access
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov 15 National Institute of
Standards and Technology
15. (2) Organizations Contribute Open Specifications
1
Initial Use Cases
NIST Cloud Standards Portal Provided by Gov.
Success? Use Cases 2
yes
Legacy
Validated specifications
Reference Identified by Gov.
4
Government-run Specifications Implementations
Validation Exercises
Spec 1 Test 1 3
Spec 2 Test 2 Proposed Reference Organization-submitted
…
Spec n
…
Test n Specifications Implementations specifications
• continuously growing portal: new content added over time
• publically available: anyone can access or submit
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov 16 National Institute of
Standards and Technology
16. 2 Security issues in the cloud.
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov 17 National Institute of
Standards and Technology
17. Security is a Major Issue
[3]
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov 18 National Institute of
Standards and Technology
18. What is Security?
• Traditionally, approximately:
– confidentiality: your data not leaked
– integrity: your data or system not corrupted
– availability: your system keeps running
• What does this mean in the cloud?
– without user physical control
• Some issues
– with dynamically changing infrastructure
– secure access to the cloud
– protecting different users from one another
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov 19 National Institute of
Standards and Technology
19. Analyzing Cloud Security
• Some key issues:
– trust, multi-tenancy, encryption, compliance
• Clouds are massively complex systems
that can be reduced to simple primitives
that are replicated thousands of times and
common functional units
• Cloud security is a tractable problem
– There are both advantages and challenges
Former Intel CEO, Andy Grove: “only the paranoid survive”
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov 20 National Institute of
Standards and Technology
20. General Security Advantages
• Shifting public data to a external cloud
reduces the exposure of the internal
sensitive data
• Cloud homogeneity makes security
auditing/testing simpler
• Clouds enable automated security
management
• Redundancy / Disaster Recovery
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov 21 National Institute of
Standards and Technology
21. General Security Challenges
• Trusting vendor’s security model
• Customer inability to respond to audit findings
• Obtaining support for investigations
• Indirect administrator accountability
• Proprietary implementations can’t be examined
• Loss of physical control
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov 22 National Institute of
Standards and Technology
22. Data Storage Services
• Advantages
– Data fragmentation and dispersal
– Automated replication
– Provision of data zones (e.g., by country)
– Encryption at rest and in transit
– Automated data retention
• Challenges
– Isolation management / data multi-tenancy
– Storage controller
• Single point of failure / compromise?
– Exposure of data
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov 23 National Institute of
Standards and Technology
23. Cloud Processing Infrastructure
• Advantages
– Ability to secure masters and push out secure
images
• Challenges
– Application multi-tenancy
– Reliance on hypervisors
– Process isolation / Application sandboxes
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov 24 National Institute of
Standards and Technology
24. Additional Issues
• Issues with moving sensitive data to the cloud
– Privacy impact assessments
• Risk assessment
– Contingency planning and disaster recovery for cloud
implementations
– Using SLAs to obtain cloud security
• Suggested requirements for cloud SLAs
• Issues with cloud forensics
• Handling compliance
– FISMA
– HIPAA
– SOX
– PCI
– SAS 70 Audits
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov 25 National Institute of
Standards and Technology
25. Putting it Together
• Most clouds will require very strong
security controls
• All models of cloud may be used for
differing tradeoffs between threat
exposure and efficiency
• There is no one “cloud”. There are many
models and architectures.
• How does one choose?
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov 26 National Institute of
Standards and Technology
26. 3 Use Cases to drive portability, interoperability, security
in clouds
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov 27 National Institute of
Standards and Technology
27. Use Cases
Use Case: a description of how groups of users and their resources may
interact with one or more systems to achieve specific goals.
Goal
abstract add concrete details
use case Step 1 Step a Step I
Step 2 OR Step b OR Step j ...
… … …
case study
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov 28 National Institute of
Standards and Technology
28. Use Cases
Use Case: a description of how groups of users and their resources may
interact with one or more cloud computing systems to achieve specific goals.
Goal
abstract add concrete details
use case Step 1 Step a Step I
Step 2 OR Step b OR Step j ...
… … …
case study
Example:
Parent $
Bank
$
Student
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov 29 National Institute of
Standards and Technology
29. Preliminary Use Case Taxonomy for a
Public Cloud (focus on IaaS)
Portability Interoperability Security
File/Object System Job Control & Cloud-2-Cloud Admin Data Management
Like Programming • inter-cloud data transfer • SLA comparison • transfer data in
• sharing access • alloc/start/stop…1 • multi-hop data transfer • info discovery7 • transfer data out
• access by name • queueing1 • storage peering7 • user Acct mgmt • backup to cloud7
• access by pattern • horizontal • backup between clouds7 • compliance4 • restore from cloud7
• strong erase scaling of data/ • cloud broker4 • special security4 • archive/preservation
• cloud drive7 processing • cloud burst to cloud7
- synchronization • services • VM migration
• dynamic dispatch5
• fault-tolerant group
Note: these use cases are preliminary.
Credits: SNIA [7], aws.amazon.com [1], DMTF [4], libcloud [5]
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov 30 National Institute of
Standards and Technology
30. File/Object System Like
Sharing access Customer Provider data
grant‐cmd 2 other Customers
1
data Users
Access by name Customer read /foo/bar Compa&ble modes: read,
Provider write, append, truncate,
chown, chmod, chgrp, …
data
Access by pattern Customer query “pa>ern” Provider Specifying pa<erns, records.
Access control?
matching
records
Strong erase Customer erase‐cmd GeAng confidence?
Provider
Zero out, mul&‐pass?
“ok!”
DoD 5220‐22?
Cloud Drive Customer Provider Looks like a local disk
Synchroniza&on?
like NFS, AFS Security defaults?
credit: SNIA [7]
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov 31 National Institute of
Standards and Technology
31. Job Control and Programming
allocate
Alloc/start/stop compatibility, portability…
Configure Configure Manage
External Internal Instances:
deallocate Resources resources run, restart, terminate…
credit: aws.amazon.com [1]
Queue services (thread synchronization
in the large)
...
compatibility,
upstream workers downstream workers portability…
credit: aws.amazon.com [1]
Services like ordinary
hosting, but
with more
scale, less
“services” location
awareness.
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov 32 National Institute of
Standards and Technology
32. Cloud-2-Cloud
Inter-cloud Provider 1 Provider 2 Provider 1 Provider 2
data transfer Data Object Physical Data
Container
request request
request request
Customer Customer
Network Scenario Physical Scenario
protection of data in transit
verification of data received
some issues: coherent naming
compatible crypto
compatible access control metadata, ownership
Multi-hop Provider 1 Provider 2 Provider 1 Provider 2
inter-cloud Data Object Physical Data
Container
data transfer
request request
request request
Customer Customer
Network Scenario Physical Scenario
same issues, and in addition: after round trip, data is still as useful
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov 33 National Institute of
Standards and Technology
33. Cloud-2-Cloud (2)
Provider 1 Provider 2 need common policies
Storage common
some policies other for naming of data
peering client data client data objects, access
control, snapshot/
cloning, etc.
credit: SNIA [7] Customer
Backup/restore Provider 1 backup Provider 2
common archival
between client working backup format, procedures,
clouds data data
restore data protection in
transit, verification,
key management, …
credit: SNIA [7] Customer (an example of multi-hop)
Cloud broker Provider 1 Provider 2
(resources) (resources) broker could provide
a simple or stable
broker interface to customers,
(no resources) even when providers
change or have diverse
Customer APIs.
credit: DMTF [4]
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov 34 National Institute of
Standards and Technology
34. Cloud-2-Cloud (3)
Cloud Burst Customer Datacenter
Provider
1 vm1 vm2 ... vmN
need common policies
for naming of data
Customer Datacenter Provider
objects, access
2 vmN+1 vmN+2 vmN+M control, snapshot/
vm1 vm2 ... vmN
cloning, etc.
Customer Datacenter
3 Provider
vm1 vm2 ... vmN
VM migration Provider 1 Provider 2 dynamic config
of networks,
(suspend- vm1 vm2 ... vmN vm2 ... vmN VM formats
resume or (e.g., OVF [6]),
live) hypervisor
diversity…
Customer
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov 35 National Institute of
Standards and Technology
35. Cloud-2-Cloud (4)
API 1 wrappers for clouds
Dynamic dispatch cloud API 2 (e.g., libCloud)
Customer API access
…
library API N
credit: libCloud [5]
standardized fault
Fault-tolerant Customer transac&ons tolerance protocols,
group QOS requirements,
replicaYon etc.
concurrency control
nesYng
ACID properYes
byzanYne?
other…
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov 36 National Institute of
Standards and Technology
36. Admin
An SLA Template?
SLA
comparison Cloud Provider Limitations User Promises
SLA 1 Promises scheduled outages acceptable use policies
Customer ? SLA 2 availability
force majeure events
changes to the SLA
provided software
on-time payment
remedies for failure to perform
security
data preservation
SLA 3 legal care of customer info
service API changes
...
perhaps as a prelude to more detailed terms
that extend but do not contradict?
Info Discovery A search service that retrieves documents who gets notified?
subpoenaed for court. who bears costs?
timeliness?
credit: SNIA [7]
User Acct A cloud customer may have his/her own How to prevent “jar’ing” of
Mgmt customers, and a provider sometimes provides customer-customers when
SaaS-style customer management services. providers change?
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov 37 National Institute of
Standards and Technology
37. Admin (2)
Compliance Providers sometimes assert compliance with how can customers tell?
(HIPPA, PCI, Sarbanes-Oxley, FISMA)
credit: DMTF [4]
requirements.
Special E.g., a “mono-tenancy” requirement for a how can customers specify
Security customer’s workloads. and tell?
credit: DMTF [4]
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov 38 National Institute of
Standards and Technology
38. Data Management
Provider Provider • transfer data in
• transfer data out
Data Object Physical Data Container • backup to cloud
• restore from cloud
Customer Customer • archive/preservation
to cloud
Network Scenario Physical Scenario
protection in transit;
verification of correct data received;
correct naming;
initialization of access rules;
…
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov 39 National Institute of
Standards and Technology
39. References
[1] Amazon Web Services, aws.amazon.com.
[2] “Eucalyptus: A Technical Report on an Elastic Utility Computing Architecture Linking Your Programs to
Useful Systems”, UCSB Computer Science Technical Report Number 2008-10.
[3] IDC Enterprise Panel, August 2008 n=244
[4] “Interoperable Clouds, A White Paper from the Open Cloud Standards Incubator”, Distributed Management
Task Force, Version 1.0, DMTF Informational, Nov. 11, 2009, DSP-IS0101
[5] libcloud, http://incubator.apache.org/libcloud/
[6] “Open Virtualization Format Specification”, DMTF Document Number DSP0243, Version 1.0, Feb. 22, 2009.
[7] “Cloud Storage Use Cases”, Storage Network Industry Association, Version 0.5 rev 0, June 8, 2009.
[8] “Starting Amazon EC2 with Mac OS X”. Robert Sosinski. http://www.robertsosinski.com/2008/01/26
/starting-amazon-ec2-with-mac-os-x/
[9] “The Eucalyptus Open-source Cloud-computing System”, D. Nurmi, R. Wolski, C. Grzegorcyk, G. Obertelli,
S. Soman, L. Youseff, D. Zagorodnov, in Proceedings of Cloud Computing and Its Applications, Oct. 2008.
[10] “Ubuntu Enterprise Cloud Architecture”, S. Wardley, E. Goyer and N. Barcet, Technical White Paper, 2009,
www.canonical.com
Information Technology Laboratory NIST
Computer Security Division
cloudcomputing@nist.gov 40 National Institute of
Standards and Technology