SlideShare uma empresa Scribd logo

Cloud Security 2014 AASNET

Transferir como PPTX, PDF
Farrukh Shahzad
Farrukh Shahzad

Paper presentation "State-of-the-art Survey on Cloud Computing Security Challenges, Approaches and Solutions"

Educação
1 de 35
State-of-the-art Survey on Cloud Computing Security Challenges, Practices and Solutions Farrukh Shahzad King Fahd University of Petroleum and Minerals, Dhahran, KSA September 2014 The 6th International Symposium on Applications of Ad hoc and Sensor Networks (AASNET’14)
OUTLINE  Introduction  Cloud Computing Models  Security in the Cloud  Cloud Storage Security  Case Study: Amazon’s AWS Security  Implementation/Demo of SAFE  Conclusion 2
INTRODUCTION Cloud Computing: Highly scalable, technology-enabled services easily consumed over the Internet on an as-needed basis. Big Players: Amazon, Google, Microsoft, Yahoo, Sun, Salesforce.  Different implementation depends on type of Services: SAAS ,PAAS, IAAS, etc.  User data is processed and/or stored remotely in machines owned and operated by someone else.  Pros : Convenience, efficiency  Cons : Users’ fear of confidential data leakage and loss of privacy in the cloud.  Three main challenges in adapting Cloud Services:  How to identify a cloud provider that meet user’s privacy requirements?  How to establish a common privacy policy between the user and the provider?  Is the user’s data is actually handled as agreed by the parties? 3
CLOUD OVERVIEW 4
C L O U D C O M P U T I N G M O D E L 5 Essential Characteristics Service Models Deployment Models
C L O U D C O M P U T I N G C H A R A C T E R I S T I C S  Resource Pooling  Broad Network Access  Rapid Elasticity  Measured Service  On-demand Self-service 6
C L O U D S E R V I C E M O D E L S 7
C L O U D D E P L O Y M E N T M O D E L S  Public Cloud (Amazon AWS)  Private Cloud  Hybrid Cloud  Community Cloud 8
C L O U D S E C U R I T Y R I S K F A C T O R S  Outsourcing  Extensibility and Shared Responsibility  Virtualization  Multi-tenancy  Service Level Agreement  Heterogeneity 9
C L O U D S E C U R I T Y M AT R I X  Application & Interface Security  Audit Assurance & Compliance  Business Continuity Management & Operational Resilience  Change Control & Configuration Management  Data Security & Information Life-cycle Management  Data-center Security  Encryption & Key Management  Governance and Risk Management  Human Resources  Identity & Access Management  Infrastructure & Virtualization Security  Interoperability & Portability  Mobile Security  Security Incident Management, E-Discovery & Cloud  Forensics  Supply Chain Management, Transparency and Accountability  Threat and Vulnerability Management 10
S E C U R I T Y A S A S E R V I C E  Identity Services and Access Management Services  Data Loss Prevention (DLP)  Web Security  Email Security  Security Assessments  Intrusion Management, Detection, and Prevention  (IDS/IPS)  Security Information and Event Management (SIEM)  Encryption  Business Continuity and Disaster Recovery  Network Security 11
S O M E C L O U D S E C U R I T Y I S S U E S  The eDDoS (economic Distributed Denial of Service)  Economic Denial of Sustainability (EDoS)  Cloud Storage Security and Privacy 12
EDDO S  Distributed Denial of Service (DDoS) attacks target web sites, hosted applications or network infrastructures by absorbing all available bandwidth and disrupting access for legitimate customers and partners.  The eDDoS (economic Distributed Denial of Service) in cloud is due to the DDoS attack, where the service to the legitimate user is never restricted. This leads to Economic Denial of Sustainability (EDoS) as user will be billed for this undesired resources. 13
CLOUD STORAGE Cloud Storage Model  New business solution for remote backup outsourcing  Reduces data management costs  APIs, web based user interfaces, and cloud storage gateways. Cloud Storage Providers for individuals  iCloud  Dropbox  Google Drive  Amazon S3 14
CLOUD STORAGE Advantages of Cloud Storage  Fault tolerance  Immediate access  Streaming Problems  Access control  Assured deletion?  Multiple copies for fault tolerance 15
SECURITY GOALS  Threat Model:  Active files: Oscar should not be able to access the file.  Deleted files: if the files are actually deleted by the provider if requested.  Avoid unauthorized access  policy-based access control  Unrecoverable deleted files  policy based assured deletion 16
C A S E S T U D Y : A M A Z O N W E B S E R V I C E S  Compute (Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic MapReduce (Amazon EMR), Auto Scaling, Elastic Load Balancing)  Networking (Amazon Virtual Private Cloud (Amazon VPC), Amazon Route 53, AWS Direct Connect)  Storage (Amazon S3, Amazon Glacier, Amazon Elastic Block Storage (EBS), AWS Storage Gateway, AWS Import/Export)  Content Delivery - Amazon CloudFront  Database (Amazon Relational Database Service (Amazon RDS), Amazon DynamoDB, Amazon ElastiCache, Amazon Redshift)  Deployment & Management (AWS Identity and Access Management (IAM), Amazon CloudWatch, AWS Elastic Beanstalk, AWS CloudFormation, AWS Data Pipeline, AWS OpsWorks)  Application Services (Amazon Simple Queue Service (Amazon SQS), Amazon Simple Notification Service (Amazon SNS), Amazon Simple Workflow Service (Amazon SWF), Amazon Simple Email Service (Amazon SES), Amazon CloudSearch, Amazon Elastic Transcoder) 17
A W S G E N E R A L S E C U R I T Y M E A S U R E S  Certifications and accreditations  Physical security  Secure services  Data privacy 18
A W S I N F R A S T R U C T U R E S E C U R I T Y ( S H A R E D R E S P O N S I B I L I T Y )  AWS Compliance Program (SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70 Type II), HIPAA)  Physical and Environmental Security  Fire detection, Power, temperature Control, Storage Device Decommissioning  Business Continuity Management (Availability, Incident Reporting, Communication)  Network Security  Secure Network Architecture  Fault‐Tolerant Design  Network Monitoring and Protection (protection against, DDoS, MITM, IP Spoofing, Port scanning)  AWS Access (Account Review and Audit, background checks, Password policy)  Secure Design Principles  Change Management  AWS Account Security Features  AWS Identity and Access Management (AWS IAM)  Key Management and Rotation  Temporary Security Credentials  AWS Multi‐Factor Authentication (AWS MFA) 19
A W S S E C U R I T Y B E S T P R A C T I C E S  Protect your data in transit  Protect your stored data  Protect your cloud account (AWS) credentials  Manage multiple users with IAM  Secure your Applications 20
C O N C L U S I O N  The revolution of cloud computing has provided opportunities for research in all aspects of cloud computing.  Research in the secure cloud storage is compounded by the fact that users data may be kept at several locations for either redundancy/fault tolerance or because the service is provided through a chain of service providers.  We explored the security measures adopted by the largest cloud service provider (Amazon web services or AWS) including their infrastructure security and security best practices followed by AWS. 21
A C K N O W L E D G E M E N T The support provided by the department of Information and Computer Science and Deanship of Scientific Research at King Fahd University of Petroleum and Minerals (KFUPM). 22
R E F E R E N C E S 23
SAFE(DEMO) SUMMARY  The Secure Access controlled File Encryption (SAFE) system is an overlay which works seamlessly over the existing cloud storage services without any changes on the cloud side. Furthermore, the implementation only requires basic data access API functions like put (upload) and get (download).  In SAFE, a file is encrypted with a data key by the owner of the file, using the SAFE client. The data key is further encrypted with a secret key which is in turn is encrypted with a control key, based on the access control policy selected by the owner, with the help of a separate key server. The encrypted keys are stored as a separate metadata file, along with the encrypted data file.  The purpose of SAFE is to achieve policy-based access control and assured deletion. 24
SAFE OVERVIEW 25  SAFE client: This is an interface application between client’s or user’s storage system and the cloud storage. It communicates with Key server securely (SSL protocol) to request appropriate cryptographic operations. The application performs all required upload, download, encryption and decryption functions.  Key Server: This is a multi-threaded server application which provides all needed backend services to SAFE clients. It utilizes SSL socket to communicates with SAFE clients securely. It provides storage for users, policies and corresponding public/private key pair.
POLICY MANAGEMENT The owner of the file needs to select proper policy for the file which needs to be uploaded to the cloud. There are two types of policies: 1) Individual. Each user of the SAFE system is assigned a unique individual policy at the time he/she register with the Key server. 2) Group Policy. Separate policies can be added for a group of users. For example, a department in a company can have a group policy so that the employees of that department can share files on the cloud, if the owner of the file, uploads the file with the group policy assigned to that department. Similarly, there could be group policy for a team project so all members can share files related to the project. 26
CRYPTOGRAPHIC KEYS SAFE uses three types of cryptographic keys to protect the data files stored on the cloud. 1) Data key. A data key is a random secret that is generated by a SAFE client. It is used for encrypting or decrypting data files via symmetric (AES) key encryption. 2) Secret key. Similar to the data key, a secret key is generated by a SAFE client. It is used for encrypting or decrypting the data key via symmetric (AES) key encryption. 3) Policy key. This key is associated with a particular policy. It is represented by a public- private key pair, which is maintained by the key server. It is used to encrypt/decrypt the secret key of the file via RSA. To ensure file deletion (inaccessibility), the corresponding policy can be revoked. 27
UPLOAD OPERATION OF SAFE 28  The file upload function is shown below. The client first requests the public key Ppub of policy P from the key server. Then the client generates two random keys K and S and perform the encryption eS(K), ePpub(S) and eK(F). Finally, the client sends eK(F) i.e. the encrypted file and P, eS(K) , ePpub(S) (as metadata) to the cloud. The client should discard K and S. There will be two objects on the cloud: One the encrypted client’s file and the other is the corresponding metadata text file containing policy and related keys (encrypted).
DOWNLOAD OPERATION OF SAFE 29 The client fetches the metadata file to get P, eS(K) , ePpub(S) from the storage system. Then the client sends ePpub(S) to the key server for decryption. The key server decrypts using the policy’s private key and returns S = dPprv(ePpub(S)) to the client. The client can now decrypt eS(K) to get K. The client finally fetches the actual encrypted file eK(F) and decrypt with K to get the original file F. The client should immediately discard K and S.
UPDATE POLICY 30 • Only needs to download the corresponding metadata file. • Update the last line (secret key encrypted with new policy key) . • Write back the modified metadata file. • There is no need to access the actual encrypted data file.
IMPLEMENTATION  The SAFE is implemented purely in Java based on design framework presented in the previous section.. All the libraries used are third party or built in Java libraries including the following:  javax.swing (for SAFE GUI)  com.amazonaws (for amazon S3 APIs)  com.dropbox (for Dropbox APIs)  org.apache.log4j (for interactive on-screen and file logging)  javax.crypto and javax.Security for crypto-graphical operations like AES/RSA encryption/decryption, Key generation, etc.  Many other built-in libraries for File I/O, SSL socket programming. There are also other external Java libraries which are used by Amazon and Dropbox APIs. 31
IMPLEMENTATION - METADATA  Here is an example of a metadata file generated after an upload to the cloud:  SAFE0001  6B6C379A35A8A17CF005F8CE850D0F45A24C86747DB1D83E167A46ADBBF8CF03  4A31EAF4FFC824ADD69D327D551705F2CB164D23AC47D0B85E47D1BCFEBA342F7 C886C3292DBDB590348FC900F210D56DEC21E1177A0CFC17138ACB41193AC9DEE CCC74D0B72A1599026A3FD1A0BEBA1E08DA716CE7C58BA77BD79E42E1E85033EA 1F1A2B785F939F47BE421A9A2EA82005AFB81B50D628ABDA43AEFC989B788  This metadata file is saved along with the encrypted file on the cloud with extension ‘.safe’. 32
IMPLEMENTATION - UPLOAD  2013-05-21 14:22:36 File will be uploaded from: C:Users  2013-05-21 14:22:36 Encrypting ..  2013-05-21 14:22:36 Uploading a new object to S3 ..  2013-05-21 14:22:38 Uploading the corresponding metadata ..  2013-05-21 14:22:39 Uploaded file: abc.pdf Done. 33
IMPLEMENTATION - DOWNLOAD  2013-05-22 05:51:26 Downloading the object metadata.  2013-05-22 05:51:24 Downloading the object  2013-05-22 05:51:26 File Name: abc.pdf  2013-05-22 05:51:27 Decrypting ..  2013-05-22 05:52:13 File will be saved to: C:abc.pdf 34
IMPLEMENTATION - INTERFACE 35

Recomendados

(Pdf) yury chemerkin _i-society-2013 proceedings
(Pdf) yury chemerkin _i-society-2013 proceedings(Pdf) yury chemerkin _i-society-2013 proceedings
(Pdf) yury chemerkin _i-society-2013 proceedingsSTO STRATEGY
 
Managing Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your OrganizationManaging Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your OrganizationCharles Lim
 
Maintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudMaintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudAmazon Web Services
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesNJVC, LLC
 
Cloud Security Guide - Ref Architecture and Gov. Model
Cloud Security Guide - Ref Architecture and Gov. ModelCloud Security Guide - Ref Architecture and Gov. Model
Cloud Security Guide - Ref Architecture and Gov. ModelVishal Sharma
 
Cloud security (domain11 14)
Cloud security (domain11 14)Cloud security (domain11 14)
Cloud security (domain11 14)Maganathin Veeraragaloo
 
Turtles, Trust and The Future of Cybersecurity
Turtles, Trust and The Future of Cybersecurity Turtles, Trust and The Future of Cybersecurity
Turtles, Trust and The Future of Cybersecurity Digital Transformation EXPO Event Series
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...iaemedu
 

Recomendados

(Pdf) yury chemerkin _i-society-2013 proceedings
(Pdf) yury chemerkin _i-society-2013 proceedings(Pdf) yury chemerkin _i-society-2013 proceedings
(Pdf) yury chemerkin _i-society-2013 proceedingsSTO STRATEGY
 
Managing Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your OrganizationManaging Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your OrganizationCharles Lim
 
Maintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudMaintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudAmazon Web Services
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesNJVC, LLC
 
Cloud Security Guide - Ref Architecture and Gov. Model
Cloud Security Guide - Ref Architecture and Gov. ModelCloud Security Guide - Ref Architecture and Gov. Model
Cloud Security Guide - Ref Architecture and Gov. ModelVishal Sharma
 
Cloud security (domain11 14)
Cloud security (domain11 14)Cloud security (domain11 14)
Cloud security (domain11 14)Maganathin Veeraragaloo
 
Turtles, Trust and The Future of Cybersecurity
Turtles, Trust and The Future of Cybersecurity Turtles, Trust and The Future of Cybersecurity
Turtles, Trust and The Future of Cybersecurity Digital Transformation EXPO Event Series
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...iaemedu
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...iaemedu
 
Azure information protection
Azure information protectionAzure information protection
Azure information protectionKjetil Lund-Paulsen
 
Cloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls SecurityCloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls SecurityHari Kumar
 
Azure information protection_datasheet_en-us
Azure information protection_datasheet_en-usAzure information protection_datasheet_en-us
Azure information protection_datasheet_en-usKjetil Lund-Paulsen
 
Microsoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overviewMicrosoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overviewAllessandra Negri
 
Protect customer's personal information eng 191018
Protect customer's personal information eng 191018Protect customer's personal information eng 191018
Protect customer's personal information eng 191018sang yoo
 
Get ahead of cybersecurity with MS Enterprise Mobility + Security
Get ahead of cybersecurity with MS Enterprise Mobility + Security Get ahead of cybersecurity with MS Enterprise Mobility + Security
Get ahead of cybersecurity with MS Enterprise Mobility + Security Kjetil Lund-Paulsen
 
Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Ulf Mattsson
 
EveryCloud_Company_Intro_Piece
EveryCloud_Company_Intro_PieceEveryCloud_Company_Intro_Piece
EveryCloud_Company_Intro_PiecePaul Richards
 
Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14L S Subramanian
 
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdfsecureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdfYounesChafi1
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudSafeNet
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefingtechnext1
 
Enforcing multi user access policies in cloud computing
Enforcing multi user access policies in cloud computingEnforcing multi user access policies in cloud computing
Enforcing multi user access policies in cloud computingIAEME Publication
 
CLOUD SECURITY IN INSURANCE INDUSTRY WITH RESPECT TO INDIAN MARKET
CLOUD SECURITY IN INSURANCE INDUSTRY WITH RESPECT TO INDIAN MARKETCLOUD SECURITY IN INSURANCE INDUSTRY WITH RESPECT TO INDIAN MARKET
CLOUD SECURITY IN INSURANCE INDUSTRY WITH RESPECT TO INDIAN MARKETAmity University | FMS - DU | IMT | Stratford University | KKMI International Institute | AIMA | DTU
 
Top 10 AWS Security and Compliance best practices
Top 10 AWS Security and Compliance best practicesTop 10 AWS Security and Compliance best practices
Top 10 AWS Security and Compliance best practicesAhmad Khan
 
White Paper: Protecting Your Cloud
White Paper: Protecting Your CloudWhite Paper: Protecting Your Cloud
White Paper: Protecting Your CloudthinkASG
 
Gregdek @ EucaDay NYC
Gregdek @ EucaDay NYCGregdek @ EucaDay NYC
Gregdek @ EucaDay NYCGreg DeKoenigsberg
 
UNICEF Digital Citizenship and Safety Ukraine presentation
UNICEF Digital Citizenship and Safety Ukraine presentationUNICEF Digital Citizenship and Safety Ukraine presentation
UNICEF Digital Citizenship and Safety Ukraine presentationAkshay Sinha
 
South Africa MXIT exploratory paper
South Africa MXIT exploratory paperSouth Africa MXIT exploratory paper
South Africa MXIT exploratory paperAkshay Sinha
 
Toda pessoa é uma flor... só varia o tipo!
Toda pessoa é uma flor... só varia o tipo!Toda pessoa é uma flor... só varia o tipo!
Toda pessoa é uma flor... só varia o tipo!Sandra Braconnot
 
Presentation1 cesm
Presentation1 cesmPresentation1 cesm
Presentation1 cesmDevavrata Singh
 

Mais conteúdo relacionado

Mais procurados

Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...iaemedu
 
Cloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls SecurityCloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls SecurityHari Kumar
 
Azure information protection_datasheet_en-us
Azure information protection_datasheet_en-usAzure information protection_datasheet_en-us
Azure information protection_datasheet_en-usKjetil Lund-Paulsen
 
Microsoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overviewMicrosoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overviewAllessandra Negri
 
Protect customer's personal information eng 191018
Protect customer's personal information eng 191018Protect customer's personal information eng 191018
Protect customer's personal information eng 191018sang yoo
 
Get ahead of cybersecurity with MS Enterprise Mobility + Security
Get ahead of cybersecurity with MS Enterprise Mobility + Security Get ahead of cybersecurity with MS Enterprise Mobility + Security
Get ahead of cybersecurity with MS Enterprise Mobility + Security Kjetil Lund-Paulsen
 
Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Ulf Mattsson
 
EveryCloud_Company_Intro_Piece
EveryCloud_Company_Intro_PieceEveryCloud_Company_Intro_Piece
EveryCloud_Company_Intro_PiecePaul Richards
 
Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14L S Subramanian
 
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdfsecureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdfYounesChafi1
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudSafeNet
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefingtechnext1
 
Enforcing multi user access policies in cloud computing
Enforcing multi user access policies in cloud computingEnforcing multi user access policies in cloud computing
Enforcing multi user access policies in cloud computingIAEME Publication
 
Top 10 AWS Security and Compliance best practices
Top 10 AWS Security and Compliance best practicesTop 10 AWS Security and Compliance best practices
Top 10 AWS Security and Compliance best practicesAhmad Khan
 
White Paper: Protecting Your Cloud
White Paper: Protecting Your CloudWhite Paper: Protecting Your Cloud
White Paper: Protecting Your CloudthinkASG
 

Mais procurados (17)

Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...
 
Azure information protection
Azure information protectionAzure information protection
Azure information protection
 
Cloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls SecurityCloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls Security
 
Azure information protection_datasheet_en-us
Azure information protection_datasheet_en-usAzure information protection_datasheet_en-us
Azure information protection_datasheet_en-us
 
Microsoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overviewMicrosoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overview
 
Protect customer's personal information eng 191018
Protect customer's personal information eng 191018Protect customer's personal information eng 191018
Protect customer's personal information eng 191018
 
Get ahead of cybersecurity with MS Enterprise Mobility + Security
Get ahead of cybersecurity with MS Enterprise Mobility + Security Get ahead of cybersecurity with MS Enterprise Mobility + Security
Get ahead of cybersecurity with MS Enterprise Mobility + Security
 
Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...
 
EveryCloud_Company_Intro_Piece
EveryCloud_Company_Intro_PieceEveryCloud_Company_Intro_Piece
EveryCloud_Company_Intro_Piece
 
Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14
 
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdfsecureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the Cloud
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefing
 
Enforcing multi user access policies in cloud computing
Enforcing multi user access policies in cloud computingEnforcing multi user access policies in cloud computing
Enforcing multi user access policies in cloud computing
 
CLOUD SECURITY IN INSURANCE INDUSTRY WITH RESPECT TO INDIAN MARKET
CLOUD SECURITY IN INSURANCE INDUSTRY WITH RESPECT TO INDIAN MARKETCLOUD SECURITY IN INSURANCE INDUSTRY WITH RESPECT TO INDIAN MARKET
CLOUD SECURITY IN INSURANCE INDUSTRY WITH RESPECT TO INDIAN MARKET
 
Top 10 AWS Security and Compliance best practices
Top 10 AWS Security and Compliance best practicesTop 10 AWS Security and Compliance best practices
Top 10 AWS Security and Compliance best practices
 
White Paper: Protecting Your Cloud
White Paper: Protecting Your CloudWhite Paper: Protecting Your Cloud
White Paper: Protecting Your Cloud
 

Destaque

UNICEF Digital Citizenship and Safety Ukraine presentation
UNICEF Digital Citizenship and Safety Ukraine presentationUNICEF Digital Citizenship and Safety Ukraine presentation
UNICEF Digital Citizenship and Safety Ukraine presentationAkshay Sinha
 
South Africa MXIT exploratory paper
South Africa MXIT exploratory paperSouth Africa MXIT exploratory paper
South Africa MXIT exploratory paperAkshay Sinha
 
Toda pessoa é uma flor... só varia o tipo!
Toda pessoa é uma flor... só varia o tipo!Toda pessoa é uma flor... só varia o tipo!
Toda pessoa é uma flor... só varia o tipo!Sandra Braconnot
 
One-Sentence Persuasion Course
One-Sentence Persuasion CourseOne-Sentence Persuasion Course
One-Sentence Persuasion CourseJoyce Kerr
 
Presentacion personal
Presentacion personalPresentacion personal
Presentacion personalUrendy
 
Cloud Migration - Few Pointers
Cloud Migration - Few PointersCloud Migration - Few Pointers
Cloud Migration - Few PointersNavin Malhotra
 
Noura Books Academy #1
Noura Books Academy #1Noura Books Academy #1
Noura Books Academy #1Abdul Aziz
 
Anatomy of a Craigslist Scam
Anatomy of a Craigslist ScamAnatomy of a Craigslist Scam
Anatomy of a Craigslist ScamIDT911
 
Pint of science pdf friendly-2
Pint of science pdf friendly-2Pint of science pdf friendly-2
Pint of science pdf friendly-2Jon Reades
 

Destaque (20)

Gregdek @ EucaDay NYC
Gregdek @ EucaDay NYCGregdek @ EucaDay NYC
Gregdek @ EucaDay NYC
 
UNICEF Digital Citizenship and Safety Ukraine presentation
UNICEF Digital Citizenship and Safety Ukraine presentationUNICEF Digital Citizenship and Safety Ukraine presentation
UNICEF Digital Citizenship and Safety Ukraine presentation
 
South Africa MXIT exploratory paper
South Africa MXIT exploratory paperSouth Africa MXIT exploratory paper
South Africa MXIT exploratory paper
 
Toda pessoa é uma flor... só varia o tipo!
Toda pessoa é uma flor... só varia o tipo!Toda pessoa é uma flor... só varia o tipo!
Toda pessoa é uma flor... só varia o tipo!
 
Presentation1 cesm
Presentation1 cesmPresentation1 cesm
Presentation1 cesm
 
situacion de aprendizaje
situacion de aprendizaje situacion de aprendizaje
situacion de aprendizaje
 
One-Sentence Persuasion Course
One-Sentence Persuasion CourseOne-Sentence Persuasion Course
One-Sentence Persuasion Course
 
Honey
Honey Honey
Honey
 
Re vision english (2)
Re vision english (2)Re vision english (2)
Re vision english (2)
 
Presentacion personal
Presentacion personalPresentacion personal
Presentacion personal
 
Cloud Migration - Few Pointers
Cloud Migration - Few PointersCloud Migration - Few Pointers
Cloud Migration - Few Pointers
 
Keyword driven testing in qtp
Keyword driven testing in qtpKeyword driven testing in qtp
Keyword driven testing in qtp
 
Noura Books Academy #1
Noura Books Academy #1Noura Books Academy #1
Noura Books Academy #1
 
Anatomy of a Craigslist Scam
Anatomy of a Craigslist ScamAnatomy of a Craigslist Scam
Anatomy of a Craigslist Scam
 
Qtp testing process
Qtp testing processQtp testing process
Qtp testing process
 
Fashion people for brands
Fashion people for brandsFashion people for brands
Fashion people for brands
 
Pint of science pdf friendly-2
Pint of science pdf friendly-2Pint of science pdf friendly-2
Pint of science pdf friendly-2
 
Exp4
Exp4Exp4
Exp4
 
304
304304
304
 
Art07
Art07Art07
Art07
 

Semelhante a Cloud Security 2014 AASNET

Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekEr. rahul abhishek
 
Security for Effective Data Storage in Multi Clouds
Security for Effective Data Storage in Multi CloudsSecurity for Effective Data Storage in Multi Clouds
Security for Effective Data Storage in Multi CloudsEditor IJCATR
 
An Auditing Protocol for Protected Data Storage in Cloud Computing
An Auditing Protocol for Protected Data Storage in Cloud ComputingAn Auditing Protocol for Protected Data Storage in Cloud Computing
An Auditing Protocol for Protected Data Storage in Cloud Computingijceronline
 
A Novel Computing Paradigm for Data Protection in Cloud Computing
A Novel Computing Paradigm for Data Protection in Cloud ComputingA Novel Computing Paradigm for Data Protection in Cloud Computing
A Novel Computing Paradigm for Data Protection in Cloud ComputingIJMER
 
Cloud Computing Using Encryption and Intrusion Detection
Cloud Computing Using Encryption and Intrusion DetectionCloud Computing Using Encryption and Intrusion Detection
Cloud Computing Using Encryption and Intrusion Detectionijsrd.com
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...csandit
 
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...cscpconf
 
Modernizing Technology Governance
Modernizing Technology GovernanceModernizing Technology Governance
Modernizing Technology GovernanceAlert Logic
 
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera Technologies
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentCryptzone
 
(Pdf) yury chemerkin _i-society_2013
(Pdf) yury chemerkin _i-society_2013(Pdf) yury chemerkin _i-society_2013
(Pdf) yury chemerkin _i-society_2013STO STRATEGY
 
Effective & Flexible Cryptography Based Scheme for Ensuring User`s Data Secur...
Effective & Flexible Cryptography Based Scheme for Ensuring User`s Data Secur...Effective & Flexible Cryptography Based Scheme for Ensuring User`s Data Secur...
Effective & Flexible Cryptography Based Scheme for Ensuring User`s Data Secur...ijsrd.com
 
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVEDEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVEcscpconf
 
Architecting Data Services for the Cloud: Security Considerations and Best Pr...
Architecting Data Services for the Cloud: Security Considerations and Best Pr...Architecting Data Services for the Cloud: Security Considerations and Best Pr...
Architecting Data Services for the Cloud: Security Considerations and Best Pr...Adnene Guabtni
 
A Detailed Analysis of the Issues and Solutions for Securing Data in Cloud
A Detailed Analysis of the Issues and Solutions for Securing Data in CloudA Detailed Analysis of the Issues and Solutions for Securing Data in Cloud
A Detailed Analysis of the Issues and Solutions for Securing Data in CloudIOSR Journals
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft CloudEuropean Collaboration Summit
 
Top 10 cloud security tools to adopt in 2024.pdf
Top 10 cloud security tools to adopt in 2024.pdfTop 10 cloud security tools to adopt in 2024.pdf
Top 10 cloud security tools to adopt in 2024.pdfSparity1
 

Semelhante a Cloud Security 2014 AASNET (20)

Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishek
 
Security for Effective Data Storage in Multi Clouds
Security for Effective Data Storage in Multi CloudsSecurity for Effective Data Storage in Multi Clouds
Security for Effective Data Storage in Multi Clouds
 
Cloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit PlanningCloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit Planning
 
A safety design of
A safety design ofA safety design of
A safety design of
 
An Auditing Protocol for Protected Data Storage in Cloud Computing
An Auditing Protocol for Protected Data Storage in Cloud ComputingAn Auditing Protocol for Protected Data Storage in Cloud Computing
An Auditing Protocol for Protected Data Storage in Cloud Computing
 
A Novel Computing Paradigm for Data Protection in Cloud Computing
A Novel Computing Paradigm for Data Protection in Cloud ComputingA Novel Computing Paradigm for Data Protection in Cloud Computing
A Novel Computing Paradigm for Data Protection in Cloud Computing
 
Cloud Computing Using Encryption and Intrusion Detection
Cloud Computing Using Encryption and Intrusion DetectionCloud Computing Using Encryption and Intrusion Detection
Cloud Computing Using Encryption and Intrusion Detection
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...
 
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
 
Kp3419221926
Kp3419221926Kp3419221926
Kp3419221926
 
Modernizing Technology Governance
Modernizing Technology GovernanceModernizing Technology Governance
Modernizing Technology Governance
 
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS Environment
 
(Pdf) yury chemerkin _i-society_2013
(Pdf) yury chemerkin _i-society_2013(Pdf) yury chemerkin _i-society_2013
(Pdf) yury chemerkin _i-society_2013
 
Effective & Flexible Cryptography Based Scheme for Ensuring User`s Data Secur...
Effective & Flexible Cryptography Based Scheme for Ensuring User`s Data Secur...Effective & Flexible Cryptography Based Scheme for Ensuring User`s Data Secur...
Effective & Flexible Cryptography Based Scheme for Ensuring User`s Data Secur...
 
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVEDEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
 
Architecting Data Services for the Cloud: Security Considerations and Best Pr...
Architecting Data Services for the Cloud: Security Considerations and Best Pr...Architecting Data Services for the Cloud: Security Considerations and Best Pr...
Architecting Data Services for the Cloud: Security Considerations and Best Pr...
 
A Detailed Analysis of the Issues and Solutions for Securing Data in Cloud
A Detailed Analysis of the Issues and Solutions for Securing Data in CloudA Detailed Analysis of the Issues and Solutions for Securing Data in Cloud
A Detailed Analysis of the Issues and Solutions for Securing Data in Cloud
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
 
Top 10 cloud security tools to adopt in 2024.pdf
Top 10 cloud security tools to adopt in 2024.pdfTop 10 cloud security tools to adopt in 2024.pdf
Top 10 cloud security tools to adopt in 2024.pdf
 

Último

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991RKavithamani
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 

Último (20)

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 

Cloud Security 2014 AASNET

  • 1. State-of-the-art Survey on Cloud Computing Security Challenges, Practices and Solutions Farrukh Shahzad King Fahd University of Petroleum and Minerals, Dhahran, KSA September 2014 The 6th International Symposium on Applications of Ad hoc and Sensor Networks (AASNET’14)
  • 2. OUTLINE  Introduction  Cloud Computing Models  Security in the Cloud  Cloud Storage Security  Case Study: Amazon’s AWS Security  Implementation/Demo of SAFE  Conclusion 2
  • 3. INTRODUCTION Cloud Computing: Highly scalable, technology-enabled services easily consumed over the Internet on an as-needed basis. Big Players: Amazon, Google, Microsoft, Yahoo, Sun, Salesforce.  Different implementation depends on type of Services: SAAS ,PAAS, IAAS, etc.  User data is processed and/or stored remotely in machines owned and operated by someone else.  Pros : Convenience, efficiency  Cons : Users’ fear of confidential data leakage and loss of privacy in the cloud.  Three main challenges in adapting Cloud Services:  How to identify a cloud provider that meet user’s privacy requirements?  How to establish a common privacy policy between the user and the provider?  Is the user’s data is actually handled as agreed by the parties? 3
  • 5. C L O U D C O M P U T I N G M O D E L 5 Essential Characteristics Service Models Deployment Models
  • 6. C L O U D C O M P U T I N G C H A R A C T E R I S T I C S  Resource Pooling  Broad Network Access  Rapid Elasticity  Measured Service  On-demand Self-service 6
  • 7. C L O U D S E R V I C E M O D E L S 7
  • 8. C L O U D D E P L O Y M E N T M O D E L S  Public Cloud (Amazon AWS)  Private Cloud  Hybrid Cloud  Community Cloud 8
  • 9. C L O U D S E C U R I T Y R I S K F A C T O R S  Outsourcing  Extensibility and Shared Responsibility  Virtualization  Multi-tenancy  Service Level Agreement  Heterogeneity 9
  • 10. C L O U D S E C U R I T Y M AT R I X  Application & Interface Security  Audit Assurance & Compliance  Business Continuity Management & Operational Resilience  Change Control & Configuration Management  Data Security & Information Life-cycle Management  Data-center Security  Encryption & Key Management  Governance and Risk Management  Human Resources  Identity & Access Management  Infrastructure & Virtualization Security  Interoperability & Portability  Mobile Security  Security Incident Management, E-Discovery & Cloud  Forensics  Supply Chain Management, Transparency and Accountability  Threat and Vulnerability Management 10
  • 11. S E C U R I T Y A S A S E R V I C E  Identity Services and Access Management Services  Data Loss Prevention (DLP)  Web Security  Email Security  Security Assessments  Intrusion Management, Detection, and Prevention  (IDS/IPS)  Security Information and Event Management (SIEM)  Encryption  Business Continuity and Disaster Recovery  Network Security 11
  • 12. S O M E C L O U D S E C U R I T Y I S S U E S  The eDDoS (economic Distributed Denial of Service)  Economic Denial of Sustainability (EDoS)  Cloud Storage Security and Privacy 12
  • 13. EDDO S  Distributed Denial of Service (DDoS) attacks target web sites, hosted applications or network infrastructures by absorbing all available bandwidth and disrupting access for legitimate customers and partners.  The eDDoS (economic Distributed Denial of Service) in cloud is due to the DDoS attack, where the service to the legitimate user is never restricted. This leads to Economic Denial of Sustainability (EDoS) as user will be billed for this undesired resources. 13
  • 14. CLOUD STORAGE Cloud Storage Model  New business solution for remote backup outsourcing  Reduces data management costs  APIs, web based user interfaces, and cloud storage gateways. Cloud Storage Providers for individuals  iCloud  Dropbox  Google Drive  Amazon S3 14
  • 15. CLOUD STORAGE Advantages of Cloud Storage  Fault tolerance  Immediate access  Streaming Problems  Access control  Assured deletion?  Multiple copies for fault tolerance 15
  • 16. SECURITY GOALS  Threat Model:  Active files: Oscar should not be able to access the file.  Deleted files: if the files are actually deleted by the provider if requested.  Avoid unauthorized access  policy-based access control  Unrecoverable deleted files  policy based assured deletion 16
  • 17. C A S E S T U D Y : A M A Z O N W E B S E R V I C E S  Compute (Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic MapReduce (Amazon EMR), Auto Scaling, Elastic Load Balancing)  Networking (Amazon Virtual Private Cloud (Amazon VPC), Amazon Route 53, AWS Direct Connect)  Storage (Amazon S3, Amazon Glacier, Amazon Elastic Block Storage (EBS), AWS Storage Gateway, AWS Import/Export)  Content Delivery - Amazon CloudFront  Database (Amazon Relational Database Service (Amazon RDS), Amazon DynamoDB, Amazon ElastiCache, Amazon Redshift)  Deployment & Management (AWS Identity and Access Management (IAM), Amazon CloudWatch, AWS Elastic Beanstalk, AWS CloudFormation, AWS Data Pipeline, AWS OpsWorks)  Application Services (Amazon Simple Queue Service (Amazon SQS), Amazon Simple Notification Service (Amazon SNS), Amazon Simple Workflow Service (Amazon SWF), Amazon Simple Email Service (Amazon SES), Amazon CloudSearch, Amazon Elastic Transcoder) 17
  • 18. A W S G E N E R A L S E C U R I T Y M E A S U R E S  Certifications and accreditations  Physical security  Secure services  Data privacy 18
  • 19. A W S I N F R A S T R U C T U R E S E C U R I T Y ( S H A R E D R E S P O N S I B I L I T Y )  AWS Compliance Program (SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70 Type II), HIPAA)  Physical and Environmental Security  Fire detection, Power, temperature Control, Storage Device Decommissioning  Business Continuity Management (Availability, Incident Reporting, Communication)  Network Security  Secure Network Architecture  Fault‐Tolerant Design  Network Monitoring and Protection (protection against, DDoS, MITM, IP Spoofing, Port scanning)  AWS Access (Account Review and Audit, background checks, Password policy)  Secure Design Principles  Change Management  AWS Account Security Features  AWS Identity and Access Management (AWS IAM)  Key Management and Rotation  Temporary Security Credentials  AWS Multi‐Factor Authentication (AWS MFA) 19
  • 20. A W S S E C U R I T Y B E S T P R A C T I C E S  Protect your data in transit  Protect your stored data  Protect your cloud account (AWS) credentials  Manage multiple users with IAM  Secure your Applications 20
  • 21. C O N C L U S I O N  The revolution of cloud computing has provided opportunities for research in all aspects of cloud computing.  Research in the secure cloud storage is compounded by the fact that users data may be kept at several locations for either redundancy/fault tolerance or because the service is provided through a chain of service providers.  We explored the security measures adopted by the largest cloud service provider (Amazon web services or AWS) including their infrastructure security and security best practices followed by AWS. 21
  • 22. A C K N O W L E D G E M E N T The support provided by the department of Information and Computer Science and Deanship of Scientific Research at King Fahd University of Petroleum and Minerals (KFUPM). 22
  • 23. R E F E R E N C E S 23
  • 24. SAFE(DEMO) SUMMARY  The Secure Access controlled File Encryption (SAFE) system is an overlay which works seamlessly over the existing cloud storage services without any changes on the cloud side. Furthermore, the implementation only requires basic data access API functions like put (upload) and get (download).  In SAFE, a file is encrypted with a data key by the owner of the file, using the SAFE client. The data key is further encrypted with a secret key which is in turn is encrypted with a control key, based on the access control policy selected by the owner, with the help of a separate key server. The encrypted keys are stored as a separate metadata file, along with the encrypted data file.  The purpose of SAFE is to achieve policy-based access control and assured deletion. 24
  • 25. SAFE OVERVIEW 25  SAFE client: This is an interface application between client’s or user’s storage system and the cloud storage. It communicates with Key server securely (SSL protocol) to request appropriate cryptographic operations. The application performs all required upload, download, encryption and decryption functions.  Key Server: This is a multi-threaded server application which provides all needed backend services to SAFE clients. It utilizes SSL socket to communicates with SAFE clients securely. It provides storage for users, policies and corresponding public/private key pair.
  • 26. POLICY MANAGEMENT The owner of the file needs to select proper policy for the file which needs to be uploaded to the cloud. There are two types of policies: 1) Individual. Each user of the SAFE system is assigned a unique individual policy at the time he/she register with the Key server. 2) Group Policy. Separate policies can be added for a group of users. For example, a department in a company can have a group policy so that the employees of that department can share files on the cloud, if the owner of the file, uploads the file with the group policy assigned to that department. Similarly, there could be group policy for a team project so all members can share files related to the project. 26
  • 27. CRYPTOGRAPHIC KEYS SAFE uses three types of cryptographic keys to protect the data files stored on the cloud. 1) Data key. A data key is a random secret that is generated by a SAFE client. It is used for encrypting or decrypting data files via symmetric (AES) key encryption. 2) Secret key. Similar to the data key, a secret key is generated by a SAFE client. It is used for encrypting or decrypting the data key via symmetric (AES) key encryption. 3) Policy key. This key is associated with a particular policy. It is represented by a public- private key pair, which is maintained by the key server. It is used to encrypt/decrypt the secret key of the file via RSA. To ensure file deletion (inaccessibility), the corresponding policy can be revoked. 27
  • 28. UPLOAD OPERATION OF SAFE 28  The file upload function is shown below. The client first requests the public key Ppub of policy P from the key server. Then the client generates two random keys K and S and perform the encryption eS(K), ePpub(S) and eK(F). Finally, the client sends eK(F) i.e. the encrypted file and P, eS(K) , ePpub(S) (as metadata) to the cloud. The client should discard K and S. There will be two objects on the cloud: One the encrypted client’s file and the other is the corresponding metadata text file containing policy and related keys (encrypted).
  • 29. DOWNLOAD OPERATION OF SAFE 29 The client fetches the metadata file to get P, eS(K) , ePpub(S) from the storage system. Then the client sends ePpub(S) to the key server for decryption. The key server decrypts using the policy’s private key and returns S = dPprv(ePpub(S)) to the client. The client can now decrypt eS(K) to get K. The client finally fetches the actual encrypted file eK(F) and decrypt with K to get the original file F. The client should immediately discard K and S.
  • 30. UPDATE POLICY 30 • Only needs to download the corresponding metadata file. • Update the last line (secret key encrypted with new policy key) . • Write back the modified metadata file. • There is no need to access the actual encrypted data file.
  • 31. IMPLEMENTATION  The SAFE is implemented purely in Java based on design framework presented in the previous section.. All the libraries used are third party or built in Java libraries including the following:  javax.swing (for SAFE GUI)  com.amazonaws (for amazon S3 APIs)  com.dropbox (for Dropbox APIs)  org.apache.log4j (for interactive on-screen and file logging)  javax.crypto and javax.Security for crypto-graphical operations like AES/RSA encryption/decryption, Key generation, etc.  Many other built-in libraries for File I/O, SSL socket programming. There are also other external Java libraries which are used by Amazon and Dropbox APIs. 31
  • 32. IMPLEMENTATION - METADATA  Here is an example of a metadata file generated after an upload to the cloud:  SAFE0001  6B6C379A35A8A17CF005F8CE850D0F45A24C86747DB1D83E167A46ADBBF8CF03  4A31EAF4FFC824ADD69D327D551705F2CB164D23AC47D0B85E47D1BCFEBA342F7 C886C3292DBDB590348FC900F210D56DEC21E1177A0CFC17138ACB41193AC9DEE CCC74D0B72A1599026A3FD1A0BEBA1E08DA716CE7C58BA77BD79E42E1E85033EA 1F1A2B785F939F47BE421A9A2EA82005AFB81B50D628ABDA43AEFC989B788  This metadata file is saved along with the encrypted file on the cloud with extension ‘.safe’. 32
  • 33. IMPLEMENTATION - UPLOAD  2013-05-21 14:22:36 File will be uploaded from: C:Users  2013-05-21 14:22:36 Encrypting ..  2013-05-21 14:22:36 Uploading a new object to S3 ..  2013-05-21 14:22:38 Uploading the corresponding metadata ..  2013-05-21 14:22:39 Uploaded file: abc.pdf Done. 33
  • 34. IMPLEMENTATION - DOWNLOAD  2013-05-22 05:51:26 Downloading the object metadata.  2013-05-22 05:51:24 Downloading the object  2013-05-22 05:51:26 File Name: abc.pdf  2013-05-22 05:51:27 Decrypting ..  2013-05-22 05:52:13 File will be saved to: C:abc.pdf 34