1. Wave of the Future…
Presented
by:
Ahmed Taha Abdel_kariem
Mahmoud Mohamed Abd El Salam
Ahmed Kandil
Supervised
by:
Dr. Ashraf Tamam
03/01/15
2. Demo Contents
INTRODUCTION
DEFINITION – HISTORY – ATTRIBUTES –
CHARCTERSITICS – ADVANTAGE – DISADVENTAGE
CLOUD MODELS
DELIVERY MODEL – DEPLOYMENT MODEL
CLOUD SECURITY AND PRIVACY
SECURITY – PRIVACY – THREAT - TAXNOMY OF FEAR –
PROBLEM – SOLUTION
COMMENTS OTHER ISSUE
WHY CC IMPORTANT – FUTURE WORK – CONCLUSION
3.
4. What is Cloud Computing?
new class of network based computing that
takes place over the Internet. hide the
complexity and details of the underlying
infrastructure.
5. • Shared pool of configurable computing resources
• Just a web browser and your account with password!
– Once you login, the device is “yours”.
What is Cloud Computing(Other)?
6. History of Cloud Computing?
concept dated in
1960’s . term ‘Cloud’
used in early 1990’s.
IBM detailed it in
2001.Amazon
datacenters in 2005.
In 2007 Google, IBM
stated large scale CC
research project .in
2008 CC gained
popularity.
15. Requires constant Internet – intranet connection
Features might be limited
Stored data might not be secure
Stored data can be lost
General Concerns(different protocols):
16.
17.
18.
19. Infrastructure as a Service (IaaS) :
Consumers gets access to the infrastructure to
deploy their stuff.
20.
21. Platform as a Service (PaaS) :
User Deploys customer-created applications to a cloud .
22.
23. Software as a Service (SaaS) :
Use provider’s applications over a network .
24.
25.
26.
27.
28.
29.
30.
31. Public : Cloud infrastructure is available to the
general public, owned by org selling cloud services
32. Private : Cloud infrastructure for single org only,
may be managed by the organization or a 3rd
party
33. Hybrid : Combo of >=2 clouds bound by standard
technology (composition of two or more clouds )
34. Community : Cloud infrastructure shared by
several orgs, managed by org or 3rd
party
35. Public Cloud Cloud infrastructure made available to
the general public.
Private Cloud
Cloud infrastructure operated solely for
an organization.
Hybrid Cloud
Cloud infrastructure composed of two or
more clouds
Community Cloud
Cloud infrastructure shared by several
organizations and supporting a specific
community
36.
37.
38.
39. Security is the necessary steps to protect a person
or property from harm. (direct action - indirect
action). [Reference: Lecture Notes]
Privacy rights are related to collection, use,
disclosure, storage, and destruction of personal
data , PII (Personally Identifiable Information).
41. You can Full reliance on a third party to protect
personal data (Data breaches have a cascading effects)
Many new risks and unknowns appears (complexity)
41
42. 42
• Personal information should be
managed as part of the data used
by the organization
• Protection of personal information
should consider the impact of the
cloud on each phase
43. Research conducted by Cloud Security Alliance
(CSA) in 2010 and 2013.
The aim was to aid both cloud customers and
cloud providers is to provide needed context to
assist organizations in making educated risk
management decisions regarding their cloud
adoption strategies.
43
44. 1. Threat #1: Abuse and Nefarious Use of Cloud Computing
2. Threat #2: Insecure Interfaces and APIs
3. Threat #3: Malicious Insiders
4. Threat #4: Shared Technology Issues
5. Threat #5: Data Loss or Leakage
6. Threat #6: Account or Service Hijacking
7. Threat #7: Unknown Risk Profile
[Reference: CSA: Top Threats to Cloud Computing V1.0
Prepared by the Cloud Security Alliance March 2010]
44
45. Problem: Criminals continue to leverage new technologies
to improve their reach, avoid detection, and improve the
effectiveness of their activities
Affected Layers:
Suggested Solutions:
1. Stricter initial registration and validation processes.
2. Enhanced credit card fraud monitoring and coordination.
3. Comprehensive introspection of customer network traffic.
4. Monitoring public blacklists for one’s own network blocks.
45
46. 46
Problem: CSP expose a set of software interfaces or APIs
that customers use to manage and interact with cloud services.
The security and availability of general cloud services is
dependent upon the security of these basic APIs. From
authentication and access control to encryption.
Affected Layers:
Suggested Solutions:
1. Analyze the security model of cloud provider interfaces.
2. Ensure strong authentication and access controls are
3. Implemented in concert with encrypted transmission.
4. Understand the dependency chain associated with the API.
47. 47
Problem: A CSP may not reveal how it grants employees
access to physical and virtual assets, how it monitors these
employees, or how it analyzes and reports on policy compliance.
To complicate matters, there is often little or no visibility into
the hiring standards and practices for cloud employees.
Affected Layers:
Suggested Solutions:
1. Enforce strict supply chain management and conduct a
comprehensive supplier assessment.
2. Specify human resource requirements as part of legal contracts.
3. Require transparency into overall information security and
management practices, as well as compliance reporting.
4. Determine security breach notification processes.
48. 48
Problem: IaaS vendors deliver their services in a scalable
way by sharing infrastructure. Often, the underlying
components that make up this infrastructure (e.g.CPU caches,
GPUs, etc.) were not designed to offer strong isolation
properties for a multi-tenant architecture.
Affected Layers:
Suggested Solutions:
1. Implement security best practices for installation/configuration.
2. Monitor environment for unauthorized changes/activity.
3. Promote strong authentication and access control for administrative
access and operations.
4. Enforce service level agreements for patching and vulnerability
remediation.
5. Conduct vulnerability scanning and configuration audits
49. 49
Problem: There are many ways to compromise data.
Deletion or alteration of records without a backup of the
original content is an obvious example. Unlinking a record from
a larger context may render it unrecoverable, as can storage on
unreliable media.
Affected Layers:
Suggested Solutions:
1. Implement strong API access control.
2. Encrypt and protect integrity of data in transit.
3. Analyzes data protection at both design and run time.
4. Implement strong key generation, storage and management, and
destruction practices.
5. Contractually demand providers wipe persistent media before it is
released into the pool.
6. Contractually specify provider backup and retention strategies.
50. 50
Problem: Account and service hijacking, usually with stolen
credentials, remains a top threat. Attack methods such as
phishing, fraud, and exploitation of software vulnerabilities still
achieve results. Credentials and passwords are often reused,
which amplifies the impact of such attacks.
Affected Layers:
Suggested Solutions:
1. Prohibit the sharing of account credentials between users and
services.
2. Leverage strong two-factor authentication techniques where
possible.
3. Employ proactive monitoring to detect unauthorized activity.
4. Understand cloud provider security policies and SLAs.
51. Problem: When adopting a cloud service, the features and
functionality may be well advertised, but what about details or
compliance of the internal security procedures, configuration
hardening, patching, auditing, and logging? How are your data
and related logs stored and who has access to them? What
information if any will the vendor disclose in the event of a
security incident?
Affected Layers:
Suggested Solutions:
1. Disclosure of applicable logs and data.
2. Partial/full disclosure of infrastructure details (e.g., patch levels,
firewalls, etc.).
3. Monitoring and alerting on necessary information.
52. 1. Threat #1: Data Breaches (aka: Leakage)
2. Threat #2: Data Loss
3. Threat #3: Account or Service Hijacking
4. Threat #4: Insecure Interfaces and APIs
5. Threat #5: Denial of Service
6. Threat #6: Malicious Insiders
7. Threat #7: Abuse and Nefarious Use of Cloud Computing
8. Threat #8: Unknown Risk Profile
9. Threat #9: Shared Technology Issues
[Reference: CSA, Top Threats Working Group, "The Notorious
Nine", Cloud Computing Top Threats in 2013, February
2013]
52
53. Problem: Denial of Service attacks to prevent the users from
using/accessing the Cloud Service either their data or
applications.
Affected Layers:
Controls:
1. CCM IS-04: Information Secuirty - Baseline Requirements
2. CCM OP-03: Operations Management - Capacity/Resource
Planning
3. CCM RS-07: Resiliency - Equipment Power Failures
4. CCM SA-04: Security Archtecture - Application Se.
54.
55. Confidentiality
Fear of loss of control over data
Will sensitive data stored on a cloud remain confidential?
Will the cloud provider itself be honest and won’t peek
into the data?
55
56. Integrity
How do I know that the cloud provider is doing
the computations correctly?
How do I ensure that the cloud provider really
stored my data without tampering with it?
56
57. Availability
Will critical systems go down at the client, if the
provider is attacked in a Denial of Service attack?
What happens if cloud provider goes out of business?
Would cloud scale well-enough?
57
58. Auditability and forensics
it is Difficult to audit data held outside organization
in a cloud also Forensics made difficult
59. •Privacy issues raised via massive data mining
Cloud now stores data from a lot of clients, and can run
data mining algorithms to get large amounts of
information on clients
60. • Increased attack surface
o Attackers can now target the communication link
between cloud provider and client
60
61. Legal quagmire and transitive trust issues
If cloud provider subcontracts to third party clouds,
will the data still be secure? (complying with
regulations)
62.
63. Most security problems comes from 3 reasons:
Loss of control
Lack of trust
Multi-tenancy
64. Consumer’s loss of control :
Data, applications, resources , User access
control rules, security policies are managed by
CSP
65. Consumer relies on provider to ensure :
Data security and privacy - Resource availability -
Monitoring and repairing of services/resources
66. People only trust when it pays
Need for trust arises only in risky situations
Trusting a third party requires taking risks
67. Cloud Computing brings new threats science users share
same physical infrastructure so attacker can be in same
physical machine as target
There is Conflict between tenants’ opposing goals so
How to provide strong separation between tenants?
68. Minimize Loss of Control
Monitoring - Utilizing different clouds -
Access control management
Minimize Lack of Trust
Policy Language - Certification
Minimize Multi-tenancy
Private cloud - Strong separation
68
69. Requires an application-specific run-time monitoring
and management tool for the consumer ( Enable both
the provider and tenants to monitor the components in
the cloud that are under their control)
70. Propose a multi-cloud (use services from different clouds)
in which users Spread the risk - Increase redundancy -
Increase chance of mission completion for critical apps.
Issues :Policy incompatibility - Data dependency between
clouds - Data redundancy - spread your sensitive data .
71. Many possible layers of access control ( access to the
cloud - access to servers - access to services .. etc )
Federated Identity Management: access control
management burden still lies with the provider .
Consumer-managed access control : requiring less
trust of the provider.
72. User on Amazon
Cloud
1. Name
2. E-mail
3. Password
4. Billing Address
5. Shipping Address
6. Credit Card
1. Name
2. E-mail
3. Shipping Address
1. Name
2. Billing Address
3. Credit Card
1. Name
2. E-mail
3. Password
4. Billing Address
5. Shipping Address
6. Credit Card
1. Name
2. E-mail
3. Shipping Address
73. User on Amazon
Cloud
1. Name
2. E-mail
3. Password
4. Billing Address
5. Shipping Address
6. Credit Card
1. Name
2. Billing Address
3. Credit Card
74. Create policy language which is :(Machine-understandable
- Easy to combine/merge and compare - Need a validation
tool to check that the policy created in the standard
language correctly reflects the policy creator’s intentions
75. • Create Some Certification : Some form of reputable,
independent, comparable assessment and description
of security features and assurance.
• Risk assessment : Performed by certified third parties
76. Can’t really force the provider to accept less tenants
Use Private cloud
Use Strong isolation techniques.
increase trust in the tenants
Use SLAs (A service level agreement ) to enforce
trusted behavior
77.
78. Big black box, nothing is visible , complexity.
CSP can have malicious system admins who can violate
confidentiality and integrity
confidentiality, integrity, availability, and privacy issues.
78
80. Future works
The mainstream adoption of cloud computing could cause
many problems for users
Trend of large vendors entering CC will accelerate rapidly.
Still have to look for too many areas in open researches
like security, management … etc.
Commercial offerings are proprietary and usually not open
for cloud systems research and development
81. Cloud computing is sometimes viewed as a
reincarnation of the classic mainframe client-server
model, However, it has too many attributes
,characteristics , advantages and disadvantages.
Cloud delivery models are Saas , Paas and Iaas, while
Cloud deployment models are Public , Private , Hybrid
and Community.
In Cloud computing security issues it may be helpful to
identify the problems and approaches in terms of : Loss
of control - Lack of trust - Multi-tenancy problems
Future works in CC are still have big issue in terms of
security – management ….etc.
Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
cloud computing customers do not own the physical infrastructure.
Cloud computing users avoid capital expenditure (CapEx) on hardware, software, and services when they pay a provider only for what they use.
Low shared infrastructure and costs, low management overhead, and immediate access to a broad range of applications
Government and Military sectors: complicated procurement rules and stringent security requirements
Cloud-based categories:
Cloud-based applications (SAAS)
Cloud-based development (e.g. Google App Engine)
Cloud-based infrastructure (e.g. Amazon’s EC2)
Data mobility: the ability to share data between cloud services
Where does data reside?
- out-of-state, out-of-country issues
Security Concerns for government in particular
FISMA
How to certify and accredit cloud computing providers under FISMA
(e.g. ISO 27001)
Chiles and McMakin (1996) define trust as increasing one’s vulnerability to the risk of opportunistic behavior of another whose behavior is not under one’s control in a situation in which the costs of violating the trust are greater than the benefits of upholding the trust.
Trust here means mostly lack of accountability and verifiability
Who are my neighbors? What is their objective? They present another facet of risk and trust requirements
When the underlying components fail in the cloud, the effect of the failures to the mission logic needs to be known so that correct recovery measures can be performed. We propose an application-specific run-time monitoring and management tool. With this tool, the application logic can remain on the consumer’s host computer. This allows the consumer to centrally monitor all aspects of the application as well as data flow. Since all outputs from underlying services are sent to the application logic, any data incompatibility between services is not an issue. The capabilities of the run-time monitoring and management tool are as follows: 1) Enable application user to determine the status of the cloud resources that may be used to run the application (across multiple clouds), 2) Enable application user to determine the real-time security posture and situational awareness of the application, 3) Provide the application user with the ability to move user’s application (or part of it) to another site (other VM in same cloud or different cloud altogether), 4) Provide the application user with the ability to change the application logic on the fly, 5) Provide communicate capabilities with cloud providers. There are a few cloud vendors such as NimSoft [41] and Hyperic [42] that provide application-specific monitoring tools that provide some of the above functionality. These monitoring tools may be further enhanced or used in conjunction with other tools to provide the degree of monitoring required. However, any tool that is to be used for military purposes must also receive some type of accreditation and certification procedure.
Differering data semantics example: does a data item labeled secret in one cloud have the same semantics as another piece of data also labeled secret in a different cloud?
In cloud computing (as well as other systems), there are many possible layers of access control. For example, access to the cloud, access to servers, access to services, access to databases (direct and queries via web services), access to VMs, and access to objects within a VM. Depending on the deployment model used, some of these will be controlled by the provider and others by the consumer.
For example, Google Apps, a representative SaaS Cloud controls authentication and access to its applications, but users themselves can control access to their documents through the provided interface to the access control mechanism. In IaaS type approaches, the user can create accounts on its virtual machines and create access control lists for these users for services located on the VM.
Regardless of the deployment model, the provider needs to manage the user authentication and access control procedures (to the cloud). While some providers allow federated authentication – enabling the consumer-side to manage its users, the access control management burden still lies with the provider. This requires the user to place a large amount of trust on the provider in terms of security, management, and maintenance of access control policies. This can be burdensome when numerous users from different organizations with different access control policies, are involved. This proposal focuses on access control to the cloud. However, the concepts here could be applied to access control at any level, if deemed necessary. We propose a way for the consumer to manage the access control decision-making process to retain some control, requiring less trust of the provider.
Approach:
This approach requires the client and provider to have a pre-existing trust relationship, as well as a pre-negotiated standard way of describing resources, users, and access decisions between the cloud provider and consumer. It also needs to be able to guarantee that the provider will uphold the consumer-side’s access decisions. Furthermore, we need to show that this approach is at least as secure as the traditional access control model.
This approach requires the data owner to be involved in all requests. Therefore, frequent access scenarios should not use this method if traffic is a concern. However, many secure data outsourcing schemes require the user to grant keys/certificates to the query side, so that every time the user queries a database, the owner needs to be involved. Therefore, not much different than that so may not be a problem.
These SLAs typically state the high level policies of the provider (e.g. Will maintain uptime of 98%) and do not allow cloud consumers to dictate their requirements to the provider. COI clouds in particular have specific security policy requirements that must be met by the provider, due to the nature of COIs and the missions they are used for. These requirements need to be communicated to the provider and the provider needs to provide some way of stating that the requirements can be met. Cloud consumers and providers need a standard way of representing their security requirements and capabilities. Consumers also need a way to verify that the provided infrastructure and its purported security mechanisms meet the requirements stated in the consumer’s policy (proof of assertions). For example, if the consumer’s policy requires isolation of VMs, the provider can create an assertion statement that says it uses cache separation to support VM isolation.