cloud computing security
DESCRIPTION
Cloud Computing Security. Reading. Reading: NIST, The NIST Definition of Cloud Computing, csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf, 2011 - PowerPoint PPT PresentationTRANSCRIPT
Computer Science and Engineering 1
Cloud Computing SecuritySecurity
ReadingReading
Reading:
• NIST, The NIST Definition of Cloud Computing, csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf, 2011
• R. Sandhu, et al., Towards a discipline of mission-aware cloud computing, CCSW’10 in Proc. of the 2010 Cloud Computing Workshop, 13-18, 2010., http://dl.acm.org/citation.cfm?id=1866835.1866839&coll=DL&dl=ACM&CFID=131355972&CFTOKEN=22051019
Computer Science and Engineering 2
Computer Science and Engineering 3
What is cloud computing?What is cloud computing?
The NIST DefinitionThe NIST Definition
• Computing paradigm to support ubiquitous, convenient, and on-demand network access to a shared pool of computing resources
• Access characteristics: can be rapidly provisioned and released with minimal management effort or service provider’s interaction
• Description:
– Essential characteristics
– Service model
– Deployment model
Computer Science and Engineering 4
Essential CharacteristicsEssential Characteristics
• On-demand self-service • Broad network access• Resource pooling• Rapid elasticity• Measured service
Computer Science and Engineering 5
Service ModelsService Models
• Software as a Service (SaaS) • Platform as a Service (PaaS) • Infrastructure as a Service (IaaS)
Computer Science and Engineering 6
Deployment Models Deployment Models
• Private cloud • Community cloud • Public cloud • Hybrid cloud
Computer Science and Engineering 7
Cloud concernsCloud concerns
• The cloud acts as a big black box -> Clients have no idea or control over what happens inside a cloud
– Loss of control
• Cloud provider, system admins
– Lack of trust
• How to support traditional data confidentiality, integrity, availability, and privacy issues, plus some additional attacks
– Extra work
Computer Science and Engineering 8
Security ObjectivesSecurity Objectives
• Confidentiality– Fear of loss of control over data
• sensitive data stored on a cloud • cloud compromises leak confidential client data
– Is the cloud provider honest and won’t peek into the data?
Computer Science and Engineering 9
Security ObjectivesSecurity Objectives
• Integrity– Correct computations – Data tampering
• Availability– Denial of Service attack against cloud– Cloud provider goes out of business – Scalability– Cloud provider’s downtime
Computer Science and Engineering 10
Regulations and Legal Regulations and Legal requirementsrequirements
• Auditability and forensics (out of control of data)– Difficult to audit cloud data– Difficult forensics
• Legal issues– Who is responsible for complying with regulations?– How about third party clouds?
Computer Science and Engineering 11
Privacy IssuesPrivacy Issues
• Massive data mining– Cloud now stores data from a lot of clients, and can
run data mining algorithms to get large amounts of information on clients
• Increased attack surface– Attackers target the communication link between
cloud provider and client– Cloud provider employees can be phished
Computer Science and Engineering 12
WHAT ARE THE SECURITY WHAT ARE THE SECURITY CONCERNS REGARDING CONCERNS REGARDING
CLOUD COMPUTING?CLOUD COMPUTING?
Computer Science and Engineering 13
Why do we need cloud Why do we need cloud security?security?
• Players:– Cloud provider– Service consumer
• Concerns:– Availability– Security
• Cloud Security Alliance, https://cloudsecurityalliance.org/
Computer Science and Engineering 14
Critical Security Areas in Critical Security Areas in Cloud Computing (CSA)Cloud Computing (CSA)
• Governing in the Cloud– Governance and Enterprise Risk Management– Legal and Electronic Discovery – Compliance and Audit– Information Lifecycle Management– Portability and Interoperability
• Operating in the Cloud– Traditional Security, Business Continuity, and Disaster Recovery– Data Center Operations– Incident Response, Notification, and Remediation– Application Security– Encryption and Key Management– Identity and Access Management– Virtualization
Computer Science and Engineering 15
Top 10 Customer Issues Eroding Top 10 Customer Issues Eroding Cloud Confidence (from CSA)Cloud Confidence (from CSA)
1. Government regulations keeping pace with the market (1.80)
2. Exit strategies (1.88)
3. International data privacy (1.90)
4. Legal issues (2.15)
5. Contract lock in (2.18)
6. Data ownership and custodian responsibilities (2.18)
7. Longevity of suppliers (2.20)
8. Integration of cloud with internal systems (2.23)
9. Credibility of suppliers (2.30)
10. Testing and assurance (2.30)
Computer Science and Engineering 16
WILL THE CLOUD STAY?WILL THE CLOUD STAY?
Computer Science and Engineering 17
Cloud and SecurityCloud and Security
• Security difficulties in the cloud• Cloud as a security service provider
Computer Science and Engineering 18
What is Security?What is Security?
• 1960s: Computer security (CompuSec) and Communication security (CommSec)
• 1970s: encryption technologies• 1990s: Information security (InfoSec)• 2000s: Information Assurance, Information Warfare• 2008-9: Information Dominance• 2010s: Mission Assurance
Computer Science and Engineering 19
Mission AssuranceMission Assurance
• Getting the job done• Security is a secondary objective• Always present malicious entity in a cyber system
• DoD Mission assurance specification
Computer Science and Engineering 20
WHAT IS A MISSION AWARE WHAT IS A MISSION AWARE CLOUD? CLOUD?
Computer Science and Engineering 21
Mission-aware cloud Mission-aware cloud Research problems 1.Research problems 1.
1. “Develop a heterogeneous experimental cloud computing infrastructure (denoted as the cloud henceforth) spanning multiple locations, security and assurance levels.”
2. “Experimentally explore, develop, and implement extensive instrumentation to monitor, measure and gather statistical data regarding activities in the cloud.”
Computer Science and Engineering 22
Mission-aware cloud Mission-aware cloud Research problems 2.Research problems 2.
3. “Analyze gathered data to estimate underlying network performance and threat vulnerability using regression, analysis of variance, and other generalized linear statistical models.”
4. “Develop new protocols that cope with denial of service (DoS) and insider attacks and ensure predictable delivery of mission critical data.”
5. “Develop new or enhance existing virtual machines (VMs) that enable efficient implementation of access control and trust policies to facilitate mission assurance.”
Computer Science and Engineering 23
Mission-aware cloud Mission-aware cloud Research problems 3.Research problems 3.
7. “Develop models, methodologies and architectures for decentralized dynamic management of security and assurance policies.”
8. “Design automated systems that analyze the tradeoffs between security and availability versus performance and scalability and take corrective action before threats or bottlenecks compromise mission assurance.”
Computer Science and Engineering 24
Policy DecisionsPolicy Decisions
Computer Science and Engineering 25
Pete Ann
•Pete and Ann shares resources •Need agreement on security policy•Pete•Ann•Cloud provider
What will be the “new” What will be the “new” technology/capability for technology/capability for
2010s?2010s?
Computer Science and Engineering 26
Next Class: Mobile SecurityNext Class: Mobile Security
Computer Science and Engineering 27