about paas security
play

About PaaS Security Donghoon Kim Henry E. Schaffer Mladen A. Vouk - PowerPoint PPT Presentation

Jul 07, 2023 •290 likes •397 views

Computer Science About PaaS Security Donghoon Kim Henry E. Schaffer Mladen A. Vouk North Carolina State University, USA May 21, 2015 @ ICACON 2015 Outline Introduction Background Contribution PaaS Vulnerabilities and

  1. Computer Science About PaaS Security Donghoon Kim Henry E. Schaffer Mladen A. Vouk North Carolina State University, USA May 21, 2015 @ ICACON 2015

  2. Outline • Introduction – Background – Contribution • PaaS Vulnerabilities and Countermeasures – Software Platform Cloud Applications Features: (SaaS) • Runtime environments – Virtualization Cloud Software Environments • Database (PaaS) • Web server – Data Security & Integrity • Development tools Cloud Software Infrastructure • Programming environments (IaaS) • Etc. Operating Systems • Some Security Trends Hardware Vulnerabilities – Isolation for multi-tenant environments SW Platform Side1 channel* a4acks Virtualization – Protection of sensitive data Data Protec' ng* sensi' ve* data Computer Science 2

  3. Introduction: Background • Three Service delivery model for cloud computing – Defined by NIST Cloud Applications (SaaS) • SaaS (Software) Cloud Software Environments (PaaS) • PaaS (Platform) Cloud Software Infrastructures • IaaS (Infrastructure) (IaaS) Operating Systems • PaaS (Platform as a Service) Hardware – Provide middleware resources to cloud customers (E.g., developers and providers of SaaS) – Hide complexity of maintaining the infrastructure – Enable low costs and higher computing efficiency • Surveyed over the last five years (i.e., since 2010) – Research papers, industrial technical reports, etc. Computer Science 3

  4. Introduction: Contribution • Three categories of PaaS security issues – Vulnerabilities and corresponding countermeasures • PaaS security trends – Isolation for multi-tenants against side-channel attacks – Protection of sensitive data Cloud Applications Features: (SaaS) • Runtime environments Cloud Software Environments • Database (PaaS) • Web server • Development tools Cloud Software Infrastructure • Programming environments (IaaS) • Etc. Operating Systems Hardware Vulnerabilities SW Platform Side1 channel* a4acks Virtualization Data Protec' ng* sensi' ve* data Computer Science 4

  5. Software Platform (1/2) • OS to Hypervisors and Virtual Platform (VP) (e.g., Java and .NET platform) • The limitation of achieving proper isolation for multi-tenants – OS limitation as a hosting environment (i.e., PaaS Platform) • PaaS providers may prefer simplified abstractions • OS may not support a set of applications; • Need tuning depending on each application – Proper isolation mechanisms with three options • Isolation at OS level • Isolation at Standard Java Security • Isolation at VM level Computer Science 5

  6. Software Platform (2/2) • Main open security issues at different layers – OS, Java VM, Container • Container for controlled environments – Dockers released in March 2013 • Resource isolation features of the Linux kernel • Provide lightweight containers to run processes in isolation. • The user needs to “own” the whole stack for complete isolation. – Bare machine or sole-use may be the only safe solution Computer Science 6

  7. Virtualization (1/2) • Major components of cloud computing • Drive the growth of clouding computing • Enabling sharing of resources for multi-tenancy • Multi-tenancy vulnerabilities – The adversary may identify internal cloud structure which can launch a comprised VM – Cross-VM side channel attacks due to the sharing of physical resources (e.g., a single core CPU, cache) • Countermeasures – Cloud providers may obfuscate both internal structure of their services and the placement policy – Avoid co-residence – Expose the risk and placement policy directly to users Computer Science 7

  8. Virtualization (2/2) • Vulnerabilities – Components sharing between VMs, but lack of isolation • Countermeasures – Strong isolation, nevertheless a large overhead • Performance between isolation and consolidation • Major cause: contention on memory channels or processor caches on the physical machine – Physical and functional hierarchical • Functional: divide a platform into available zone Computer Science 8

  9. Data Security & Integrity • Protecting data and maintaining data integrity are important for all cloud service delivery model • Additional security checks should be applied to sensitive data • Countermeasures – Storing meta-data information in different locations; making information invaluable if a malicious user tries to recover – Secure block storage for encrypted data chucks – Authentication scheme by Merkle tree-based structure • Practical and scalable by reducing the storage overhead – Data Geolocation technique Computer Science 9

  10. Some Trends • A side-channel attach is still popular due to multi-tenant virtualization – Require proper isolation mechanism – But, existing countermeasures may not applicable • Too specific (i.e., application-specific) • Protecting sensitive data – Minimize the exposure of sensitive data as a plaintext – To protect personal data, the EU issued EU Data protection Directive • Limited storage in organization or governmental agencies while a tremendous increase in the scale of data – Need more robust methods of data geolocation PaaS IaaS SaaS Computer Science 10

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lessons Learned in Deploying PaaS Colin Humphreys What we have done and why we have done it

Lessons Learned in Deploying PaaS Colin Humphreys What we have done and why we have done it

Lessons Learned in Deploying PaaS Colin Humphreys What we have done and why we have done it Why? PaaS PaaS in ALM Experiences Future I'm a consumer I'm not a PaaS vendor We help our clients deliver value What is value? What is

688 views • 50 slides
DFSI & VIP Program with WISE-PaaS Marketplace Chiwen Lin, WISE-PaaS Marketplace 6 th

DFSI & VIP Program with WISE-PaaS Marketplace Chiwen Lin, WISE-PaaS Marketplace 6 th

DFSI & VIP Program with WISE-PaaS Marketplace Chiwen Lin, WISE-PaaS Marketplace 6 th December, 2019 Co-creating and Landing the IoT Business DFSI For every dollar of solution resell, well get $8 AIoT application customization

138 views • 11 slides
Python microservices on PaaS done right Micha Bultrowicz About me Work at Intel

Python microservices on PaaS done right Micha Bultrowicz About me Work at Intel

Python microservices on PaaS done right Micha Bultrowicz About me Work at Intel Technology Poland. I do backend services. Sadly, mainly in Java. I did some C++ security... ...and multiplatform distributed automated

606 views • 32 slides
Mesos + Singularity: Mesos + Singularity: PaaS automation for mortals PaaS automation for

Mesos + Singularity: Mesos + Singularity: PaaS automation for mortals PaaS automation for

Mesos + Singularity: Mesos + Singularity: PaaS automation for mortals PaaS automation for mortals Gregory Chomatas @gchomatas PaaS team 120 meters: My shortest travel to a Conference 120 meters: My shortest travel to a Conference Miletus

427 views • 38 slides
COAPS API A Generic Cloud Application Provisioning and Management API Why COAPS ? PaaS 1 Cloud

COAPS API A Generic Cloud Application Provisioning and Management API Why COAPS ? PaaS 1 Cloud

COAPS API A Generic Cloud Application Provisioning and Management API Why COAPS ? PaaS 1 Cloud consumer COAPS Needed Platform resources PaaS 2 Whats COAPS ? PaaS-independent approach for the provisioning and management of

339 views • 9 slides
Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the

Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the

Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the Cloud? How the Cloud is delivered: Iaas, PaaS and SaaS Cloud security challenges and risk Current Cloud security report Cloud security technology

302 views • 27 slides
JAVA IN THE CLOUD PAAS PLATFORM IN COMPARISON Eberhard Wolff Architecture and Technology Manager

JAVA IN THE CLOUD PAAS PLATFORM IN COMPARISON Eberhard Wolff Architecture and Technology Manager

JAVA IN THE CLOUD PAAS PLATFORM IN COMPARISON Eberhard Wolff Architecture and Technology Manager adesso AG, Germany 12.10. 11 Agenda A Few Words About Cloud Java and IaaS PaaS Platform as a Service Google App Engine

601 views • 37 slides
Deploying at scale with PaaS Last Updated: October. 2014 About Me Lakmal Warusawithana Vise

Deploying at scale with PaaS Last Updated: October. 2014 About Me Lakmal Warusawithana Vise

Deploying at scale with PaaS Last Updated: October. 2014 About Me Lakmal Warusawithana Vise President, Apache Stratos Director - Cloud Architecture, WSO2 Inc lakmal@apache.org / lakmal@wso2.com * Agenda Introduction to PaaS

797 views • 35 slides
How AppFog Built a PaaS around CloudFoundry Jeremy Voorhis Senior Engineer, AppFog Inc

How AppFog Built a PaaS around CloudFoundry Jeremy Voorhis Senior Engineer, AppFog Inc

How AppFog Built a PaaS around CloudFoundry Jeremy Voorhis Senior Engineer, AppFog Inc jeremy@appfog.com @jvoorhis http://www.appfog.com Thursday, March 8, 12 Agenda What is PaaS? What is CloudFoundry? Adopting CloudFoundry at

859 views • 55 slides
The Global Ne+lix Pla+orm A Large Scale Java oriented PaaS

The Global Ne+lix Pla+orm A Large Scale Java oriented PaaS

The Global Ne+lix Pla+orm A Large Scale Java oriented PaaS running on AWS October 24th, 2011 Adrian Cockcro6 @adrianco #ne9lixcloud

1.13k views • 75 slides
You shall not PaaS ?! Let us be your guide to a successful cloud migration Matthias Haeussler,

You shall not PaaS ?! Let us be your guide to a successful cloud migration Matthias Haeussler,

You shall not PaaS ?! Let us be your guide to a successful cloud migration Matthias Haeussler, Thorsten Jakoby Agenda Brief information speakers and Novatec Application details Initial problem High level migration path

694 views • 56 slides
Introduction to PaaS and IaaS Cloud Computing Roberto Beraldi Models for Cloud Computing

Introduction to PaaS and IaaS Cloud Computing Roberto Beraldi Models for Cloud Computing

Introduction to PaaS and IaaS Cloud Computing Roberto Beraldi Models for Cloud Computing (SaaS)Software as a Service XaaS (PaaS) Platform as a Service (IaaS) Infrastructure as a Service Models for cloud computing CC in a nutshell Cloud

1.15k views • 83 slides
Cloud Foundry The Building of the Open PaaS Derek Collison July 27, 2011 What is Cloud

Cloud Foundry The Building of the Open PaaS Derek Collison July 27, 2011 What is Cloud

Cloud Foundry The Building of the Open PaaS Derek Collison July 27, 2011 What is Cloud Foundry? The Open Platform as a Service What is PaaS? Or more specifically, an aPaaS? aPaaS Application Platform as a Service Applications

701 views • 38 slides
Using PaaS to Iterate on DevOps Colin Humphreys @hatofmonkeys colin@hatofmonkeys.com

Using PaaS to Iterate on DevOps Colin Humphreys @hatofmonkeys colin@hatofmonkeys.com

Using PaaS to Iterate on DevOps Colin Humphreys @hatofmonkeys colin@hatofmonkeys.com blog.hatofmonkeys.com The thing that runs your applications. You've been making them for years! Not magical. Not terrifying. What we do. Extension of

647 views • 63 slides
CONTINUOUS DEPLOYMENT WITH SINGULARITY Large Scale Mission-Critical Service and Job Deployment

CONTINUOUS DEPLOYMENT WITH SINGULARITY Large Scale Mission-Critical Service and Job Deployment

CONTINUOUS DEPLOYMENT WITH SINGULARITY Large Scale Mission-Critical Service and Job Deployment Gregory Chomatas @gchomatas PAAS TEAM Implement & maintain: the deploy & build tools the PAAS platform (mesos clusters) load balancer

621 views • 35 slides
RailCloud: A Reliable PaaS Cloud for Railway Applications Bijun Li , Rdiger Kapitza TU

RailCloud: A Reliable PaaS Cloud for Railway Applications Bijun Li , Rdiger Kapitza TU

Platzhalter fr Bild, Bild auf Titelfolie hinter das Logo einsetzen RailCloud: A Reliable PaaS Cloud for Railway Applications Bijun Li , Rdiger Kapitza TU Braunschweig 06.10.2016 This work is supported by Siemens international Rail

335 views • 14 slides
SaaS STEM in NSW Experiences with setting up a Sydney o ffi ce in 2016/2017. 2,500+ customers

SaaS STEM in NSW Experiences with setting up a Sydney o ffi ce in 2016/2017. 2,500+ customers

SaaS STEM in NSW Experiences with setting up a Sydney o ffi ce in 2016/2017. 2,500+ customers Visual marketing software for automating customer journeys 45 autopilot-ers 500+ integrations 3 locations 30M capital raised This is Autopilot Its

160 views • 12 slides
Admicom Oyj: Investor presentation April 9th 2020 This presentation is not a Company Description

Admicom Oyj: Investor presentation April 9th 2020 This presentation is not a Company Description

Admicom Oyj: Investor presentation April 9th 2020 This presentation is not a Company Description described in the Securities Markets Act (746/2012). This presentation is solely for information purposes and is not intended to form part of or be

335 views • 19 slides
Enterprise SaaS and Enterprise Mobility Management Matthew Leppanen Director of Business

Enterprise SaaS and Enterprise Mobility Management Matthew Leppanen Director of Business

Enterprise SaaS and Enterprise Mobility Management Matthew Leppanen Director of Business Productivity Solutions 1 1439 1969 1975 2 Mobile Proliferation 3 Daily smartphone usage Source: WORKshift 4 The new network Deloitte: Age of

258 views • 22 slides
Update and Actions Required 5/12/2020 TIMELINE OF ACTIONS FOR RULES COMPLETION 1) Sediment

Update and Actions Required 5/12/2020 TIMELINE OF ACTIONS FOR RULES COMPLETION 1) Sediment

Se Sediment Con t Contr trol Rules Ad s Adoption Update and Actions Required 5/12/2020 TIMELINE OF ACTIONS FOR RULES COMPLETION 1) Sediment Control Commission (SCC) adopted rules. November 4, 2019 2) Rules provided to Rules Review

344 views • 7 slides
Investor Presentation March 2018 Forward-looking Statements & Non-GAAP Financial Information

Investor Presentation March 2018 Forward-looking Statements & Non-GAAP Financial Information

Investor Presentation March 2018 Forward-looking Statements & Non-GAAP Financial Information TECHNOLOGY | INNOVATION | SOLUTIONS Forward-Looking Language This press release contains "forward-looking statements" within the

432 views • 28 slides
Defending against malicious peripherals with Cinch Sebastian Angel 1,2 Riad S. Wahby 3 , Max

Defending against malicious peripherals with Cinch Sebastian Angel 1,2 Riad S. Wahby 3 , Max

Defending against malicious peripherals with Cinch Sebastian Angel 1,2 Riad S. Wahby 3 , Max Howald 2,4 , Joshua B. Leners 5 , Michael Spilo 2 , Zhen Sun 2 , Andrew J. Blumberg 1 , and Michael Walfish 2 1 UT Austin 2 NYU 3 Stanford 4 The Cooper

553 views • 39 slides
Welkom to the Cathodic Protection presentation Speaker: Henk Roest Agenda What is Cathodic

Welkom to the Cathodic Protection presentation Speaker: Henk Roest Agenda What is Cathodic

Welkom to the Cathodic Protection presentation Speaker: Henk Roest Agenda What is Cathodic Protection (CP)? Application of CP Types of CP Active CP for concrete Working of ICCP 2 What is Cathodic Protection (CP)?

984 views • 12 slides
An Outline of a Complementary Inspection System for Micro-Electro- Mechanical System (MEMS)

An Outline of a Complementary Inspection System for Micro-Electro- Mechanical System (MEMS)

An Outline of a Complementary Inspection System for Micro-Electro- Mechanical System (MEMS) Devices Based on Radiography and Plenoptic Camera Speaker: Shu-Mei Tan a Alvin Chong a , Guojin Feng a , Jamil Kanfoud a , Tat-Hean Gan a,1 a Brunel

215 views • 18 slides

More recommend