chapter 9 cloud security contents
play

Chapter 9 Cloud Security Contents Security in an interconnected - PowerPoint PPT Presentation

May 15, 2023 •273 likes •661 views

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security risks. Attacks in a cloud environment, top threats. Security, a major concern for cloud users. Privacy. Trust. Operating systems

  1. Chapter 9 – Cloud Security

  2. Contents  Security in an interconnected world, cloud security risks.  Attacks in a cloud environment, top threats.  Security, a major concern for cloud users.  Privacy.  Trust.  Operating systems security.  Virtual machine security.  Security of virtualization.  Security risks posed by shared images.  Security risks posed by a management OS.  XOAR - breaking the monolithic design of TCB.  Terra a trusted virtual machine monitor. 2 Cloud Computing: Theory and Practice. Chapter 9 Dan C. Marinescu

  3. Computer security in the new millennium  In an interconnected world, various embodiments of malware can migrate easily from one system to another, cross national borders and infect systems all over the globe.  The security of computing and communication systems takes a new urgency as the society becomes increasingly more dependent on the information infrastructure. Even the critical infrastructure of a nation can be attacked by exploiting flaws in computer security.  Recently, the term cyberwarfare has enter the dictionary meaning “actions by a nation -state to penetrate another nation's computers or networks for the purposes of causing damage or disruption” Cloud Computing: Theory and Practice. 3 Chapter 9 Dan C. Marinescu

  4. Cloud security  A computer cloud is a target-rich environment for malicious individuals and criminal organizations.  Major concern for existing users and for potential new users of cloud computing services. Outsourcing computing to a cloud generates new security and privacy concerns.  Standards, regulations, and laws governing the activities of organizations supporting cloud computing have yet to be adopted. Many issues related to privacy, security, and trust in cloud computing are far from being settled.  There is the need for international regulations adopted by the countries where data centers of cloud computing providers are located.  Service Level Agreements (SLAs) do not provide adequate legal protection for cloud computer users, often left to deal with events beyond their control. Cloud Computing: Theory and Practice. 4 Chapter 9 Dan C. Marinescu

  5. Cloud security risks  Traditional threats  impact amplified due to the vast amount of cloud resources and the large user population that can be affected. The fuzzy bounds of responsibility between the providers of cloud services and users and the difficulties to accurately identify the cause.  New threats  cloud servers host multiple VMs; multiple applications may run under each VM. Multi-tenancy and VMM vulnerabilities open new attack channels for malicious users. Identifying the path followed by an attacker more difficult in a cloud environment.  Authentication and authorization  the procedures in place for one individual does not extend to an enterprise.  Third-party control  generates a spectrum of concerns caused by the lack of transparency and limited user control.  Availability of cloud services  system failures, power outages, and other catastrophic events could shutdown services for extended periods of time. Cloud Computing: Theory and Practice. 5 Chapter 9 Dan C. Marinescu

  6. Attacks in a cloud computing environment  Three actors involved; six types of attacks possible.  The user can be attacked by:  Service  SSL certificate spoofing, attacks on browser caches, or phishing attacks.  The cloud infrastructure  attacks that either originates at the cloud or spoofs to originate from the cloud infrastructure.  The service can be attacked by:  A user  buffer overflow, SQL injection, and privilege escalation are the common types of attacks.  The cloud infrastructure  the most serious line of attack. Limiting access to resources, privilege-related attacks, data distortion, injecting additional operations.  The cloud infrastructure can be attacked by:  A user  targets the cloud control system.  A service  requesting an excessive amount of resources and causing the exhaustion of the resources. Cloud Computing: Theory and Practice. 6 Chapter 9 Dan C. Marinescu

  7. User Invoke the service Control and and get results monitor the cloud Service-User Cloud-User User-Service User-Cloud Cloud Service infrastructure Cloud-Service Service-Cloud Request resources and manage them Surfaces of attacks in a cloud computing environment. Cloud Computing: Theory and Practice. 7 Chapter 9 Dan C. Marinescu

  8. Top threats to cloud computing  Identified by a 2010 Cloud Security Alliance (CSA) report:  The abusive use of the cloud - the ability to conduct nefarious activities from the cloud.  APIs that are not fully secure - may not protect the users during a range of activities starting with authentication and access control to monitoring and control of the application during runtime.  Malicious insiders - cloud service providers do not disclose their hiring standards and policies, so this can be a serious threat.  Shared technology.  Account hijacking.  Data loss or leakage - if the only copy of the data is stored on the cloud, then sensitive data is permanently lost when cloud data replication fails followed by a storage media failure.  Unknown risk profile - exposure to the ignorance or underestimation of the risks of cloud computing. Cloud Computing: Theory and Practice. 8 Chapter 9 Dan C. Marinescu

  9. Auditability of cloud activities  The lack of transparency makes auditability a very difficult proposition for cloud computing.  Auditing guidelines elaborated by the National Institute of Standards (NIST) are mandatory for US Government agencies:  the Federal Information Processing Standard (FIPS).  the Federal Information Security Management Act (FISMA). Cloud Computing: Theory and Practice. 9 Chapter 9 Dan C. Marinescu

  10. Security - the top concern for cloud users  The unauthorized access to confidential information and the data theft top the list of user concerns.  Data is more vulnerable in storage, as it is kept in storage for extended periods of time.  Threats during processing cannot be ignored; such threats can originate from flaws in the VMM, rogue VMs, or a VMBR.  There is the risk of unauthorized access and data theft posed by rogue employees of a Cloud Service Provider (CSP).  Lack of standardization is also a major concern.  Users are concerned about the legal framework for enforcing cloud computing security.  Multi-tenancy is the root cause of many user concerns. Nevertheless, multi-tenancy enables a higher server utilization, thus lower costs.  The threats caused by multi-tenancy differ from one cloud delivery model to another. Cloud Computing: Theory and Practice. 10 Chapter 9 Dan C. Marinescu

  11. Legal protection of cloud users  The contract between the user and the Cloud Service Provider (CSP) should spell out explicitly:  CSP obligations to handle securely sensitive information and its obligation to comply to privacy laws.  CSP liabilities for mishandling sensitive information.  CSP liabilities for data loss.  The rules governing ownership of the data.  The geographical regions where information and backups can be stored. Cloud Computing: Theory and Practice. 11 Chapter 9 Dan C. Marinescu

  12. Privacy  Privacy  the right of an individual, a group of individuals, or an organization to keep information of personal nature or proprietary information from being disclosed.  Privacy is protected by law; sometimes laws limit privacy.  The main aspects of privacy are: the lack of user control, potential unauthorized secondary use, data proliferation, and dynamic provisioning.  Digital age has confronted legislators with significant challenges related to privacy as new threats have emerged. For example, personal information voluntarily shared, but stolen from sites granted access to it or misused can lead to identity theft.  Privacy concerns are different for the three cloud delivery models and also depend on the actual context. Cloud Computing: Theory and Practice. 12 Chapter 9 Dan C. Marinescu

  13. Federal Trading Commission Rules  Web sites that collect personal identifying information from or about consumers online required to comply with four fair information practices:  Notice - provide consumers clear and conspicuous notice of their information practices, including what information they collect, how they collect it, how they use it, how they provide Choice, Access, and Security to consumers, whether they disclose the information collected to other entities, and whether other entities are collecting information through the site.  Choice - offer consumers choices as to how their personal identifying information is used. Such choice would encompass both internal secondary uses (such as marketing back to consumers) and external secondary uses (such as disclosing data to other entities).  Access - offer consumers reasonable access to the information a web site has collected about them, including a reasonable opportunity to review information and to correct inaccuracies or delete information.  Security - take reasonable steps to protect the security of the information they collect from consumers . Cloud Computing: Theory and Practice. 13 Chapter 9 Dan C. Marinescu

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

1 1.2. Guidelines for Information Security of Cloud Computing Category Main contents of measure

1 1.2. Guidelines for Information Security of Cloud Computing Category Main contents of measure

Agenda Related Polices to Cloud Computing I. Guidelines for Information Security of Cloud II. Computing Cloud Security Certification Scheme in KOREA Cloud Security Certification Program in Korea III. April. 11, 2017 Jungduk (JD) KIM, Ph.

403 views • 5 slides
Chapter 4 Cloud Computing Applications and Paradigms Cloud Computing: Theory and Practice. 1

Chapter 4 Cloud Computing Applications and Paradigms Cloud Computing: Theory and Practice. 1

Chapter 4 Cloud Computing Applications and Paradigms Cloud Computing: Theory and Practice. 1 Dan C. Marinescu Chapter 4 Contents Challenges for cloud computing. Existing cloud applications and new opportunities. Architectural

874 views • 36 slides
Chapter 3 Cloud Infrastructure Cloud Computing: Theory and Practice. 1 Dan C. Marinescu

Chapter 3 Cloud Infrastructure Cloud Computing: Theory and Practice. 1 Dan C. Marinescu

Chapter 3 Cloud Infrastructure Cloud Computing: Theory and Practice. 1 Dan C. Marinescu Chapter 3 Contents IaaS services from Amazon. Regions and availability zones for Amazon Web Services. Instances attributes and cost.

3.37k views • 45 slides
Chapter 1 Introduction Cloud Computing: Theory and Practice. 1 Dan C. Marinescu Chapter 1

Chapter 1 Introduction Cloud Computing: Theory and Practice. 1 Dan C. Marinescu Chapter 1

Chapter 1 Introduction Cloud Computing: Theory and Practice. 1 Dan C. Marinescu Chapter 1 Contents Network-centric computing and network-centric content. Cloud computing. Delivery models and services. Ethical issues in cloud

621 views • 28 slides
Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the

Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the

Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the Cloud? How the Cloud is delivered: Iaas, PaaS and SaaS Cloud security challenges and risk Current Cloud security report Cloud security technology

302 views • 27 slides
Chapter 6 Cloud Resource Management and Scheduling Contents Resource management and

Chapter 6 Cloud Resource Management and Scheduling Contents Resource management and

Chapter 6 Cloud Resource Management and Scheduling Contents Resource management and scheduling. Policies and mechanisms. Applications of control theory to cloud resource allocation. Stability of a two-level resource allocation

1.47k views • 39 slides
Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined)

Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined)

Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined) Administrative discussions Stephen McCamant University of Minnesota Multi-Cloud Oblivious Storage Old and new topics in security Cloud threats, old and new

645 views • 8 slides
Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1314 Chapter 18: 1 Chapter

Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1314 Chapter 18: 1 Chapter

Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1314 Chapter 18: 1 Chapter 18: Web Security Chapter 18: 2 Web 1.0 browser HTML + HTTP CSS data request web server backend systems Chapter 18: 3 Web 1.0 Shorthand

1.09k views • 91 slides
Computer Security http://security.di.unimi.it/sicurezza1819/ Chapter 3: 1 Chapter 3:

Computer Security http://security.di.unimi.it/sicurezza1819/ Chapter 3: 1 Chapter 3:

Computer Security http://security.di.unimi.it/sicurezza1819/ Chapter 3: 1 Chapter 3: Foundations of Computer Security Chapter 3: 2 Agenda Security strategies Prevention detection reaction Security objectives

839 views • 38 slides
Computer Security 3e Security.di.unimi.it/sicurezza1516 Chapter 3: 1 Chapter 3: Foundations of

Computer Security 3e Security.di.unimi.it/sicurezza1516 Chapter 3: 1 Chapter 3: Foundations of

Computer Security 3e Security.di.unimi.it/sicurezza1516 Chapter 3: 1 Chapter 3: Foundations of Computer Security Chapter 3: 2 Agenda Security strategies Prevention detection reaction Security objectives Confidentiality

553 views • 39 slides
Computer Security 3e Security.di.unimi.it/sicurezza1314 Chapter 3: 1 Chapter 3: Foundations of

Computer Security 3e Security.di.unimi.it/sicurezza1314 Chapter 3: 1 Chapter 3: Foundations of

Computer Security 3e Security.di.unimi.it/sicurezza1314 Chapter 3: 1 Chapter 3: Foundations of Computer Security Chapter 3: 2 Agenda Security strategies Prevention detection reaction Security objectives Confidentiality

1.08k views • 42 slides
Computer Security http://security.di.unimi.it/sicurezza1819/ Chapter 3: 1 Chapter 18: Web

Computer Security http://security.di.unimi.it/sicurezza1819/ Chapter 3: 1 Chapter 18: Web

Computer Security http://security.di.unimi.it/sicurezza1819/ Chapter 3: 1 Chapter 18: Web Security Chapter 18: 2 Web 1.0 browser HTML + HTTP CSS data request web server backend systems Chapter 18: 3 Web 1.0 Shorthand for web

465 views • 29 slides
Cloud Management Chapter 5 eBook: Cloud Compu5ng: Web-Based

Cloud Management Chapter 5 eBook: Cloud Compu5ng: Web-Based

Cloud Management Chapter 5 eBook: Cloud Compu5ng: Web-Based Dynamic IT Services ENGR 5770 / CSCI 5700 Service Compu5ng Winter 2013 1 Cloud

673 views • 21 slides
Terminology Chapter 1 Cloud Computing Advantages and Disadvantages

Terminology Chapter 1 Cloud Computing Advantages and Disadvantages

Cloud Computing Concepts, Models, and Terminology Chapter 1 Cloud Computing Advantages and Disadvantages https://www.youtube.com/watch?v=ojDnOyIQeJU Topics Cloud Service Models Cloud Delivery Models and Services Cloud

641 views • 28 slides
Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1516/ Chapter 16: 1 Chapter

Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1516/ Chapter 16: 1 Chapter

Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1516/ Chapter 16: 1 Chapter 16: Communications Security Chapter 16: 2 Agenda Threat model Secure tunnels Protocol design principles IPsec SSL/TLS EAP

899 views • 56 slides
Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1415/ Chapter 16: 1 Chapter

Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1415/ Chapter 16: 1 Chapter

Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1415/ Chapter 16: 1 Chapter 16: Communications Security Chapter 16: 2 Agenda Threat model Secure tunnels Protocol design principles IPsec SSL/TLS EAP

695 views • 48 slides
3/12/20 2 Instructional Design Principles in Mathematics Webinar March 2, 2020 Naomi Church,

3/12/20 2 Instructional Design Principles in Mathematics Webinar March 2, 2020 Naomi Church,

3/12/20 2 Instructional Design Principles in Mathematics Webinar March 2, 2020 Naomi Church, FDLRS Program Specialist 1 2 WELCOME! I am an ESE Specialist. I am a Math Coach/Contact. I am an ESE Support Facilitator. Take Off I am in an

528 views • 7 slides
Solar Planning and Zoning SolSmart Training at NCTCOG 10/11/2017 Philip Kreycik Meister

Solar Planning and Zoning SolSmart Training at NCTCOG 10/11/2017 Philip Kreycik Meister

Solar Planning and Zoning SolSmart Training at NCTCOG 10/11/2017 Philip Kreycik Meister Consultants Group, A Cadmus Company Agenda Regulatory and approval process Why address solar? How to address solar Actual language applied

1.02k views • 69 slides
Outline of the lecture Outline of the lecture Inequality and income The inverted-U

Outline of the lecture Outline of the lecture Inequality and income The inverted-U

Questions that we will discuss today Take historically given an initial distribution of assets, but then Inequality and Development Week 10 T k hi i ll i i i i l di ib i f b h ask the question: March 12 Do inequalities

180 views • 16 slides
IT and (Un)sustainable Cultures Prof. Bill Tomlinson UC Irvine wmt@uci.edu Goal:

IT and (Un)sustainable Cultures Prof. Bill Tomlinson UC Irvine wmt@uci.edu Goal:

IT and (Un)sustainable Cultures Prof. Bill Tomlinson UC Irvine wmt@uci.edu Goal: Sustainability Tools: IT Tools: IT ! EcoRaft ! GreenScanner First Efforts ! Trackulous ! Sustainable Software Root Causes Unsustainable

423 views • 29 slides
Chapter 6 Consumer Behavior Today Understand the steps involved in the consumer decision

Chapter 6 Consumer Behavior Today Understand the steps involved in the consumer decision

Chapter 6 Consumer Behavior Today Understand the steps involved in the consumer decision process Describe factors influencing the consumer decision process 2 Consumer decision process You must understand how this process works in your

279 views • 14 slides
Cultures of Participation Gerhard Fischer Center for LifeLong Learning & Design (L3D),

Cultures of Participation Gerhard Fischer Center for LifeLong Learning & Design (L3D),

Wisdom is not the product of schooling but the lifelong attempt to acquire it. - Albert Einstein Cultures of Participation Gerhard Fischer Center for LifeLong Learning & Design (L3D), Department of Computer Science and Institute of

603 views • 46 slides
Action Coalition Web Conference April 5, 2016 [Venue/Audience] [Date] [Speaker name and title]

Action Coalition Web Conference April 5, 2016 [Venue/Audience] [Date] [Speaker name and title]

Building a Culture of Health, State by State Action Coalition Web Conference April 5, 2016 [Venue/Audience] [Date] [Speaker name and title] Building a Culture of Health: State by State [Venue/Audience] [Date] [Speaker name and title] Building

463 views • 27 slides
Presented by Kate Clancy, Food Systems Consultant at the Briggs Nutrition Science Symposium

Presented by Kate Clancy, Food Systems Consultant at the Briggs Nutrition Science Symposium

Presented by Kate Clancy, Food Systems Consultant at the Briggs Nutrition Science Symposium Toward Sustainable Diets: Current Evidence and Future Challenges SNEB Annual Meeting, Minneapolis July 22, 2018 Source: FAO and Biodiversity

536 views • 9 slides

More recommend