CLOUD SECURITY OR: HOW I LEARNED TO STOP WORRYING AND LOVE THE CLOUD - - PowerPoint PPT Presentation

cloud security
SMART_READER_LITE
LIVE PREVIEW

CLOUD SECURITY OR: HOW I LEARNED TO STOP WORRYING AND LOVE THE CLOUD - - PowerPoint PPT Presentation

Mar 26, 2024 187 likes •453 views

Click to edit Master title style CLOUD SECURITY OR: HOW I LEARNED TO STOP WORRYING AND LOVE THE CLOUD Jakob I. Pagter (Alon Hazay) Alexandra Instituttet A/S About the Alexandra Institute Click to edit Master title style Non-profit

slide-1
SLIDE 1

Click to edit Master title style

CLOUD SECURITY

OR: HOW I LEARNED TO STOP WORRYING AND LOVE THE CLOUD

Jakob I. Pagter (Alon Hazay) Alexandra Instituttet A/S

slide-2
SLIDE 2

Click to edit Master title style

  • Non-profit application oriented research institution – focus
  • n IT
  • GTS – Godkendt Teknologisk Service Institut
  • 100+ employees

About the Alexandra Institute

R&D

  • Researchers
  • Providers
  • Users

generating

Commercial

  • Development
  • Consultancy
  • Ideation
  • Networks
  • Dissemination

inspiration

slide-3
SLIDE 3

Click to edit Master title style

On-demand self-service

  • provision computing capabilities automatically without requiring

human interaction

Broad network access

  • Capabilities are available over the network promote use by

heterogeneous thin or thick client

Measured Service

Resource usage can be monitored, controlled, and reported, providing transparency

Rapid elasticity

  • Capabilities can be rapidly and elastically provisioned,

automatically, to quickly scale out or rapidly scale in

Resource pooling

  • A sense of location independence. customer has no control or

knowledge over the location of the resources

Essential Characteristics of Cloud Computing

slide-4
SLIDE 4

Click to edit Master title style

Deployment Model

4

slide-5
SLIDE 5

Click to edit Master title style

Cloud Service Models -

slide-6
SLIDE 6

Click to edit Master title style

NIST Visual Model of Cloud Computing Definition

slide-7
SLIDE 7

Click to edit Master title style

7

slide-8
SLIDE 8

Click to edit Master title style

Governance and compliance

  • We have four datacenters in

the US, two in Europe and two in Asia. Even though you choose to store your data in Europe instead of Worldwide, your data will be stored at least three times. Two times on your main location and one time at a secondary data center’

Statement MS Azure:

slide-9
SLIDE 9

Click to edit Master title style

slide-10
SLIDE 10

Click to edit Master title style

Amazon Outage

http://aws.amazon.com/message/65648/

slide-11
SLIDE 11

Click to edit Master title style

  • Zeus botnet running an unauthorized command and

control center on Amazon's EC2 cloud computing infrastructure.

Account or Service Hijacking

slide-12
SLIDE 12

Click to edit Master title style

Multi-Tenancy

Multi-Tenancy ¡

  • one program, need to

serve at the same time the number of consumer

  • rganizations (Tenants) ¡

Separation ¡

  • Solution that supports

Multi-Tenancy, capable of creating separation between the different Tenants ¡

slide-13
SLIDE 13

Click to edit Master title style

Virtualization vulnerabilities by vendor

  • VMware: 80.9%
  • Oracle: 1.8%
  • RedHat: 6.9%
  • IBM: 1.1%
  • Citrix: 5.8%
  • Microsoft: 0.9%

Low percentages for Oracle, IBM, and Microsoft

slide-14
SLIDE 14

Click to edit Master title style Web service redirection attack ¡ Web service man-in-middle message alteration attack

Insecure Interfaces and APIs

slide-15
SLIDE 15

Click to edit Master title style

15

slide-16
SLIDE 16

Click to edit Master title style

Armbrust et al.: Above The Clouds, Berkeley 2009

Stordrift

? ? ?

2011

$1500

2000

$150.000

IaaS PaaS SaaS

Indbygget sikkerhed Tilføjet sikkerhed Samlet sikkerhed

Business pros (and cons!)

År1 År2 År3 År4 År5 År6 År7 År8 Omkostning Innovation

Selvbetjening Innovation Fate- sharing Location

Hvem

  • er på?
  • hvor?
  • hvilke

data? Kompleksitet Risikoprofil?

Omkostning Agilitet Innovation Lokation Virtualisering Tredjeparter Compliance APIs Availability …??!!

slide-17
SLIDE 17

Click to edit Master title style

Cloud Security Alliance

The CSA is a member-driven

  • rganization, chartered with promoting

the use of best practices for providing security assurance within Cloud Computing.

slide-18
SLIDE 18

Click to edit Master title style

Get certified! alexandra.dk/ccsk

slide-19
SLIDE 19

Click to edit Master title style

Get certified!

Alexandra – Sikkerhed og Innovation i Skyen 19

slide-20
SLIDE 20

Click to edit Master title style

slide-21
SLIDE 21

Click to edit Master title style

A (proper) encrypted Dropbox

Transparent integration Data hidden to Dropbox

slide-22
SLIDE 22

Click to edit Master title style

Shallow confidentiality

Computation: decrypted! Storage: encrypted Local computation No real confidentiality

?!

web server..

slide-23
SLIDE 23

Click to edit Master title style

Deep confidentiality

Storage: encrypted web server.. Computation: encrypted!

Security Performance

slide-24
SLIDE 24

Click to edit Master title style Case: energiauktion.dk (via partisia.com)

  • 3. Find

winner

  • 4. Make the deal
  • 2. Submit bids
  • 1. Define

auction 10 20 30 40 50 60 70 80 90 100 0-2 2-4 6-8 10-12 14-16 18-20 22-24 2-3 4-6 8-10 12-14 16-18 20-22 Usage Base cost SMC cost (amortized) Elasticity => confidentiality!

slide-25
SLIDE 25

Click to edit Master title style

Thx for you attention!

PS: Please remember to evalueate the presentations (incl. this one ;)