cloud security
play

CLOUD SECURITY OR: HOW I LEARNED TO STOP WORRYING AND LOVE THE - PowerPoint PPT Presentation

Aug 16, 2022 •353 likes •756 views

Click to edit Master title style CLOUD SECURITY OR: HOW I LEARNED TO STOP WORRYING AND LOVE THE CLOUD PUBLIC Jakob I. Pagter Alexandra Instituttet A/S 1 About Alexandra Instituttet A/S Click to edit Master title style

  1. Click to edit Master title style CLOUD SECURITY � OR: HOW I LEARNED TO STOP � WORRYING AND LOVE THE � CLOUD PUBLIC Jakob I. Pagter Alexandra Instituttet A/S 1

  2. About ”Alexandra Instituttet A/S” Click to edit Master title style • Non-profit application oriented research institution – focus on IT • GTS – Godkendt Teknologisk Service Institut • 100+ employees generating Commercial R&D • Development • Consultancy • Researchers • Providers • Ideation • Users • Networks • Dissemination inspiration

  3. Essential Characteristics of Cloud Click to edit Master title style Computing On-demand self-service • provision computing capabilities automatically without requiring human interaction Broad network access • Capabilities are available over the network promote use by heterogeneous thin or thick client Measured Service Resource usage can be monitored, controlled, and reported, providing transparency Rapid elasticity • Capabilities can be rapidly and elastically provisioned, automatically, to quickly scale out or rapidly scale in Resource pooling • A sense of location independence. customer has no control or knowledge over the location of the resources

  4. Cloud Service Models - Click to edit Master title style

  5. NIST Visual Model of Cloud Computing Click to edit Master title style Definition

  6. Click to edit Master title style 6

  7. Governance and compliance Click to edit Master title style • We have four datacenters in the US, two in Europe and two in Asia. Even though you choose to store your data in Europe instead of Worldwide, your data will be stored at least three times. Two times on your main location and one time at a secondary data center’ Statement MS Azure:

  8. Click to edit Master title style Note: MS first movers on EU standard contract clauses

  9. SLA’s Click to edit Master title style http://aws.amazon.com/message/65648/

  10. Multi-Tenancy Click to edit Master title style Multi-Tenancy ¡ Separation ¡ • one program, need to • Solution that supports serve at the same time the Multi-Tenancy, capable of number of consumer creating separation organizations (Tenants) ¡ between the different Tenants ¡

  11. Technical attack vectors Click to edit Master title style 1. Outsiders 2. Platform 3. Insiders 4. Neighbours

  12. Business pros (and cons!) Click to edit Master title style Fate- Built-in sharing 2000 Economies Added Location $150.000 of scale Total Armbrust et al.: Above The Clouds , 2011 security Berkeley 2009 $1500 ? ? IaaS PaaS SaaS ? Cost Location/ Compliance Who Self service Agility • is on? • where? SLA’s • which Innovation data? Multi-tennancy/ Complexity Innovation Risk profile? Cost Virtualization Innovation År1 År2 År3 År4 År5 År6 År7 År8

  13. Two problems Click to edit Master title style Technical protection Compliance • Adress specific problems • Law • Part of bigger picture • Regulations (e.g PCI, HIPAA, data protection) • Relies on proper technical measures

  14. Two approaches Click to edit Master title style SLA’ing Ide Vurdering Analyse Realisering Security by design Security by design SLA’ing • Adapt to user capabilities • Exploit existing protection • Divide-and-conquer

  15. But first – “go old school” Click to edit Master title style Probability Risk Very low Low Medium High Very high 1 2 3 4 5 Very low ” t p Impact ($$) e 1 c c A “ low 2 e t a g e l e Medium d / e c u d 3 e R High y l l u f e 4 r a c e c u d e R Very high 5 Good security is Good analysis is business driven ! knowledge driven !

  16. Security by design using cryptography Click to edit Master title style • Adapt to user capabilities CSP • Exploit existing protection Security Own – Understand first! Security • Divide-and-conquer Total – Trust, classification, … Security IaaS PaaS SaaS • Understand context – Protection level <-> key sizes – What does and doesn’t crypto provide – When aren’t data encrypted • Don’t DIY • Protect the key!

  17. Context – key sizes! Click to edit Master title style Level Protection Symmetric Asymmetric Hash 1 Attacks in "real-time" by individuals 32 - - Only acceptable for authentication tag size 2 Very short-term protection against small organizations 64 816 128 Should not be used for confidentiality in new systems 3 Short-term protection against medium organizations, medium- 72 1008 144 term protection against small organizations 4 Very short-term protection against agencies, long-term 80 1248 160 protection against small organizations Smallest general-purpose level, 2-key 3DES restricted to 2 40 plaintext/ciphertexts, protection from 2009 to 2012 5 Legacy standard level 96 1776 192 2-key 3DES restricted to 10 6 plaintext/ciphertexts, protection from 2009 to 2020 6 Medium-term protection 112 2432 224 3-key 3DES, protection from 2009 to 2030 7 Long-term protection 128 3248 256 Generic application-independent recommendation, protection from 2009 to 2040 8 "Foreseeable future" 256 15424 512 Good protection against quantum computers Baseret på www.keylength.com

  18. Crypto check/wish list Click to edit Master title style Client-side encryption No trust in third parties Minimal user responsibility Full functionality

  19. Dropbox case study Click to edit Master title style Data hidden to Dropbox Transparent integration

  20. Storage-as-a-Service Click to edit Master title style Solution DYI Boxcryptor Secretsync completely Tahoe privatefiles Service(s) Anything dropbox dropbox box Any storage Client-side yes Yes/ yes yes yes encryption password based! Trust in third no no yes yes Divide-and- parties conquer Minimal no no (yes) (yes) no user responsibilit y Full no no no no no functionality

  21. IaaS/PaaS Click to edit Master title style Built-in Added Total IaaS PaaS SaaS Solution DYI Porticor CipherCloud Tahoe Service(s) Anything AWS Salesforce etc. Any storage Client-side yes yes yes yes encryption Trust in third no Divide-and- no Divide-and- parties conquer conquer Minimal user no yes yes no responsibility Full no no tokenization no functionality

  22. SaaS Click to edit Master title style Built-in Added Total IaaS PaaS SaaS Solution DYI Ciphercloud Voltage Service(s) Nope! Salesforce etc. SaaS eg. PCI Client-side yes yes yes encryption Trust in third no no no parties Minimal user no yes yes responsibility Full functionality no tokenization tokenization

  23. Summary Click to edit Master title style Client-side encryption No trust in third parties Minimal user responsibility Full functionality

  24. Crypto evolution Click to edit Master title style

  25. More fancy abbreviations Click to edit Master title style SMC • Secure Multiparty Computation • Research since ’78 • “Practical” since 2008 ABC • Attribute-Based Credentials • Research since at least ’83 (blind signatures) • Software “previews” available: U-Prove (Microsoft) + IdentityMixer (IBM) 25 Alexandra – Sikkerhed og Innovation i Skyen

  26. SMC: Shallow confidentiality Click to edit Master title style No real confidentiality web server.. Computation: decrypted! ?! Storage: encrypted Local computation

  27. SMC: Deep confidentiality Click to edit Master title style Divide-and- web server.. conquer Security Performance Computation: encrypted! Storage: encrypted

  28. SMC: energiauktion.dk (via partisia.com) Click to edit Master title style 100 90 80 70 2. Submit bids 1. Define Usage 60 auction 50 Base cost 40 30 SMC cost 20 (amortized) 10 0 Elasticity 0-2 2-4 6-8 10-12 14-16 18-20 22-24 2-3 4-6 8-10 12-14 16-18 20-22 3. Find => confidentiality! winner 4. Make the deal

  29. ABC: Identity in the cloud (simplified) Click to edit Master title style Parent Citizen “When you have a hammer…” IdP Jakob Above 18 !!! Unique !!! person Jakob: Shop, Arto, Skat, Below 14 Love.dk, …

  30. ABC: properties Click to edit Master title style Existing properties (digital signatures/IdP) New desirable properties • Identification • Non-traceable/anonymitet • Accountability – IdP can’t trace your transactions • Unlinkable/pseudonymitet – Eg. a provider can’t link your Can we have it profile in a merger with all? another provider • Verified claims – Eg. age og zipcode Yes we can! • Minimal disclosure

  31. ABC: Credentials Click to edit Master title style Claims provider PKI: ID + pub key PKI: signatur 3. Proof of claim 1. “claims” (attributes) Using credential 2. credential(token) PKI: certificate

  32. ABC: IdP vha. credentials (“on-demand”) Click to edit Master title style Claims provider 5. Signed token 2. Request 3. Request token token + credentials 1. Request access 4. Signed token

  33. ABC: Anonymity Click to edit Master title style Claims provider CA can’t recognize user Claim certifed by CP 3. Alder > 18 1. “alder = 34” (attributes) 2. credential(token)

  34. ABC: Pseudonymity Click to edit Master title style Claims provider 3. Alder > 18 1. Alder = 34 2. credential(token) 3. Alder > 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security risks. Attacks in a cloud environment, top threats. Security, a major concern for cloud users. Privacy. Trust. Operating systems

661 views • 38 slides
Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the

Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the

Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the Cloud? How the Cloud is delivered: Iaas, PaaS and SaaS Cloud security challenges and risk Current Cloud security report Cloud security technology

302 views • 27 slides
Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined)

Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined)

Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined) Administrative discussions Stephen McCamant University of Minnesota Multi-Cloud Oblivious Storage Old and new topics in security Cloud threats, old and new

645 views • 8 slides
1 1.2. Guidelines for Information Security of Cloud Computing Category Main contents of measure

1 1.2. Guidelines for Information Security of Cloud Computing Category Main contents of measure

Agenda Related Polices to Cloud Computing I. Guidelines for Information Security of Cloud II. Computing Cloud Security Certification Scheme in KOREA Cloud Security Certification Program in Korea III. April. 11, 2017 Jungduk (JD) KIM, Ph.

403 views • 5 slides
Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing

Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing

Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing Storage Computation High availability No maintenance Decreased Costs Elasticity &amp; Flexibility Security and Privacy for Cloud

529 views • 36 slides
The Cloud-y Future of Security Technologies Adam J. ODonnell, Ph.D. Director, Cloud

The Cloud-y Future of Security Technologies Adam J. ODonnell, Ph.D. Director, Cloud

The Cloud-y Future of Security Technologies Adam J. ODonnell, Ph.D. Director, Cloud Engineering Immunet, Inc. Monday, August 22, 2011 The Cloud-y Future of Security Technologies Adam J. ODonnell, Ph.D. Chief Architect, Cloud

848 views • 68 slides
Security in Cloud Computing A survey of the unique challenges and risks inherent to the Cloud

Security in Cloud Computing A survey of the unique challenges and risks inherent to the Cloud

Security in Cloud Computing A survey of the unique challenges and risks inherent to the Cloud Computing model. Presented By: Marissa Hollingsworth Overview What is Cloud Computing? Unique Security Concerns in the Cloud

556 views • 34 slides
Cloud Native Visibility and Security Chris Kranz Sysdig Secure DevOps for Cloud Native Open by

Cloud Native Visibility and Security Chris Kranz Sysdig Secure DevOps for Cloud Native Open by

Cloud Native Visibility and Security Chris Kranz Sysdig Secure DevOps for Cloud Native Open by design Ecosystem integration Strong momentum Founded by Wireshark Cloud-native security Customer expansion mirrors co-creator and

247 views • 22 slides
Migration To Cloud Why Cloud Advantages of Cloud Managed Rapid Rapid Increased Security

Migration To Cloud Why Cloud Advantages of Cloud Managed Rapid Rapid Increased Security

Migration To Cloud Why Cloud Advantages of Cloud Managed Rapid Rapid Increased Security Cap-ex Free Resilience Infrastructure Elasticity Infrastructure Flexibility Sevices 5% of organizations have migrated at least 30% 41% 52%

540 views • 11 slides
Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds Marc Lacoste

Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds Marc Lacoste

Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds Marc Lacoste Orange Labs SEC2 ComPAS15 Workshop on Cloud Security Lille, June 30, 2015 Cloud Security Today Security = key concern in cloud adoption for the

2.73k views • 33 slides
CS573 Data privacy and security in the cloud in the cloud Slide credits: Ragib Hasan, Johns

CS573 Data privacy and security in the cloud in the cloud Slide credits: Ragib Hasan, Johns

CS573 Data privacy and security in the cloud in the cloud Slide credits: Ragib Hasan, Johns Hopkins University What is Cloud Computing ? Lets hear from the experts 2 What is Cloud Computing ? The infinite wisdom of the crowds (via

709 views • 38 slides
Singapore Standard for Multi-Tiered Cloud Security - SS 584:2013 1. To provide an overview of

Singapore Standard for Multi-Tiered Cloud Security - SS 584:2013 1. To provide an overview of

Agenda Singapore Standard for Multi-Tiered Cloud Security - SS 584:2013 1. To provide an overview of Multi-Tier Cloud Security (MTCS SS584:2013) standard 2. To detail the deployment considerations and related initiatives Wong Onn Chee, Cloud

352 views • 6 slides
Securing the Cloud Identity Management and Network Security in the Cloud Mark Ryland Chief

Securing the Cloud Identity Management and Network Security in the Cloud Mark Ryland Chief

Securing the Cloud Identity Management and Network Security in the Cloud Mark Ryland Chief Solutions Architect AWS Public Sector team Khawaja Shams Cloud Architect Jet Propulsion Labs / NASA QCon New York 2012 Agenda Identity &amp;

594 views • 21 slides
Cloud: How Big Is Your Risk? Prasidh Srikanth Booth #450 Agenda Cloud BYOD Security Booth

Cloud: How Big Is Your Risk? Prasidh Srikanth Booth #450 Agenda Cloud BYOD Security Booth

psrikanth@bitglass.com Booth #450 Surviving the Cloud: How Big Is Your Risk? Prasidh Srikanth Booth #450 Agenda Cloud BYOD Security Booth #450 Time Travel to 2004 Virtual Private Server Dedicated Server Shared Hosting Cloud Booth

498 views • 14 slides
Defining the Cloud Battlefield Supporting Security Assessments by Cloud Customers Sren Bleikertz

Defining the Cloud Battlefield Supporting Security Assessments by Cloud Customers Sren Bleikertz

Defining the Cloud Battlefield Supporting Security Assessments by Cloud Customers Sren Bleikertz 1 Toni Masteli 2 Sebastian Pape 3 Wolter Pieters 4 Trajce Dimkov 5 1 IBM Research - Zurich 2 Vienna University of Technology 3 TU Dortmund 4 TU

683 views • 46 slides
Using Cloud Native Technologies to Solve Complex Application Security Challenges in Kubernetes

Using Cloud Native Technologies to Solve Complex Application Security Challenges in Kubernetes

Using Cloud Native Technologies to Solve Complex Application Security Challenges in Kubernetes Deployments Cequence Security: A Cloud Native Approach to Application Security Venture-backed start-up bringing much-needed innovation to

304 views • 17 slides
Q209 Defining great customer experience. Strategic Highlights Bill Downe Bill Downe Bill Downe

Q209 Defining great customer experience. Strategic Highlights Bill Downe Bill Downe Bill Downe

Q209 Defining great customer experience. Strategic Highlights Bill Downe Bill Downe Bill Downe Bill Downe President and Chief Executive Officer May 26, 2009 Forward Looking Statements Caution Regarding Forward-Looking Statements Bank of

289 views • 7 slides
2122 May 2020 Presentation Slides Day 2 1. 2. 3. NOTES:

2122 May 2020 Presentation Slides Day 2 1. 2. 3. NOTES:

Workshop is hosted by: 2122 May 2020 Presentation Slides Day 2 1. 2. 3. NOTES: _______________________________________________________________________________________________________________________________

1.28k views • 67 slides
Software Security: Miscellaneous Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks to

Software Security: Miscellaneous Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks to

CSE 484 / CSE M 584: Computer Security and Privacy Software Security: Miscellaneous Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John

1.29k views • 42 slides
VisualPen It replaces keyboard and mouse: VisualPen: A Physical Interface for natural

VisualPen It replaces keyboard and mouse: VisualPen: A Physical Interface for natural

MOBILE HCI 03 MOBILE HCI 03 MOBILE HCI 03 VisualPen: A Physical Interface for natural human-computer interaction VisualPen: A Physical Interface for natural human-computer interaction Physical Interaction (PI03) Physical Interaction (PI03)

305 views • 3 slides
HealthSouth Acquires Encompass Home Health &amp; Hospice 1 Forward-Looking Statements The

HealthSouth Acquires Encompass Home Health &amp; Hospice 1 Forward-Looking Statements The

HealthSouth Acquires Encompass Home Health &amp; Hospice 1 Forward-Looking Statements The information contained in this presentation includes certain estimates, projections and other forward- looking information that reflect our current outlook,

402 views • 13 slides
P age 1 Data Dependence and Hazards Data Dependence and Hazards I nstr J is dat a dependent

P age 1 Data Dependence and Hazards Data Dependence and Hazards I nstr J is dat a dependent

CS252 Recall f rom Pipelining Review Graduate Computer Architecture Lecture 15: Pipeline CPI = I deal pipeline CPI + St ruct ural I nstruction Level Parallelism and Dynamic St alls + Dat a Hazard St alls + Cont rol St alls Execution

394 views • 13 slides
1 Overview Introduction Motivations Multikernel Model Implementation The

1 Overview Introduction Motivations Multikernel Model Implementation The

1 Overview Introduction Motivations Multikernel Model Implementation The Barrelfish Performance Testing Conclusion 2 Introduction Change and diversity in computer hardware become a challenge for OS designers

839 views • 24 slides
Summary of LArTPC Reconstruction Assessment and Requirements Workshops Amir Farbin UTA D

Summary of LArTPC Reconstruction Assessment and Requirements Workshops Amir Farbin UTA D

Summary of LArTPC Reconstruction Assessment and Requirements Workshops Amir Farbin UTA D Context a v Origins of the two contiguous workshops i d M a c F a Reconstruction assessment workshop: r l a n e Requested

533 views • 14 slides

More recommend