module cloud computing security
play

Module: Cloud Computing Security Professor Trent Jaeger Penn State - PowerPoint PPT Presentation

Oct 15, 2023 •230 likes •896 views

  1. �������฀฀���฀฀�������� ��������������฀�������� � � �������฀���฀��������฀��������฀������ ����������฀��฀��������฀�������฀���฀����������� ������������฀�����฀�����������฀����������฀����฀฀�� Module: Cloud Computing Security Professor Trent Jaeger Penn State University Systems and Internet Infrastructure Security Laboratory (SIIS) Page 1 1

  2. Cloud Computing Is Here Systems and Internet Infrastructure Security (SIIS) Laboratory Page 2 2-1

  3. Cloud Computing Is Here Systems and Internet Infrastructure Security (SIIS) Laboratory Page 2 2-2

  4. Cloud Computing Is Here Systems and Internet Infrastructure Security (SIIS) Laboratory Page 2 2-3

  5. Cloud Computing Is Here Systems and Internet Infrastructure Security (SIIS) Laboratory Page 2 2-4

  6. Cloud Computing Is Here Systems and Internet Infrastructure Security (SIIS) Laboratory Page 2 2-5

  7. Cloud Computing Is Here Systems and Internet Infrastructure Security (SIIS) Laboratory Page 2 2-6

  8. Cloud Computing Is Here Systems and Internet Infrastructure Security (SIIS) Laboratory Page 2 2-7

  9. Cloud Computing Is Here Systems and Internet Infrastructure Security (SIIS) Laboratory Page 2 2-8

  10. Cloud Computing Is Here Systems and Internet Infrastructure Security (SIIS) Laboratory Page 2 2-9

  11. Cloud Computing Is Here Systems and Internet Infrastructure Security (SIIS) Laboratory Page 2 2-10

  12. Cloud Computing Is Here Why not use it? Systems and Internet Infrastructure Security (SIIS) Laboratory Page 2 2-11

  13. What’s Happening in There? Systems and Internet Infrastructure Security (SIIS) Laboratory Page 3 3

  14. From Data Center to Cloud Systems and Internet Infrastructure Security (SIIS) Laboratory Page 4 4-1

  15. From Data Center to Cloud Systems and Internet Infrastructure Security (SIIS) Laboratory Page 4 4-2

  16. From Data Center to Cloud Systems and Internet Infrastructure Security (SIIS) Laboratory Page 4 4-3

  17. Reasons to Doubt • History has shown they are vulnerable to attack ‣ SLAs, audits, and armed guards offer few guarantees ‣ Insiders can subvert even hardened systems Incident Attack Vector Data Loss Incidents 986 903 Accidental 770 23% 695 678 641 External Insider 54% 16% Unknown 7% ‘06 ‘07 ‘08 ‘09 ‘10 ‘11 Credit: The Open Security Foundation datalossdb.org Systems and Internet Infrastructure Security Laboratory (SIIS) Page 5 5

  18. Cloudy Future • New problem or new solution? ‣ New challenges brought on by the cloud (plus old ones) ‣ Utility could provide a foundation for solving such challenges Systems and Internet Infrastructure Security (SIIS) Laboratory Page 6 6

  19. What is Cloud Computing? • Cloud vendor provides managed computing resources for rent by customers • What do you want to rent? ‣ (Virtualized) Hosts (Infrastructure as a Service) • Rent cycles: Amazon EC2, Rackspace Cloud Servers, OpenStack ‣ Environment (Platform as a Service) • Rent instances: Microsoft Azure, Google App Engine ‣ Programs (Software as a Service) • Rent services: Salesforce, Google Docs • Other variations can be rented Systems and Internet Infrastructure Security Laboratory (SIIS) Page 7 7

  20. What is Cloud Computing? Systems and Internet Infrastructure Security Laboratory (SIIS) Page 8 8

  21. IaaS Platform: OpenStack Cloud Client Customer Cloud API Cloud Instances Database Cloud Message Queue Node Cloud Vendor Image Volume Network Scheduler Store Store Controller Systems and Internet Infrastructure Security (SIIS) Laboratory Page 9 9

  22. How to Build an IaaS Cloud? • Vendors obtain hardware resources for ‣ Various cloud services: API, Messages, Storage, Network, ... ‣ Compute nodes for running customer workloads • Install your hardware ‣ Need to choose software configurations specific for services and compute nodes • Start your hosts ‣ Join the cloud - services and available compute nodes • Now your cloud is running ‣ Have fun! Customers are ready to use your services and nodes Systems and Internet Infrastructure Security Laboratory (SIIS) Page 10 10

  23. How to Use an IaaS Cloud? • Customers choose an OS distribution ‣ These are published by the cloud vendor and others ‣ Obtain cloud storage necessary to store these and your data • Configure your instance (VM) ‣ Prior to starting - enable you to login and others to access the instance’s services • Start your instance ‣ Boots the chosen OS distribution with the configurations • Now your instance is running ‣ Have fun! Login via SSH or ready for your clients Systems and Internet Infrastructure Security Laboratory (SIIS) Page 11 11

  24. Cloud Complexity • Cloud environment challenges ‣ Opaque, Complex, Dynamic ‣ Insiders, Instances, Co-hosting Client Service Systems and Internet Infrastructure Security Laboratory (SIIS) Page 12 12-1

  25. Cloud Complexity • Cloud environment challenges ‣ Opaque, Complex, Dynamic ‣ Insiders, Instances, Co-hosting Cloud Cloud Cloud Client Node Node Platform Cloud Cloud Node Node Systems and Internet Infrastructure Security Laboratory (SIIS) Page 12 12-2

  26. Cloud Complexity • Cloud environment challenges ‣ Opaque, Complex, Dynamic ‣ Insiders, Instances, Co-hosting Cloud Cloud Client Node Node Cloud Cloud Node Node Systems and Internet Infrastructure Security Laboratory (SIIS) Page 12 12-3

  27. Cloud Complexity • Cloud environment challenges ‣ Opaque, Complex, Dynamic ‣ Insiders, Instances, Co-hosting VM Cloud Cloud Client Node Node Cloud Cloud Node Node Systems and Internet Infrastructure Security Laboratory (SIIS) Page 12 12-4

  28. Cloud Complexity • Cloud environment challenges ‣ Opaque, Complex, Dynamic ‣ Insiders, Instances, Co-hosting VM Cloud Cloud Client Node Node Cloud Cloud Node Node Systems and Internet Infrastructure Security Laboratory (SIIS) Page 12 12-5

  29. Cloud Complexity • Cloud environment challenges ‣ Opaque, Complex, Dynamic ‣ Insiders, Instances, Co-hosting VM VM Cloud Cloud Client Node Node Cloud Cloud Node Node Systems and Internet Infrastructure Security Laboratory (SIIS) Page 12 12-6

  30. Cloud Complexity • Cloud environment challenges ‣ Opaque, Complex, Dynamic ‣ Insiders, Instances, Co-hosting VM VM Cloud Cloud Client Node Node Cloud Cloud Node Node Systems and Internet Infrastructure Security Laboratory (SIIS) Page 12 12-7

  31. Cloud Complexity • Cloud environment challenges ‣ Opaque, Complex, Dynamic ‣ Insiders, Instances, Co-hosting VM VM VM Cloud Cloud Client Node Node VM Cloud Cloud Node Node Systems and Internet Infrastructure Security Laboratory (SIIS) Page 12 12-8

  32. Cloud Complexity • Cloud environment challenges ‣ Opaque, Complex, Dynamic ‣ Insiders, Instances, Co-hosting VM VM Cloud Cloud Client Node Node VM VM Cloud Cloud Node Node Systems and Internet Infrastructure Security Laboratory (SIIS) Page 12 12-9

  33. What Could Go Wrong? • What do customers depend on from the cloud? ‣ Trust Model ‣ Are those parties worthy of our trust? • Who are potential adversaries in the cloud? ‣ Threat Model ‣ Are customers protected from their threats? • What would be ideal from a security standpoint? ‣ Ideal Security Model ‣ How many trusted parties and how many threats? Systems and Internet Infrastructure Security Laboratory (SIIS) Page 13 13

  34. Published Instances Consumers use published instances !),/%0()* !"#$%&'((& -.&/#012$+,& 3.&405*6076*,& =05*60/,>3 '?=>3& )*#+,& !"#$%&'()* '?=>3 & 9.&($:"45;& 8.&$5,& =05*60/,>- '?=>-& '?=>- & <.&405*6076*,& +,-&".()* Who do you trust? What are threats? Systems and Internet Infrastructure Security (SIIS) Laboratory Page 14 14

  35. SSH Study [AmazonIA] • Publisher left an SSH user authentication key in their AMI • Fortunately, Amazon agreed that this is a violation ‣ Unfortunately, it was not an isolated problem • 30% of 1100 AMIs checked contained such a key ‣ Also, pre-configured AMIs had SSH host keys • Thus, all instances use the same host key pair • Implications? Systems and Internet Infrastructure Security Laboratory (SIIS) Page 15 15

  36. Security Configuration ‣ Zillions of security-relevant configurations for instances • Do you have the right code and data installed? • Are you running the expected code? • Discretionary access control • Firewalls • Mandatory access control SELinux, AppArmor, TrustedBSD, Trusted Solaris, MIC ‣ • Application policies (e.g., Database, Apache) • Pluggable Authentication Modules (PAM) • Application configuration files ‣ Plus new configuration tasks for the cloud - e.g., storage Systems and Internet Infrastructure Security (SIIS) Laboratory Page 16 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

1 1.2. Guidelines for Information Security of Cloud Computing Category Main contents of measure

1 1.2. Guidelines for Information Security of Cloud Computing Category Main contents of measure

Agenda Related Polices to Cloud Computing I. Guidelines for Information Security of Cloud II. Computing Cloud Security Certification Scheme in KOREA Cloud Security Certification Program in Korea III. April. 11, 2017 Jungduk (JD) KIM, Ph.

403 views • 5 slides
Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing

Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing

Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing Storage Computation High availability No maintenance Decreased Costs Elasticity &amp; Flexibility Security and Privacy for Cloud

529 views • 36 slides
Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined)

Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined)

Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined) Administrative discussions Stephen McCamant University of Minnesota Multi-Cloud Oblivious Storage Old and new topics in security Cloud threats, old and new

645 views • 8 slides
Security in Cloud Computing A survey of the unique challenges and risks inherent to the Cloud

Security in Cloud Computing A survey of the unique challenges and risks inherent to the Cloud

Security in Cloud Computing A survey of the unique challenges and risks inherent to the Cloud Computing model. Presented By: Marissa Hollingsworth Overview What is Cloud Computing? Unique Security Concerns in the Cloud

556 views • 34 slides
CSE543 Computer and Network Security Module: Cloud Computing Professor Trent Jaeger Systems and

CSE543 Computer and Network Security Module: Cloud Computing Professor Trent Jaeger Systems and

994 views • 63 slides
Module: Cloud Computing Security Professor Trent Jaeger Penn State University Systems and

Module: Cloud Computing Security Professor Trent Jaeger Penn State University Systems and

426 views • 40 slides
Module: Cloud Computing Security Professor Trent Jaeger Penn State University Systems and

Module: Cloud Computing Security Professor Trent Jaeger Penn State University Systems and

857 views • 36 slides
Cloud Computing &amp; Cloud Models Cloud Models Topics Defining cloud computing

Cloud Computing &amp; Cloud Models Cloud Models Topics Defining cloud computing

Cloud Computing &amp; Cloud Models Cloud Models Topics Defining cloud computing Understanding: Distributed Application Design Resource Management Automation Virtualized Computing Environments High-performance Computing

1.02k views • 49 slides
Cloud Computing SENY KAMARA MICROSOFT RESEARCH Computing as a Service 2 Computing is a

Cloud Computing SENY KAMARA MICROSOFT RESEARCH Computing as a Service 2 Computing is a

Cloud Security &amp; Cryptography I Cloud Computing SENY KAMARA MICROSOFT RESEARCH Computing as a Service 2 Computing is a vital resource Enterprises, governments, scientists, consumers, Computing is manageable at small

955 views • 51 slides
Old Man Yells at Cloud Computing Presented by: Terry Labach Information Security Services, IST

Old Man Yells at Cloud Computing Presented by: Terry Labach Information Security Services, IST

Old Man Yells at Cloud Computing Presented by: Terry Labach Information Security Services, IST December 4, 2019 Old Man Yells at Cloud Computing Old Man Yells at Cloud Computing PAGE 2 The plan for today Whats all this cloud

920 views • 39 slides
Secure Outsourcing Computation Li Xiong Outline Cloud computing Computing on encrypted

Secure Outsourcing Computation Li Xiong Outline Cloud computing Computing on encrypted

CS573 Data Privacy and Security Secure Outsourcing Computation Li Xiong Outline Cloud computing Computing on encrypted data Homomorphic encryption What is Cloud Computing ? Cloud computing Type of computing that relies on sharing

1.29k views • 62 slides
Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds Marc Lacoste

Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds Marc Lacoste

Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds Marc Lacoste Orange Labs SEC2 ComPAS15 Workshop on Cloud Security Lille, June 30, 2015 Cloud Security Today Security = key concern in cloud adoption for the

2.73k views • 33 slides
CS573 Data privacy and security in the cloud in the cloud Slide credits: Ragib Hasan, Johns

CS573 Data privacy and security in the cloud in the cloud Slide credits: Ragib Hasan, Johns

CS573 Data privacy and security in the cloud in the cloud Slide credits: Ragib Hasan, Johns Hopkins University What is Cloud Computing ? Lets hear from the experts 2 What is Cloud Computing ? The infinite wisdom of the crowds (via

709 views • 38 slides
Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security risks. Attacks in a cloud environment, top threats. Security, a major concern for cloud users. Privacy. Trust. Operating systems

661 views • 38 slides
Performance Evaluation of P2P and Cloud Computing Applications - A Module for SimGRID Bogdan

Performance Evaluation of P2P and Cloud Computing Applications - A Module for SimGRID Bogdan

Performance Evaluation of P2P and Cloud Computing Applications - A Module for SimGRID Bogdan Cornea, Julien Bourgeois, Vaidy Sunderam 14 June 2012, Valpr, Ecully Origins Performance prediction dPerf dPerf and P2P apps.

288 views • 25 slides
The MNM-CloudLab -- Ideas, Concepts &amp; Implemenation 17.7. 22.7. 2011 Nils gentschen Felde

The MNM-CloudLab -- Ideas, Concepts &amp; Implemenation 17.7. 22.7. 2011 Nils gentschen Felde

DEUTSCH-FRANZSISCHE SOMMERUNIVERSITT UNIVERSIT DT FRANCO-ALLEMANDE FR NACHWUCHSWISSENSCHAFTLER 2011 POUR JEUNES CHERCHEURS 2011 CLOUD COMPUTING : CLOUD COMPUTING : CLOUD COMPUTING : CLOUD COMPUTING : DFIS ET OPPORTUNITS

965 views • 50 slides
Native Americans Unit Intro to unit: https://app.discoveryeducation.com/learn/vide

Native Americans Unit Intro to unit: https://app.discoveryeducation.com/learn/vide

Native Americans Unit Intro to unit: https://app.discoveryeducation.com/learn/vide os/dcc34fa1-f22b-40ec-ad82-3dfe7fc7d20d/ 20:00 Native American Homelands Map 6 colored pencils Page 322 Chapter 1: Indians of the Great Basin 3 4/28/2019

655 views • 24 slides
Sirius 4.0: Let me Sirius that for you! EclipseCon France, June 2016 Sirius EclipseCon France,

Sirius 4.0: Let me Sirius that for you! EclipseCon France, June 2016 Sirius EclipseCon France,

Sirius 4.0: Let me Sirius that for you! EclipseCon France, June 2016 Sirius EclipseCon France, June 2016 Statistics EclipseCon France, June 2016 Statistics 10 active committers EclipseCon France, June 2016 Statistics 10 active committers

972 views • 60 slides
(Question Answering and Dialogue Systems) 063)

(Question Answering and Dialogue Systems) 063)

Tamkang University (Question Answering and Dialogue Systems) 063) /5123FH

1.18k views • 83 slides
BREAKTHROUGHS IN NEURAL MACHINE TRANSLATION Olof Mogren Chalmers University of Technology

BREAKTHROUGHS IN NEURAL MACHINE TRANSLATION Olof Mogren Chalmers University of Technology

BREAKTHROUGHS IN NEURAL MACHINE TRANSLATION Olof Mogren Chalmers University of Technology 2016-09-29 COMING SEMINARS T oday: Olof Mogren Neural Machine Translation October 6: John Wiedenhoeft Fast Bayesian inference in Hidden Markov

607 views • 22 slides
A Survey of Verifiable Delegation of Computations Rosario Gennaro The City College of New York

A Survey of Verifiable Delegation of Computations Rosario Gennaro The City College of New York

A Survey of Verifiable Delegation of Computations Rosario Gennaro The City College of New York rosario@cs.ccny.cuny.edu CANS 2013, Paraty, Brasil November 22, 2013 Outline Motivation Verifiable Computation Memory Delegation Conclusion

937 views • 80 slides
LegoSNARK Modular Design and Composition of Succinct Zero-Knowledge Proofs Matteo Campanelli,

LegoSNARK Modular Design and Composition of Succinct Zero-Knowledge Proofs Matteo Campanelli,

LegoSNARK Modular Design and Composition of Succinct Zero-Knowledge Proofs Matteo Campanelli, Dario Fiore , Anas Querol IMDEA Software Institute, Spain 2nd ZKProof Workshop April 10, 2019 zkSNARKs focus of this work from theoretical

535 views • 26 slides
Mariana Raykova Data Security: Encryption and Digital Signatures Beyond security of data at

Mariana Raykova Data Security: Encryption and Digital Signatures Beyond security of data at

Mariana Raykova Data Security: Encryption and Digital Signatures Beyond security of data at rest and communication channels Security of Computation on Sensitive Inputs Secure multiparty computation (MPC) Differential privacy methods

595 views • 43 slides
Zero Knowledge Succinct Noninteractive ARguments of Knowledge Saravanan Vijayakumaran

Zero Knowledge Succinct Noninteractive ARguments of Knowledge Saravanan Vijayakumaran

Zero Knowledge Succinct Noninteractive ARguments of Knowledge Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering Indian Institute of Technology Bombay October 15, 2019 1 / 24 zkSNARKs Arguments ZK proofs

435 views • 24 slides

More recommend