Security Prospects through Cloud Computing by Adopting Multiple Clouds

Meiko Jensen, Jorg SchwenkJens-Matthias Bohli, Nils GruschkaLuigi Lo Iacono

Presented by : Sheekha Khetan

Agenda• Cloud computing • Security issues• How the issues can be addressed• Case studies

Introduction • Cloud computing offers dynamically scalable resources

provisioned as a service over the Internet.

Categories of Cloud Computing

Software

Platform

Infrastructure

Infrastructure as a Service (IaaS)

Platform as a Service (PaaS)

Software as a Service (SaaS)

Type Customer Unit of Deployment

Offering Pricing Structure

IaaS Software Owner

Virtual Machine Image

· Runtime environment for virtual machines

· Cloud storage · May have Cloud Services

All charges per billing period. · Compute usage per hour· Data transfer in per GB· Data transfer out per GB· I/O requests per million· Storage per GB· Storage transfer in per GB· Storage transfer out per GB· Storage I/O requests per thousand For more details see Figure 3.

PaaS Software Owner

Application Package · Runtime environment for application code

· Cloud Storage · Cloud Services

All charges per billing period. · Compute usage per hour· Data transfer in per GB· Data transfer out per GB· I/O requests per million· Storage per GB· Storage transfer in per GB· Storage transfer out per GB· Storage I/O requests per thousand For more details see Figure 3.

SaaS End User Not ApplicableThe SaaS vendor does business directly with the End User

· Finished applications Per user, per month

Security Issues• Scope of Cloud Security• All data given to the cloud provider leaves the own control and

protection sphere• Cloud provider gains full control on these processes

• Attacks on Cloud Security• Risk of the own cloud system getting compromised by third

parties• Example: virtualization of the Amazon EC2 IaaS service

• The threat of Compromised Clouds• If an attacker is able to infiltrate the cloud system itself, all data

and all processes of all users operating on that cloud system may become subject to malicious actions in an avalanche manner

Cloud Security Prospects

• How does a cloud customer know whether his data was processed correctly within the cloud?

Replication of Application

System

• How can a cloud user be sure, that the data access is implemented and henceforth enforced effectively and that errors in the application logic doesn’t affect user’ data?

Partition of Application

System into Tiers

• How can a cloud user avoid the full revealing of processing logic and data to the cloud provider?

Partition of Application Tiers into Fragments

Replication of Application System

Partition of Application Tiers into Fragments

Partition of Application Service into Tiers

Partition of Application Service into Tiers• Obfuscating Splitting• data and/or application parts are distributed to different clouds in

such a way, that every single cloud gains only a limited knowledge and only the final result or the combined data at the user’s side must be classified as confidential

• Multi-party Computation• Two distinct scenarios can be imagined: an application that

intrinsically requires multi-party computation is outsourced to the multi-party cloud, or a single cloud user make use of a multi-party cloud for better protection of the secrecy of his data.

Conclusion • In this paper a concept is introduced, which aims at reducing

the required level of trust and which provides innovative cloud security mechanisms in form of architectural patterns. Each of the three presented architectures provides a framework for implementing practicable security services not available so far. The underlying idea is to deploy and distribute the tasks to multiple distinct cloud systems. The main advantage coming out of the presented architectures are security services which still hold in the presence of malicious or compromised clouds.