security prospects through cloud computing by adopting multiple clouds meiko jensen, jorg schwenk...
TRANSCRIPT
Security Prospects through Cloud Computing by Adopting Multiple Clouds
Meiko Jensen, Jorg SchwenkJens-Matthias Bohli, Nils GruschkaLuigi Lo Iacono
Presented by : Sheekha Khetan
Agenda• Cloud computing • Security issues• How the issues can be addressed• Case studies
Introduction • Cloud computing offers dynamically scalable resources
provisioned as a service over the Internet.
Categories of Cloud Computing
Software
Platform
Infrastructure
Infrastructure as a Service (IaaS)
Platform as a Service (PaaS)
Software as a Service (SaaS)
Type Customer Unit of Deployment
Offering Pricing Structure
IaaS Software Owner
Virtual Machine Image
· Runtime environment for virtual machines
· Cloud storage · May have Cloud Services
All charges per billing period. · Compute usage per hour· Data transfer in per GB· Data transfer out per GB· I/O requests per million· Storage per GB· Storage transfer in per GB· Storage transfer out per GB· Storage I/O requests per thousand For more details see Figure 3.
PaaS Software Owner
Application Package · Runtime environment for application code
· Cloud Storage · Cloud Services
All charges per billing period. · Compute usage per hour· Data transfer in per GB· Data transfer out per GB· I/O requests per million· Storage per GB· Storage transfer in per GB· Storage transfer out per GB· Storage I/O requests per thousand For more details see Figure 3.
SaaS End User Not ApplicableThe SaaS vendor does business directly with the End User
· Finished applications Per user, per month
Security Issues• Scope of Cloud Security• All data given to the cloud provider leaves the own control and
protection sphere• Cloud provider gains full control on these processes
• Attacks on Cloud Security• Risk of the own cloud system getting compromised by third
parties• Example: virtualization of the Amazon EC2 IaaS service
• The threat of Compromised Clouds• If an attacker is able to infiltrate the cloud system itself, all data
and all processes of all users operating on that cloud system may become subject to malicious actions in an avalanche manner
Cloud Security Prospects
• How does a cloud customer know whether his data was processed correctly within the cloud?
Replication of Application
System
• How can a cloud user be sure, that the data access is implemented and henceforth enforced effectively and that errors in the application logic doesn’t affect user’ data?
Partition of Application
System into Tiers
• How can a cloud user avoid the full revealing of processing logic and data to the cloud provider?
Partition of Application Tiers into Fragments
Replication of Application System
Partition of Application Tiers into Fragments
Partition of Application Service into Tiers
Partition of Application Service into Tiers• Obfuscating Splitting• data and/or application parts are distributed to different clouds in
such a way, that every single cloud gains only a limited knowledge and only the final result or the combined data at the user’s side must be classified as confidential
• Multi-party Computation• Two distinct scenarios can be imagined: an application that
intrinsically requires multi-party computation is outsourced to the multi-party cloud, or a single cloud user make use of a multi-party cloud for better protection of the secrecy of his data.
Conclusion • In this paper a concept is introduced, which aims at reducing
the required level of trust and which provides innovative cloud security mechanisms in form of architectural patterns. Each of the three presented architectures provides a framework for implementing practicable security services not available so far. The underlying idea is to deploy and distribute the tasks to multiple distinct cloud systems. The main advantage coming out of the presented architectures are security services which still hold in the presence of malicious or compromised clouds.