600.412.lecture02

600.412.lecture02 - Security and Privacy in Cloud Computing...

Info iconThis preview shows pages 1–13. Sign up to view the full content.

View Full Document Right Arrow Icon
Ragib Hasan Johns Hopkins University Lecture 2 02/07/201 0 Security and Privacy in Cloud Computing 2/07/2010 1 en.600.412 Spring 2011 Lecture 2 |
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Attack Modeling, and Novel Attack Surfaces 2/07/2010 en.600.412 Spring 2011 Lecture 2 | 2 Goal 1. Learn the cloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud 2. Examine a novel topology attack on cloud
Background image of page 2
Assignment for next class Review : Thomas Ristenpart et al., Hey, You, Get Off of My Cloud! Exploring Information Leakage in Third-Party Compute Clouds , proc. ACM CCS 2009. Format : Summary : A brief overview of the paper, 1 paragraph (5 / 6 sentences) Pros : 3 or more issues Cons : 3 or more issues Possible improvements : Any possible suggestions to improve the work 2/07/2010 en.600.412 Spring 2011 Lecture 2 | 3
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Threat Model A threat mode l helps in analyzing a security problem, design mitigation strategies, and evaluate solutions Steps: Identify attackers, assets, threats and other components Rank the threats Choose mitigation strategies Build solutions based on the strategies 2/07/2010 en.600.412 Spring 2011 Lecture 2 | 4
Background image of page 4
Threat Model Basic components Attacker modeling Choose what attacker to consider Attacker motivation and capabilities Assets / Attacker Goals 2/07/2010 en.600.412 Spring 2011 Lecture 2 | 5
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Recall: Cloud Computing Stack 2/07/2010 en.600.412 Spring 2011 Lecture 2 | 6
Background image of page 6
Recall: Cloud Architecture 2/07/2010 en.600.412 Spring 2011 Lecture 2 | 7 Client SaaS / PaaS Provider Cloud Provider (IaaS)
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Attackers 2/07/2010 en.600.412 Spring 2011 Lecture 2 | 8
Background image of page 8
Who is the attacker? 2/07/2010 en.600.412 Spring 2011 Lecture 2 | 9 Insider? Malicious employees at client Malicious employees at Cloud provider Cloud provider itself Outsider? Intruders Network attackers?
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Attacker Capability: Malicious Insiders At client Learn passwords/authentication information Gain control of the VMs At cloud provider Log client communication 2/07/2010 en.600.412 Spring 2011 Lecture 2 | 10
Background image of page 10
Attacker Capability: Cloud Provider What? Can read unencrypted data Can possibly peek into VMs, or make copies of VMs Can monitor network communication, application patterns 2/07/2010 en.600.412 Spring 2011 Lecture 2 | 11
Background image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Provider Why? Gain information about client data Gain information on client behavior Sell the information or use itself Why not? Cheaper to be honest?
Background image of page 12
Image of page 13
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 01/27/2012 for the course CS 600 taught by Professor Smith,r during the Spring '08 term at Alabama.

Page1 / 48

600.412.lecture02 - Security and Privacy in Cloud Computing...

This preview shows document pages 1 - 13. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online