Lecture_10_Fall_11

Alongwiththecomingofcloudcompungisitsuntested

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ess
or
func=on
were
 manipulated
by
an
outsider?
   How
would
we
be
harmed
if
the
process
or
func=on
failed
 to
provide
expected
results?
   How
would
we
be
harmed
if
the
informa=on/data
were
 unexpectedly
changed?
   How
would
we
be
harmed
if
the
asset
were
unavailable
for
 a
period
of
=me? Theore=cal
analysis
of
Cloud
Compu=ng
Security  Confiden=ality
  Concealment
of
informa=on
or
resources;
“need
to
know”
  Integrity
  Correctness
or
trustworthiness
of
data
or
resources
  Availability
  The
ability
to
use
the
informa=on
or
resource
desired
  Insider?
 •  Malicious
employees
at
client
 •  Malicious
employees
at
Cloud
provider
 •  Cloud
provider
itself
  Outsider?
 •  Intruders
 •  Network
alackers?
  At
client
  Learn
passwords/authen=ca=on
informa=on
  Gain
control
of
the
VMs
  At
cloud
provider
  Log
client
communica=on
  Cloud
provider
can
  read
unencrypted
data
  peek
into
VMs,
or
make
copies
of
VMs
  monitor
network
communica=on,
applica=on
palerns
  Why?
  Gain
informa=on
about
client
data
  Gain
informa=on
on
client
behavior
  Sell
the
informa=on
or
use
itself  listen
to
network
traffic
(passive)
  insert
malicious
traffic
(ac=ve)
  probe
cloud
structure
(ac=ve)
  launch
DoS
  more
serious
alacks?
  Confiden=ality:
  Data
stored
in
the
cloud
  Configura=on
of
VMs
running
on
the
cloud
  Iden=ty
of
the
cloud
users
  Loca=on
of
the
VMs
running
client
code
  Integrity
  Data
stored
in
the
cloud
  Computa=ons
performed
on
the
cloud
  Availability
  Cloud
infrastructure
  SaaS/PaaS
  Authen=city
  Non‐repudia=on
  Accountability
  … Cloud
Compu=ng
Security:
Prac=cal
Views
  Cloud
Security
Challenges
(1)
   Data
dispersal
and
interna=onal
privacy
laws
                 EU
Data
Protec=on
Direc=ve
and
U.S.
Safe
Harbor
program
 Exposure
of
data
to
foreign
government
and
data
subpoenas
 Data
reten=on
issues

 Need
for
isola=on
management
 Mul=‐tenancy

 Logging
challenges
 Data
ownership
issues

 Quality
of
service
guarantees
  Cloud
Security
Challenges
(2)
           Dependence
on
secure
hypervisors
 Alrac=on
to
hackers
(high
value
target)
 Security
of
virtual
OSs
in
the
cloud

 Possibility
for
massive
outages
 Encryp=on
needs
for
cloud
compu=ng
...
View Full Document

Ask a homework question - tutors are online