Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Introduction to Issues Regarding Data Integrity & Virtual Machine Security.

Similar presentations


Presentation on theme: "An Introduction to Issues Regarding Data Integrity & Virtual Machine Security."— Presentation transcript:

1 An Introduction to Issues Regarding Data Integrity & Virtual Machine Security

2  What is Cloud Computing?  Data Management Issues  Data Integrity  Data Provenance  Data Remanence  Data Availability  Virtual Machine Security  Cloud Mapping  Co-Residence  Side-Channeling

3  Confusion Exists, Not Without Reason  The Future Of Computing for Business & Home  An Old Concept Revisited “The interesting thing about cloud computing is that we’ve redefined cloud computing to include everything that we already do… I don’t understand what we would de differently in the light of cloud computing other than change the wording of some of our ads.” - Larry Ellison

4  Remote Access To Centrally Stored Data & Applications  Flexibility in Resource Sharing and Allocation  Software as a Service (SaaS)  Platform as a Service (PaaS)  Infrastructure as a Service (IaaS) Cloud Computing is a method in which the internet is used as a medium to enable resource and application sharing

5

6  2013 Figure 2 – H1 (encrypted and locked!) 2012 Sampling of Security Incidents by Attack Type, Time and Impact Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses

7 Coverage 20,000+ devices under contract 3,700+ managed clients worldwide 13B+ events managed per day 133 monitored countries (MSS) 1,000+ security related patents Depth 14B analyzed web pages & images 40M spam & phishing attacks 64K documented vulnerabilities Billions of intrusion attempts daily Millions of unique malware samples

8  Data Integrity  Cloud Service Provider (CSP) Concerns  Third Party Auditing (TPA)  Encryption and Multitenancy  Data Provenance  Data Remanence  Data Availability  Elasticity  CSP Related Downtime  Malicious Attacks

9  Cloud Service Provider (CSP) Concerns  CSP Security ▪ Data Transfer ▪ Data-at-Rest  CSP Data Loss ▪ Unintentional ▪ Intentional  Third Party Auditing ▪ The Auditor ▪ Support for Dynamic Data

10  Encryption & Multitenancy  Multitenancy – Storage of data from multiple clients in a single repository  Inability to use encryption in order to support indexing  Encryption largely irrelevant if data is analyzed on the cloud, as analysis requires decryption.

11  Data Provenance – Calculation Accuracy  Shared resources mean shared responsibility  Difficulty / Impossibility in tracking involved machines  Data Remanence – Data Cleansing  “Ghost Data” – Left behind after deletion  No remanence security plan for any major CSP

12 Total Downtime (HH:MM:SS) AvailabilityPer DayPer MonthPer Year 99.999%00:00:00.400:00:2600:05:15 99.99%00:00:0800:04:2200:52:35 99.9%00:01:2600:43:4908:45:56 99%00:14:2307:18:1787:39:29 Mather, Tim; Kumaraswamy, Subra; Latif, Shahed; Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance. O'Reilly Media, Inc., 2009 Cloud Service Provider (CSP) Concerns

13 http://blog.bkis.com/en/korea-and-us-ddos-attacks-the-attacking-source-located-in-united-kingdom/ Malicious Attacker Concerns Distributed Denial of Service (DDoS) Uses Port Flooding to Slow Systems or Force Server Resets. External Attack Models Similar to Traditional Strikes Cloud Usage as Attacker Internal Attack Models Protection Responsibility Lies on the User CSP Would Need to Detect

14

15  Up-Time  Jurisdiction  Data Ownership  Escrow Data? Metadata?  Exit Clause  Testing for  Disaster Recovery  Incident Response  E-Discovery  Right to Audit

16  Cloud Mapping  Co-Residence  Side-Channeling  Certificate Management

17  Cloud Mapping Ristenpart, Thomas; Tromer, Eran; Shacham, Hovav; Savage, Stefan. Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds.CCS '09, November9-13, 2009, Chicago, Illinois, USA. Copyright 2009.

18  Co-Residence Ristenpart, Thomas; Tromer, Eran; Shacham, Hovav; Savage, Stefan. Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds.CCS '09, November9-13, 2009, Chicago, Illinois, USA. Copyright 2009.

19  Side-Channeling Ristenpart, Thomas; Tromer, Eran; Shacham, Hovav; Savage, Stefan. Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds.CCS '09, November9-13, 2009, Chicago, Illinois, USA. Copyright 2009.

20

21  Armbrust, Michael; Fox, Armando; Griffith, Rean; Joseph, Anthony D.; Katz, Randy; Konwinski, Andy; Lee, Gunho; Patterson, David; Rabkin, Ariel; Stoica, Ion; Zaharia, Matei. 2010. A view of cloud computing. Commun. ACM 53, 4 (April 2010), 50-58. DOI=10.1145/1721654.1721672 http://0- doi.acm.org.catalog.library.colostate.edu/10.1145/1721654.1721672http://0- doi.acm.org.catalog.library.colostate.edu/10.1145/1721654.1721672  Brodkin, Jon; Gartner: Seven cloud-computing security risks. Network World. July 02, 2008 03:48 PM ET. http://www.networkworld.com/news/2008/070208-cloud.html" http://www.networkworld.com/news/2008/070208-cloud.html  Christodorescu, Mihai; Sailer, Reiner; Schales, Douglas Lee; Sgandurra, Daniele; Zamboni, Diego. 2009. Cloud security is not (just) virtualization security: a short paper. In Proceedings of the 2009 ACM workshop on Cloud computing security (CCSW '09). ACM, New York, NY, USA, 97-102. DOI=10.1145/1655008.1655022 http://doi.acm.org/10.1145/1655008.1655022http://doi.acm.org/10.1145/1655008.1655022  Cong Wang; Qian Wang; Kui Ren; Wenjing Lou;, "Privacy-Preserving Public Auditing for Data Storage Security in Cloud Computing," INFOCOM, 2010 Proceedings IEEE, vol., no., pp.1-9, 14-19 March 2010 doi: 10.1109/INFCOM.2010.5462173 URL: http://0- ieeexplore.ieee.org.catalog.library.colostate.edu/stamp/stamp.jsp?tp=&arnumber=5462173&isnu mber=5461899http://0- ieeexplore.ieee.org.catalog.library.colostate.edu/stamp/stamp.jsp?tp=&arnumber=5462173&isnu mber=5461899  Cong Wang; Qian Wang; Kui Ren; Wenjing Lou; Dept. of ECE, Illinois Inst. of Technol., Chicago, IL, USA This paper appears in: Quality of Service, 2009. IWQoS. 17th International Workshop on Issue Date: 13-15 July 2009 On page(s): 1 - 9 Location: Charleston, SC ISSN: 1548-615X E- ISBN: 978-1-4244-3876-1 Print ISBN: 978-1-4244-3875-4 INSPEC Accession Number: 10834827 Digital Object Identifier: 10.1109/IWQoS.2009.5201385 Date of Current Version: 18 August 2009  Furht, Borko. “Cloud Computing Fundamentals.” Ed. B Furht & A Escalante. Handbook of Cloud Computing May (2010) : 3-19.

22  Grossman, R.L.;, "The Case for Cloud Computing," IT Professional, vol.11, no.2, pp.23-27, March-April 2009 doi: URL: http://0- ieeexplore.ieee.org.catalog.library.colostate.edu/stamp/stamp.jsp?tp=&arnumber=4804045 &isnumber=480403410.1109/MITP.2009.40http://0- ieeexplore.ieee.org.catalog.library.colostate.edu/stamp/stamp.jsp?tp=&arnumber=4804045 &isnumber=480403410.1109/MITP.2009.40  Jaeger, Paul T; Lin, Jimmy; Grimes, Justin M. Cloud Computing and Information Policy: Computing in a Policy Cloud? 933-1681, 2008, 5, 3, 269-283  Jensen, Meiko; Schwenk, Jörg; Gruschka, Nils; Lo Iacono, Luigi. "On Technical Security Issues in Cloud Computing," cloud, pp.109-116, 2009 IEEE International Conference on Cloud Computing, 2009  Jinpeng Wei, Xiaolan Zhang, Glenn Ammons, Vasanth Bala, and Peng Ning. 2009. Managing security of virtual machine images in a cloud environment. In Proceedings of the 2009 ACM workshop on Cloud computing security (CCSW '09). ACM, New York, NY, USA, 91-96. DOI=10.1145/1655008.1655021 http://doi.acm.org/10.1145/1655008.1655021 http://doi.acm.org/10.1145/1655008.1655021  Kaufman, L.M.;, "Data Security in the World of Cloud Computing," Security & Privacy, IEEE, vol.7, no.4, pp.61-64, doi: 10.1109/MSP.2009.87 July-Aug. 2009 URL: http://0- ieeexplore.ieee.org.catalog.library.colostate.edu/stamp/stamp.jsp?tp=&arnumber=5189563& isnumber=5189548http://0- ieeexplore.ieee.org.catalog.library.colostate.edu/stamp/stamp.jsp?tp=&arnumber=5189563& isnumber=5189548  Krautheim, John F. 2009. Private virtual infrastructure for cloud computing. In Proceedings of the 2009 conference on Hot topics in cloud computing (HotCloud'09). USENIX Association, Berkeley, CA, USA, 5-5.  Leavitt, Neal. 2009. Is Cloud Computing Really Ready for Prime Time?. Computer 42, 1 (January 2009), 15-20. DOI=10.1109/MC.2009.20 http://dx.doi.org/10.1109/MC.2009.20http://dx.doi.org/10.1109/MC.2009.20

23  Lizhe Wang; Jie Tao; Kunze, M.; Castellanos, A.C.; Kramer, D.; Karl, W.; Res. Center Karlsruhe Hermann-von-Helmholtz-Platz 1, Inst. for Sci. Comput., Karlsruhe Scientific Cloud Computing: Early Definition and Experience.  Mather, Tim; Kumaraswamy, Subra; Latif, Shahed; Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance. O'Reilly Media, Inc., 2009  Reference Type: Book Chapter Editor: Backes, Michael Editor: Ning, Peng Author: Wang, Qian Author: Wang, Cong Author: Li, Jin Author: Ren, Kui Author: Lou, Wenjing Primary Title: Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing Book Title: Computer Security – ESORICS 2009 Book Series Title: Lecture Notes in Computer Science Copyright: 2009 Publisher: Springer Berlin / HeidelbergIsbn: Start Page: 355 End Page: 370 Volume: 5789 Url: http://dx.doi.org/10.1007/978-3-642-04444-1_22 Doi: 10.1007/978-3-642- 04444-1_22  Ristenpart, Thomas; Tromer, Eran; Shacham, Hovav; Savage, Stefan. Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds.CCS '09, November9-13, 2009, Chicago, Illinois, USA. Copyright 2009.  Santos, Nuno. Gummadi, Krishna P.; Rodrigues, Rodrigo. 2009. Towards trusted cloud computing. In Proceedings of the 2009 conference on Hot topics in cloud computing(HotCloud'09). USENIX Association, Berkeley, CA, USA, 3-3.  White Paper: Author – Trend Micro Security. Cloud Computing Security: Making Virtual Machines Cloud-Ready. May, 2010.

24


Download ppt "An Introduction to Issues Regarding Data Integrity & Virtual Machine Security."

Similar presentations


Ads by Google