Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Introduction to Issues Regarding Data Integrity & Virtual Machine Security.

Similar presentations


Presentation on theme: "An Introduction to Issues Regarding Data Integrity & Virtual Machine Security."— Presentation transcript:

1 An Introduction to Issues Regarding Data Integrity & Virtual Machine Security

2  What is Cloud Computing?  Data Management Issues  Data Integrity  Data Provenance  Data Remanence  Data Availability  Virtual Machine Security  Cloud Mapping  Co-Residence  Side-Channeling

3  Confusion Exists, Not Without Reason  The Future Of Computing for Business & Home  An Old Concept Revisited “The interesting thing about cloud computing is that we’ve redefined cloud computing to include everything that we already do… I don’t understand what we would de differently in the light of cloud computing other than change the wording of some of our ads.” - Larry Ellison

4  Remote Access To Centrally Stored Data & Applications  Flexibility in Resource Sharing and Allocation  Software as a Service (SaaS)  Platform as a Service (PaaS)  Infrastructure as a Service (IaaS) Cloud Computing is a method in which the internet is used as a medium to enable resource and application sharing

5

6  2013 Figure 2 – H1 (encrypted and locked!) 2012 Sampling of Security Incidents by Attack Type, Time and Impact Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses

7 Coverage 20,000+ devices under contract 3,700+ managed clients worldwide 13B+ events managed per day 133 monitored countries (MSS) 1,000+ security related patents Depth 14B analyzed web pages & images 40M spam & phishing attacks 64K documented vulnerabilities Billions of intrusion attempts daily Millions of unique malware samples

8  Data Integrity  Cloud Service Provider (CSP) Concerns  Third Party Auditing (TPA)  Encryption and Multitenancy  Data Provenance  Data Remanence  Data Availability  Elasticity  CSP Related Downtime  Malicious Attacks

9  Cloud Service Provider (CSP) Concerns  CSP Security ▪ Data Transfer ▪ Data-at-Rest  CSP Data Loss ▪ Unintentional ▪ Intentional  Third Party Auditing ▪ The Auditor ▪ Support for Dynamic Data

10  Encryption & Multitenancy  Multitenancy – Storage of data from multiple clients in a single repository  Inability to use encryption in order to support indexing  Encryption largely irrelevant if data is analyzed on the cloud, as analysis requires decryption.

11  Data Provenance – Calculation Accuracy  Shared resources mean shared responsibility  Difficulty / Impossibility in tracking involved machines  Data Remanence – Data Cleansing  “Ghost Data” – Left behind after deletion  No remanence security plan for any major CSP

12 Total Downtime (HH:MM:SS) AvailabilityPer DayPer MonthPer Year %00:00:00.400:00:2600:05: %00:00:0800:04:2200:52: %00:01:2600:43:4908:45:56 99%00:14:2307:18:1787:39:29 Mather, Tim; Kumaraswamy, Subra; Latif, Shahed; Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance. O'Reilly Media, Inc., 2009 Cloud Service Provider (CSP) Concerns

13 Malicious Attacker Concerns Distributed Denial of Service (DDoS) Uses Port Flooding to Slow Systems or Force Server Resets. External Attack Models Similar to Traditional Strikes Cloud Usage as Attacker Internal Attack Models Protection Responsibility Lies on the User CSP Would Need to Detect

14

15  Up-Time  Jurisdiction  Data Ownership  Escrow Data? Metadata?  Exit Clause  Testing for  Disaster Recovery  Incident Response  E-Discovery  Right to Audit

16  Cloud Mapping  Co-Residence  Side-Channeling  Certificate Management

17  Cloud Mapping Ristenpart, Thomas; Tromer, Eran; Shacham, Hovav; Savage, Stefan. Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds.CCS '09, November9-13, 2009, Chicago, Illinois, USA. Copyright 2009.

18  Co-Residence Ristenpart, Thomas; Tromer, Eran; Shacham, Hovav; Savage, Stefan. Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds.CCS '09, November9-13, 2009, Chicago, Illinois, USA. Copyright 2009.

19  Side-Channeling Ristenpart, Thomas; Tromer, Eran; Shacham, Hovav; Savage, Stefan. Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds.CCS '09, November9-13, 2009, Chicago, Illinois, USA. Copyright 2009.

20

21  Armbrust, Michael; Fox, Armando; Griffith, Rean; Joseph, Anthony D.; Katz, Randy; Konwinski, Andy; Lee, Gunho; Patterson, David; Rabkin, Ariel; Stoica, Ion; Zaharia, Matei A view of cloud computing. Commun. ACM 53, 4 (April 2010), DOI= / doi.acm.org.catalog.library.colostate.edu/ / http://0- doi.acm.org.catalog.library.colostate.edu/ /  Brodkin, Jon; Gartner: Seven cloud-computing security risks. Network World. July 02, :48 PM ET.  Christodorescu, Mihai; Sailer, Reiner; Schales, Douglas Lee; Sgandurra, Daniele; Zamboni, Diego Cloud security is not (just) virtualization security: a short paper. In Proceedings of the 2009 ACM workshop on Cloud computing security (CCSW '09). ACM, New York, NY, USA, DOI= /  Cong Wang; Qian Wang; Kui Ren; Wenjing Lou;, "Privacy-Preserving Public Auditing for Data Storage Security in Cloud Computing," INFOCOM, 2010 Proceedings IEEE, vol., no., pp.1-9, March 2010 doi: /INFCOM URL: ieeexplore.ieee.org.catalog.library.colostate.edu/stamp/stamp.jsp?tp=&arnumber= &isnu mber= http://0- ieeexplore.ieee.org.catalog.library.colostate.edu/stamp/stamp.jsp?tp=&arnumber= &isnu mber=  Cong Wang; Qian Wang; Kui Ren; Wenjing Lou; Dept. of ECE, Illinois Inst. of Technol., Chicago, IL, USA This paper appears in: Quality of Service, IWQoS. 17th International Workshop on Issue Date: July 2009 On page(s): Location: Charleston, SC ISSN: X E- ISBN: Print ISBN: INSPEC Accession Number: Digital Object Identifier: /IWQoS Date of Current Version: 18 August 2009  Furht, Borko. “Cloud Computing Fundamentals.” Ed. B Furht & A Escalante. Handbook of Cloud Computing May (2010) : 3-19.

22  Grossman, R.L.;, "The Case for Cloud Computing," IT Professional, vol.11, no.2, pp.23-27, March-April 2009 doi: URL: ieeexplore.ieee.org.catalog.library.colostate.edu/stamp/stamp.jsp?tp=&arnumber= &isnumber= /MITP http://0- ieeexplore.ieee.org.catalog.library.colostate.edu/stamp/stamp.jsp?tp=&arnumber= &isnumber= /MITP  Jaeger, Paul T; Lin, Jimmy; Grimes, Justin M. Cloud Computing and Information Policy: Computing in a Policy Cloud? , 2008, 5, 3,  Jensen, Meiko; Schwenk, Jörg; Gruschka, Nils; Lo Iacono, Luigi. "On Technical Security Issues in Cloud Computing," cloud, pp , 2009 IEEE International Conference on Cloud Computing, 2009  Jinpeng Wei, Xiaolan Zhang, Glenn Ammons, Vasanth Bala, and Peng Ning Managing security of virtual machine images in a cloud environment. In Proceedings of the 2009 ACM workshop on Cloud computing security (CCSW '09). ACM, New York, NY, USA, DOI= /  Kaufman, L.M.;, "Data Security in the World of Cloud Computing," Security & Privacy, IEEE, vol.7, no.4, pp.61-64, doi: /MSP July-Aug URL: ieeexplore.ieee.org.catalog.library.colostate.edu/stamp/stamp.jsp?tp=&arnumber= & isnumber= http://0- ieeexplore.ieee.org.catalog.library.colostate.edu/stamp/stamp.jsp?tp=&arnumber= & isnumber=  Krautheim, John F Private virtual infrastructure for cloud computing. In Proceedings of the 2009 conference on Hot topics in cloud computing (HotCloud'09). USENIX Association, Berkeley, CA, USA, 5-5.  Leavitt, Neal Is Cloud Computing Really Ready for Prime Time?. Computer 42, 1 (January 2009), DOI= /MC

23  Lizhe Wang; Jie Tao; Kunze, M.; Castellanos, A.C.; Kramer, D.; Karl, W.; Res. Center Karlsruhe Hermann-von-Helmholtz-Platz 1, Inst. for Sci. Comput., Karlsruhe Scientific Cloud Computing: Early Definition and Experience.  Mather, Tim; Kumaraswamy, Subra; Latif, Shahed; Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance. O'Reilly Media, Inc., 2009  Reference Type: Book Chapter Editor: Backes, Michael Editor: Ning, Peng Author: Wang, Qian Author: Wang, Cong Author: Li, Jin Author: Ren, Kui Author: Lou, Wenjing Primary Title: Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing Book Title: Computer Security – ESORICS 2009 Book Series Title: Lecture Notes in Computer Science Copyright: 2009 Publisher: Springer Berlin / HeidelbergIsbn: Start Page: 355 End Page: 370 Volume: 5789 Url: Doi: / _22  Ristenpart, Thomas; Tromer, Eran; Shacham, Hovav; Savage, Stefan. Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds.CCS '09, November9-13, 2009, Chicago, Illinois, USA. Copyright  Santos, Nuno. Gummadi, Krishna P.; Rodrigues, Rodrigo Towards trusted cloud computing. In Proceedings of the 2009 conference on Hot topics in cloud computing(HotCloud'09). USENIX Association, Berkeley, CA, USA, 3-3.  White Paper: Author – Trend Micro Security. Cloud Computing Security: Making Virtual Machines Cloud-Ready. May, 2010.

24


Download ppt "An Introduction to Issues Regarding Data Integrity & Virtual Machine Security."

Similar presentations


Ads by Google