Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security and Cloud Computing Naresh K. Sehgal, Sohum Sohoni, Ying Xiong, David Fritz, Wira Mulia, and John M. Acken 1 NKS.

Published bySantiago Biddick Modified over 9 years ago

Similar presentations

Presentation on theme: "Information Security and Cloud Computing Naresh K. Sehgal, Sohum Sohoni, Ying Xiong, David Fritz, Wira Mulia, and John M. Acken 1 NKS."— Presentation transcript:

1 Information Security and Cloud Computing Naresh K. Sehgal, Sohum Sohoni, Ying Xiong, David Fritz, Wira Mulia, and John M. Acken 1 NKS

2 Contents Background and Problem Statement Cloud Computing Trends Information Security Background – Internet Security Issues Security Issues with Cloud Computing – Scenarios – Challenges related to Virtualization Future Needs 2 NKS

3 Background Cloud Computing (CC) refers to – Providing IT Services, Applications and Data – Using dynamically scalable pool(s), – Remotely residing Resources CC provides financial benefits to users and providers CC amplifies Information security issues 3 NKS

4 Are we there yet? 4 NKS

5 Problem Statements Access Control – Who can rightfully access a computer system CC shares the same computer between multiple users – May compromise the integrity of run-time programs – How to ensure a timely completion of jobs? – Who is using the EDA license installed in the Cloud? Secure Communications – Data transfer via open channels Large amounts of files transferred over public nodes Large Transfer time will increase customer cost Data Protection in Cloud – Design IP theft Fake login or indirect access Unauthorized access in a 3 rd party data-center – Footprints after the job is done, e.g., erasing tax data on old disk drives – Overdoing the security so it comes in the way of cost & performance 5 NKS

6 6 Internet Security Levels Access ControlSecure communicationsData protectionMonitoring Software User Application Some login, usually relies on lower levels Usually relies on lower levels of implementation. Encrypt or disguise data Access logs Operating System (OS) LoginIn-memory transactions Special processes as watch dogs Virtual Machine Layer (VM) Hypervisor Layer software drivers from OS Encryption, security handshake encrypt data BIOS/FW based system management layer Privileged execution Privileged access to certain memory locations Log files Hardware CPU from OS Port and buss encryption, secure caches Separate secure registers and memory Memory Cache / Main RAM Encrypted busses, hash checking tables Data encryption Partitioning and encryption Interrupt logs Memory Disk Hash, checking tablesUSB data encryption encrypt disk storage, removable devices Err I/O Verify access id, such as internet IP address Encrypt transmissions, trust keyboard, mouse, and audio. Security handshake, coding, encryption Watch dog processes in hardware and software NKS

7 77 Internet Security Levels Access ControlSecure communicationsData protectionMonitoring Software User Application Some login, usually relies on lower levels Usually relies on lower levels of implementation. Encrypt or disguise data Access logs Operating System (OS) LoginIn-memory transactions Special processes as watch dogs Virtual Machine Layer (VM) Hypervisor Layer software drivers from OS Encryption, security handshake encrypt data BIOS/FW based system management layer Privileged execution Privileged access to certain memory locations Log files Hardware CPU from OS Port and buss encryption, secure caches Separate secure registers and memory Memory Cache / Main RAM Encrypted busses, hash checking tables Data encryption Partitioning and encryption Interrupt logs Memory Disk Hash, checking tablesUSB data encryption encrypt disk storage, removable devices Err I/O Verify access id, such as internet IP address Encrypt transmissions, trust keyboard, mouse, and audio. Security handshake, coding, encryption Watch dog processes in hardware and software NKS

8 Information Security Background Traditional Computing Security depends upon Firewalls and Physical Security 8 NKS

9 Communication Issues between the Islands of Security 9 NKS

10 Cloud Computing Environment with No central Island of security 10 NKS

11 Security Issues with Cloud Computing Unauthorized data or program changes (malicious by Mallory and accidental by Randy) Unauthorized observation and copying (intentional eavesdropping by Eve, accidental leaks to Randy) Denial of Service attacks (intentional by Imelda and accidental by Randy) Software User Application Fake login, or indirect access Usually relies on lower levels of implementation. Operating System (OS) Fake login, low level instruction In-memory transactions Virtual Machine Layer (VM) VM to VM communication Information leaks Hypervisor Layer software drivers from OS encryption, security handshake encrypt data BIOS/FW based system management layer Time date stamps Secure memory locations Authentication for execution Hardware CPU Information leaks Memory Cache/main RAM Information leaks Memory Disk Access privileges ?? 11 NKS

12 Security Issues with Cloud Computing Unauthorized data or program changes (malicious by Mallory and accidental by Randy) Unauthorized observation and copying (intentional eavesdropping by Eve, accidental leaks to Randy) Denial of Service attacks (intentional by Imelda and accidental by Randy) Software User Application Fake login, or indirect access Usually relies on lower levels of implementation. Operating System (OS) Fake login, low level instruction In-memory transactions Virtual Machine Layer (VM) VM to VM communication Information leaks Hypervisor Layer software drivers from OS encryption, security handshake encrypt data BIOS/FW based system management layer Time date stamps Secure memory locations Authentication for execution Hardware CPU Information leaks Memory Cache/main RAM Information leaks Memory Disk Access privileges ?? 12 But at what Cost? 12 NKS

13 Bottoms up Security inside a Cloud Data-center 13 NKS

14 Future Research on Security Gaps 1.Trust and confidentiality of consumers’ data 2.Competitors sharing the same disks or servers 3.Accidental or intentional data-trashing activity that can go un-noticed – Regular Integrity checks 4.Cost of security vs. performance 5.Need a holistic approach for end-to-end security 14 Security will drive broader adoption of Cloud Computing NKS

Download ppt "Information Security and Cloud Computing Naresh K. Sehgal, Sohum Sohoni, Ying Xiong, David Fritz, Wira Mulia, and John M. Acken 1 NKS."

Similar presentations

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
Operating Systems Manage system resources –CPU scheduling –Process management –Memory management –Input/Output device management –Storage device management.

Operating Systems Manage system resources –CPU scheduling –Process management –Memory management –Input/Output device management –Storage device management.
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
Mr C Johnston ICT Teacher

Mr C Johnston ICT Teacher
 Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS.

 Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
Information flow inside the computer IT skills: none IT concepts: computer components (input devices, output devices, memory, storage and CPU), program.

Information flow inside the computer IT skills: none IT concepts: computer components (input devices, output devices, memory, storage and CPU), program.
NoHype: Virtualized Cloud Infrastructure without the Virtualization Eric Keller, Jakub Szefer, Jennifer Rexford, Ruby Lee ISCA 2010 Princeton University.

NoHype: Virtualized Cloud Infrastructure without the Virtualization Eric Keller, Jakub Szefer, Jennifer Rexford, Ruby Lee ISCA 2010 Princeton University.
Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,

Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,
CS 300 – Lecture 22 Intro to Computer Architecture / Assembly Language Virtual Memory.

CS 300 – Lecture 22 Intro to Computer Architecture / Assembly Language Virtual Memory.
Figure 1.1 Interaction between applications and the operating system.

Figure 1.1 Interaction between applications and the operating system.
Cs238 Lecture 3 Operating System Structures Dr. Alan R. Davis.

Cs238 Lecture 3 Operating System Structures Dr. Alan R. Davis.
Chapter 2: Impact of Machine Architectures What is the Relationship Between Programs, Programming Languages, and Computers.

Chapter 2: Impact of Machine Architectures What is the Relationship Between Programs, Programming Languages, and Computers.
Towards Application Security On Untrusted OS

Towards Application Security On Untrusted OS
Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.

Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.
System Software, functions of an operating system

System Software, functions of an operating system
5205 – IT Service Delivery and Support

5205 – IT Service Delivery and Support
Windows Server 2008 R2 CSIT 320 (Blum) 1. Server Consolidation – Today’s chips have enhanced capabilities compared to those of the past. In particular.

Windows Server 2008 R2 CSIT 320 (Blum) 1. Server Consolidation – Today’s chips have enhanced capabilities compared to those of the past. In particular.
Self-service Cloud Computing Shakeel Butt Department of Computer Science Rutgers University.

Self-service Cloud Computing Shakeel Butt Department of Computer Science Rutgers University.
Week 6 Operating Systems.

Week 6 Operating Systems.

Similar presentations

Ads by Google