Presentation on theme: "Security Framework For Cloud Computing -Sharath Reddy Gajjala."— Presentation transcript:
Security Framework For Cloud Computing -Sharath Reddy Gajjala
INTRODUCTION Cloud computing emerged as modern technology and considered as next big thing to come. It has grown up from just being a concept to a major part of IT industry. So requires new security issues and new challenges Changed the entire process of distributed computing.
INTRODUCTION Generally works on three type of architecture namely. SaaS (Software as a Service) PaaS (Platform as a Service) IaaS (Infrastructure as a Service) Different issue and challenges with each technology.
Software as a Service (SaaS) Hosts and manages a given application in their data center. Makes it available to multiple users over the web. Examples: Oracles CRM on Demand, Salesforce.com
Platform as a Service (PaaS) Application development and deployment platform for developers. No cost and complexity of buying and managing the infrastructure. All the facilities required for lifecycle are entirely available. Includes Database, Middleware, development tools and infrastructure software. Google App engine and Engine yard
Infrastructure as a Service (IaaS) Delivery of hardware and software as a service. Does not require any long-term commitment. Allows users to provision resourses on demand.
Security Challenges Cloud Service Security Accidents in Recent Years: March 2009 Google leaked a large no of documents. Microsoft Azure stopped working for 22 hours. April 2011 Amazon EC2 service disruptions Influences on the service of Quora, Reddit etc. Caused a great loss even devastating blow.
Threats To Cloud Computing Changes to business model Abusive use of cloud computing Insecure interfaces and API Malicious insiders Shared technology issues Data loss and leakage Service hijacking Risk profiling Identity theft
Attacks on Cloud Computing Zombie Attack Service injection attack Attacks on virtualization Man-in-the Middle attack Metadata spoofing Phishing Backdoor channel attack
Proposed Security Model User can be certified by 3 rd party CA Issued token for service by End User Service Portal. User can use services provided by single service provider. EUSP provides secure access control using VPN (Virtual Private Network) and cloud service managing and configuration.
Framework For Secure Cloud Computing Based on security model Describes each component Apply needed technologies for implementation between components. Access control process is done on each component for providing flexible service.
Framework Components Client End-User Service Portal Single sign-on (SSO) Service Configuration Service Gateway, Service Broker Security Control Security Management Trust Management Service Monitoring
Conclusion Cloud computing is a technology of rapid development. Security is the main obstacle which must be solved. security is not just a technical problem it also involves standardization, Supervising mode, laws and regulations and many other aspects. Future research should be directed towards management of risks, developing risk assessment.