Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 8 04/11/2011 Security and Privacy in Cloud Computing

Cloud Network Security Goal: Examine techniques for securing cloud networking Review Assignment #8: (Due 4/18) Challenges for Cloud Network Security, HP Labs tech Report, /11/2011en Spring 2011 Lecture 9 | JHU | Ragib Hasan

Recap: Airavat (Cloud Privacy) Strengths? Weaknesses? Ideas? 4/11/2011en Spring 2011 Lecture 9 | JHU | Ragib Hasan

Today’s talk Will discuss a position paper (not an implementation or systems description paper) Will introduce the notion of cloud networking as a service, and its security implications – We will discuss what will be the issues in such a model 4/11/2011en Spring 2011 Lecture 9 | JHU | Ragib Hasan

For your review Instead of writing pros and cons of the paper, write the following: – Why security is a problem in cloud networking? (a brief paragraph) – 3 or more challenges in cloud network security – 3 or more techniques that may be used to secure cloud networks 4/11/2011en Spring 2011 Lecture 9 | JHU | Ragib Hasan

Cloud Networking Cloud computing requires – More performance from existing networks (bandwidth, quality, availability) – More flexibility Most of existing work on cloud focuses on single data centers and providers – But clouds can also be distributed (across different locations for same provider, or across different providers) 4/11/2011en Spring 2011 Lecture 9 | JHU | Ragib Hasan

Cloud Networking Cloud Networking involves – Ability to swiftly reconfigure networks according to client requirement (Network as a Service or NaaS) – Runs on top of intranet and the Internet – Uses network virtualization to connect clouds and users 4/11/2011en Spring 2011 Lecture 9 | JHU | Ragib Hasan

Cloud Networking Cloud networking extends network virtualization beyond the data centre to bring two new aspects to cloud computing: – the ability to connect the user to services in the cloud and – the ability to interconnect services that are geographically distributed across cloud infrastructures 4/11/2011en Spring 2011 Lecture 9 | JHU | Ragib Hasan

SAIL project from HP / EU Major European Union and HP project Goal is to – develop networking functions for applications with highly variable demands, – integrating these functions with computing and storage – along with the necessary tools for management and security. 4/11/2011en Spring 2011 Lecture 9 | JHU | Ragib Hasan

Threat Model Attacker: – External or Internal – Internal attacker can be disgruntled employee, or even hardware/software manufacturers embedding a trapdoor in code/firmware Threats – All traditional threats on networks (eavesdropping, DoS, Man-in-the-middle etc.) – Legal attacks (e.g., network crosses legal borders) 4/11/2011en Spring 2011 Lecture 9 | JHU | Ragib Hasan

Secure cloud Networking: Challenges Users view network as a private one, but it is built on top of public infrastructures How to implement security? – Component based: Virtual components themselves manage security – Infrastructure based: Network manages security 4/11/2011en Spring 2011 Lecture 9 | JHU | Ragib Hasan

Secure Cloud Networking: Challenges Integrity – How to ensure routing security (integrity and availability of routing information) 4/11/2011en Spring 2011 Lecture 9 | JHU | Ragib Hasan

Secure Cloud Networking: challenges How the virtual network provider guarantees a certain network capacity to a customer, How the access to this virtual network is controlled, and How the virtual network usage is accounted for (metering) 4/11/2011en Spring 2011 Lecture 9 | JHU | Ragib Hasan

Further reading 4/11/2011en Spring 2011 Lecture 9 | JHU | Ragib Hasan SAIL Project: