Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1
Security in a cloud Traditional threats to a software Functional threats of cloud components Attacks on a client Virtualization threats Threat of cloud complexity Attacks on hypervisor Threats of VM migration Attacks on management systems Privacy, personal data 2
Traditional threats to a software The traditional treads are related to the vulnerabilities of network protocols, operating systems, modular components and other similar weaknesses. This is a classic security threat, to solve that, it is sufficient to use anti-virus software, firewall and other components discussed later. It is important that these tools are adapted to the cloud environment to run effectively in virtualization. 3
Functional threats of cloud components This type of attack is associated with multiple layers of the "clouds", the main principle ofv security – the general level of security is the security of the weakest element. 4 Cloud elementMeans of security Proxy serverProtection against DoS-attacks Web serverMonitoring the integrity of the web pages Application serverShielding of the applications Data storage layerProtection against SQL injections Data storage systemsAccess control and backups
Attacks on a client These types of attacks have worked out in a web environment, but they are just as relevant in cloud environments, as users connect to the cloud through a web browser. Attacks include such types as Cross Site Scripting (XSS), DoS attacks, interception of web sessions, stealing passwords, "the man in the middle” and others. 5
Virtualization threats Since the platform for the cloud elements, usually is a virtual environment, the attack on virtualization threatens the entire cloud as a whole. This type of attack is unique to cloud computing. 6
Threat of cloud complexity Monitoring the events in the "cloud" and management of them is also a security issue. How do we ensure that all resources are counted and that there is no rogue virtual machine that perform third- party processes and do not interfere in mutual configuration of the layers and elements of the "cloud"? 7
Attacks on hypervisor In fact, a key element in the virtual system is a hypervisor which provides separation of physical computer resources among virtual machines. Interfering the work of the hypervisor or its breach may allow one virtual machine to access resources of other – network traffic, stored data. This can also lead to virtual machine displacement from the server. 8
Threats of VM migration Note that the virtual machine itself is a file that can be executed on different nodes of the "cloud". The system of virtual machine management includes mechanisms for the transfer (migration) of virtual machines. Nevertheless, it is possible to steal virtual machine file and run it out of the cloud. It is impossible to steal the physical server from the data centre, but you can steal files of virtual machines across the network without physical access to servers. 9
Attacks on management systems A large number of virtual machines that are used in the "clouds", especially in public clouds require a management system that can reliably control the creation, transfer and utilization of virtual machines. The interference in the management system can lead to ghost virtual machines, blocking some of the machines and the substitution of elements or layers in the cloud to the rogue. 10
Privacy, personal data When it comes to the privacy of data, there are a lot of problems with the legislation – such as the processing of personal data and its protection. Choosing a cloud computing as a solution for business systems, it is important to take into account the confidentiality of the data that will be stored in a "cloud". To store secret and top secret data in the "cloud" environments is not absolutely safe – that's why government agencies are still not switched to “clouds” 11
Thank you! 12