Security in the Clouds 1 Professor Sadie Creese London Hopper 2010 May 2010.

Slides:

Advertisements

Similar presentations

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Advertisements

INTRODUCTION TO CLOUD COMPUTING CS 595 LECTURE 6 2/13/2015.

1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.

A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.

Future Work Needed Kenneth Wade Najim Yaqubie. Outline 1.Model is simple 2.Too many assumptions 3.Conflicting internal architectures 4.Security Challenges.

Lecture 11 Reliability and Security in IT infrastructure.

Addition to Networking.  There is no unique and standard definition out there  Cloud Computing is a general term used to describe a new class of network.

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Banking Clouds V International Youth Banking Forum.

©2012 Check Point Software Technologies Ltd. Cloud Security Tamir Zegman Architect.

Security Framework For Cloud Computing -Sharath Reddy Gajjala.

Road to the Cloud The Economics of Cloud Computing.

Cloud Computing Cloud Security– an overview Keke Chen.

Introduction to Cloud Computing

Sanbolic Enabling the Always-On Enterprise Company Overview.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

SEC835 Database and Web application security Information Security Architecture.

Storage Security and Management: Security Framework

Software to Data model Lenos Vacanas, Stelios Sotiriadis, Euripides Petrakis Technical University of Crete (TUC), Greece Workshop.

Jim Reavis, Executive Director Cloud Security Alliance November 22, 2010 Developing a Baseline On Cloud Security.

Thomas Levy. Agenda 1.Aims: CIAN 2.Common Business Attacks 3.Information Security & Risk Management 4.Access Control 5.Cryptography 6.Physical Security.

1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.

CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.

Computer Science and Engineering 1 Cloud ComputingSecurity.

In the name of God :).

= WEEKS, MONTHS, YEARS OF DELAYED APPLICATION VALUE MISSED REVENUE OPPORTUNITIES, INCREASED COST AND RISK DEV QA PACKAGE COMMERCIAL SOFTWARE CUSTOM APPLICATION.

Cloud Computing Characteristics A service provided by large internet-based specialised data centres that offers storage, processing and computer resources.

Salsa Bits: A few things that the analysts aren't talking about... December 2006.

1 © 2009 Cisco Systems, Inc. All rights reserved.Cisco Confidential Cloud Computing – The Value Proposition Wayne Clark Architect, Intelligent Network.

Team 6: (DDoS) The Amazon Cloud Attack Kevin Coleman, Jeffrey Starker, Karthik Rangarajan, Paul Beresuita, Arunabh Verma and Amay Singhal.

In the Cloud How to Address Security in the Cloud.

What is the cloud ? IT as a service Cloud allows access to services without user technical knowledge or control of supporting infrastructure Best described.

Cloud Computing Security Keep Your Head and Other Data Secure in the Cloud Lynne Pizzini, CISSP, CISM, CIPP Information Systems Security Officer Information.

Geneva, Switzerland, September 2014 Considerations for implementing secure enterprise mobility Eileen Bridges Aetna GIS Director.

Emerging Security Trends & Technologies Presented by Santhosh Koratt Head Consulting & Compliance SecureSynergy Pvt.Ltd.

Cloud Computing Project By:Jessica, Fadiah, and Bill.

Virtual Workspaces Kate Keahey Argonne National Laboratory.

Kia Manoochehri.  Background  Threat Classification ◦ Traditional Threats ◦ Availability of cloud services ◦ Third-Party Control  The “Notorious Nine”

1 NETE4631 Network Information Systems : Introduction to Cloud Computing Lecture Notes #2.

Cloud Market Readiness Report Finance, Media, and Legal Sectors March 2014 Trend Consulting 2013.

HUSKY CONSULTANTS FRANKLIN VALENCIA WIOLETA MILCZAREK ANTHONY GAGLIARDI JR. BRIAN CONNERY.

CLOUD COMPUTING

Security Vulnerabilities in A Virtual Environment

Nov 22/26 Tech Forum 2015 Roberto Trinconi Cloud the New Path to the Business Leadership.

The need to comprehend clouds IT goes Cloud Athanasios Tsitsipas OMI, University of Ulm, Germany.

Slide 1 Security Engineering. Slide 2 Objectives l To introduce issues that must be considered in the specification and design of secure software l To.

The cost of Cybercrime 1 Steve Lamb Regional Marketing Manager – EMEA, Enterprise Security Products Twitter: actionlamb.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Elizabeth Muli Technical University of Kenya & James Kimutai Moi University 1.

Towards an Enterprise Architecture for Wits In the context of the new Student Information System programme Prof Derek W. Keats Deputy Vice Chancellor (Knowledge.

By: Joshua Wiegand. Overview ● What is the cloud computing? ● History of Mobile Computing ● Service Models ● Deployment Models ● Architecture ● Security.

© 2012 Eucalyptus Systems, Inc. Cloud Computing Introduction Eucalyptus Education Services 2.

By Hajira Fatima Safa Mohammed Zaheer Abid Ali. Cloud computing is a result of evolving and adopting existing technologies. The goal of cloud computing.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

CS 6027 Advanced Networking FINAL PROJECT . Cloud Computing KRANTHI CHENNUPATI PRANEETHA VARIGONDA SANGEETHA LAXMAN VARUN DENDUKURI.

Surveillance and Security Systems Cyber Security Integration.

Organizations Are Embracing New Opportunities

Cloud Security– an overview Keke Chen

Cloud Computing Kelley Raines.

Physical Architecture Layer Design

Securing your Journey to the Cloud

Cloud Security An IaaS Story 2018 © Netskope. All rights reserved.

NFV Update Vienna, February 2018

Cloud Computing Cloud computing refers to “a model of computing that provides access to a shared pool of computing resources (computers, storage, applications,

Specialized Cloud Architectures

Computer Science and Engineering

Cloud UW BACKGROUND 26 Sep 2008 T. Gray.

Session I Cloud Introduction Session I

Presentation transcript:

Security in the Clouds 1 Professor Sadie Creese London Hopper 2010 May 2010

What is cloud computing? 2

Service Model 3 Gmail, Google Docs Google App Engine Amazon EC2 Amazon S3/SimpleDB VMWare/XEN

Cloud Market Drivers Enterprise Drivers Compression of deployment cycles Instant upgrade and try-it-out Elasticity Cost alignment Reduction of IT team costs Accessibility and sharing Dependability Waste reduction and carbon footprint Consumer drivers Up to speed with latest apps Pay-as-you-use Accessibility and sharing Dependability 4

Cloud Ecosystems 5 VM Broker VM User

Why are we concerned? 6

Significant investment 7 $$$ Hosted apps market currently at $6.4b, $14.8b in 2012 (Gartner Dec 08) Services market currently at $56b, $150b in 2013 (Gartner March 09) Services market currently worth $16.2b, $42b in 2012 (IDC Dec 08) Services market to be worth $160b in 2011 (Merril Lynch May 08)

Large Cloud Application Service Provider Space 8 Extract from slides : “Prophet a Path out of the cloud”, Best Practical, Presented at O’Reilly Open Source Conf, 2008

People Are Worried Key barriers to uptake, as recognised in the community: Data security concerns Privacy compromise/ practice Service dependability and QoS Loss of control over IT and data Management difficulties around performance, support and maintenance Service integration Lock-in Usability Lack of market maturity 9

What’s different about the Cloud? 10

Scale and Business Models 11 Length and depth of relationships Mobility of data Volumes of data Nature of data (more sensitive) Lack of perimeter Global nature Location of control

Futures – Scenarios 12 High Cost/Low Payback for an attacker. Most successful threat agents, likely to be insider’s within the silo High Cost/High Payback for an attacker. Most successful threat agent, likely to be insider managing resource distribution or a malicious service provider. Low Cost/Low Payback for an attacker. Threat agents will include external attackers utilising mixture of technology and social engineering. Low Cost/High Payback for an attacker. External attackers using the distributed scale to attack multiple systems and users simultaneously. E.G Bot and application framework based attacks.

Thinking Like an Attacker 13

(A few) potential future attack scenarios 14 Denial of service resource consumption, traffic redirection, inter-cloud and user to cloud Trojan Clouds Imitate providers, infiltrate supply chains, sympathetic cloud Inference Attacks Due to privileged (~admin) roles, cohabiting risks (via hypervisor) Application Framework attacks Repeatable, pervasive Sticky Clouds Lack of responsiveness, complex portability Onion storage Moving global location, fragmenting, encrypting Covert channels within the cloud network across services

And? 15

16 (A few) Implications for Security Regulatory/Legislation Nothing is transparent about data handling in cloud, privacy protection Investigations Technical forensics and legal, across borders Monitoring/Auditing Mechanisms Encryption At some point decryption happens for anything other than storage... Recent IBM breakthrough indicates potential for processing encrypted data but not practical yet.. Contracting/Due Diligence Service Level Agreements

17 Our current research directions... Digital Forensics Vulnerability Models / Threat Models and Cascade Effects Service Level Agreements Enterprise Capability Maturity Model Designing in Privacy -> via patterns and architectures Insider Threat Detection

Thank-you Questions? 18