Cloud Computing

and

Security Threats

For Course :

SOFTWARE SECURITY SYSTEM

For

SIR MAQSOOD RAZI

From

IQBAL UDDIN KHAN

What is Cloud?
The term "cloud" is used as a metaphor for the Internet, based on the cloud drawing used in the past to represent the telephone network and later to depict the Internet in computer network diagrams as an abstraction of the underlying infrastructure it represents.

Commercial deployment of Cloud

In early 2008, Eucalyptus became the first open-source, AWS API-compatible platform for deploying private clouds. In early 2008, OpenNebula, enhanced in the RESERVOIR European Commissionfunded project, became the first opensource software for deploying private and hybrid clouds, and for the federation of clouds.

Commercial deployment of Cloud contd

Eucalyptus: is a software platform for the
implementation of private cloud computing.
Eucalyptus has two editions:
1. Open-core enterprise edition. 2. Open-source edition.

Commercial deployment of Cloud contd

Eucalyptus is Compatible with AMAZONs Elastic Compute Cloud (EC2) and Simple Storage Service (S3). Eucalyptus works with most currently available Linux distributions including Ubuntu, Red Hat Enterprise Linux (RHEL), CentOS, SUSE Linux Enterprise Server (SLES), openSUSE, Debian and Fedora.

Commercial deployment of Cloud contd

OpenNebula: An open-source cloud
computing toolkit for managing heterogeneous distributed data center infrastructures. The OpenNebula toolkit manages a data center's virtual infrastructure to build private, public and hybrid clouds.

Why Cloud is Necessary?

The answer depends upon what type of user we are? example:

System Administrator. Software Developers. IT buyers, Corporate and Federal.

Benefits of Cloud Computing

Reduced Cost Cloud technology is paid incrementally, saving organizations money. Increased Storage Organizations can store more data than on private computer systems. Highly Automated No longer do IT personnel need to worry about keeping software up to date.

Benefits of Cloud Computing

contd

Flexibility Cloud computing offers much more flexibility than past computing methods. More Mobility Employees can access information wherever they are, rather than having to remain at their desks.

Benefits of Cloud Computing

contd

Allows IT to Shift Focus No longer having to worry about constant server updates and other computing issues, government organizations will be free to concentrate on innovation.

Cloud Details
Cloud computing is a marketing term for technologies that provide computation, software, data access, and storage services that do not require end-user knowledge of the physical location and configuration of the system that delivers the services. A parallel to this concept can be drawn with the electricity grid, wherein end-users consume power without needing to understand the component devices or infrastructure required to provide the service.

Cloud Details

Cloud Layers Client Applications Platform Infra Structure Server

Cloud Layers
Client A cloud client consists of computer hardware and/or computer software that relies on cloud computing for application delivery and that is in essence useless without it. Example ChromeOS. a Linux-based operating system designed by Google to work exclusively with web applications.

contd

Cloud Layers
Application A cloud application is software provided as a service. Example : Google Apps.

contd

Cloud Layers
Platform a computing platform and/or solution stack as a service, often consuming cloud infrastructure and sustaining cloud applications. Example Facebook

contd

Cloud Layers
Infrastructure a platform virtualization environment as a service, along with raw (block) storage and networking. Example AMAZON EC2

contd

Cloud Layers
Server The servers layer consists of computer hardware and computer software products that are specifically designed for the delivery of cloud services, including multicore processors, cloudspecific operating systems and combined offerings.

contd

Cloud Deployment Models Public cloud Community cloud Hybrid cloud Private cloud

Cloud Deployment Models Contd

Public cloud A public cloud is one based on the standard cloud computing model, in which applications and storage, available to the general public over the Internet. Public cloud services may be free or offered on a pay-per-usage model.

Cloud Deployment Models Contd

Community cloud Community cloud shares infrastructure between several organizations from a specific community with common concerns (security, compliance and jurisdiction).

Cloud Deployment Models Contd

Hybrid cloud Hybrid cloud is a composition of two or more clouds (private, community, or public) that remain unique entities or can also be defined as multiple cloud systems that are connected in a way that allows programs and data to be moved easily from one deployment system to another.

Cloud Deployment Models Contd

Private cloud Private cloud is infrastructure operated solely for a single organization, whether managed internally or by a third-party and hosted internally or externally.

Threats to Cloud Computing

Abusive use of Cloud Computing. Insecure Interfaces and APIs. Malicious Insiders. Shared Technology Issues. Data Loss or Leakage. Account or Service Hijacking.

Threats to Cloud Computing

Contd

Abusive use of Cloud Computing. Cloud Computing providers are actively being targeted, partially because their relatively weak registration systems facilitate anonymity, and providers fraud detection capabilities are limited. So criminals continue to leverage new technologies to improve their reach, avoid detection, and improve the effectiveness of their activities.

Threats to Cloud Computing

Contd

Insecure Interfaces and APIs Reliance on a weak set of interfaces and APIs exposes organizations to a variety of security issues related to confidentiality, integrity, availability and accountability. While most providers strive to ensure security is well integrated into their service models

Threats to Cloud Computing

Contd

Malicious Insiders The impact that malicious insiders can have on an organization is considerable, given their level of access and ability to infiltrate organizations and assets. Brand damage, financial impact, and productivity losses are just some of the ways a malicious insider can affect an operation.

Threats to Cloud Computing

Contd

Shared Technology Issues Attackers focus on how to impact the operations of other cloud customers, and how to gain unauthorized access to data. So they target the shared technology inside Cloud Computing environments. Disk partitions, CPU caches, GPUs, and other shared elements were never designed for strong compartmentalization.

Threats to Cloud Computing

Contd

Data Loss or Leakage Data loss or leakage can have a devastating impact on a business. Beyond the damage to ones brand and reputation, a loss could significantly impact employee, partner, and customer morale and trust. Loss of core intellectual property could have competitive and financial implications.

Threats to Cloud Computing

Contd

Account or Service Hijacking. Organizations should be aware of these threats, Account and service hijacking, usually with stolen credentials, remains a top threat. With stolen credentials, attackers can often access critical areas of deployed cloud computing services, allowing them to compromise the confidentiality, integrity and availability of those services.

 References from

Wikipedia. Report from Cloud Security Alliance March 2010.

Thank you