a seminar on securities in cloud computing presented by sanjib kumar raul mtech(ict) roll-10it61b09...
TRANSCRIPT
A Seminar on Securities In Cloud Computing
Presented by
Sanjib Kumar Raul
Mtech(ICT)Roll-10IT61B09
IIT Kharagpur
Under the supervision of Prof. Indranil Sengupta
HOD,Computer Science
ContentWhat is Cloud ComputingCloud ArchitectureCloud StructureTypes of security in cloud computingSecurity concernData Confidentiality in cloud computing.Problem in cloud computing.ConclusionReferences
What is Cloud Computing
It is an Internet-based computing technology, where shared resources such as software, platform, storage and information are provided to customers on demand.
Cloud Computing is a computing platform for sharing resources that include infrastructures, software, applications, and business
processes. Cloud Computing is a virtual pool of computing resources.It
provides computing resources in the pool for users through internet.
Cloud Architecture
A Basic Cloud Network
Cont..
Components of cloud computing
Front end The front end is the client’s network or computer,
and the applications used to access the cloud. Back end The back end is the ‘cloud’ itself, which comprises
of various computers, servers and data storage devices.
Cloud structure and Types
The user can access any service which he/she wants for a specific task and for a specific amount of time.
TypesPublic cloud: In public clouds, multiple
customers share the computing resources provided by a single service provider.
Private cloud: In the private cloud, computing resources are used and controlled by a private enterprise.
Cont..Hybrid cloud: A third type can be hybrid
cloud that is typical combination of public and private cloud.
Community cloud: Several organizations jointly construct and share the same cloud infrastructure as well as policies,requirements, values, and concerns.
Models of Cloud Computing
Model 1:Infrastructure as a service(Iaas)Model 2:Platform as a Service(PaaS)
Cont..Model 3:Software as a Service(SaaS)Model 4:Business Process as a Service(BaaS)
Types of Security in Cloud Computing
1-Data Security
It focuses on protecting the software and hardware associated with the cloud.
2-Network Security
Protecting the network over which cloud is running from various attacks – DOS, DDOS, IP Spoofing.
Security ConcernThere are multiple issues in a cloud computing.Loss of Control
The first issue associated with cloud computing is the loss of control of an organisation’s data.Data retention Another issue associated with cloud computing can be seen with how old data is managed. Once data is used it is generally stored indefinitely in the cloud.
Implementing and achieving securityThe company secure the data by establish an
information security policy (InSPy).Security through password protection
Data Confidentiality Protection
Confidentiality is defined as the assurance that sensitive information is not disclosed to unauthorized persons, processes, or Devices.Users’ confidential data is disclosed to a service provider if all of the following three conditions are satisfied simultaneously
Cont..
1) the service provider knows where the users’ confidential data is located in the cloud computing systems.2) the service provider has privilege to access and collect the users’ confidential data in cloud.3) the service provider can understand the meaning of the users’ data.
Problems With CurrentCloud Computing
Cloud computing system architecture
Cont..The following are the major problems of current cloud computing system:A. Each service provider has its own software layer, platform layer and infrastructure layer. When a user uses a cloud application from a service provider, the user is forced to usethe platform and infrastructure provided by the same service provider, and hence the service provider knows where the users’ data is located and has full access privileges to the data.
Cont..B. The user is forced to use the interfaces
only provided by the service provider, and users’ data has to be in a fixed format specified by the service provider, and hence the service provider knows all the information required understanding users’ data.
Therefore, we cannot prevent service providers from satisfying all of the three Conditions
Cont..Approach to Protect Confidentiality:In our approach,we have the following seven entities: Software Cloud,Infrastructure Cloud, Software Service Broker, Infrastructure Service Broker, Software Service Attestation Authority, DataObfuscator and Data De-obfuscator
McCabe’s Cyclomatic Complexity Measures
Approach to protect confidentiality
Cont..Our approach makes sure that any of these entities in a cloud computing system does not satisfy the three conditions simultaneously.Software Cloud: A Software Cloud provides software as a service upon users’ requests. Each software cloud may contain multiple software services, and each software service can be discovered and accessed by users through Software Service Broker..
Cont..Infrastructure Cloud: An Infrastructure Cloud provides virtualized system resources, such as CPU, memory, and network resources. An authenticated user can request a virtual machine on which the user can deploy any platform or operating system to execute a software service instance.Software Service Broker:It provides identity anonymization service, by which users can use pseudonyms instead of their true identities so that the users can acquire service instances
without revealing their identities.
Infrastructure Service Broker:It helps users automatically discover and useavailable infrastructure services. It also provides identity anonymization service to prevent the system from revealing users’ true identities. The Software Service Attestation Authority (SSAA):The SSAA is a third party authority to verify that a service instance does not perform any malicious activity that may disclose users’ confidential data
Cont..A Data Obfuscator: A Data Obfuscator is a middleware provided by a user that can be deployed on a virtual machine in an infrastructure Cloud. The Data Obfuscator provides an operating system environment for software service instance to be run in an Infrastructure Cloud.A Data De-obfuscator: It de-obfuscates obfuscated data so that a user can see the plain data. A Data De-obfuscator remains in the user’s personal computer all the time.
S1) a) A user requests a Software Service Broker to find a software service by providing the specification of the software service. b) The Software Service Broker performs automatic service discovery to find a service instance in the Software Cloud that satisfies the user’s requested service requirement specification. c) The Software Service Broker acquires the discovered software instance using an anonymous credential.S2) a) The Software Service Broker deploys the acquired service instance to the testing platform of a
Summary.
SSAA. The SSAA verifies whether the service instance performs according to the service description, and the service instance does not transmit users’ data to any unauthorized entity. b) After the verification procedure, the software service instance is sent back to the Software Service Broker.S3) a) The user asks the Infrastructure Service Broker to find an infrastructure service compatible to the service instance. b) The Infrastructure Service Broker discovers an infrastructure service provider, who has the capability to execute the acquired softwareservice instance.
Cont..
Cont..S4) The user requests the infrastructure service provider to set up a virtual machine and then deploys the Data Obfuscator on the virtual machine using the Agent Deployment Plans (ADPs), for automated middleware deployment and migration in service based systems .S5) a) The service instance acquired in S1) is sent to Infrastructure Service Broker. b) The service instance is deployed on the workflow of the Data Obfuscator set up in S4).S6) a) The user sends his/her data to the workflow to process.
An Illustrative Example
An example of online video conferencing toillustrate our approach
Cont..S1) a) The leader of the group requests a Software Service Brokerto find the Voice Communication Service, Video CommunicationService, File Sharing Service and Instant Messaging Service. b)The Software Service Broker discovers the services. c) TheSoftware Service Broker downloads the service instances of thefive software services.S2) a) The Software Service Broker deploys the service instancesto the testing platform of a SSAA. b) The SSAA verifies thesoftware service instances.S3) a) The leader of the group requests an Infrastructure ServiceBroker to find an infrastructure service compatible to the serviceinstances. b) The Infrastructure Service Broker discovers aninfrastructure service.
Cont..S4) A virtual machine is set up in the infrastructure cloud. Theleader of the group deploys the Data Obfuscator on the virtualMachine.S5) a) The service instances are sent to the Infrastructure ServiceBroker. b) The service instances are deployed on the DataObfuscator. The five service instances are composed to aworkflow. The workflow provides all the functionalities foronline conferencing.S6) a) The users of the group send their input data to theworkflow to process. During the processing of the users’ inputdata, the input data is obfuscated. After completing the processing,a service response of the workflow is sent to all the users of thegroup that the processing of their input data has been completed.
ConclusionsHere an approach to protecting users’
confidential data in cloud computing. Our approach is based on three features: (1) separation of software service providers and infrastructure service providers, (2) hiding information about the owner of data and (3) data obfuscation.
References [1] Stephen S. Yau and Ho G, ”Protection of users’ data
confidentiality”from ACM digital library.[2] J. Heiser and M. Nicolett, “Assessing the security risks of
cloud computing,”from ACM digital library. [3] La’Quata Sumter,” Cloud Computing: Security Risk”
from ACM digital library. [4] Gary Anthes,”Security in the Cloud” november 2010 | vol.
53 | no. 11 | communications of the acm 11. [5] S N Dhage, B B Meshram,” Cloud Computing
Environment” International Conference and Workshop on Emerging Trends
in Technology (ICWET 2011) – TCET, Mumbai, India.
Thank youAny Query
?