defining, securing, and standardizing cloud computing · standardizing cloud computing tim grance...
TRANSCRIPT
![Page 1: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/1.jpg)
Defining, Securing, and
Standardizing Cloud Computing
Tim Grance
NIST, Information Technology Laboratory
22 July 2010
![Page 2: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/2.jpg)
2
Caveats and Disclaimers
• This presentation provides education on
cloud technology and its benefits to set up a
discussion of cloud security
• Looking for feedback on NIST role and ideas
presented
• It is NOT intended to provide official NIST
guidance and NIST does not make policy
• Any mention of a vendor or product is NOT
an endorsement or recommendation
![Page 3: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/3.jpg)
Our Challenge
Technology is not kind. It does not wait. It
does not say please. It slams into existing
systems often destroying them whilst
creating new ones
Joseph Alois Schumpeter
1883-1950
![Page 4: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/4.jpg)
Three Views on “Software”
Trustworthiness
1. Satisfies requirements/specs
2. Satisfies development processes (e.g.,
CMM)
3. Fit for purpose/operation
![Page 5: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/5.jpg)
Cloud Trustworthiness
• Requires confidence in:
– Hardware
– Software
– Bandwidth (communications)
• Only (3) fit for purpose applies to cloud from
the consumer/user standpoint
![Page 6: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/6.jpg)
(3) Fit For Purpose Attributes
Reliable/
accurate
(integrity)
Secure/
private
Timeliness
Trustworthiness
Problem: Intuitive
![Page 7: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/7.jpg)
Lower Attributes
Reliable/
accurateSecure/
private
Timeliness
reliability security performanceavailabilityprivacy
fault tolerance fault tolerance
confidentiality
intrusion tolerancetestability
confidentiality, availability, integrity
Trustworthiness
![Page 8: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/8.jpg)
Two Components
x y
![Page 9: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/9.jpg)
With Attributes
x y
x has the following properties:
(aR, bP, cF, dSa, eSe, fA, gT, hM)
y has the following properties:
(iR, jP, kF, lSa, mSe, nA, oT, pM)
![Page 10: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/10.jpg)
Compose Them:
What Have You Got?
xy
Then F(x o y) will inherit some level of trustworthiness from
the individual components. Is that level of trustworthiness
an integer? Probability? An n-tuple of values? Color coded
(green, red, yellow)?
Key Point: Predictions of future behavior
![Page 11: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/11.jpg)
Key Message for Cloud
• Trustworthiness attributes are only reasonable to talk about within a
system context, i.e., it is not reasonable to talk about them and attempt
to measure them as standalone component properties. Eventual target
environments must be anticipated.
![Page 12: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/12.jpg)
System Context: Operational Environment
Reliable/
accurateSecure/
private
Timeliness
reliability security performanceavailabilityprivacy
fault tolerance fault tolerance
confidentiality
intrusion tolerancetestability
Operational Environment!
t0 t∞Time
![Page 13: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/13.jpg)
t0 t∞
Threat Space
EnvironmentSoftware
System
Time
“attributes”
Policies
Δ
A2
A1
P2
P1
S1
E2E1
T1
S2
V1.1V1.2
![Page 14: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/14.jpg)
QUALITY ASSURANCE AND THE SINKING OF THE LARGEST OFFSHOREOIL PLATFORM
March 2001
![Page 15: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/15.jpg)
For those of you who may
be involved in project cost
control (at whatever level),
![Page 16: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/16.jpg)
please read this quote from a
Petrobras executive,
![Page 17: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/17.jpg)
extolling the benefits of
cutting quality assurance
and inspection costs,
![Page 18: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/18.jpg)
on the project that
was deployed in the
Atlantic Ocean off the
coast of Brazil in
March 2001.
![Page 19: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/19.jpg)
"Petrobras has established new global benchmarks for the generation of exceptional shareholder wealth
![Page 20: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/20.jpg)
through an aggressive and innovative program of cost cutting on its P36 production facility.
![Page 21: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/21.jpg)
Conventional constraints have been successfully challenged
![Page 22: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/22.jpg)
and replaced with new paradigms appropriate to the globalized corporate market place.
![Page 23: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/23.jpg)
Through an integrated network of facilitated workshops,
![Page 24: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/24.jpg)
the project successfully rejected: (1) the established constricting and negative influences of prescriptive engineering,
![Page 25: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/25.jpg)
(2) onerous quality requirements, and (3) outdated concepts of inspection and client control.
![Page 26: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/26.jpg)
Elimination of these unnecessary straitjackets has empowered the project's suppliers and contractors to propose highly economical solutions,
![Page 27: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/27.jpg)
with the win-win bonus of enhanced profitability margins for themselves.
![Page 28: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/28.jpg)
The P36 platform shows the shape of things to come
![Page 29: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/29.jpg)
in the unregulated global market economy of the 21st Century.”
![Page 30: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/30.jpg)
And now you have seen the final result of
this proud achievement by Petrobras.
![Page 31: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/31.jpg)
QUIZ:
1. How many lives were lost to this cost saving effort and
how did this impact the environment, needlessly?
2. Did the person giving this speech or anyone in upper management connected with this decision lose their
job/bonus?
3. How much did Petrobras really save?
4. Does your company feel the same way about QA? If so,
you’d better know how to swim.
![Page 32: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/32.jpg)
32
A Working Definition of Cloud Computing
• Cloud computing is a model for enabling
convenient, on-demand network access to a
shared pool of configurable computing
resources (e.g., networks, servers, storage,
applications, and services) that can be rapidly
provisioned and released with minimal
management effort or service provider
interaction.
• This cloud model promotes availability and is composed
of five essential characteristics, three service models,
and four deployment models.
![Page 33: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/33.jpg)
What is Cloud Computing?
5 Key Characteristics
Broad network access
Resource pooling
anywhere / any device
On-demand self service
renting takes minutes
$
1
2
=conserve resources
Measured Service3
Rapid Elasticity
Jan Feb Mar …… Dec�
� Jan
=$(
(
)
)$rent it in any quantity
4
5
off off on
reduces cost
![Page 34: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/34.jpg)
34
3 Cloud Service Models
• Cloud Software as a Service (SaaS)
– Use provider’s applications over a network
• Cloud Platform as a Service (PaaS)
– Deploy customer-created applications to a cloud
• Cloud Infrastructure as a Service (IaaS)
– Rent processing, storage, network capacity, and other fundamental computing resources
• To be considered “cloud” they must be deployed on top of cloud infrastructure that has the key characteristics
![Page 35: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/35.jpg)
35
4 Cloud Deployment Models
• Private cloud
– enterprise owned or leased
• Community cloud
– shared infrastructure for specific community
• Public cloud
– Sold to the public, mega-scale infrastructure
• Hybrid cloud
– composition of two or more clouds
![Page 36: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/36.jpg)
36
Common Cloud Characteristics
• Cloud computing often leverages:
– Massive scale
– Homogeneity
– Virtualization
– Resilient computing
– Low cost software
– Geographic distribution
– Service orientation
![Page 37: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/37.jpg)
The NIST Cloud Definition Framework
37
CommunityCloud
Private Cloud
Public Cloud
Hybrid Clouds
Deployment
Models
Service
Models
Essential
Characteristics
Common
Characteristics
Software as a
Service (SaaS)
Platform as a
Service (PaaS)
Infrastructure as a
Service (IaaS)
Resource Pooling
Broad Network Access Rapid Elasticity
Measured Service
On Demand Self-Service
Low Cost Software
Virtualization Service Orientation
Advanced Security
Homogeneity
Massive Scale Resilient Computing
Geographic Distribution
![Page 38: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/38.jpg)
What are the issues?
• Security & Privacy
• Network Access
• Interoperability/Portability
• Lifecycle Costs, Architectural Considerations
• Compliance
• Service Level Agreements
• Legal
• Standards
![Page 39: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/39.jpg)
Cloud Standards Vision
• Provide advice to industry and government
for the creation and management of relevant
cloud computing standards allowing all
parties to gain the maximum value from
cloud computing
39
![Page 40: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/40.jpg)
4040
NIST and Standards
• Promote cloud standards:
– Propose roadmaps
– Act as a catalyst
– Promote adoption of cloud standards
– Use cases, reference implementations
![Page 41: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/41.jpg)
41
Cloud Standards Ideas
• Fungible clouds
– (mutual substitution of services)
– Data and customer application portability
– Common interfaces, semantics, programming
models
– Federated security services
– Vendors compete on effective implementations
• Enable and foster value add on services
– Advanced technology
– Vendors compete on innovative capabilities
![Page 42: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/42.jpg)
4242
A proposal:
Standards Roadmap
• We need to define minimal standards
– Enable secure cloud integration, application
portability, and data portability
– Avoid over specification that will inhibit innovation
– Separately addresses different cloud models
![Page 43: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/43.jpg)
43
Towards the Creation of
a Roadmap (I)
• Thoughts on standards:
– Usually more service lock-in as you move up the
SPI stack (IaaS->PaaS->SaaS)
– IaaS is a natural transition point from traditional
enterprise datacenters
• Base service is typically computation, storage, and
networking
– The virtual machine is the best focal point for
fungibility
– Security and data privacy concerns are the two
critical barriers to adopting cloud computing
![Page 44: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/44.jpg)
44
Towards the Creation of
a Roadmap (II)
• Result:
– Focus on an overall IaaS standards roadmap as
a first major deliverable
– Research PaaS and SaaS roadmaps as we
move forward
– Provide visibility, encourage collaboration in
addressing these standards as soon as possible
– Identify common needs for security and data
privacy standards across IaaS, PaaS, SaaS
![Page 45: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/45.jpg)
45
A Roadmap for IaaS
• Needed standards
– VM image distribution (e.g., DMTF OVF)
– VM provisioning and control (e.g., EC2 API)
– Inter-cloud VM exchange (e.g., ??)
– Persistent storage (e.g., Azure Storage, S3, EBS,
GFS, Atmos)
– VM SLAs (e.g., ??) – machine readable
• uptime, resource guarantees, storage redundancy
– Secure VM configuration (e.g., SCAP)
![Page 46: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/46.jpg)
46
A Roadmap for PaaS and SaaS
• More difficult due to proprietary nature
• A future focus for NIST
• Standards for PaaS could specify
– Supported programming languages
– APIs for cloud services
• Standards for SaaS could specify
– SaaS-specific authentication / authorization
– Formats for data import and export (e.g., XML schemas)
– Separate standards may be needed for each application
space
![Page 47: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/47.jpg)
47
Security and Data Privacy Across
IaaS, PaaS, SaaS
• Many existing standards
• Identity and Access Management (IAM)
– IdM federation (SAML, WS-Federation, Liberty ID-FF)
– Strong authentication standards (HOTP, OCRA, TOTP)
– Entitlement management (XACML)
• Data Encryption (at-rest, in-flight), Key Management
– PKI, PKCS, KEYPROV (CT-KIP, DSKPP), EKMI
• Records and Information Management (ISO 15489)
• E-discovery (EDRM)
![Page 48: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/48.jpg)
48
Security Relevant Cloud
Components
• Cloud Provisioning Services
• Cloud Data Storage Services
• Cloud Processing Infrastructure
• Cloud Support Services
• Cloud Network and Perimeter Security
• Identity Management, Crypto/Key
Management, Compliance, etc
• Elastic Elements: Storage, Processing, and
Virtual Networks
![Page 49: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/49.jpg)
49
Analyzing Cloud Security
• Some key issues:
– trust, multi-tenancy, encryption, compliance
• Clouds are massively complex systems can
be reduced to simple primitives that are
replicated thousands of times and common functional units
• Cloud security is a tractable problem
– There are both advantages and challenges
Former Intel CEO, Andy Grove: “only the paranoid survive”
![Page 50: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/50.jpg)
50
General Security Advantages
• Shifting public data to a external cloud
reduces the exposure of the internal
sensitive data
• Cloud homogeneity makes security
auditing/testing simpler
• Clouds enable automated security
management
• Redundancy / Disaster Recovery
![Page 51: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/51.jpg)
51
General Security Challenges
• Trusting vendor’s security model
• Customer inability to respond to audit findings
• Obtaining support for investigations
• Indirect administrator accountability
• Proprietary implementations can’t be examined
• Loss of physical control
![Page 52: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/52.jpg)
52
Security Relevant Cloud
Components
• Cloud Provisioning Services
• Cloud Data Storage Services
• Cloud Processing Infrastructure
• Cloud Support Services
• Cloud Network and Perimeter Security
• Elastic Elements: Storage, Processing, and
Virtual Networks
![Page 53: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/53.jpg)
53
Provisioning Service
• Advantages
– Rapid reconstitution of services
– Enables availability
• Provision in multiple data centers / multiple instances
– Advanced honey net capabilities
• Challenges
– Impact of compromising the provisioning service
![Page 54: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/54.jpg)
54
Data Storage Services
• Advantages
– Data fragmentation and dispersal
– Automated replication
– Provision of data zones (e.g., by country)
– Encryption at rest and in transit
– Automated data retention
• Challenges
– Isolation management / data multi-tenancy
– Storage controller
• Single point of failure / compromise?
– Exposure of data to foreign governments
![Page 55: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/55.jpg)
55
Cloud Processing Infrastructure
• Advantages
– Ability to secure masters and push out secure
images
• Challenges
– Application multi-tenancy
– Reliance on hypervisors
– Process isolation / Application sandboxes
![Page 56: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/56.jpg)
56
Cloud Support Services
• Advantages
– On demand security controls (e.g.,
authentication, logging, firewalls…)
• Challenges
– Additional risk when integrated with customer
applications
– Needs certification and accreditation as a
separate application
– Code updates
![Page 57: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/57.jpg)
57
Additional Issues
• Issues with moving PII and sensitive data to the cloud
– Privacy impact assessments
• Using SLAs to obtain cloud security
– Suggested requirements for cloud SLAs
– Issues with cloud forensics
• Contingency planning and disaster recovery for cloud implementations
• Handling compliance
– FISMA
– HIPAA
– SOX
– PCI
– SAS 70 Audits
![Page 58: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/58.jpg)
58
Secure Migration Paths
for Cloud Computing
![Page 59: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/59.jpg)
59
The ‘Why’ and ‘How’ of Cloud Migration
• There are many benefits that explain
why to migrate to clouds
– Cost savings, power savings, green
savings, increased agility in software
deployment
• Cloud security issues may drive and
define how we adopt and deploy
cloud computing solutions
![Page 60: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/60.jpg)
60
Balancing Threat Exposure and
Cost Effectiveness
• Private clouds may have less threat exposure than community clouds which
have less threat exposure than public clouds.
• Massive public clouds may be more cost effective than large community clouds which
may be more cost effective than small private
clouds.
• Doesn’t strong security controls mean that I can adopt the most cost effective approach?
![Page 61: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/61.jpg)
61
Cloud Migration and Cloud Security
Architectures
• Clouds typically have a single security architecture
but have many customers with different demands
– Clouds should attempt to provide configurable security
mechanisms
• Organizations have more control over the security
architecture of private clouds followed by
community and then public
– This doesn’t say anything about actual security
• Higher sensitivity data is likely to be processed on
clouds where organizations have control over the
security model
![Page 62: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/62.jpg)
62
Putting it Together
• Most clouds will require very strong security
controls
• All models of cloud may be used for differing
tradeoffs between threat exposure and
efficiency
• There is no one “cloud”. There are many
models and architectures.
• How does one choose?
![Page 63: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/63.jpg)
63
Migration Paths for
Cloud Adoption
• Use public clouds
• Develop private clouds
– Build a private cloud
– Procure an outsourced private cloud
– Migrate data centers to be private clouds (fully virtualized)
• Build or procure community clouds
– Organization wide SaaS
– PaaS and IaaS
– Disaster recovery for private clouds
• Use hybrid-cloud technology
– Workload portability between clouds
![Page 64: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/64.jpg)
64
Possible Effects of
Cloud Computing
• Small enterprises use public SaaS and public
clouds and minimize growth of data centers
• Large enterprise data centers may evolve to act as
private clouds
• Large enterprises may use hybrid cloud
infrastructure software to leverage both internal and
public clouds
• Public clouds may adopt standards in order to run
workloads from competing hybrid cloud
infrastructures
![Page 65: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/65.jpg)
Use CasesUse Case: a description of how groups of users and their resources may
interact with one or more systems to achieve specific goals.
Goal
Step 1
Step 2
…
Step a
Step b
…
Step I
Step j
…OR OR . . .
abstract
use case
add concrete details
case study
65
![Page 66: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/66.jpg)
Use CasesUse Case: a description of how groups of users and their resources may
interact with one or more cloud computing systems to achieve specific goals.
Goal
Step 1
Step 2
…
Step a
Step b
…
Step I
Step j
…OR OR . . .
abstract
use case
add concrete details
case study
Example:
Parent
Student
Bank
$$
66
![Page 67: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/67.jpg)
• transfer data in
• transfer data out
• backup to cloud7
• restore from cloud7
• archive/preservation
to cloud7
• SLA comparison
• info discovery7
• user Acct mgmt
• compliance4
• special security4
• inter-cloud data transfer
• multi-hop data transfer
• storage peering7
• backup between clouds7
• cloud broker4
• cloud burst
• VM migration
• dynamic dispatch5
• fault-tolerant group
• alloc/start/stop…1
• queueing1
•horizontal
scaling of
data/processing
• services
• sharing access
• access by name
• access by pattern
• strong erase
• cloud drive7
- synchronization
Preliminary Use Case Taxonomy for a
Public Cloud (focus on IaaS)
File/Object SystemLike
Job Control &Programming
Cloud-2-Cloud Admin Data Management
Portability Interoperability Security
Note: these use cases are preliminary.
Credits: SNIA [7], aws.amazon.com [1], DMTF [4], libcloud [5], May 11 Use Case Workshop, Gaithersburg MD (first of a sequence).
67
![Page 68: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/68.jpg)
File/Object System LikeSharing access ProviderCustomer
12 other Customers
Users
data
data
grant-cmd
Access by name ProviderCustomer
data
read /foo/bar Compatible modes: read, write, append, truncate, chown, chmod, chgrp, …
Access by pattern ProviderCustomer
matching records
query “pattern”Specifying patterns, records.Access control?
Strong erase ProviderCustomer erase-cmd Getting confidence?Zero out, multi-pass?DoD 5220-22?“ok!”
Cloud Drive ProviderCustomer Looks like a local diskSynchronization?Security defaults?like NFS, AFS
credit: SNIA [7]
68
![Page 69: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/69.jpg)
Job Control and Programming
Alloc/start/stopallocate
Configure
Internal
resources
Configure
External
Resources
Manage
Instances:
run, restart, terminate…deallocate
compatibility, portability…
compatibility,portability…upstream workers downstream workers
Queue services
. . .
(thread synchronization
in the large)
Services
“services”
like ordinaryhosting, butwith morescale, lesslocationawareness.
credit: aws.amazon.com [1]
credit: aws.amazon.com [1]
69
![Page 70: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/70.jpg)
Cloud-2-Cloud
Inter-clouddata transfer
Provider 1
Customer
Data Object
Network Scenario
Provider 2
request request
Provider 1
Customer
Physical Scenario
Provider 2
request request
Physical DataContainer
protection of data in transitverification of data receivedcoherent namingcompatible cryptocompatible access control metadata, ownership
some issues:
Multi-hopinter-clouddata transfer
Provider 1
Customer
Data Object
Network Scenario
Provider 2
request request
Provider 1
Customer
Physical Scenario
Provider 2
request request
Physical DataContainer
same issues, and in addition: after round trip, data is still as useful
70
![Page 71: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/71.jpg)
Cloud-2-Cloud (2)
Storagepeering
Provider 1
Customer
Provider 2other
client data
need common policies for naming of data objects, access control, snapshot/cloning, etc.
credit: SNIA [7]
someclient data
commonpolicies
Backup/restorebetweenclouds
Provider 1
Customer
Provider 2backup
data
common archivalformat, procedures,data protection intransit, verification,key management, …
credit: SNIA [7]
client working data
backup
restore
(an example of multi-hop)
Cloud broker Provider 1
Customer
Provider 2broker could providea simple or stableinterface to customers,even when providerschange or have diverse APIs.
credit: DMTF [4]
broker
(resources) (resources)
(no resources)
71
![Page 72: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/72.jpg)
Cloud-2-Cloud (3)Cloud Burst
Provider Customer Datacenter
need common policies for naming of data objects, access control, snapshot/cloning, etc.
1 vm1 vmNvm2 ...
Provider Customer Datacenter
vm1 vmNvm2 ...
Provider Customer Datacenter
vm1 vmNvm2 ...
2
3
vmN+1 vmN+2 vmN+M
VM migration(suspend-resume orlive)
Provider 1
Customer
dynamic configof networks,VM formats (e.g., OVF [6]),hypervisordiversity…
vm1 vmNvm2 ...Provider 2
vmNvm2 ...
72
![Page 73: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/73.jpg)
Cloud-2-Cloud (4)
Fault-tolerantgroup
Customer
cloudaccesslibrary
API 1API 2…API N
API
wrappers for clouds(e.g., libCloud)
transactions
replicationconcurrency controlnestingACID propertiesbyzantine?other…
standardized fault tolerance protocols,QOS requirements,etc.
Dynamic dispatchCustomer
credit: libCloud [5]
73
![Page 74: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/74.jpg)
Admin
SLAcomparison
Customer
. . .
SLA 1
SLA 2
SLA 3
?
Cloud ProviderPromises
availability
remedies for failure to perform
data preservation
legal care of customer info
Limitations
scheduled outages
force majeure events
changes to the SLA
security
service API changes
User Promises
acceptable use policies
provided software
on-time payment
An SLA Template?
perhaps as a prelude to more detailed terms that extend but do not contradict?
Info Discovery A search service that retrieves documents
subpoenaed for court.
who gets notified?who bears costs?timeliness?
User AcctMgmt
A cloud customer may have his/her own
customers, and a provider sometimes provides
SaaS-style customer management services.
How to prevent “jar’ing” of customer-customers when providers change?
credit: SNIA [7]
74
![Page 75: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/75.jpg)
Admin (2)
Compliance Providers sometimes assert compliance with
(HIPPA, PCI, Sarbanes-Oxley, FISMA)
requirements.
how can customers tell?
SpecialSecurity
E.g., a “mono-tenancy” requirement for a
customer’s workloads.
how can customers specifyand tell?
credit: DMTF [4]
credit: DMTF [4]
75
![Page 76: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/76.jpg)
Data Management
• transfer data in
• transfer data out
• backup to cloud
• restore from cloud
• archive/preservation
to cloud
Provider
Customer
Data Object
Provider
Customer
Physical Data Container
Network Scenario Physical Scenario
protection in transit;verification of correct data received;correct naming;initialization of access rules;…
76
![Page 77: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/77.jpg)
77
Questions?
• Tim Grance, Peter Mell, Lee Badger, Jeff
Voas, Chandramouli, and Karygiannis
• NIST, Information Technology Laboratory
• Computer Security Division
![Page 78: Defining, Securing, and Standardizing Cloud Computing · Standardizing Cloud Computing Tim Grance NIST, Information Technology Laboratory 22 July 2010. 2 Caveats and Disclaimers •This](https://reader035.vdocuments.us/reader035/viewer/2022062507/5fc06c7921c6ec16d124d19b/html5/thumbnails/78.jpg)
References
[7] “Cloud Storage Use Cases”, Storage Network Industry Association, Version 0.5 rev 0, June 8, 2009.
[6] “Open Virtualization Format Specification”, DMTF Document Number DSP0243, Version 1.0, Feb. 22, 2009.
[8] “Starting Amazon EC2 with Mac OS X”. Robert Sosinski. http://www.robertsosinski.com/2008/01/26
/starting-amazon-ec2-with-mac-os-x/
[1] Amazon Web Services, aws.amazon.com.
[4] “Interoperable Clouds, A White Paper from the Open Cloud Standards Incubator”, Distributed Management
Task Force, Version 1.0, DMTF Informational, Nov. 11, 2009, DSP-IS0101
[3] IDC Enterprise Panel, August 2008 n=244
[2] “Eucalyptus: A Technical Report on an Elastic Utility Computing Architecture Linking Your Programs to
Useful Systems”, UCSB Computer Science Technical Report Number 2008-10.
[10] “Ubuntu Enterprise Cloud Architecture”, S. Wardley, E. Goyer and N. Barcet, Technical White Paper, 2009,
www.canonical.com
[9] “The Eucalyptus Open-source Cloud-computing System”, D. Nurmi, R. Wolski, C. Grzegorcyk, G. Obertelli,
S. Soman, L. Youseff, D. Zagorodnov, in Proceedings of Cloud Computing and Its Applications, Oct. 2008.
[5] libcloud, http://incubator.apache.org/libcloud/
78