ragib hasan johns hopkins university en.600.412 spring 2011 lecture 8 04/11/2011 security and...
TRANSCRIPT
Ragib HasanJohns Hopkins Universityen.600.412 Spring 2011
Lecture 804/11/2011
Security and Privacy in Cloud Computing
en.600.412 Spring 2011 Lecture 9 | JHU | Ragib Hasan
Cloud Network Security
Goal: Examine techniques for securing cloud networking
Review Assignment #8: (Due 4/18)Challenges for Cloud Network Security, HP Labs tech Report, 2010.
4/11/2011
en.600.412 Spring 2011 Lecture 9 | JHU | Ragib Hasan
Recap: Airavat (Cloud Privacy)
• Strengths?
• Weaknesses?
• Ideas?
4/11/2011
en.600.412 Spring 2011 Lecture 9 | JHU | Ragib Hasan
Today’s talk
• Will discuss a position paper (not an implementation or systems description paper)
• Will introduce the notion of cloud networking as a service, and its security implications– We will discuss what will be the issues in such a
model
4/11/2011
en.600.412 Spring 2011 Lecture 9 | JHU | Ragib Hasan
For your review
Instead of writing pros and cons of the paper, write the following:– Why security is a problem in cloud networking? (a
brief paragraph) – 3 or more challenges in cloud network security– 3 or more techniques that may be used to secure
cloud networks
4/11/2011
en.600.412 Spring 2011 Lecture 9 | JHU | Ragib Hasan
Cloud Networking
Cloud computing requires – More performance from existing networks (bandwidth,
quality, availability)– More flexibility
Most of existing work on cloud focuses on single data centers and providers– But clouds can also be distributed (across different
locations for same provider, or across different providers)
4/11/2011
en.600.412 Spring 2011 Lecture 9 | JHU | Ragib Hasan
Cloud Networking
Cloud Networking involves– Ability to swiftly reconfigure networks according to
client requirement (Network as a Service or NaaS)– Runs on top of intranet and the Internet– Uses network virtualization to connect clouds and
users
4/11/2011
en.600.412 Spring 2011 Lecture 9 | JHU | Ragib Hasan
Cloud Networking
• Cloud networking extends network virtualization beyond the data centre to bring two new aspects to cloud computing:– the ability to connect the user to services in the
cloud and – the ability to interconnect services that are
geographically distributed across cloud infrastructures
4/11/2011
en.600.412 Spring 2011 Lecture 9 | JHU | Ragib Hasan
SAIL project from HP / EU
• Major European Union and HP project• Goal is to – develop networking functions for applications
with highly variable demands, – integrating these functions with computing and
storage – along with the necessary tools for management
and security.
4/11/2011
en.600.412 Spring 2011 Lecture 9 | JHU | Ragib Hasan
Threat Model
Attacker:– External or Internal– Internal attacker can be disgruntled employee, or
even hardware/software manufacturers embedding a trapdoor in code/firmware
Threats– All traditional threats on networks (eavesdropping,
DoS, Man-in-the-middle etc.)– Legal attacks (e.g., network crosses legal borders)
4/11/2011
en.600.412 Spring 2011 Lecture 9 | JHU | Ragib Hasan
Secure cloud Networking: Challenges
• Users view network as a private one, but it is built on top of public infrastructures
• How to implement security?– Component based: Virtual components
themselves manage security– Infrastructure based: Network manages security
4/11/2011
en.600.412 Spring 2011 Lecture 9 | JHU | Ragib Hasan
Secure Cloud Networking: Challenges
Integrity– How to ensure routing security (integrity and
availability of routing information)
4/11/2011
en.600.412 Spring 2011 Lecture 9 | JHU | Ragib Hasan
Secure Cloud Networking: challenges
• How the virtual network provider guarantees a certain network capacity to a customer,
• How the access to this virtual network is controlled, and
• How the virtual network usage is accounted for (metering)
4/11/2011
en.600.412 Spring 2011 Lecture 9 | JHU | Ragib Hasan
Further reading
4/11/2011
SAIL Project: http://www.sail-project.eu