Beruflich Dokumente
Kultur Dokumente
Dr. Zahid Anwar Trusted Computing MS-CCS-3 Credits: 3 0 Spring 2011 Dr. Zahid Anwar
Tremendous Buzz
Not only is it faster and more flexible, it is cheaper. [] the emergence of cloud models radically alters the cost benefit decision
(FT Mar 6, 2009)
Economic downturn, the appeal of that cost advantage will be greatly magnified"
(IDC, 2008)
Revolution, the biggest upheaval since the invention of the PC in the 1970s [] IT departments will have little left to do once the bulk of business computing shifts [] into the cloud
(Nicholas Carr, 2008)
The economics are compelling, with business applications made three to five times cheaper and
Why it failed?
Ahead of time lack of communication tech.
(In other words, there was NO (public) Internet)
10
Solution: Throw in virtualization technology, and sell the excess computing power And thus, Cloud Computing was born
11
For providers:
Increased utilization of datacenter resources
12
Delivery Models
Software as a Service (SaaS)
Use providers applications over a network SalesForce.com
13
15
Amazon EC2 Clients can rent virtualized hardware, can control the software stack on the rented machines
Microsoft Azure Clients can choose languages, but cant change the operating system or runtime
16
17
[Chow09ccsw]
18
Anatomy of fear
Confidentiality
Will the sensitive data stored on a cloud remain confidential? Will cloud compromises leak confidential client data (i.e., fear of loss of control over data) Will the cloud provider itself be honest and wont peek into the data?
19
Anatomy of fear
Integrity
How do I know that the cloud provider is doing the computations correctly? How do I ensure that the cloud provider really stored my data without tampering with it?
20
Anatomy of fear
Availability
Will critical systems go down at the client, if the provider is attacked in a Denial of Service attack? What happens if cloud provider goes out of business?
21
Anatomy of fear
Privacy issues raised via massive data mining
Cloud now stores data from a lot of clients, and can run data mining algorithms to get large amounts of information on clients
22
Anatomy of fear
Increased attack surface
Entity outside the organization now stores and computes data, and so Attackers can now target the communication link between cloud provider and client Cloud provider employees can be phished
23
Anatomy of fear
Auditability and forensics
Difficult to audit data held outside organization in a cloud Forensics also made difficult since now clients dont maintain data locally
24
Anatomy of fear
Legal quagmire and transitive trust issues
Who is responsible for complying with regulations (e.g., SOX, HIPAA, GLBA)? If cloud provider subcontracts to third party clouds, will the data still be secure?
25
26
Attackers
27
Outsider?
Intruders Network attackers?
28
At cloud provider
Log client communication
29
30
Why not?
Cheaper to be honest?
Why? (again)
Third party clouds?
31
32
What we need is to
Adapt well known techniques for resolving some cloud security issues Perform new research and innovate to make clouds secure
34
Final quote
[Cloud Computing] is a security nightmare and it can't be handled in traditional ways.
35
Whats in a name?
Elastic Utility Computing Architecture Linking Your Programs To Useful Systems Web services based implementation of elastic/utility/cloud computing infrastructure Linux image hosting ala Amazon How do we know if it is a cloud? Try and emulate an existing cloud: Amazon AWS Functions as a software overlay Existing installation should not be violated (too much) Focus on installation and maintenance System Administrators are people too.
Architecture
Client-side Interface (via network)
Cloud Controller
Cluster Controller
Database
Further Reading
Armbrust et al., Above the Clouds: A Berkeley View of Cloud Computing, UC Berkeley Tech Report UCB/EECS-2009-28, February 2009. Chow et al., Cloud Computing: Outsourcing Computation without Outsourcing Control, 1st ACM Cloud Computing Security Workshop, November 2009.
39