CLOUD SECURITY (CT-555)

SPRING 2020
MS-IS

1
 COURSE OUTLINE

 Cloud Computing Fundamentals, Cloud Service Models, Cloud

Deployment Models, Cloud Reference Architecture, Cloud
Computing Benefits and Challenges.
 Virtualization Concepts, Virtual Machine Management,
Benefits and Challenges of Virtualization, Hardware support
for Virtualization, Container Technology
 Hypervisors, types of Hypervisors, Architecture of Hypervisors,
 Public Clouds Solutions: Amazon Web Services(AWS),
 Open-source Cloud Computing Solutions: OpenStack,
 Cloud Networking: Software Defined Networking (SDN) and
Network Function Virtualization (NFV),
 Cloud Security Challenges, Cloud security approaches:
encryption, tokenization/obfuscation, cloud security alliance,
standards, cloud security models and related patterns

2
 COURSE OUTLINE

 Virtualization Security, Hypervisor security,

 NIST Cloud Computing Security Reference Architecture
 Cloud Security Alliance (CSA) Model for Cloud Security
 Top Security Challenges to Cloud Computing by CSA
 Network Security in Cloud Computing
 Data Privacy and Trust challenges in Cloud Computing,
 Cloud Data Centre Security,
 Denial of Service attacks in Cloud and their mitigations,
 Identity management in Cloud Computing
 Homomorphic Encryption
 Cryptographic Key Management in Cloud Computing
 Auditing in Cloud,
 Security as a Service Model

3
 BOOKS AND REFERENCE MATERIALS

 There is no text book of the course

 A set of Research Papers and Web resources; Cloud industry
publications, research papers on various topics connected to
lectures
 Reference Book “Cloud Computing Theory and Practice” by
Dan C. Marinescu, 2017 Elsevier Inc.
 Cloud Computing Security: Foundations and Challenges,John
R. Vacca, 2016
 Securing the Cloud: Cloud Computer Security Techniques and
Tactics by Vic (J.R.) Winkle. Springer 2012.
 Security Engineering for Cloud Computing: Approaches and
Tools. By Rosado, David G,2012.

4
LECTURE # 01

5
 TODAY WE WILL COVER

 Cloud Computing Definition

 Cloud Computing Fundamentals
 Cloud Service Models
 Cloud Deployment Models
 Cloud Reference Architecture
 Cloud Computing Benefits and Challenges

9
WHAT IS CLOUD
COMPUTING?

10
 CLOUD COMPUTING DEFINITION

 U.S. National Institute for Standards and Technology

(NIST):

 “Cloud computing is a model for enabling ubiquitous,

convenient, on–demand network access to a shared
pool of configurable computing resources (e.g.
networks, servers, storage, applications and
services) that can be rapidly provisioned and
released with minimal management effort or service
provider interaction”

11
 CLOUD COMPUTING DEFINITION

 In its most Basic Form:

 It is a means of:
▪ outsourced shared-computing where resources
▪ are virtualised, distributed and pooled amongst external data centres
▪ accessed by users through the internet
 (Venters & Whitley 2012)

12
EVOLUTION OF CLOUD COMPUTING

13
 TECHNICAL ORIGINS OF CLOUD
COMPUTING
 Computing as a service and accessing remote and distributed
hardware and software resources over a network is not a new
concept.

 1960's notions of :"computing utilities"

 Gradual development over next forty years, e.g.

 Distributed IT infrastructures in the 80's and 90's
 Application Service Provision (ASPs) in the 90's and 00’s

 However they were all constrained by a lack of computing

power and network bandwidth.

14
 TECHNICAL ORIGINS OF CLOUD
COMPUTING
 Factors conspired at the turn of the millennium to facilitate
Cloud Computing:

 Rise of cheap computing power and network bandwidth

 The rise of large scale computing architectures and enabling

technologies around Grid computing enabling af fordable high
power computing tasks

 Adaptation of these architectures for large data centres of

commodity hardware to ser vice the IT business needs of
organisations such as Google, Amazon and Microsoft

 Commercialization of their computing architectures in ways that

could be sold as the first Cloud Computing services.

15
 WHAT IS CLOUD COMPUTING

 Shared pool of configurable computing resources

 On-demand network access
 Provisioned by the Service Provider

16
DO YOU USE THE CLOUD?

17
CLOUD COMPUTING
FUNDAMENTALS

18
 CLOUD COMPUTING
CHARACTERISTICS
Common Characteristics:

Massive Scale Resilient Computing

Homogeneity Geographic Distribution

Virtualization Service Orientation

Low Cost Software Advanced Security

Essential Characteristics:

On Demand Self-Service
Broad Network Access Rapid Elasticity
Resource Pooling Measured Service
 ESSENTIAL CHARACTERISTICS

 On-demand self-service
▪ A consumer can unilaterally provision computing capabilities, such as
server time and network storage, as needed automatically without
requiring human interaction with each service provider.

 Broad network access

▪ Capabilities are available over the network and accessed through
standard mechanisms that promote use by heterogeneous thin or
thick client platforms (e.g., mobile phones, tablets, laptops, and
workstations).

20
 ESSENTIAL CHARACTERISTICS

 Resource pooling
▪ The provider’s computing resources are pooled to serve multiple
consumers
▪ Resources can be dynamically assigned and reassigned according to
customer demand
▪ Customer generally may not care where the resources are physically
located but should be aware of risks if they are located offshore
 Rapid elasticity
▪ Capabilities can be expanded or released automatically (i.e., more
cpu power, or ability to handle additional users)
▪ To the customer this appears seamless, limitless, and responsive
to their changing requirements

21
 ESSENTIAL CHARACTERISTICS

 Measured service
▪ Customers are charged for the services they use and the amounts
▪ There is a metering concept where customer resource usage can be
monitored, controlled, and reported, providing transparency for
both the provider and consumer of the utilized service

22
 SERVICE MODELS

 Customers may purchase primarily:

▪ Infrastructure as a Service (IaaS)
▪ Platform as a Service (PaaS)
▪ Software as a Service (SaaS)

23
 INFRASTRUCTURE AS A SERVICE (IaaS)

 The capability provided to the consumer is to provision

processing, storage, networks, and other fundamental
computing resources where the consumer is able to deploy
and run arbitrary software, which can include operating
systems and applications.
 The consumer does not manage or control the underlying
cloud infrastructure but has control over operating systems,
storage, and deployed applications;and possibly limited
control of select networking components (e.g., host firewalls).
 IaaS Characteristics
▪ Resources are distributed as a service
▪ Allows for dynamic scaling
▪ Has a variable cost, utility pricing model
▪ Generally includes multiple users on a single piece of hardware

24
 PLATFORM AS A SERVICE (PaaS)

 Platform as-a-Service (PaaS) is a cloud computing model that

provides a platform and environment that allows developers
to build applications and services over the internet.
 In this model, a provider delivers and hosts the hardware and
software tools necessary for application development,
eliminating the need for users to install in-house solutions.
 The PaaS solution is hosted in the cloud and is accessible to
the user through their internet connection and web browser.
 Characteristics of PaaS:
▪ Web based user interface
▪ Services to develop, test, deploy, host and maintain applications
▪ Multi-tenant architecture
▪ Scalability, load balancing and failover

25
 SOFTWARE AS A SERVICE (SaaS)

 The capability provided to the consumer is to use the provider’s

applications running on a cloud infrastructure
 The applications are accessible from various client devices
through either a thin client interface, such as a web browser (e.g.
web-based email), or a program interface.
 The consumer does not manage or control the underlying cloud
infrastructure including network, ser vers, operating systems,
storage, or even individual application capabilities, with the
possible exception of limited user specific application
configuration settings.
 Characteristics of SaaS
▪ Web access to commercial software
▪ Software is managed from a central location
▪ Software delivered in a “one to many” model
▪ Users not required to handle software upgrades and patches
▪ Application Programming Interfaces (APIs) allow for integration between
different pieces of software

26
 OTHER SERVICE MODELS

 Storage as a Service (STaaS)

 Network as a Service (NaaS)
 Firewall as a Service (FaaS)
 Security as a Service (SecaaS)
 UCaaS (Unified Communication as a Service)
 And now,

XaaS (Anything as a Service)

27
 CLOUD SERVICE MODELS
Software as a Platform as a Infrastructure as a
Service (SaaS) Service (PaaS) Service (IaaS)

SalesForce CRM

LotusLive

Google
App
Engine

28
CLOUD SERVICE MODELS

29
 CLOUD DEPLOYMENT MODELS

Public Cloud
Private Cloud
Community Cloud
Hybrid Cloud

30
PUBLIC CLOUD

Services are
delivered to the
client via the
Internet from a third
party service
provider.
 Example:
▪ Amazon Web Service
(AWS)
▪ Rackspace Cloud
31
PRIVATE CLOUD

 Services are managed

and provided within
the organization.
There are less
restriction on network
bandwidth, fewer
security exposures
and other legal
requirements
compared to the
public Cloud
 Example: On-
Premises Cloud
32
COMMUNIT Y CLOUD

 The cloud infrastructure is

shared by several
organizations and supports
a specific community that
has shared concerns (e.g.,
mission, security
requirements, policy, or
compliance considerations).

 Example:The US
Government and NASA
created a community cloud
for all US government
agencies

33
HYBRID CLOUD

 The cloud infrastructure

is a combination of two
or more clouds (private,
community, or public)
that remain unique
entities.

 The different types of

clouds are bound
together by
standardized or
proprietary technology
that enables data and
application portability.
34
SUMMARY OF CLOUD FUNDAMENTALS

35
CLOUD COMPUTING
REFERENCE
ARCHITECTURE

36
NIST CC RA REFERENCE ARCHITECTURE

37
NIST RA – SaaS, PaaS, IaaS

38
CLOUD TAXONOMY

39
 ADVANTAGES OF CLOUD COMPUTING

 Lower computer costs:

▪ You do not need a high-powered and high-priced computer to run
cloud computing's web-based applications
▪ Since applications run in the cloud, not on the desktop PC, your
desktop PC does not need the processing power or hard disk space
demanded by traditional desktop software.
▪ When you are using web-based applications, your PC can be less
expensive, with a smaller hard disk, less memory, more efficient
processor...
▪ In fact, your PC in this scenario does not even need a CD or DVD
drive, as no software programs have to be loaded and no document
files need to be saved.

40
 ADVANTAGES OF CLOUD COMPUTING

 Unlimited storage capacity:

▪ Cloud computing offers virtually limitless storage.
▪ Your computer's current 1 Tbyte hard drive is small compared to the
hundreds of Pbytes available in the cloud
 Increased data reliability:
▪ Unlike desktop computing, in which if a hard disk crashes and
destroy all your valuable data, a computer crashing in the cloud
should not affect the storage of your data.
▪ if your personal computer crashes, all your data is still out there in the
cloud, still accessible
▪ In a world where few individual desktop PC users back up their data
on a regular basis, cloud computing is a data-safe computing
platform!

41
 ADVANTAGES OF CLOUD COMPUTING

 Universal document access:

▪ That is not a problem with cloud computing, because you do not take
your documents with you.
▪ Instead, they stay in the cloud, and you can access them whenever
you have a computer and an Internet connection
▪ Documents are instantly available from wherever you are
 Latest version availability:
▪ When you edit a document at home, that edited version is what you
see when you access the document at work.
▪ The cloud always hosts the latest version of your documents
▪ as long as you are connected, you are not in danger of having an outdated
version

42
 ADVANTAGES OF CLOUD COMPUTING

 Easier group collaboration:

▪ Sharing documents leads directly to better collaboration.
▪ Many users do this as it is an important advantages of cloud
computing
▪ multiple users can collaborate easily on documents and projects
 Device independence.
▪ You are no longer tethered to a single computer or network.
▪ Changes to computers, applications and documents follow you
through the cloud.
▪ Move to a portable device, and your applications and documents are
still available.

43
 ADVANTAGES OF CLOUD COMPUTING

 The use of the cloud provides a number of opportunities:

▪ It enables services to be used without any understanding of their
infrastructure
▪ Cloud computing works using economies of scale:
▪ It potentially lowers the outlay expense for start up companies, as they
would no longer need to buy their own software or servers.
▪ Cost would be by on-demand pricing.
▪ Vendors and Service providers claim costs by establishing an ongoing
revenue stream.
▪ Data and services are stored remotely but accessible from
“anywhere”.

44
 CHALLENGES

 In parallel there has been backlash against cloud computing:

▪ Use of cloud computing means dependence on others and that could
possibly limit flexibility and innovation:
▪ The others are likely become the bigger Internet companies like Google and
IBM, who may monopolize the market.
▪ Some argue that this use of supercomputers is a return to the time of
mainframe computing that the PC was a reaction against.
▪ Security could prove to be a big issue:
▪ It is still unclear how safe out-sourced data is and when using these services
ownership of data is not always clear.
▪ There are also issues relating to policy and access:
▪ If your data is stored abroad whose policy do you adhere to?
▪ What happens if the remote server goes down?
▪ How will you then access files?
▪ There have been cases of users being locked out of accounts and losing
access to data.

45
 CHALLENGES

 Security & Privacy

▪ Is it safe?
▪ For Whom and at what level?
 Regulatory compliance: HIPPA, SOX etc
 Interoperability & Vendor Lock-In
 Lack of control
 Standardization

46
WORLDWIDE PUBLIC CLOUD SERVICE
REVENUE

48
50