SlideShare une entreprise Scribd logo

Cloud security test

S
Skillahead Navriti

Sample ppt

FormationTechnologieActualités & Politique
1  sur  39
Cloud Computing Security Ohio Information Security Forum July 16th, 2011 James Walden, Ph.D. Northern Kentucky University
Ohio Information Security Forum 2 Topics 1. What is Cloud Computing? 2. The Same Old Security Problems 3. Virtualization Security 4. New Security Issues and Threat Model 5. Data Security
Ohio Information Security Forum What is Cloud Computing?
Ohio Information Security Forum What is Cloud Computing? ―Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.‖ NIST definition of Cloud Computing 4
Ohio Information Security Forum Cloud Service Architectures as Layers 5
Ohio Information Security Forum Cloud Service Models Abstraction Layers 6
Ohio Information Security Forum Multi-Tenancy 7
Ohio Information Security Forum Cloud Deployment Architectures 8
Ohio Information Security Forum Same Old Security Issues Data Loss Downtimes Phishing Password Cracking Botnets and Other Malware
Ohio Information Security Forum Data Loss "Regrettably, based on Microsoft/Danger's latest recovery assessment of their systems, we must now inform you that personal information stored on your device—such as contacts, calendar entries, to-do lists or photos—that is no longer on your Sidekick almost certainly has been lost as a result of a server failure at Microsoft/Danger." 10
Ohio Information Security Forum Downtimes 11
Ohio Information Security Forum Phishing ―hey! check out this funny blog about you...‖ 12
Ohio Information Security Forum Password Cracking 13
Ohio Information Security Forum Botnets and Malware 14
Ohio Information Security Forum Virtualization Security 15 Features Isolation Snapshots Issues State Restore Complexity Scaling Transience Data Lifetime
Ohio Information Security Forum Virtualization Security Features: Isolation Using a VM for each application provides isolation More than running 2 apps on same server. Less than running on 2 physical servers 16
Ohio Information Security Forum Virtualization Security Features: Snapshot VMs can record state. In event of security incident, revert VM back to an uncompromised state. Must be sure to patch VM to avoid recurrence of compromise. 17
Ohio Information Security Forum State Restore VMs can be restored to an infected or vulnerable state using snapshots. Patching becomes undone. Worms persist at low level forever due to reappearance of infected and vulnerable VMs. 18
Ohio Information Security Forum Complexity Hypervisor may be simple or not, but It is often another layer on top of host OS, adding complexity and vulnerabilities. 19
Ohio Information Security Forum Hypervisor Security 20 Vulnerability consequences Guest code execution with privilege VM Escape (Host code execution) Vendor CVEs KVM 32 QEMU 23 VirtualBox 9 VMware 126 Xen 86 Xen CVE-2008-1943 VBox CVE-2010-3583
Ohio Information Security Forum Inter-VM Attacks Attack via shared clipboard http://www.securiteam.com/securitynews/5GP021FKKO.html Use shared folder to alter other VM’s disk image CVE-2007-1744 21
Ohio Information Security Forum Scaling Growth in physical machines limited by budget and setup time. Adding a VM is easy as copying a file, leading to explosive growth in VMs. Rapid scaling can exceed capacity of organization’s security systems. 22
Ohio Information Security Forum Transience Users often have specialized VMs. Testing Different app versions Demos Sandbox that are not always up, preventing network from converging to a known state. Infected machines appear, attack, then disappear from the network before can be detected. Vulnerable systems likewise appear too briefly to be detected and patched. 23
Ohio Information Security Forum Data Lifetime Although data was correctly sanitized from VM disk and/or memory, snapshots can retain multiple copies of both VM memory and disk data. 24
Ohio Information Security Forum New Security Issues Accountability No Security Perimeter Larger Attack Surface New Side Channels Lack of Auditability Regulatory Compliance Data Security
Ohio Information Security Forum Accountability 26
Ohio Information Security Forum No Security Perimeter Little control over physical or network location of cloud instance VMs Network access must be controlled on a host by host basis. 27
Ohio Information Security Forum Larger Attack Surface 28 Cloud Provider Your Network
Ohio Information Security Forum New Side Channels You don’t know whose VMs are sharing the physical machine with you. Attackers can place their VMs on your machine. See ―Hey, You, Get Off of My Cloud‖ paper for how. Shared physical resources include CPU data cache: Bernstein 2005 CPU branch prediction: Onur Aciiçmez 2007 CPU instruction cache: Onur Aciiçmez 2007 In single OS environment, people can extract cryptographic keys with these attacks. 29
Ohio Information Security Forum Lack of Auditability Only cloud provider has access to full network traffic, hypervisor logs, physical machine data. Need mutual auditability Ability of cloud provider to audit potentially malicious or infected client VMs. Ability of cloud customer to audit cloud provider environment. 30
Ohio Information Security Forum Regulatory Compliance 31
Ohio Information Security Forum Certifications 32
Ohio Information Security Forum Data Security Data in Transit Data at Rest Data in Processing Data Remanence Homomorphic Encryption
Ohio Information Security Forum Data Security Symmetric Encryption Homomorphic Encryption SSL MAC Homomorphic Encryption SSL Redundancy Redundancy Redundancy 34 Confidentiality Availability Integrity Storage Processing Transmission Plus data remanence.
Ohio Information Security Forum Public Key Cryptography 35
Ohio Information Security Forum Homomorphic Public-key Encryption Public-key Crypto with additional procedure: Eval c*  Evalpk( , c1,…,cn) a Boolean circuit with ADD, MULT mod 2 Encryption of inputs m1,…,mn toEncryption of output value m*= (m1,…,mn) Homomorphic encryption slides borrowed from people.csail.mit.edu/shaih/pubs/IHE-S-and-P-day.ppt 36
Ohio Information Security Forum An Analogy: Alice’s Jewelry Store Alice’s workers need to assemble raw materials into jewelry But Alice is worried about theft How can the workers process the raw materials without having access to them? 37
Ohio Information Security Forum An Analogy: Alice’s Jewelry Store Alice puts materials in locked glove box For which only she has the key Workers assemble jewelry in the box Alice unlocks box to get ―results‖ 38
Ohio Information Security Forum References 1. Yanpei Chen, Vern Paxson and Randy H. Katz, ―What’s New About Cloud Computing Security?‖ Technical Report No. UCB/EECS-2010-5, http://www.eecs.berkeley.edu/Pubs/TechRpts/2010/EECS-2010-5.html, Jan. 20, 2010. 2. Tal Garfinkel and Mendel Rosenblum. ―When virtual is harder than real: security challenges in virtual machine based computing environments.‖ In Proceedings of the 10th conference on Hot Topics in Operating Systems - Volume 10 (HOTOS'05), Vol. 10. USENIX Association. 3. Craig Gentry. ―Computing arbitrary functions of encrypted data.‖ In Commun. ACM 53, 3 (March 2010), 97-105. DOI=10.1145/1666420.1666444 4. Doug Hyde. ―A Survey on the Security of Virtual Machines.‖ http://www1.cse.wustl.edu/~jain/cse571-09/ftp/vmsec/index.html, 2007. 5. Tim Mather, Subra Kumaraswamy, and Shahed Latif, Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance, O’Reilly Media, 2009. 6. T. Ristenpart, E. Tromer, H. Shacham, and S. Savage. ―Hey, You, Get Off of My Cloud! Exploring Information Leakage in Third-Party Compute Clouds.” In S. Jha and A. Keromytis, eds., Proceedings of CCS 2009, pages 199–212. ACM Press, Nov. 2009. 7. NIST, DRAFT A Definition of Cloud Computing, http://csrc.nist.gov/publications/drafts/800- 145/Draft-SP-800-145_cloud-definition.pdf, January 28, 2011. 8. NIST, DRAFT Guidelines on Security and Privacy in Public Cloud Computing, http://csrc.nist.gov/publications/drafts/800-144/Draft-SP-800-144_cloud-computing.pdf, January 28, 2011. 39

Recommandé

Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAli Habeeb
 
Cybersecurity for Control Systems: Current State and Future Vision pt.1
Cybersecurity for Control Systems: Current State and Future Vision pt.1Cybersecurity for Control Systems: Current State and Future Vision pt.1
Cybersecurity for Control Systems: Current State and Future Vision pt.1EnergySec
 
Computer security aspects in
Computer security aspects inComputer security aspects in
Computer security aspects inVishnu Suresh
 
PCI DSS & Virtualization
PCI DSS & Virtualization PCI DSS & Virtualization
PCI DSS & VirtualizationTobyRobinson13
 
thesis sample
thesis samplethesis sample
thesis sampleVinayak Wadhwa
 
Iaona handbook for network security - draft rfc 0.4
Iaona handbook for network security - draft rfc 0.4Iaona handbook for network security - draft rfc 0.4
Iaona handbook for network security - draft rfc 0.4Ivan Carmona
 
Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2Byres Security Inc.
 
CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2David Spinks
 

Recommandé

Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAli Habeeb
 
Cybersecurity for Control Systems: Current State and Future Vision pt.1
Cybersecurity for Control Systems: Current State and Future Vision pt.1Cybersecurity for Control Systems: Current State and Future Vision pt.1
Cybersecurity for Control Systems: Current State and Future Vision pt.1EnergySec
 
Computer security aspects in
Computer security aspects inComputer security aspects in
Computer security aspects inVishnu Suresh
 
PCI DSS & Virtualization
PCI DSS & Virtualization PCI DSS & Virtualization
PCI DSS & VirtualizationTobyRobinson13
 
thesis sample
thesis samplethesis sample
thesis sampleVinayak Wadhwa
 
Iaona handbook for network security - draft rfc 0.4
Iaona handbook for network security - draft rfc 0.4Iaona handbook for network security - draft rfc 0.4
Iaona handbook for network security - draft rfc 0.4Ivan Carmona
 
Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2Byres Security Inc.
 
CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2David Spinks
 
Firewall final (fire wall)
Firewall final (fire wall)Firewall final (fire wall)
Firewall final (fire wall)JIEMS Akkalkuwa
 
Cloud security
Cloud securityCloud security
Cloud securityPedro Alexander Romero Tortosa
 
85320337 networking-case-study
85320337 networking-case-study85320337 networking-case-study
85320337 networking-case-studyhomeworkping3
 
Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Mukesh Chinta
 
SECURE MEDIA EXCHANGE (SMX) HONEYWELL INDUSTRIAL CYBER SECURITY
SECURE MEDIA EXCHANGE (SMX) HONEYWELL INDUSTRIAL CYBER SECURITYSECURE MEDIA EXCHANGE (SMX) HONEYWELL INDUSTRIAL CYBER SECURITY
SECURE MEDIA EXCHANGE (SMX) HONEYWELL INDUSTRIAL CYBER SECURITYRisman Hatibi
 
Sfa community of practice a natural way of building
Sfa community of practice a natural way of buildingSfa community of practice a natural way of building
Sfa community of practice a natural way of buildingCharles "Chuck" Speicher Jr.
 
Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...IAEME Publication
 
International journal of computer science and innovation vol 2015-n2-paper4
International journal of computer science and innovation vol 2015-n2-paper4International journal of computer science and innovation vol 2015-n2-paper4
International journal of computer science and innovation vol 2015-n2-paper4sophiabelthome
 
Top 5 Cloud Security Threats in Healthcare
Top 5 Cloud Security Threats in HealthcareTop 5 Cloud Security Threats in Healthcare
Top 5 Cloud Security Threats in HealthcareBitglass
 
Stuxnet
StuxnetStuxnet
Stuxnetbueno buono good
 
I Heart Stuxnet
I Heart StuxnetI Heart Stuxnet
I Heart StuxnetGil Megidish
 
Virtualization security for the cloud computing technology
Virtualization security for the cloud computing technologyVirtualization security for the cloud computing technology
Virtualization security for the cloud computing technologyDeep Ranjan Deb
 
Stuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackStuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackAjinkya Nikam
 
Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2LinkedIn
 
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...PaaSword EU Project
 
Datasheet_Embedded_Security_Shield
Datasheet_Embedded_Security_ShieldDatasheet_Embedded_Security_Shield
Datasheet_Embedded_Security_ShieldDavid Cozens
 
Cscu module 01 foundations of security
Cscu module 01 foundations of securityCscu module 01 foundations of security
Cscu module 01 foundations of securitySejahtera Affif
 
Cyber security and cyber law
Cyber security and cyber lawCyber security and cyber law
Cyber security and cyber lawDivyank Jindal
 
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101Priyanka Aash
 
ITE - Chapter 10
ITE - Chapter 10ITE - Chapter 10
ITE - Chapter 10Irsandi Hasan
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityRashmi Agale
 
Virtualization Security
Virtualization SecurityVirtualization Security
Virtualization Securitysyrinxtech
 

Contenu connexe

Tendances

Firewall final (fire wall)
Firewall final (fire wall)Firewall final (fire wall)
Firewall final (fire wall)JIEMS Akkalkuwa
 
85320337 networking-case-study
85320337 networking-case-study85320337 networking-case-study
85320337 networking-case-studyhomeworkping3
 
Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Mukesh Chinta
 
SECURE MEDIA EXCHANGE (SMX) HONEYWELL INDUSTRIAL CYBER SECURITY
SECURE MEDIA EXCHANGE (SMX) HONEYWELL INDUSTRIAL CYBER SECURITYSECURE MEDIA EXCHANGE (SMX) HONEYWELL INDUSTRIAL CYBER SECURITY
SECURE MEDIA EXCHANGE (SMX) HONEYWELL INDUSTRIAL CYBER SECURITYRisman Hatibi
 
Sfa community of practice a natural way of building
Sfa community of practice a natural way of buildingSfa community of practice a natural way of building
Sfa community of practice a natural way of buildingCharles "Chuck" Speicher Jr.
 
Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...IAEME Publication
 
International journal of computer science and innovation vol 2015-n2-paper4
International journal of computer science and innovation vol 2015-n2-paper4International journal of computer science and innovation vol 2015-n2-paper4
International journal of computer science and innovation vol 2015-n2-paper4sophiabelthome
 
Top 5 Cloud Security Threats in Healthcare
Top 5 Cloud Security Threats in HealthcareTop 5 Cloud Security Threats in Healthcare
Top 5 Cloud Security Threats in HealthcareBitglass
 
Virtualization security for the cloud computing technology
Virtualization security for the cloud computing technologyVirtualization security for the cloud computing technology
Virtualization security for the cloud computing technologyDeep Ranjan Deb
 
Stuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackStuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackAjinkya Nikam
 
Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2LinkedIn
 
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...PaaSword EU Project
 
Datasheet_Embedded_Security_Shield
Datasheet_Embedded_Security_ShieldDatasheet_Embedded_Security_Shield
Datasheet_Embedded_Security_ShieldDavid Cozens
 
Cscu module 01 foundations of security
Cscu module 01 foundations of securityCscu module 01 foundations of security
Cscu module 01 foundations of securitySejahtera Affif
 
Cyber security and cyber law
Cyber security and cyber lawCyber security and cyber law
Cyber security and cyber lawDivyank Jindal
 
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101Priyanka Aash
 

Tendances (20)

Firewall final (fire wall)
Firewall final (fire wall)Firewall final (fire wall)
Firewall final (fire wall)
 
Cloud security
Cloud securityCloud security
Cloud security
 
85320337 networking-case-study
85320337 networking-case-study85320337 networking-case-study
85320337 networking-case-study
 
Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6
 
SECURE MEDIA EXCHANGE (SMX) HONEYWELL INDUSTRIAL CYBER SECURITY
SECURE MEDIA EXCHANGE (SMX) HONEYWELL INDUSTRIAL CYBER SECURITYSECURE MEDIA EXCHANGE (SMX) HONEYWELL INDUSTRIAL CYBER SECURITY
SECURE MEDIA EXCHANGE (SMX) HONEYWELL INDUSTRIAL CYBER SECURITY
 
Sfa community of practice a natural way of building
Sfa community of practice a natural way of buildingSfa community of practice a natural way of building
Sfa community of practice a natural way of building
 
Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...
 
International journal of computer science and innovation vol 2015-n2-paper4
International journal of computer science and innovation vol 2015-n2-paper4International journal of computer science and innovation vol 2015-n2-paper4
International journal of computer science and innovation vol 2015-n2-paper4
 
Top 5 Cloud Security Threats in Healthcare
Top 5 Cloud Security Threats in HealthcareTop 5 Cloud Security Threats in Healthcare
Top 5 Cloud Security Threats in Healthcare
 
Stuxnet
StuxnetStuxnet
Stuxnet
 
I Heart Stuxnet
I Heart StuxnetI Heart Stuxnet
I Heart Stuxnet
 
Virtualization security for the cloud computing technology
Virtualization security for the cloud computing technologyVirtualization security for the cloud computing technology
Virtualization security for the cloud computing technology
 
Stuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackStuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attack
 
Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2
 
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...
 
Datasheet_Embedded_Security_Shield
Datasheet_Embedded_Security_ShieldDatasheet_Embedded_Security_Shield
Datasheet_Embedded_Security_Shield
 
Cscu module 01 foundations of security
Cscu module 01 foundations of securityCscu module 01 foundations of security
Cscu module 01 foundations of security
 
Cyber security and cyber law
Cyber security and cyber lawCyber security and cyber law
Cyber security and cyber law
 
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101
 
ITE - Chapter 10
ITE - Chapter 10ITE - Chapter 10
ITE - Chapter 10
 

Similaire à Cloud security test

Virtualization Security
Virtualization SecurityVirtualization Security
Virtualization Securitysyrinxtech
 
Using Virtualization Technique to Increase Security and Reduce Energy Consump...
Using Virtualization Technique to Increase Security and Reduce Energy Consump...Using Virtualization Technique to Increase Security and Reduce Energy Consump...
Using Virtualization Technique to Increase Security and Reduce Energy Consump...IJORCS
 
Application Of An Operating System Security
Application Of An Operating System SecurityApplication Of An Operating System Security
Application Of An Operating System SecurityAmber Wheeler
 
Introduction to Cloud Security.pptx
Introduction to Cloud Security.pptxIntroduction to Cloud Security.pptx
Introduction to Cloud Security.pptxssuser0fc2211
 
Analysis of monolithic and microkernel architectures
Analysis of monolithic and microkernel architecturesAnalysis of monolithic and microkernel architectures
Analysis of monolithic and microkernel architecturesShakil Ahmed
 
SECURITY AND PRIVACY OF SENSITIVE DATA IN CLOUD COMPUTING: A SURVEY OF RECENT...
SECURITY AND PRIVACY OF SENSITIVE DATA IN CLOUD COMPUTING: A SURVEY OF RECENT...SECURITY AND PRIVACY OF SENSITIVE DATA IN CLOUD COMPUTING: A SURVEY OF RECENT...
SECURITY AND PRIVACY OF SENSITIVE DATA IN CLOUD COMPUTING: A SURVEY OF RECENT...cscpconf
 
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...csandit
 
Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016Andy Kennedy
 
Vmug birmingham mar2013 trendmicro
Vmug birmingham mar2013 trendmicroVmug birmingham mar2013 trendmicro
Vmug birmingham mar2013 trendmicrodvmug1
 
Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Cisco Canada
 
Todd Deshane's PhD Proposal
Todd Deshane's PhD ProposalTodd Deshane's PhD Proposal
Todd Deshane's PhD ProposalTodd Deshane
 
Infrastructure SecurityChapter 10Principles of Compute.docx
Infrastructure SecurityChapter 10Principles of Compute.docxInfrastructure SecurityChapter 10Principles of Compute.docx
Infrastructure SecurityChapter 10Principles of Compute.docxannettsparrow
 
I Own Your Building (Management System)
I Own Your Building (Management System)I Own Your Building (Management System)
I Own Your Building (Management System)Zero Science Lab
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD Editor
 
What is needed in the next generation cloud trusted platform ?
What is needed in the next generation cloud trusted platform ?What is needed in the next generation cloud trusted platform ?
What is needed in the next generation cloud trusted platform ?Priyanka Aash
 

Similaire à Cloud security test (20)

Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Virtualization Security
Virtualization SecurityVirtualization Security
Virtualization Security
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
Using Virtualization Technique to Increase Security and Reduce Energy Consump...
Using Virtualization Technique to Increase Security and Reduce Energy Consump...Using Virtualization Technique to Increase Security and Reduce Energy Consump...
Using Virtualization Technique to Increase Security and Reduce Energy Consump...
 
Application Of An Operating System Security
Application Of An Operating System SecurityApplication Of An Operating System Security
Application Of An Operating System Security
 
Introduction to Cloud Security.pptx
Introduction to Cloud Security.pptxIntroduction to Cloud Security.pptx
Introduction to Cloud Security.pptx
 
Analysis of monolithic and microkernel architectures
Analysis of monolithic and microkernel architecturesAnalysis of monolithic and microkernel architectures
Analysis of monolithic and microkernel architectures
 
Cloud computing final show
Cloud computing final showCloud computing final show
Cloud computing final show
 
SECURITY AND PRIVACY OF SENSITIVE DATA IN CLOUD COMPUTING: A SURVEY OF RECENT...
SECURITY AND PRIVACY OF SENSITIVE DATA IN CLOUD COMPUTING: A SURVEY OF RECENT...SECURITY AND PRIVACY OF SENSITIVE DATA IN CLOUD COMPUTING: A SURVEY OF RECENT...
SECURITY AND PRIVACY OF SENSITIVE DATA IN CLOUD COMPUTING: A SURVEY OF RECENT...
 
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...
 
Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016
 
Firewalls
FirewallsFirewalls
Firewalls
 
Vmug birmingham mar2013 trendmicro
Vmug birmingham mar2013 trendmicroVmug birmingham mar2013 trendmicro
Vmug birmingham mar2013 trendmicro
 
Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles
 
Todd Deshane's PhD Proposal
Todd Deshane's PhD ProposalTodd Deshane's PhD Proposal
Todd Deshane's PhD Proposal
 
Infrastructure SecurityChapter 10Principles of Compute.docx
Infrastructure SecurityChapter 10Principles of Compute.docxInfrastructure SecurityChapter 10Principles of Compute.docx
Infrastructure SecurityChapter 10Principles of Compute.docx
 
Zerovm backgroud
Zerovm backgroudZerovm backgroud
Zerovm backgroud
 
I Own Your Building (Management System)
I Own Your Building (Management System)I Own Your Building (Management System)
I Own Your Building (Management System)
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
 
What is needed in the next generation cloud trusted platform ?
What is needed in the next generation cloud trusted platform ?What is needed in the next generation cloud trusted platform ?
What is needed in the next generation cloud trusted platform ?
 

Dernier

Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Shubhangi Sonawane
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxVishalSingh1417
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxnegromaestrong
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPoojaSen20
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfSanaAli374401
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxVishalSingh1417
 

Dernier (20)

Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdf
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 

Cloud security test

  • 1. Cloud Computing Security Ohio Information Security Forum July 16th, 2011 James Walden, Ph.D. Northern Kentucky University
  • 2. Ohio Information Security Forum 2 Topics 1. What is Cloud Computing? 2. The Same Old Security Problems 3. Virtualization Security 4. New Security Issues and Threat Model 5. Data Security
  • 3. Ohio Information Security Forum What is Cloud Computing?
  • 4. Ohio Information Security Forum What is Cloud Computing? ―Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.‖ NIST definition of Cloud Computing 4
  • 5. Ohio Information Security Forum Cloud Service Architectures as Layers 5
  • 6. Ohio Information Security Forum Cloud Service Models Abstraction Layers 6
  • 7. Ohio Information Security Forum Multi-Tenancy 7
  • 8. Ohio Information Security Forum Cloud Deployment Architectures 8
  • 9. Ohio Information Security Forum Same Old Security Issues Data Loss Downtimes Phishing Password Cracking Botnets and Other Malware
  • 10. Ohio Information Security Forum Data Loss "Regrettably, based on Microsoft/Danger's latest recovery assessment of their systems, we must now inform you that personal information stored on your device—such as contacts, calendar entries, to-do lists or photos—that is no longer on your Sidekick almost certainly has been lost as a result of a server failure at Microsoft/Danger." 10
  • 11. Ohio Information Security Forum Downtimes 11
  • 12. Ohio Information Security Forum Phishing ―hey! check out this funny blog about you...‖ 12
  • 13. Ohio Information Security Forum Password Cracking 13
  • 14. Ohio Information Security Forum Botnets and Malware 14
  • 15. Ohio Information Security Forum Virtualization Security 15 Features Isolation Snapshots Issues State Restore Complexity Scaling Transience Data Lifetime
  • 16. Ohio Information Security Forum Virtualization Security Features: Isolation Using a VM for each application provides isolation More than running 2 apps on same server. Less than running on 2 physical servers 16
  • 17. Ohio Information Security Forum Virtualization Security Features: Snapshot VMs can record state. In event of security incident, revert VM back to an uncompromised state. Must be sure to patch VM to avoid recurrence of compromise. 17
  • 18. Ohio Information Security Forum State Restore VMs can be restored to an infected or vulnerable state using snapshots. Patching becomes undone. Worms persist at low level forever due to reappearance of infected and vulnerable VMs. 18
  • 19. Ohio Information Security Forum Complexity Hypervisor may be simple or not, but It is often another layer on top of host OS, adding complexity and vulnerabilities. 19
  • 20. Ohio Information Security Forum Hypervisor Security 20 Vulnerability consequences Guest code execution with privilege VM Escape (Host code execution) Vendor CVEs KVM 32 QEMU 23 VirtualBox 9 VMware 126 Xen 86 Xen CVE-2008-1943 VBox CVE-2010-3583
  • 21. Ohio Information Security Forum Inter-VM Attacks Attack via shared clipboard http://www.securiteam.com/securitynews/5GP021FKKO.html Use shared folder to alter other VM’s disk image CVE-2007-1744 21
  • 22. Ohio Information Security Forum Scaling Growth in physical machines limited by budget and setup time. Adding a VM is easy as copying a file, leading to explosive growth in VMs. Rapid scaling can exceed capacity of organization’s security systems. 22
  • 23. Ohio Information Security Forum Transience Users often have specialized VMs. Testing Different app versions Demos Sandbox that are not always up, preventing network from converging to a known state. Infected machines appear, attack, then disappear from the network before can be detected. Vulnerable systems likewise appear too briefly to be detected and patched. 23
  • 24. Ohio Information Security Forum Data Lifetime Although data was correctly sanitized from VM disk and/or memory, snapshots can retain multiple copies of both VM memory and disk data. 24
  • 25. Ohio Information Security Forum New Security Issues Accountability No Security Perimeter Larger Attack Surface New Side Channels Lack of Auditability Regulatory Compliance Data Security
  • 26. Ohio Information Security Forum Accountability 26
  • 27. Ohio Information Security Forum No Security Perimeter Little control over physical or network location of cloud instance VMs Network access must be controlled on a host by host basis. 27
  • 28. Ohio Information Security Forum Larger Attack Surface 28 Cloud Provider Your Network
  • 29. Ohio Information Security Forum New Side Channels You don’t know whose VMs are sharing the physical machine with you. Attackers can place their VMs on your machine. See ―Hey, You, Get Off of My Cloud‖ paper for how. Shared physical resources include CPU data cache: Bernstein 2005 CPU branch prediction: Onur Aciiçmez 2007 CPU instruction cache: Onur Aciiçmez 2007 In single OS environment, people can extract cryptographic keys with these attacks. 29
  • 30. Ohio Information Security Forum Lack of Auditability Only cloud provider has access to full network traffic, hypervisor logs, physical machine data. Need mutual auditability Ability of cloud provider to audit potentially malicious or infected client VMs. Ability of cloud customer to audit cloud provider environment. 30
  • 31. Ohio Information Security Forum Regulatory Compliance 31
  • 32. Ohio Information Security Forum Certifications 32
  • 33. Ohio Information Security Forum Data Security Data in Transit Data at Rest Data in Processing Data Remanence Homomorphic Encryption
  • 34. Ohio Information Security Forum Data Security Symmetric Encryption Homomorphic Encryption SSL MAC Homomorphic Encryption SSL Redundancy Redundancy Redundancy 34 Confidentiality Availability Integrity Storage Processing Transmission Plus data remanence.
  • 35. Ohio Information Security Forum Public Key Cryptography 35
  • 36. Ohio Information Security Forum Homomorphic Public-key Encryption Public-key Crypto with additional procedure: Eval c*  Evalpk( , c1,…,cn) a Boolean circuit with ADD, MULT mod 2 Encryption of inputs m1,…,mn toEncryption of output value m*= (m1,…,mn) Homomorphic encryption slides borrowed from people.csail.mit.edu/shaih/pubs/IHE-S-and-P-day.ppt 36
  • 37. Ohio Information Security Forum An Analogy: Alice’s Jewelry Store Alice’s workers need to assemble raw materials into jewelry But Alice is worried about theft How can the workers process the raw materials without having access to them? 37
  • 38. Ohio Information Security Forum An Analogy: Alice’s Jewelry Store Alice puts materials in locked glove box For which only she has the key Workers assemble jewelry in the box Alice unlocks box to get ―results‖ 38
  • 39. Ohio Information Security Forum References 1. Yanpei Chen, Vern Paxson and Randy H. Katz, ―What’s New About Cloud Computing Security?‖ Technical Report No. UCB/EECS-2010-5, http://www.eecs.berkeley.edu/Pubs/TechRpts/2010/EECS-2010-5.html, Jan. 20, 2010. 2. Tal Garfinkel and Mendel Rosenblum. ―When virtual is harder than real: security challenges in virtual machine based computing environments.‖ In Proceedings of the 10th conference on Hot Topics in Operating Systems - Volume 10 (HOTOS'05), Vol. 10. USENIX Association. 3. Craig Gentry. ―Computing arbitrary functions of encrypted data.‖ In Commun. ACM 53, 3 (March 2010), 97-105. DOI=10.1145/1666420.1666444 4. Doug Hyde. ―A Survey on the Security of Virtual Machines.‖ http://www1.cse.wustl.edu/~jain/cse571-09/ftp/vmsec/index.html, 2007. 5. Tim Mather, Subra Kumaraswamy, and Shahed Latif, Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance, O’Reilly Media, 2009. 6. T. Ristenpart, E. Tromer, H. Shacham, and S. Savage. ―Hey, You, Get Off of My Cloud! Exploring Information Leakage in Third-Party Compute Clouds.” In S. Jha and A. Keromytis, eds., Proceedings of CCS 2009, pages 199–212. ACM Press, Nov. 2009. 7. NIST, DRAFT A Definition of Cloud Computing, http://csrc.nist.gov/publications/drafts/800- 145/Draft-SP-800-145_cloud-definition.pdf, January 28, 2011. 8. NIST, DRAFT Guidelines on Security and Privacy in Public Cloud Computing, http://csrc.nist.gov/publications/drafts/800-144/Draft-SP-800-144_cloud-computing.pdf, January 28, 2011. 39

Notes de l'éditeur

  1. http://onsaas.net/2008/06/03/defining-saas-paas-iaas-etc/
  2. http://arstechnica.com/business/news/2009/10/t-mobile-microsoftdanger-data-loss-is-bad-for-the-cloud.ars
  3. http://news.cnet.com/twitter-phishing-scam-may-be-spreading/
  4. http://community.ca.com/blogs/securityadvisor/archive/2009/12/09/zeus-in-the-cloud.aspx
  5. http://www1.cse.wustl.edu/~jain/cse571-09/ftp/vmsec/index.html
  6. http://www1.cse.wustl.edu/~jain/cse571-09/ftp/vmsec/index.html
  7. http://www1.cse.wustl.edu/~jain/cse571-09/ftp/vmsec/index.html
  8. http://en.wikipedia.org/wiki/Public-key_cryptography