Upload
shahbaz-sidhu
View
88
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Cloud Computing
Citation preview
INSE 6620 (Cloud Computing Security and Privacy)
Course Administration
Prof. Lingyu Wang
1
OutlineOutline
Course administrationCloud computing basics
2
PrerequisitesPrerequisites
Important:This is a very challenging course. It requires strong problem solving skills, capabilities of understanding difficult research papers, and extensive backgrounddifficult research papers, and extensive background knowledge in computer science and security.INSE6110 (preferably also 6130 and 6160)You will have a hard time in the exams and receive a bad grade if you don’t have such prerequisites.
3
Course Web Page and ContactCourse Web Page and Contact
Course URL: Google “Lingyu Wang” → TeachingImportant to visit the page regularlyDon’t depend on email notificationDon’t depend on email notification
Contact: [email protected] best way to reach meThe best way to reach meInclude “INSE 6620” in your subject lineOffice: EV007.637Office: EV007.637Office hours: See course web page
4
Submission of Proposal and ReportSubmission of Proposal and Report
All through the EAS:No hard copy or email submission will be acceptedhttps://eas.encs.concordia.ca/eas/authentication.jsp
5
ExamExam
To pass the exams, you need toFully understand all lecturesBe able to apply what you have learned
If youIf youhave no background in computer science or securityare scared of solving hard problems, g p ,hate reading difficult research papers,expect only ‘known’ problems in exams, or
f ‘ i ti ’ t f tiprefer ‘memorization’ type of exam questions, then this is not the right course for you. Better drop it now than regret later
6
drop it now than regret later.I will never change grades based on ‘needs’
ReferenceReference
No textbook (as a good book is unavailable).Exams only cover lectures. But naturally the more you read, the more you learn (and a bette g de i mo e likel )better grade is more likely).What to read (in addition to given papers):
Cl d ACM SOCC IEEE CLOUD IEEE CLOUDCOMCloud: ACM SOCC, IEEE CLOUD, IEEE CLOUDCOM, IEEE Trans. cloud computing, etc.Security: IEEE S&P, ACM CCS, ESORICS, CSFW,Security: IEEE S&P, ACM CCS, ESORICS, CSFW, ACSAC, USENIX, NDSS, PETS, RAID, ASIACCS, etc.Index: Google Scholar, DBLP, etc.
7
GradingGrading
Academic Integrity All students must follow the university's policies regarding academic integrity I take the Code of Conduct very seriously!I take the Code of Conduct very seriously! I will do my best to identify any plagiarism in your report, and will have zero tolerance regarding thisTake pride in your work (and self)
GradingTwo exams (closed-book, 35% and 35%, respectively)A project (a proposal a final report 15% and a
8
A project (a proposal, a final report 15%, and a presentation 15%)
ProjectProject
See project descriptionWhat’s new/special?
The presentation will count for 15% of overall gradeThe presentation will be given in-classSelected presentations will be covered in the exam
9
PoliciesPolicies
Again, be very serious about the code of d tconduct
Cheating/Plagiarism is the easiest way to get a really bad gradereally bad grade
Late submission policyLate project reports will be accepted with 20%Late project reports will be accepted with 20% penalty for each day past due up to five daysLate submission of proposal or insufficient progress reported in the progress report will also result in penalty on the group
10
Policies (Cont’d)Policies (Cont d)
Make-up examPossible ONLY under a university-approved condition, such as sickness with the university doctor's note. Other events such as a businessdoctor s note. Other events such as a business travel are not excused. No exceptionYou must write me BEFORE the normal exam date t kto arrange a make up examWhat I can guarantee is
The make up exam will be completely different from theThe make up exam will be completely different from the normal exam
What I can’t guarantee isTh ill b f tl th diffi lt
11
They will be of exactly the same difficulty
Course DescriptionCourse Description
From the catalogCl d ti t SOA d l d i t li ti d l d l dCloud computing concepts, SOA and cloud, virtualization and cloud, cloud service delivery models, cloud storage models, cloud deployment scenarios, public/ private/ hybrid/ community cloud, cloud computing architectures, SaaS, PaaS, IaaS, agility, scalability and elasticity of cloud, cloud security, l d i h hi ti hi t d l d d tcloud privacy, homomorphic encryption, searching encrypted cloud data,
secure data outsourcing, secure computation outsourcing, proof of data possession / retrievability, virtual machine security, trusted computing in clouds, cloud-centric regulatory compliance, business and security risk models, l d it id tit t i l d SAML li ti fcloud user security, identity management in cloud, SAML, applications of
secure cloud computing. Project/term paper.
What to expect from this courseState of the art (we’ll read many research papers)State of the practice (e.g., Google, Amazon, Yahoo, etc )etc.)
12
(Likely) Topics to be Covered(Likely) Topics to be Covered
Cloud computing basicsCloud-enabling techniques
Mapreduce, Hadoop, GFS, Dynamo, BigTable, PNUTS etcPNUTS, etc.
Attacks on cloudClo d sec it and p i acCloud security and privacy
Data integrity, access control, trust, privacy
Cloud/Web applications securityCloud/Web applications securitySide channel attacks, privacy protection, data leaks
etcetc. You present what you would like to be covered!
13
OutlineOutline
Course administrationCloud computing basics
Partially based on:
14
Partially based on: Ragib Hasan, A Walk in the Clouds: Overview of Cloud ComputingArmbrust et al., Above the Clouds: A Berkeley View of Cloud Computing
What Is Cloud Computing?What Is Cloud Computing?
The infinite wisdom of the crowds (via Google Suggest)
What Is Cloud Computing?What Is Cloud Computing?
Larry Ellison, f d f O l
We’ve redefined Cloud Computing to include everything that we already do. founder of Oracleinclude everything that we already do.. . . I don’t understand what we would do differently in the light of Cloud Computing other than change the p g gwording of some of our ads.
’ idi ’ hIt’s stupidity. It’s worse than stupidity: it’s a marketing hype campaign
Richard StallmanGNU
The NIST DefinitionThe NIST Definition
“Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) thatapplications, and services) that can be rapidly provisioned and released with minimal management effort or service providerminimal management effort or service provider interaction.”
17
The NIST Definition Cont’dThe NIST Definition Cont dEssential Characteristics:
On-demand self-service.On demand self service. Broad network access. Resource pooling. Rapid elasticity.Measured service.
Service Models:Software as a Service (SaaS)Platform as a Service (PaaS).Infrastructure as a Service (IaaS).
Deployment Models:l dPrivate cloud.
Community cloud.Public cloud.Hybrid cloudHybrid cloud.
18
3-Tier View3 Tier View
“X=[Hardware, Infrastrucuture, Platform] as a service”Conf singConfusing
Better: 3-layer viewCloud provider providing Utility computingp p g y p gCloud user/service providers providing web applicationsSaaS users
What’s new/good in cloud computingWhat s new/good in cloud computingIllusion of infinite computing resources (no planning)No up-front cost (start small and grow up)Fine-grained billing (maximizing utility/conservation)
19
Why Now?Why Now?
“Computing Utility” – holy grail of computer i i th 1960 C d MULTICSscience in the 1960s. Code name: MULTICS
Mid to late ’90s, Grid computingwas proposed to link and share p pcomputing resources
20
Why Now? Cont’dWhy Now? Cont d
Post-dot-com bust, big companies ended up with largecompanies ended up with large data centers, with low utilization
Solution: Let’s throw inSolution: Let s throw in virtualization, and sell the excess computing power to make some good money!make some good money!
And thus, Cloud Computing was born …
Other factorsPervasive broadband InternetFast x86 virtualizationPay-as-you-go billing modelStandard software stack
21
Cloud Computing Is Growing RapidlyCloud Computing Is Growing Rapidly
IDC: public IT cloud market will grow from $16B to $55.5B in five years
What technologies are behind a cloud?
IMC 2010, Melbourne
22Li et al., CloudCmp: Comparing Public Cloud Providers, IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement, Pages 1-14
Cloud Computing ArchitectureCloud Computing Architecture
e.g., Web browser
SaaS , e.g., Google Docs
PaaS
Google AppEngineProvides a programmable
Microsoft AzureClients can choose languages, but can’t change the operating
platform that can scale easily
IaaSchange the operating system or runtime
Amazon EC2Clients can rent virtualized hardwarevirtualized hardware, can control the software stack on the rented machines 23
Cloud Killer AppsCloud Killer Apps
Mobile and web applicationsHighly available and large data set (mashups)
Extensions of desktop softwareMatlab, image rendering, calendar
Batch processing“C t i ti it ” 1k 1h 1 1k h“Cost associativity”: 1k servers 1hr=1server 1k hrs
Bigdata analyticsG l “W ld d bi d t ”Google: “Worldcup and bigdata”
Wh t d t k i l d t k t diWhat do not work in cloud: stock trading
24
Economics of Cloud UsersEconomics of Cloud Users
• Pay by use instead of provisioning for peak
Capacitys s
Demand
Res
ourc
es
Capacity
Res
ourc
es
Time
Demand
Time
Unused resources
Static data center Data center in the cloud
25
Economics of Cloud UsersEconomics of Cloud Users
• Risk of over-Capacity
provisioning: underutilization
Demand
Res
ourc
es
Time • Risk of under-
ces
ces
provisioning: underutilization
Res
ourc
Demand
Capacity
Res
ourc
Demand
Capacity
26Lost revenue Lost users
Time (days)1 2 3
Time (days)1 2 3
Economics of Cloud ProvidersEconomics of Cloud Providers
5-7x economies of scale [Hamilton 2008]
Resource Cost inMedium DC (1k)
Cost inVery Large DC (50k) Ratio
$ $Network $95 / Mbps / month $13 / Mbps / month 7.1xStorage $2.20 / GB / month $0.40 / GB / month 5.7xAdministration ≈140 servers/admin >1000 servers/admin 7.1x
Extra benefits
Administration 140 servers/admin 1000 servers/admin 7.1x
Amazon: utilize off-peak capacityMicrosoft: sell .NET toolsGoogle: reuse existing infrastructure
27
Adoption ChallengesAdoption ChallengesChallenge Opportunity
Availability Multiple providers & DCsAvailability Multiple providers & DCsData lock-in StandardizationData Confidentiality and Auditability Encryption, VLANs, Firewalls
Data transfer bottlenecks FedEx-ing disks, Data Backup/Archival
Performance unpredictability Improved VM support, flash memory, scheduling VMs
Scalable storage Invent scalable store
Bugs in large distributed systems Invent Debugger for Distributed VMs
Scaling quickly Invent Auto Scaler that employs machineScaling quickly Invent Auto-Scaler that employs machine learning and statistics
Reputation Fate Sharing Offer reputation-guarding services like those for email
28
those for emailSoftware Licensing Pay-for-use licenses; Bulk use sales
The Fear FactorThe Fear Factor
[Chow09ccsw]
The Fear Factor Cont’dThe Fear Factor Cont d
ConfidentialityWill the sensitive data stored on a cloud outside the organization remain confidential? Will cloud compromises leak confidential client dataWill cloud compromises leak confidential client data (i.e., fear of loss of control over data)?Will other tenants sharing the same physical machine be able to learn about my applications?
e.g., vulnerabilities have appeared in VMWare, Xen, and Microsoft’s Virtual PC and Virtual Server.
Will the cloud provider itself be honest and won’t peek into the data?
The Fear Factor Cont’dThe Fear Factor Cont d
IntegrityHow do I know that the cloud provider is doing the computations correctly?How do I ensure that the cloud provider reallyHow do I ensure that the cloud provider really stored my data without tampering with it?How do I know if my data is encrypted as promised?How do I know if my data is stored inside Canada?H t t d l l th ti ti / t l tHow to extend local authentication/access control to cloud?
The Fear Factor Cont’dThe Fear Factor Cont d
AvailabilityNow that all my data and applications are in cloudWhat if critical services become unavailable to customers because the cloud or network is down?customers because the cloud or network is down? Single-point-of-failure“Criminals threaten to cut off the incomes of SaaS providers by making their service unavailable, extorting $10,000 to $50,000 payments to prevent the launch of a DDoS attack.”the launch of a DDoS attack.What happens if cloud provider goes out of business? (and I didn’t have time to backup my d ?)data?)
The Fear Factor Cont’dThe Fear Factor Cont d
Privacy issues raised via massive data miningCloud now stores data from a lot of clients, and can run data mining algorithms to get large amounts of information on clientsinformation on clients“Facebook's participation in a mass experiment whereby it manipulated the news feeds of 700,000
t k th iti ti iusers to make them more positive or negative, in an attempt to alter their mood one way or the other”
The Fear Factor Cont’dThe Fear Factor Cont d
Increased attack surfaceEntity outside the organization now stores and computes data, and soAttackers can now target the communication linkAttackers can now target the communication link between cloud provider and clientCloud provider employees can be phished
The Fear Factor Cont’dThe Fear Factor Cont d
Auditability and forensicsDifficult to audit data held outside organization in a cloud
Requires transparency of cloud’s operationRequires transparency of cloud s operation
Forensics also made difficult since now clients don’t maintain data locally
The Fear Factor Cont’dThe Fear Factor Cont d
Legal quagmire and transitive trust issuesWho is responsible for complying with regulations (e.g., SOX, HIPAA, GLBA)?If cloud provider subcontracts to third party cloudsIf cloud provider subcontracts to third party clouds, will the data still be secure?
The Fear Factor Cont’dThe Fear Factor Cont d
Cloud Computing is aCloud Computing is a security nightmare and it can't be handled inand it can t be handled in traditional ways.
John ChambersCISCO CEO
The Fear Factor Cont’dThe Fear Factor Cont d
Cloud Computing will become a focal point of our work in security. I’m optimistic …
Ron RivestThe R of RSA