Security in cloud (and grid) computing Overview

By Dougie T Muringani

06/11/2014 Dougie T Muringani :- Security in Cloud (and Grid) Computing 206/11/2014 Dougie T Muringani :- Security in Cloud (and Grid) Computing) 2

1. Cloud Computing 1. Definition (Cloud computing)

2. Application (Examples of Application)

3. How cloud computing works

2. Grid Computing 1. Definition (Grid computing)

2. Large scale Application

3. How grid computing works

3. Security in Cloud (and Grid) Computing 1. Threats and Vulnerabilities

2. Counter Measures

3. Points to note and conclusion

Overview

06/11/2014 Dougie T Muringani :- Security in Cloud (and Grid) Computing) 3

Def. - Internet-based

computing, whereby

shared computing

resources, software, and

information are provided

on demand via the internet

Cloud Computing


Cloud Computing (Applications and Examples)

Popular Applications and Services

File Processing and Storage (IaaS) Accounting software and services (SaaS)

Email (Hosted exchange servers) SolutionsApplication software and Email services


Applications ... cont.• The main idea or goal of cloud computing is separating the

application software from the OS and the OS from the Hardware.• Also cloud computing enhances the scalability, reliability (Instant

Availability) attributes of a system as well as Remote processing and Ubiquitous computing.

• For instance Google Drive allows users to store Files “on the cloud” so that they can be accessed at any time (Instant

any device as long as your provide valid log in credentials. Location (Ubiquitous computing) does not affect this either.

* Ubiquitous computing (Also known as Pervasive

– Is an advanced computing concept where computing is

everywhere and anywhere.


How CC works• To get cloud computing to work, you need three things: thin clients,

grid computing, and utility computing.• Grid computing links disparate computers to form one large

infrastructure, harnessing unused resources. • Utility computing is paying for what you use on shared servers

pay for a public utility (such as electricity, water, and so on).• With grid computing, you can provision computing resources as a

utility that can be turned on or off.• Cloud computing goes one step further with on-demand resource

provisioning. • This eliminates overprovisioning when used with utility pricing and

removes the need to over-provision in order to meet the demands of millions of users.

06/11/2014Dougie T Muringani :- Security in Cloud (and Grid) Computing)

7

• A consumer can get service from a full computer infrastructure through the Internet. This type of service is called Infrastructure as a Service (IaaS). Internet-based services such as storage and databases are part of the IaaS.

• Other types of services on the Internet are Platform as a Service (PaaS) and Software as a Service (SaaS).

• PaaS offers full or partial application development that

can access, while SaaS provides a complete turnkey application, such as Enterprise Resource Management through the Internet.

How CC works ... cont.

06/11/2014 Dougie T Muringani :- Security in Cloud (and Grid) Computing 8


• Public Cloud – The Public Cloud allows systems and services to be easily accessible to general public, e.g., Google, Amazon, Microsoft offers cloud services via the Internet.Internet.

Cloud Computing Models


• Private Cloud – The Private Cloud allows systems and services to be accessible with in an organization. The Private Cloud is operated only within a single organization. However, It may be managed internally or by or by third-party.

Models cont...


• Hybrid Cloud – The Hybrid Cloud is a mixture of public and private cloud. Non-critical activities are performed using using public cloud while the critical activities are performed performed using private cloud.

Models cont...


Grid Computing

Def. - The term “Grid” refers to systems and

applications that integrate and

manage resources and

services distributed

across multiple

control domains.


Definition (Grid Computing) ...cont.

• Grid computing is a form of distributed computing that involves coordinating and sharing computing, application, data and storage or network resources across dynamic and geographically dispersedorganization.

• The grid can be thought of as a distributed system with non-interactive workloads that involve a large number of files.

• Grid computing combines computers from multiple administrative domains to reach a common goal, to solve a single task, and may then disappear just as quickly.


GC (Applications and Examples)

• IBM’s SETI@home ("SETI at home") is an Internet based public volunteer computing project. SETI is an acronym for the Search for Extra-Terrestrial Intelligence. Its purpose is to analyse radio signals, searching for signs of extra terrestrial intelligence, and is one of many activities undertaken as part of SETI.

• Anybody with an at least intermittently Internet-connected computer can participate in SETI@home by running a free program that downloads and analyses radio telescope data.

• The Worldwide LHC Computing Grid (WLCG) is a global collaboration of computer centres. It was launched in 2002 to provide a resource to store, distribute and analyse the 15 petabytes (15 million gigabytes) of data generated every year by the Large Hadron Collider (LHC).

Xtra Source/SETI Institute - Search for the Extraterrestrial Intelligence - YouTube.mp4


How Grid computing works• One of the main strategies of grid computing is to use

middleware to divide and apportion pieces of a

among several computers, sometimes up to as many as thousands.

• It may also involve the aggregation of large-scale clusters.

• This technology has been applied to computationally intensive scientific, mathematical, and academic

through volunteer computing


How GC works ...cont.

Similarities and differences: Grid and Cloud computing

• Cloud computing and grid computing are scalable. • CPU and network bandwidth is allocated and de-

allocated on demand. • The system's storage capacity goes up and down

depending on the number of users, instances, and the amount of data transferred at a given time.

• While the storage computing in the grid is well suited for data-intensive storage, it is not economically suited for storing objects as small as 1 byte. Distributed data must be large for maximum benefit.


CC vs. GC ...cont.

INCLUDED IN PRESENTATION FOLDER:

Cloud Computing Vs. Grid ComputingSeyyed Mohsen Hashemi, Amid Khatibi Bardsiri (Journal)

Xtra Source/Cloud Computing Vs. Grid Computing.pdf


Computer security refers to techniques for ensuring that data stored in a computer or data in transit cannot be read or compromised by any individuals without authorization.

Security issues in Cloud

(and Grid) computing

How safe is the cloud?How can we ensure data

security in the cloud?


How safe (and/or reliable) is the cloud?• Most companies or organisations connect their servers to

the internet which essentially makes them as relatively equally vulnerable as the Cloud. But then most of these companies do not invest much in security.

• The hosting companies, on the other hand, have security experts that are actually employed for that particular task. making the cloud actually safer than local severs, not to mention the various kinds of physical risks such as theft, floods, fire or even loss of power.

* Take for instance security on Facebook or Google Drive


Threats (to data Security in the cloud)

The CSA (Cloud Security Alliance) identified

"The Notorious Nine," the top 9 cloud computing

threats:

© 2013, Cloud Security Alliance. All rights reserved.

1. Data Breaches

2. Data Loss

3. Account Hijacking

4. Insecure APIs

5. Denial of Service (DoS)

6. Malicious Insiders

7. Abuse of Cloud Services

8. Insufficient Due Diligence

9. Shared Technology Issues

For Time’s sake, only threats

1-6 will be discussed in this presentation. The rest are

explained in detail in the (Notorious 9)

pdf document included in the

presentation folder.

Xtra Source/The Notorious Nine Cloud Computing Top Threats.pdf


• Organization’s sensitive internal data falls into the hands of their competitors or Hackers.

• In November 2012, researchers from the University of North Carolina, the University of Wisconsin and RSA

released a paper describing how a virtual machine could use side channel timing information to extract private cryptographic keys being used in other virtual machines on the same physical server.

The Notorious Nine1.0: Data Breaches

• You may be able to encrypt your data to reduce the impact of a data breach, but if you lose your encryption key, you’ll lose your data as well.

2.0: Data Loss


The Notorious Nine ...cont. (1)

• Data stored in the cloud can be lost due to reasons other than malicious attackers.

• Any accidental deletion by the cloud service provider, or worse, a physical catastrophe such as a fire or earthquake, could lead to the permanent loss of customers’ data unless the provider takes adequate measures to backup data.

• Also, If a customer encrypts his or her data before uploading it to the cloud, but loses the encryption key, the data will be lost as well.

• Under the new EU data protection rules, data destruction and corruption of personal data are considered forms of data breaches and would require appropriate notifications.


3.0: Account or Service Traffic HijackingThe Notorious Nine ...cont. (2)

• With stolen credentials, attackers can often access critical areas of deployed cloud computing services, allowing them to compromise the the confidentiality, integrity and availability of those services.

• Attack methods such as phishing, fraud, and exploitation of software vulnerabilities still achieve results.


4.0: Insecure Interfaces and APIsThe Notorious Nine ...cont. (3)

• Cloud computing providers expose a set of software interfaces or APIs that customers use to manage and interact with cloud services. Provisioning, management, orchestration, and monitoring are all performed using these interfaces.

• The security and availability of general cloud services is dependent upon the security of these basic APIs. These

must be designed to protect against both accidental and malicious attempts to circumvent policy.


5.0: Denial of ServiceThe Notorious Nine ...cont. (4)

• As a consumer, service outages not only frustrate you, but also force you to reconsider whether moving your critical data to the cloud to reduce infrastructure costs was really worthwhile after all. (The EBay example)

• Since cloud providers often bill clients based on the compute cycles and disk space they consume, there’s the possibility that an attacker may not be able to completely knock your service off of the net, but may still cause it to consume so much processing time that it becomes too expensive for you to run and you’ll be forced to take it down yourself.


6.0: Malicious InsidersThe Notorious Nine ...cont. (5)

• European Council for Nuclear Research (Conseil Européen

pour la Recherche Nucléaire ), CERN defines an insider threat as such:

• “A malicious insider threat to an organization is a current or former employee, contractor, or other partner who has or had authorized access to an

organization's network, system, or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability (CIA) of the organization's information or information systems.”


Threats (and Attacks) ...cont.

7.0: Abuse of Cloud Services

8.0: Insufficient Due Diligence

9.0: Shared Technology Issues

These are explained in detail in the (Notorious 9) pdf document and on the slide notes• Although we only discussed the top 9 threats to cloud

computing, other threats lie in cloud computing. It is from these threats that attacks are perpetrated. Examples of such attacks are:• Replay attacks• Social engineering• Sync Flood (DoS)• Web spoofing

Xtra Source/The Notorious Nine Cloud Computing Top Threats.pdf


CountermeasuresHow can we ensure data security in the cloud?

Cloud Security Concerns: • Multitenancy

• Velocity of Attack

• Information Assurance

• Data privacy and ownership

• The Notorious 9 (threats)

• etc...


Countermeasures...cont. (1)

Multitenancy

• Multitenancy basically means offering cloud services to multiple clients (Tenants)

• The best counter measure to multi-tenancy security issues is Mutual Client Isolation. That is Isolating the virtual

data itself and the network communication

Velocity of attack

• The security threats amplifies and spread quickly in a cloud. This is known as Velocity of Attack (VOA)

• The best counter measure to VOA is to adopt more robust security enforcement mechanisms such as Defence In Depth (discussed in next slides)


Countermeasures...cont. (2)Information Assurance and Data ownership

• Information Assurance concerns in cloud computing involve CIA (Confidentiality, Integrity, Availability), Authenticity and Authorized use.

• Data ownership concerns are mainly raised by the cloud owners.

• In cloud computing, data belonging to a client is maintained by a Cloud Service Provider (CSP) who has access to it but is not the legitimate owner of the data.

• The best counter measure to these concerns is to use security enforcement techniques Data encryption, access control mechanisms, Data Shredding (for

divers) and Identity Management (IM).


Security enforcement (techniques)Defence In Depth

• It is also known as "Layered approach" to security.• it is a mechanism which uses multiple security measures, to

reduce the risk of security threats if one component of the protection gets compromised.

LAYERS1. Perimeter Security (Physical Security)2. Remote Access Controls (VPN, Authentication, etc.)3. Network Security (Firewalls, DMZ, etc.)

*Layer 1-3 protect a system and/or data mainly from external threats

4. Computer Security ( Antivirus, Hardening, etc.)5. Storage Security (Encryption, Zoning, etc.)

*The rest of the layers mainly mitigate internal threats



Security enforcement ...cont. (1)Multiple-Factor Authentication

• This is a technique that was created in the hope of improving the traditional “username + password” authentication technique. It employs more (factors) than just a password to gain access to a system or file.

• Multi-factor authentication:

• 1st factor - what does person know (e.g. Password)• 2nd factor - what does person have (e.g. Credit Card)• 3rd factor - who is the user (e.g. Biometric Signature)

• Here access is granted only if all the specified factors are validated

06/11/2014 Dougie T Muringani :- Security in Cloud (and Grid) Computing)

34

Security enforcement ...cont. (2)Encryption

• This is the activity of converting data or information into code or a form that can not e meaningful without special knowledge. Hardening

• This is a process of changing the default configurations in order to achieve greater security

Identity Management

• One time Passwords• Federated Identity management• OpenID

Intrusion Detection, Role-based access control, etc.


35

ConclusionSummary and Recommendations

• Cloud computing increases Revenue, reduces operational costs and less risky

• The Pros of Cloud computing are scalability, transparency and instant availability.

• Although the cloud may seem like it has increased damage risk of attacks (VOA), it is actually relatively safe.

• However one must be very careful to understand thesecurity risks and challenges posed in utilizing these

technologies before using the cloud and choosing a CSP.• With the evolution of computing it is good to actually embrace

cloud computing.



37

References1. Ali Raza Butt et. Al, Grid-computing portals and security issues (2003), Academic

Press.

2. CLOUD SECURITY ALLIANCE, The Notorious Nine: Cloud Computing Top Threats in (2013)

3. Neha Mishra1, SECURITY ISSUES IN GRID COMPUTING Volume 4 (2014), International Journal on Computational Sciences & Applications (IJCSA).

4. Kuyoro S. O., et. Al, Cloud Computing Security Issues and Challenges Volume 3 (2011), International Journal of Computer Networks (IJCN).

5. Seyyed Mohsen Hashemi, Cloud Computing Vs. Grid Computing (2012), ARPN Journal of Systems and Software (AJSS)

6. http://home.web.cern.ch/about/computing/worldwide-lhc-computing-grid

7. http://www.cnet.com/news/ebay-hacked-requests-all-users-change-passwords/

8. http://www.itpro.co.uk

9. http://www.wikipedia.com

http://home.web.cern.ch/about/computing/worldwide-lhc-computing-grid

http://www.cnet.com/news/ebay-hacked-requests-all-users-change-passwords/

http://www.itpro.co.uk/

http://www.wikipedia.com/