Security and Privacy in Cloud Computing

Similar documents
CS573 Data privacy and security in the cloud. Slide credits: Ragib Hasan, Johns Hopkins University

Cloud Computing An Elephant In The Dark

Security and Privacy in Cloud Computing

East African Information Conference th August, 2013, Kampala, Uganda. Security and Privacy: Can we trust the cloud?

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst

CLOUD COMPUTING AND ITS SECURITY ASPECTS

Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station

MTAT Basics of Cloud Computing (3 ECTS) Satish Srirama

Cloud computing. Examples

Above the Clouds A Berkeley View of Cloud Computing

Cloud Computing: The Wave of the Future

What Is It? Business Architecture Research Challenges Bibliography. Cloud Computing. Research Challenges Overview. Carlos Eduardo Moreira dos Santos

Cloud Computing Submitted By : Fahim Ilyas ( ) Submitted To : Martin Johnson Submitted On: 31 st May, 2009

Plan of the seminar. Plan. 1 Cloud computing: what is it? 2 Cloud Computation and business. 3 Cloud Computing and Project Management 1/38

Large-scale Data Processing on the Cloud

DISTRIBUTED COMPUTER SYSTEMS CLOUD COMPUTING INTRODUCTION

Teaching in the Cloud


IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011

Cloud Computing: Beyond the Hype The Views of Research University CIOs. Rich Fagen, CIO, Caltech

Cloud Computing. IST 501 Fall Dongwon Lee, Ph.D.

Cloud Computing an introduction

Cloud Computing Summary and Preparation for Examination

How To Understand Cloud Computing

Clouds vs Grids KHALID ELGAZZAR GOODWIN 531

DEFINING CLOUD COMPUTING: AN ATTEMPT AT GIVING THE CLOUD AN IDENTITY.

SaaS, PaaS & TaaS. By: Raza Usmani

Data Privacy and Security for Market Research in the Cloud

Cloud Computing Technology

Cloud Computing. Cloud computing:

BUSINESS MANAGEMENT SUPPORT

Cloud Computing & Transaction Cost

Cloud computing: benefits, risks and recommendations for information security

Part V Applications. What is cloud computing? SaaS has been around for awhile. Cloud Computing: General concepts

CLOUD SECURITY SECURITY ASPECTS IN GEOSPATIAL CLOUD. Guided by Prof. S. K. Ghosh Presented by - Soumadip Biswas

Cloud Computing: Issues Related with Cloud Service Providers

CLOUD COMPUTING OVERVIEW

Building Blocks of the Private Cloud

Implementing & Developing Cloud Computing on Web Application

A Primer on Cloud Computing. By Anand Ganesan Byteonic.com

CUMULUX WHICH CLOUD PLATFORM IS RIGHT FOR YOU? COMPARING CLOUD PLATFORMS. Review Business and Technology Series

Privacy, Security and Identity in the Cloud. Giles Hogben ENISA

Session 3. the Cloud Stack, SaaS, PaaS, IaaS

Ø Teaching Evaluations. q Open March 3 through 16. Ø Final Exam. q Thursday, March 19, 4-7PM. Ø 2 flavors: q Public Cloud, available to public

A Study of Infrastructure Clouds

Clearing Away the Clouds: What is the Future of Cloud Computing? BEBO WHITE PEWE WORKSHOP BRATISLAVA APRIL 2010

IJRSET 2015 SPL Volume 2, Issue 11 Pages: 29-33

Cloud Application Development (SE808, School of Software, Sun Yat-Sen University) Yabo (Arber) Xu

Lecture 10 Cloud Security. modified from slides of Lawrie Brown, Ragib Hasan, YounSun Cho, Anya Kim

DISTRIBUTED SYSTEMS AND CLOUD COMPUTING. A Comparative Study

CPS221 Lecture: Cloud Computing last revised 10/22/14 Objectives

Tamanna Roy Rayat & Bahra Institute of Engineering & Technology, Punjab, India talk2tamanna@gmail.com

Overview. The Cloud. Characteristics and usage of the cloud Realities and risks of the cloud

Cloud Computing; What is it, How long has it been here, and Where is it going?

Emerging Technologies In The Implementation Of ERP

Cloud Computing An Auditor s Perspective

How To Understand Cloud Computing

CLOUD COMPUTING An Overview

Cloud Computing Service Models, Types of Clouds and their Architectures, Challenges.

Cloud Computing. Karan Saxena * & Kritika Agarwal**

CHAPTER 8 CLOUD COMPUTING

HARNESSING THE POWER OF THE CLOUD

APPLICATION OF CLOUD COMPUTING IN EDUCATION. Achmad Benny Mutiara

GET CLOUD EMPOWERED. SEE HOW THE CLOUD CAN TRANSFORM YOUR BUSINESS.

Datacenters and Cloud Computing. Jia Rao Assistant Professor in CS

Li Sheng. Nowadays, with the booming development of network-based computing, more and more

25.2. Cloud computing, Sakari Luukkainen

The Cloud at Crawford. Evaluating the pros and cons of cloud computing and its use in claims management

21/09/11. Introduction to Cloud Computing. First: do not be scared! Request for contributors. ToDO list. Revision history

A New Approach of CLOUD: Computing Infrastructure on Demand

Where in the Cloud are You? Session Thursday, March 5, 2015: 1:45 PM-2:45 PM Virginia (Sheraton Seattle)

Cloud Computing. Chapter 1 Introducing Cloud Computing

Cloud Computing. Chapter 1 Introducing Cloud Computing

Contents. What is Cloud Computing? Why Cloud computing? Cloud Anatomy Cloud computing technology Cloud computing products and market

Research Paper Available online at: A COMPARATIVE STUDY OF CLOUD COMPUTING SERVICE PROVIDERS

Using Cloud Computing to Drive Innovation: Technological Opportunities and

[Sudhagar*, 5(5): May, 2016] ISSN: Impact Factor: 3.785

Cloud Computing. Following the American Psychological Association s Guidelines. Dustin Self. The University of North Texas

Transcription:

Security and Privacy in Cloud Computing Ragib Hasan Johns Hopkins University en.600.412 Spring 2010 Lecture 1 01/25/2010

Welcome to the class Administrative details When? : Monday 3pm-3.50pm Where?: Shaffer 202 Web: http://www.cs.jhu.edu/~ragib/sp10/cs412 Instructor: Ragib Hasan, 324NEB, rhasan7@jhu.edu Office hours: Monday 4pm-5pm (more TBA) 1/25/2010 en.600.412 Spring 2010 2

Goals of the course Identify the cloud computing security issues Explore cloud computing security issues Learn about latest research 1/25/2010 en.600.412 Spring 2010 3

Plan Each week, we will Pick a different cloud computing security topic Discuss general issues on the topic Read one or two latest research paper on that topic 1/25/2010 en.600.412 Spring 2010 4

Evaluations Based on paper reviews Students taking the course for credit will have to submit 1 paper review per week The reviews will be short, 1 page discussion of the paper s pros and cons (format will be posted on the class webpage) 1/25/2010 en.600.412 Spring 2010 5

What is Cloud Computing? Let s hear from the experts 1/25/2010 en.600.412 Spring 2010 6

What is Cloud Computing? The infinite wisdom of the crowds (via Google Suggest) 1/25/2010 en.600.412 Spring 2010 7

What is Cloud Computing? We ve redefined Cloud Computing to include everything that we already do.... I don t understand what we would do differently in the light of Cloud Computing other than change the wording of some of our ads. Larry Ellison, founder of Oracle 1/25/2010 en.600.412 Spring 2010 8

What is Cloud Computing? It s stupidity. It s worse than stupidity: it s a marketing hype campaign Richard Stallman GNU 1/25/2010 en.600.412 Spring 2010 9

What is Cloud Computing? Cloud Computing will become a focal point of our work in security. I m optimistic Ron Rivest The R of RSA 1/25/2010 en.600.412 Spring 2010 10

So, What really is Cloud Computing? Cloud computing is a new computing paradigm, involving data and/or computation outsourcing, with Infinite and elastic resource scalability On demand just-in-time provisioning No upfront cost pay-as-you-go That is, use as much or as less you need, use only when you want, and pay only what you use, 1/25/2010 en.600.412 Spring 2010 11

The real story Computing Utility holy grail of computer science in the 1960s. Code name: MULTICS Why it failed? Ahead of time lack of communication tech. (In other words, there was NO (public) Internet) And personal computer became cheaper and stronger 1/25/2010 en.600.412 Spring 2010 12

Mid to late 90s, Grid computing was proposed to link and share computing resources The real story 1/25/2010 en.600.412 Spring 2010 13

The real story continued Post-dot-com bust, big companies ended up with large data centers, with low utilization Solution: Throw in virtualization technology, and sell the excess computing power And thus, Cloud Computing was born 1/25/2010 en.600.412 Spring 2010 14

Cloud computing provides numerous economic advantages For clients: No upfront commitment in buying/leasing hardware Can scale usage according to demand Barriers to entry lowered for startups For providers: Increased utilization of datacenter resources 1/25/2010 en.600.412 Spring 2010 15

Cloud computing means selling X as a service IaaS: Infrastructure as a Service Selling virtualized hardware PaaS: Platform as a service Access to a configurable platform/api SaaS: Software as a service Software that runs on top of a cloud 1/25/2010 en.600.412 Spring 2010 16

Cloud computing architecture e.g., Web browser SaaS, e.g., Google Docs PaaS, e.g., Google AppEngine IaaS, e.g., Amazon EC2 1/25/2010 en.600.412 Spring 2010 17

Different types of cloud computing IaaS PaaS Amazon EC2 Clients can rent virtualized hardware, can control the software stack on the rented machines Microsoft Azure Clients can choose languages, but can t change the operating system or runtime Google AppEngine Provides a programmable platform that can scale easily 1/25/2010 en.600.412 Spring 2010 18

So, if cloud computing is so great, why aren t everyone doing it? Clouds are still subject to traditional data confidentiality, integrity, availability, and privacy issues, plus some additional attacks 1/25/2010 en.600.412 Spring 2010 19

Companies are still afraid to use clouds [Chow09ccsw] 1/25/2010 en.600.412 Spring 2010 20

Anatomy of fear Confidentiality Will the sensitive data stored on a cloud remain confidential? Will cloud compromises leak confidential client data (i.e., fear of loss of control over data) Will the cloud provider itself be honest and won t peek into the data? 1/25/2010 en.600.412 Spring 2010 21

Anatomy of fear Integrity How do I know that the cloud provider is doing the computations correctly? How do I ensure that the cloud provider really stored my data without tampering with it? 1/25/2010 en.600.412 Spring 2010 22

Anatomy of fear Availability Will critical systems go down at the client, if the provider is attacked in a Denial of Service attack? What happens if cloud provider goes out of business? 1/25/2010 en.600.412 Spring 2010 23

Anatomy of fear Privacy issues raised via massive data mining Cloud now stores data from a lot of clients, and can run data mining algorithms to get large amounts of information on clients 1/25/2010 en.600.412 Spring 2010 24

Anatomy of fear Increased attack surface Entity outside the organization now stores and computes data, and so Attackers can now target the communication link between cloud provider and client Cloud provider employees can be phished 1/25/2010 en.600.412 Spring 2010 25

Anatomy of fear Auditability and forensics Difficult to audit data held outside organization in a cloud Forensics also made difficult since now clients don t maintain data locally 1/25/2010 en.600.412 Spring 2010 26

Anatomy of fear Legal quagmire and transitive trust issues Who is responsible for complying with regulations (e.g., SOX, HIPAA, GLBA)? If cloud provider subcontracts to third party clouds, will the data still be secure? 1/25/2010 en.600.412 Spring 2010 27

What we need is to Adapt well known techniques for resolving some cloud security issues Perform new research and innovate to make clouds secure 1/25/2010 en.600.412 Spring 2010 28

Final quote [Cloud Computing] is a security nightmare and it can't be handled in traditional ways. John Chambers CISCO CEO 1/25/2010 en.600.412 Spring 2010 29

Further Reading Armbrust et al., Above the Clouds: A Berkeley View of Cloud Computing, UC Berkeley Tech Report UCB/EECS-2009-28, February 2009. Chow et al., Cloud Computing: Outsourcing Computation without Outsourcing Control, 1 st ACM Cloud Computing Security Workshop, November 2009. 1/25/2010 en.600.412 Spring 2010 30

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information