CLOUD COMPUTING: SECURITY THREATS AND MECHANISM



Similar documents
Basic concept of Cloud computing

Licensing Windows Server 2012 for use with virtualization technologies

How Does Cloud Computing Work?

Securely Managing Cryptographic Keys used within a Cloud Environment

Licensing Windows Server 2012 R2 for use with virtualization technologies

IN-HOUSE OR OUTSOURCED BILLING

Session 9 : Information Security and Risk

HIPAA HITECH ACT Compliance, Review and Training Services

AHLA. C. Big Data, Cloud Computing and the New World Order for Health Care Privacy

State of Wisconsin DET Agency Managed Virtual Services Service Offering Definition

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

Cloud Services Frequently Asked Questions FAQ

GUIDANCE FOR BUSINESS ASSOCIATES

ACTIVITY MONITOR Real Time Monitor Employee Activity Monitor

Data Protection Policy & Procedure

PCI DSS Cloud Computing Guidelines

First Global Data Corp.

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

Configuring, Monitoring and Deploying a Private Cloud with System Center 2012 Boot Camp

The Importance Advanced Data Collection System Maintenance. Berry Drijsen Global Service Business Manager. knowledge to shape your future

UC4 AUTOMATED VIRTUALIZATION Intelligent Service Automation for Physical and Virtual Environments

Process of Setting up a New Merchant Account

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014

Junos Pulse Instructions for Windows and Mac OS X

CLOUD ENABLED CLOUD ENABLED

Information Services Hosting Arrangements

The ADVANTAGE of Cloud Based Computing:

Personal Data Security Breach Management Policy

Licensing the Core Client Access License (CAL) Suite and Enterprise CAL Suite

Best Practices for Optimizing Performance and Availability in Virtual Infrastructures

SaaS Listing CA Cloud Service Management

VCU Payment Card Policy

In addition to assisting with the disaster planning process, it is hoped this document will also::

HP ExpertOne. HP2-T21: Administering HP Server Solutions. Table of Contents

Information & Communications Technology ICT Security Compliance Guide (Student)

White. Paper. HP Ethernet Virtual Interconnect: Extending the Benefits of Virtualized Environments Across Geographically Dispersed Data Centers

Professional Leaders/Specialists

How To Use Citrix Xendesktp 4 With Flexcast

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1

SharePoint Governance

Integrating With incontact dbprovider & Screen Pops

OnX is uniquely positioned to help your organization rapidly gain the necessary skills to enable the successful deployment of SDN.

Infrastructure- as- a- Service

Key Steps for Organizations in Responding to Privacy Breaches

TESTING TIMES: HOLISTIC ENVIRONMENT MANAGEMENT IN AN AGILE WORLD

State of Wisconsin. File Server Service Service Offering Definition

Cisco IT Essentials v4.1. Course Overview. Total Hours: 240

Mobilizing Healthcare Staff with Cloud Services

Considerations for Success in Workflow Automation. Automating Workflows with KwikTag by ImageTag

MANITOBA SECURITIES COMMISSION STRATEGIC PLAN

Security in Business and Applications. Madison Hajeb Stefan Hurst Benjamin Von Slade

ALM in the Cloud an Overview of Oracle Developer Cloud Service. Introduction. By Dana Singleterry

FundingEdge. Guide to Business Cash Advance & Bank Statement Loan Programs

Critical Success Factors for FedRAMP Assessments A 3PAO Perspective

EA-POL-015 Enterprise Architecture - Encryption Policy

Cloud-based File Sharing: Privacy and Security Tutorial Institutional Compliance Office July 2013

Better Practice Guide Financial Considerations for Government use of Cloud Computing

PRIVATE CLOUD WHAT IS IN IT? Aleksandar Zubović Technical Account Manager Microsoft Premier Support

POSITION DESCRIPTION. Classification Higher Education Worker, Level 7. Responsible to. I.T Manager. The Position

Bitrix Intranet. Product Requirements

Data Abstraction Best Practices with Cisco Data Virtualization

SBClient and Microsoft Windows Terminal Server (Including Citrix Server)

COE: Hybrid Course Request for Proposals. The goals of the College of Education Hybrid Course Funding Program are:

Cloud Services MDM. Windows 8 User Guide

Process Automation With VMware

Plus500CY Ltd. Statement on Privacy and Cookie Policy

Best Practices on Monitoring Hotel Review Sites By Max Starkov and Mariana Mechoso Safer

How To Install An Orin Failver Engine On A Network With A Network Card (Orin) On A 2Gigbook (Orion) On An Ipad (Orina) Orin (Ornet) Ornet (Orn

WEB APPLICATION SECURITY TESTING

A96 CALA Policy on the use of Computers in Accredited Laboratories Revision 1.5 August 4, 2015

Serv-U Distributed Architecture Guide

Transcription:

CLOUD COMPUTING: SECURITY THREATS AND MECHANISM Vaishali Jshi 1, Lakshmi 2, Vivek Gupta 3 1,2,3 Department f Cmputer Science Engineering, Acrplis Technical Campus, Indre ABSTRACT Clud cmputing is a mdel fr enabling cnvenient, n-demand netwrk access t a shared pl f cnfigurable cmputing resurces (e.g., netwrks, servers, strage, applicatins, and services) that can be rapidly prvisined and released with minimal management effrt r service prvider interactin. Clud cmputing is a significant advancement in the delivery f infrmatin technlgy and services. This paper explains the security threats and security mechanism in clud cmputing, and utlines what are the majr security cncerns which are stpping the rganizatin frm mving cmpletely t clud. Keywrds: Clud Cmputing, SaaS, PaaS, IaaS, Security, Threat, Mechanism I. INTRODUCTION Clud cmputing is a significant advancement in the delivery f infrmatin technlgy and services. By prviding n demand access t a shared pl f cmputing resurces in a self-service, dynamically scaled and metered manner, clud cmputing ffers cmpelling advantages in speed, agility and efficiency. With Clud Cmputing users can access database resurces via the Internet frm anywhere, fr as lng as they need, withut wrrying abut any maintenance r management f actual resurces. Five Essential Characteristics f clud cmputing are: On-demand self service Users are able t prvisin, mnitr and manage cmputing resurces as needed withut the help f human administratrs Brad netwrk access Cmputing services are delivered ver standard netwrks and hetergeneus devices Rapid elasticity IT resurces are able t scale ut and in quickly and n an as needed basis Resurce pling IT resurces are shared acrss multiple applicatins and tenants in a nn-dedicated manner Measured service IT resurce utilizatin is tracked fr each applicatin and tenant, typically fr public clud billing r private clud chargeback 1.1 Service mdel fr Clud Cmputing Infrastructure-as-a-Service (IaaS) Infrastructure-as-a-Service is the first layer and fundatin f clud cmputing. Using this service mdel, yu manage yur applicatins, data, perating system, middleware and runtime. The service prvider manages yur virtualizatin, servers, netwrking and strage. This allws yu t avid expenditure n hardware and human capital; reduce yur ROI risk; and streamline and autmate scaling. An example f a typical need fr this mdel 105 P a g e

is smene wh needs extra data space fr prcessing pwer n ccasin. Infrastructure-as-a-Service allws yu t easily scale based n yur needs and yu nly pay fr the resurces used.. Platfrm-as-a-Service (PaaS) This clud service mdel culd be cnsidered the secnd layer. Yu manage yur applicatins and data and the clud vendr manages everything else. Benefits fr using Platfrm-as-a-Service include streamlined versin deplyment and the ability t change r upgrade and minimize expenses. One ppular Platfrm-as-a-Service is the Ggle app engine.a business with limited resurces interested in app testing r develpment might find Platfrm-as-a-Service beneficial t eliminate csts f upkeep fr hardware. In this mdel, yur business benefits because it is nt necessary t hire peple t maintain these systems. A scalable prcessing center is available at yur dispsal t use as yu need (again, yu nly pay fr what yu use). Sftware-as-a-Service (SaaS) This is the final layer f the clud services mdel. This allws yur business t run prgrams in the clud where all prtins are managed by the clud vendr. Yur users will have assured cmpatibility and easier cllabratin because all will be using the same sftware. Yur cmpany wn t need t pay extra licensing fees and yu can easily add new users. As cnsumers we interact with Sftware-as-a-Service based applicatins everyday withut even realizing it. Examples f this are nline banking and email such as Gmail and Htmail. Fig.1: Clud Architecture 1.2 Clud Structures There are three primary deplyment mdels fr clud services: Private cluds, whether perated and hsted by enterprise IT department r by an external prvider, are fr the exclusive use f the rganizatin. Public cluds are pen t any number f rganizatins and individual users n a shared basis. Using a public clud minimizes initial capital investment and cmbines agility and efficiency with massive scalability. Hybrid cluds link private and public cluds, prviding access t extra resurces when the private clud hits maximum utilizatin r, a hybrid clud might split cmputing by tier between private and public cluds. II. CLOUD COMPUTING SECURITY There are majr securities cncerns which are stpping the rganizatin frm mving cmpletely t clud are: Is my data secure n clud? Can ther access my cnfidential data? What if an attacker brings dwn my applicatin which is hsted n clud? 106 P a g e

2.1 Key cncept in infrmatin security is CIA (Cnfidentiality, Integrity, Availability) triad. Cnfidentiality: ensures that yur data is cnfidential, unauthrized user can nt access yur data nly authrized user can access the data. Integrity: ensures that yur data remains as it is s n unauthrized user can change yur data. Availability: ensures that yur data, applicatin & services are always available t authrized users. 2.1 Security Cncerns in Clud Cmputing Multitenancy: Single server hst multiple VM Same infrmatin is shared by different rganizatin and VM might be cllcated in a single server. When multiple rganizatins have varius frm f security plicy hw des clud prvider make sure that each cmpany s security plicy is fulfilled. Velcity f attack: Infrastructure is huge s the surface which is available fr attack is huge that s why velcity f attack is als higher s because f this ptential lss is als high, because if 1 VM is attack the entire infrastructure might get attack. Infrmatin assurance and data wnership: In case f clud cmputing envirnment data and applicatin are hsted by clud service prvider s the clud service prvider has access t data but the wner is nt the CSP, the rganizatin is wner s hw t make sure that yur data is accessed nly by the authrized user and ensuring that the cnfidentiality is maintained. Data Privacy: T make sure that privacy f data is ensured in clud envirnment because multiple enterprises and multiple users might be using the same infrastructure and might have access the data s it is imprtant t make sure that privacy f data is maintained. 2.2 Clud Security Threats VM theft: is vulnerability which enable attacker t cpy a VM and use it fr attacking the rest f infrastructure. VM is nthing but a file s VM is saved as a file in virtual envirnment s if a file desn t have prper access privileges an authrized user can cpy yur VM file and use it fr attacking. S hyper jacking enables attackers t install VM mnitr that can take cntrl f the underline server resurces. Hyper wiser is a cmpnent that virtualized a server. Hyper jacking is an attack which takes cntrl ver the hyper wiser that creates the virtual envirnment within a VM hst. Data Leakage: Cnfidential data stred n a third party clud n is ptentially vulnerable t unauthrized access r manipulatin. Denial f service attack: It is an attempt t prevent legitimate users frm accessing a resurce r service. III. CLOUD SECURITY MECHANISM Cmpute and netwrk security Secure data at rest Identity and access management Risk analysis and cmpliance 107 P a g e

3.1 Security at Cmpute Level It includes Securing physical server Securing hypervisr Securing VMs VM islatin VM hardening Securing at guest OS level Guest OS hardening Securing at applicatin level Applicatin hardening 3.2 Securing Data-at-Rest Data-at- rest Data which is nt being transferred ver a netwrk Encryptin f Data-at-rest Prvides cnfidentiality and integrity services Reduces legal liabilities f a CSP due t an unauthrized disclsure f data at its clud. Full disk encryptin is a key methd t encrypt data at rest residing n a disk. 3.3 Identity and Access Management One time passwrd Every new access requires new passwrd A measure against passwrd cmprmises. Federated identity management is prvided as a service n clud Enables rganizatin t authenticate their users f clud service using the chsen identity prvider User identities acrss different rganizatin can be managed tgether t enable cllabratin n clud. 3.4 Risk Assessment Aim t identify ptential risks while perating n clud envirnment Shuld be perfrmed befre mving t a clud Used t determine the actual scpe fr clud adptin Cmpliance Clud adptin and peratin fr enterprise business need t abide by cmpliance plicies Types f cmpliance Internal plicy cmpliance Cntrls the nature f IT peratins within rganizatin Needs t maintain same cmpliance even when perating in clud External Regulatry cmpliance Includes legal legislatins and identity regulatins 108 P a g e

Cntrls the nature f IT peratin related t flw f data ut f an rganizatin May differs based n the type f infrmatin, business etc. IV. CONCLUSION Clud cmputing represents an exciting pprtunity t bring n-demand applicatins t custmers in an envirnment f reduced risk and enhanced reliability. Clud cmputing is particularly valuable t small and medium businesses, where effective and affrdable IT tls are critical t helping them becme mre prductive withut spending lts f mney n in-huse resurces and technical equipment. By adpting varius mechanism f clud cmputing security and take prper measure t avid threats in clud cmputing security, rganizatin can easily adapt themselves in clud envirnment. REFERENCES [1] Clud Applicatin Architectures: Building Applicatin by Gerge Reese. [2] Clud Cmputing: Web-Based Applicatins That Change the Way Yu Wrk and Cllabrate Online by Michael Miller [3] Grssman, R. L. The case f clud cmputing, prc. f IEEE Educatinal Activities Department, Piscataway, NJ, USA vl. 11, Issue 2, pp. 23-37, March, 2009. [4] M. D. Dikaiaks, D. Katsars, G. Pallis, A. Vakali, P. Mehra: Guest Editrs Intrductin: "Clud Cmputing, IEEE Internet Cmputing [5] Luis M. Vaquer et al., A Break in the Cluds: Tward a Clud Definitin, ACM SIGCOMM Cmputer Cmmunicatin Review, Vlume 39, Issue 1 (January 2009) [6] L. Kleinrck. A visin fr the Internet. ST Jurnal f Research, 2(1):4-5, Nv. 2005. 109 P a g e

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information