The Cloud Computing Paradigm

Hassan TakabiLERSAIS @ SIS @ PITT

01-27-2011

2

Agenda

• Understanding Cloud Computing• Cloud Computing Security • Secure Cloud Migration Paths• Foundational Elements of Cloud Computing• Cloud Computing Case Studies and Security Models

Understanding Cloud Computing

3

4

Origin of the term “Cloud Computing”

• “Comes from the early days of the Internet where we drew the network as a cloud… we didn’t care where the messages went… the cloud hid it from us” – Kevin Marks, Google

• First cloud around networking (TCP/IP abstraction)• Second cloud around documents (WWW data abstraction)• The emerging cloud abstracts infrastructure complexities of

servers, applications, data, and heterogeneous platforms– (“muck” as Amazon’s CEO Jeff Bezos calls it)

5

A Working Definition of Cloud Computing

• Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

• This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.

Essential Cloud Characteristics

• On-demand self-service– Get computing capabilities as needed

automatically

• Broad network access– Services available over the net using

desktop, laptop, PDA, mobile phone

6

Essential Cloud Characteristics (Cont.)

• Resource pooling– Location independence– Provider resources pooled to server multiple clients

• Rapid elasticity– Ability to quickly scale in/out service

• Measured service– control, optimize services based on metering

7

Cloud Service Models

• Cloud Software as a Service (SaaS)– Use provider’s applications over a network– User doesn’t manage or control the network, servers, OS,

storage or applications• Cloud Platform as a Service (PaaS)

– Users deploy their applications on a cloud– Users control their apps– Users don’t manage servers, IS, storage

8

Cloud Service Models (Cont.)• Cloud Infrastructure as a Service (IaaS)

– Rent processing, storage, network capacity, and other fundamental computing resources

– Consumers gets access to the infrastructure to deploy their stuff

– Don’t manage or control the infrastructure– Do manage or control the OS, storage, apps,

selected network components• To be considered “cloud” they must be deployed on

top of cloud infrastructure that has the key characteristics

9

Service Model ArchitecturesCloud Infrastructure

IaaS

PaaS

SaaS

Infrastructure as a Service (IaaS) Architectures

Platform as a Service (PaaS)Architectures

Software as a Service (SaaS)

Architectures

Cloud Infrastructure

SaaS

Cloud Infrastructure

PaaS

SaaS

Cloud Infrastructure

IaaS

PaaS

Cloud Infrastructure

PaaS

Cloud Infrastructure

IaaS

10

Cloud Deployment Models

• Private cloud – single org only, – managed by the org or a 3rd party, – on or off premise

• Community cloud– shared infrastructure for specific community– several orgs that have shared concerns, – managed by org or a 3rd party

11

Cloud Deployment Models (Cont.)

• Public cloud– Sold to the public, mega-scale infrastructure– available to the general public

• Hybrid cloud– composition of two or more clouds– bound by standard or proprietary technology

12

Common Cloud Characteristics

• Cloud computing often leverages:– Massive scale– Homogeneity– Virtualization– Resilient computing– Low cost software– Geographic distribution– Service orientation– Advanced security technologies

13

The NIST Cloud Definition Framework

14

CommunityCommunityCloudCloud

Private Private CloudCloud

Public CloudPublic Cloud

Hybrid Clouds

DeploymentModels

ServiceModels

EssentialCharacteristics

Common Characteristics

Software as a Service (SaaS)

Platform as a Service (PaaS)

Infrastructure as a Service (IaaS)

Resource Pooling

Broad Network Access Rapid Elasticity

Measured Service

On Demand Self-Service

Low Cost Software

Virtualization Service Orientation

Advanced Security

Homogeneity

Massive Scale Resilient Computing

Geographic Distribution

15

Cloud Computing Security

Security is the Major Issue

16

General Security Advantages

• Shifting public data to a external cloud reduces the exposure of the internal sensitive data

• Cloud homogeneity makes security auditing/testing simpler

• Clouds enable automated security management

• Redundancy / Disaster Recovery

17

General Security Challenges

• Trusting vendor’s security model• Customer inability to respond to audit findings• Obtaining support for investigations• Indirect administrator accountability• Proprietary implementations can’t be examined• Loss of physical control

18

Security Relevant Cloud Components

• Cloud Provisioning Services• Cloud Data Storage Services • Cloud Processing Infrastructure• Cloud Support Services • Cloud Network and Perimeter Security• Elastic Elements: Storage, Processing, and

Virtual Networks

19

Provisioning Service

• Advantages– Rapid reconstitution of services – Enables availability

• Provision in multiple data centers / multiple instances

– Advanced honey net capabilities

• Challenges– Impact of compromising the provisioning service

20

Data Storage Services

• Advantages– Data fragmentation and dispersal– Automated replication– Provision of data zones (e.g., by country)– Encryption at rest and in transit– Automated data retention

• Challenges– Isolation management / data multi-tenancy– Storage controller

• Single point of failure / compromise?– Exposure of data to foreign governments

21

Cloud Processing Infrastructure

• Advantages– Ability to secure masters and push out secure

images

• Challenges– Application multi-tenancy– Reliance on hypervisors– Process isolation / Application sandboxes

22

Cloud Support Services

• Advantages– On demand security controls (e.g., authentication,

logging, firewalls…)

• Challenges– Additional risk when integrated with customer

applications– Needs certification and accreditation as a

separate application– Code updates

23

Cloud Network and Perimeter Security

• Advantages– Distributed denial of service protection– VLAN capabilities– Perimeter security (IDS, firewall, authentication)

• Challenges– Virtual zoning with application mobility

24

Cloud Security Advantages

• Data Fragmentation and Dispersal• Dedicated Security Team• Greater Investment in Security Infrastructure• Fault Tolerance and Reliability• Greater Resiliency• Hypervisor Protection Against Network Attacks• Possible Reduction of C&A Activities (Access to

Pre-Accredited Clouds)25

Cloud Security Advantages (Cont.)

• Simplification of Compliance Analysis• Data Held by Unbiased Party (cloud vendor

assertion)• Low-Cost Disaster Recovery and Data Storage

Solutions• On-Demand Security Controls• Real-Time Detection of System Tampering• Rapid Re-Constitution of Services• Advanced Honeynet Capabilities

26

Cloud Security Challenges

• Data dispersal and international privacy laws– EU Data Protection Directive and U.S. Safe Harbor

program– Exposure of data to foreign government and data

subpoenas– Data retention issues

• Need for isolation management• Multi-tenancy • Logging challenges• Data ownership issues • Quality of service guarantees

27

Cloud Security Challenges (Cont.)

• Dependence on secure hypervisors• Attraction to hackers (high value target)• Security of virtual OSs in the cloud • Possibility for massive outages• Encryption needs for cloud computing

– Encrypting access to the cloud resource control interface– Encrypting administrative access to OS instances– Encrypting access to applications– Encrypting application data at rest

• Public cloud vs internal cloud security • Lack of public SaaS version control

28

Additional Issues• Issues with moving PII and sensitive data to the cloud

– Privacy impact assessments• Using SLAs to obtain cloud security

– Suggested requirements for cloud SLAs– Issues with cloud forensics

• Contingency planning and disaster recovery for cloud implementations

• Handling compliance– FISMA – HIPAA – SOX– PCI – SAS 70 Audits

29

Obstacles & Opportunities

30

31

Unique Features

• Outsourcing Data and Applications • Extensibility and Shared Responsibility• Multi-tenancy • Service-Level Agreements • Virtualization and Hypervisors • Heterogeneity • Compliance and Regulations

32

Security Implications

33

Security and Privacy Challenges

• Authentication and Identity Management– interoperability – password-based: inherited limitation – How multi-tenancy can affect the privacy of

identity information isn’t yet well understood. – multi-jurisdiction issue – integrated with other security components.

34

Security and Privacy Challenges

• Access Control and Accounting– Heterogeneity and diversity of services, as well as

the domains’ diverse access requirements – capture dynamic, context, or attribute- or

credential-based access requirements – integrate privacy-protection requirements – interoperability – capture relevant aspects of SLAs

35

Security and Privacy Challenges

• Trust Management and Policy Integration– compose multiple services to enable bigger

application services – efficiently capturing a generic set of parameters

required for establishing trust and to manage evolving trust and interaction/sharing requirements

– address challenges such as semantic heterogeneity, secure interoperability, and policy-evolution management.

36

Security and Privacy Challenges

• Secure-Service Management– WSDL can’t fully meet the requirements of cloud

computing services description – issues such as quality of service, price, and SLAs– automatic and systematic service provisioning and

composition framework that considers security and privacy issues

37

Security and Privacy Challenges

• Privacy and Data Protection– storing data and applications on systems that

reside outside of on-premise datacenters– shared infrastructure, risk of potential

unauthorized access and exposure.– Privacy-protection mechanisms must be

embedded in all security solutions.– Provenance – Balancing between data provenance and privacy

38

Security and Privacy Challenges

• Organizational Security Management– shared governance can become a significant issue

if not properly addressed – Dependence on external entities – the possibility of an insider threat is significantly

extended when outsourcing data and processes to clouds.

39

40

Security and Privacy Approaches

• Authentication and Identity Management– User-centric IDM– users control their digital identities and takes

away the complexity of IDM from the enterprises– federated IDM solutions– privacy-preserving protocols to verify various

identity attributes by using, for example, zero-knowledge proof-based techniques

41

Security and Privacy Approaches

• Access Control Needs– RBAC– policy-integration needs– credential-based RBAC, GTRBAC,8 location-based

RBAC

42

Security and Privacy Approaches

• Secure Interoperation– Multi-domain– centralized approach– decentralized approaches– specification frameworks to ensure that the cross-

domain accesses are properly specified, verified, and enforced

– Policy engineering mechanisms

43

Security and Privacy Approaches

• Secure-Service Provisioning and Composition– Open Services Gateway Initiative (OSGi)– Declarative OWL-based language can be used to

provide a service definition manifest, including a list of distinct component types that make up the service, functional requirements, component grouping and topology instructions

44

Security and Privacy Approaches

• Trust Management Framework– trust-based policy integration– Delegation– must be incorporated in service composition

framework

45

Security and Privacy Approaches

• Data-Centric Security and Privacy– shifts data protection from systems and

applications– documents must be self-describing and defending

regardless of their environments.

46

Security and Privacy Approaches

• Managing Semantic Heterogeneity– semantic heterogeneity among policies– Use of an ontology is the most promising

approach– policy framework and a policy enforcement

architecture– inference engines

47

48

Questions?