Professional Documents
Culture Documents
Cloud Security
Cloud Security
Cloud Security
Terminology
• Vulnerability
Weakness that can be exploited in a system
1 2
3 4
3 4
1
3/6/24
5 6
5 6
7 8
7 8
2
3/6/24
Standards Again ….
Ten Major Modules of Cyber Security
• Traditionally, it contains three goals to achieve adequate • Information Security and Risk Management
security • Access Control
• Security Architecture and Design
• Cryptography
• Network Security
• Applications Security (aka Data and Applications Security)
• Legal Regulations, Compliance and Investigations (aka Digital Forensics)
• Physical and Environmental Security
• Business Continuity Planning
• Operations Security
• Not included: Hardware security; Performance Analysis, Ethical Hacking
and Penetration Testing, - - -
9 10
Cloud Scenarios
Clouds
Public
Private
Cloud Security Challenges Hybrid
11 12
3
3/6/24
13 14
15 16
4
3/6/24
Federated Cloud
Number of Number of Number of
Public Private Public Localization
Machines Processors Cores
SECURITY
Cloud Cloud Cloud
Common Network
Memory
Bus Bandwidth
17 18
Requirement of security
Security is the Major Issue
• The end users of cloud computing usually not aware about
– Who has right to access your data?
– Are the backups encrypted? Where is the backup?
– How is the data transmitted and encrypted? How are users
authenticated?
– Has the service provider been tested by a reputable third party?
– How effectively your data segregated from other users?
– Is your data encrypted with good algorithm? Who holds the keys?
– Where is your data located? Which country? What about data
protection legislation?
20
19
19 20
5
3/6/24
Trusted Zones for VM Insulation Cloud Service Models and Their Security Demands
Insulate Anti-malware
Federate
Identity
infrastructure from Cybercrime
identities with Malware, Trojans
federation public clouds intelligence
and cybercriminals
Strong
authentication
APP APP Tenant
OS OS #2
Virtual Infrastructure
Insulate
Segregate and Encryption &
Access information
control user key mgmt
Mgmt from cloud
access providers’ Tokenization
21 22
23 24
6
3/6/24
25 26
27 28
7
3/6/24
29 30
31 32
8
3/6/24
33 34
Virtualization
Type 1
Type 2
35 36
9
3/6/24
• Attestation Protocols
Inherent Trust
• VMM is a single point of failure
• VM trusts the virtual hardware and VMM
37 38
39 40
10
3/6/24
41 42
43 44
11
3/6/24
45 46
LIMITATION
• Inter-VM traffic
• Mobility
• Non-transparency
• Bottlenecks in Performance
47 48
12
3/6/24
Security
Security
watchdog
watchdog
49 50
51 52
13
3/6/24
br-tun VM
n
eth0
Com pute Node N tap tap
SNORT unable to br-ex
snort detect intrusion
br-int Mgt Mgt br-int
External OpenV br-eth eth1 br-eth
Nw
VM1 eth1
switch
snort br-int
VM2
ext eth0
53 54
IP Link
55 56
14
3/6/24
HONEYPOT (VM) SE R V E R
(VM) GLASTOPF,DIONAEA,
HONEYNET HONEYD, KIPPO
O SSE C
SE R V E R
snort
br-tun
57 58
15