security and privacy in cloud...
TRANSCRIPT
![Page 1: Security and Privacy in Cloud Computingcs.jhu.edu/~ragib/sp10/cs412/lectures/600.412.lecture01.pdfCloud computing is a new computing paradigm, involving data and/or computation outsourcing,](https://reader034.vdocument.in/reader034/viewer/2022050512/5f9ca4d451447f08b55630ca/html5/thumbnails/1.jpg)
Ragib HasanJohns Hopkins Universityen.600.412 Spring 2010
Lecture 101/25/2010
Security and Privacy in Cloud Computing
![Page 2: Security and Privacy in Cloud Computingcs.jhu.edu/~ragib/sp10/cs412/lectures/600.412.lecture01.pdfCloud computing is a new computing paradigm, involving data and/or computation outsourcing,](https://reader034.vdocument.in/reader034/viewer/2022050512/5f9ca4d451447f08b55630ca/html5/thumbnails/2.jpg)
Welcome to the class
Administrative details
When? : Monday 3pm-3.50pm
Where?: Shaffer 202
Web: http://www.cs.jhu.edu/~ragib/sp10/cs412
Instructor: Ragib Hasan, 324NEB, [email protected]
Office hours: Monday 4pm-5pm (more TBA)
1/25/2010 2en.600.412 Spring 2010
![Page 3: Security and Privacy in Cloud Computingcs.jhu.edu/~ragib/sp10/cs412/lectures/600.412.lecture01.pdfCloud computing is a new computing paradigm, involving data and/or computation outsourcing,](https://reader034.vdocument.in/reader034/viewer/2022050512/5f9ca4d451447f08b55630ca/html5/thumbnails/3.jpg)
Goals of the course
• Identify the cloud computing security issues
• Explore cloud computing security issues
• Learn about latest research
1/25/2010 3en.600.412 Spring 2010
![Page 4: Security and Privacy in Cloud Computingcs.jhu.edu/~ragib/sp10/cs412/lectures/600.412.lecture01.pdfCloud computing is a new computing paradigm, involving data and/or computation outsourcing,](https://reader034.vdocument.in/reader034/viewer/2022050512/5f9ca4d451447f08b55630ca/html5/thumbnails/4.jpg)
Plan
Each week, we will
– Pick a different cloud computing security topic
– Discuss general issues on the topic
– Read one or two latest research paper on that topic
1/25/2010 4en.600.412 Spring 2010
![Page 5: Security and Privacy in Cloud Computingcs.jhu.edu/~ragib/sp10/cs412/lectures/600.412.lecture01.pdfCloud computing is a new computing paradigm, involving data and/or computation outsourcing,](https://reader034.vdocument.in/reader034/viewer/2022050512/5f9ca4d451447f08b55630ca/html5/thumbnails/5.jpg)
Evaluations
Based on paper reviews
– Students taking the course for credit will have to submit 1 paper review per week
– The reviews will be short, 1 page discussion of the paper’s pros and cons (format will be posted on the class webpage)
1/25/2010 5en.600.412 Spring 2010
![Page 6: Security and Privacy in Cloud Computingcs.jhu.edu/~ragib/sp10/cs412/lectures/600.412.lecture01.pdfCloud computing is a new computing paradigm, involving data and/or computation outsourcing,](https://reader034.vdocument.in/reader034/viewer/2022050512/5f9ca4d451447f08b55630ca/html5/thumbnails/6.jpg)
What is Cloud Computing?
1/25/2010 6en.600.412 Spring 2010
Let’s hear from the “experts”
![Page 7: Security and Privacy in Cloud Computingcs.jhu.edu/~ragib/sp10/cs412/lectures/600.412.lecture01.pdfCloud computing is a new computing paradigm, involving data and/or computation outsourcing,](https://reader034.vdocument.in/reader034/viewer/2022050512/5f9ca4d451447f08b55630ca/html5/thumbnails/7.jpg)
What is Cloud Computing?
1/25/2010 en.600.412 Spring 2010 7
The infinite wisdom of the crowds (via Google Suggest)
![Page 8: Security and Privacy in Cloud Computingcs.jhu.edu/~ragib/sp10/cs412/lectures/600.412.lecture01.pdfCloud computing is a new computing paradigm, involving data and/or computation outsourcing,](https://reader034.vdocument.in/reader034/viewer/2022050512/5f9ca4d451447f08b55630ca/html5/thumbnails/8.jpg)
What is Cloud Computing?
1/25/2010 en.600.412 Spring 2010 8
Larry Ellison, founder of Oracle
We’ve redefined Cloud Computing to include everything that we already do. . . . I don’t understand what we would do differently in the light of Cloud Computing other than change the wording of some of our ads.
![Page 9: Security and Privacy in Cloud Computingcs.jhu.edu/~ragib/sp10/cs412/lectures/600.412.lecture01.pdfCloud computing is a new computing paradigm, involving data and/or computation outsourcing,](https://reader034.vdocument.in/reader034/viewer/2022050512/5f9ca4d451447f08b55630ca/html5/thumbnails/9.jpg)
What is Cloud Computing?
1/25/2010 en.600.412 Spring 2010 9
Richard StallmanGNU
It’s stupidity. It’s worse than stupidity: it’s a marketing hype campaign
![Page 10: Security and Privacy in Cloud Computingcs.jhu.edu/~ragib/sp10/cs412/lectures/600.412.lecture01.pdfCloud computing is a new computing paradigm, involving data and/or computation outsourcing,](https://reader034.vdocument.in/reader034/viewer/2022050512/5f9ca4d451447f08b55630ca/html5/thumbnails/10.jpg)
What is Cloud Computing?
1/25/2010 en.600.412 Spring 2010 10
Ron RivestThe R of RSA
Cloud Computing will become a focal point of our work in security. I’m optimistic …
![Page 11: Security and Privacy in Cloud Computingcs.jhu.edu/~ragib/sp10/cs412/lectures/600.412.lecture01.pdfCloud computing is a new computing paradigm, involving data and/or computation outsourcing,](https://reader034.vdocument.in/reader034/viewer/2022050512/5f9ca4d451447f08b55630ca/html5/thumbnails/11.jpg)
So, What really is Cloud Computing?
Cloud computing is a new computing paradigm, involving data and/or computation outsourcing, with
– Infinite and elastic resource scalability
– On demand “just-in-time” provisioning
– No upfront cost … pay-as-you-go
1/25/2010 en.600.412 Spring 2010 11
That is, use as much or as less you need, use only when you want, and pay only what you use,
![Page 12: Security and Privacy in Cloud Computingcs.jhu.edu/~ragib/sp10/cs412/lectures/600.412.lecture01.pdfCloud computing is a new computing paradigm, involving data and/or computation outsourcing,](https://reader034.vdocument.in/reader034/viewer/2022050512/5f9ca4d451447f08b55630ca/html5/thumbnails/12.jpg)
The real story
“Computing Utility” – holy grail of computer science in the 1960s. Code name: MULTICS
1/25/2010 en.600.412 Spring 2010 12
Why it failed?
•Ahead of time … lack of communication tech. (In other words, there was NO (public) Internet)
•And personal computer became cheaper and stronger
![Page 13: Security and Privacy in Cloud Computingcs.jhu.edu/~ragib/sp10/cs412/lectures/600.412.lecture01.pdfCloud computing is a new computing paradigm, involving data and/or computation outsourcing,](https://reader034.vdocument.in/reader034/viewer/2022050512/5f9ca4d451447f08b55630ca/html5/thumbnails/13.jpg)
The real story
Mid to late ’90s, Grid computing was proposed to link and share computing resources
1/25/2010 en.600.412 Spring 2010 13
![Page 14: Security and Privacy in Cloud Computingcs.jhu.edu/~ragib/sp10/cs412/lectures/600.412.lecture01.pdfCloud computing is a new computing paradigm, involving data and/or computation outsourcing,](https://reader034.vdocument.in/reader034/viewer/2022050512/5f9ca4d451447f08b55630ca/html5/thumbnails/14.jpg)
The real story … continued
1/25/2010 en.600.412 Spring 2010 14
Post-dot-com bust, big companies ended up with large data centers, with low utilization
Solution: Throw in virtualization technology, and sell the excess computing power
And thus, Cloud Computing was born …
![Page 15: Security and Privacy in Cloud Computingcs.jhu.edu/~ragib/sp10/cs412/lectures/600.412.lecture01.pdfCloud computing is a new computing paradigm, involving data and/or computation outsourcing,](https://reader034.vdocument.in/reader034/viewer/2022050512/5f9ca4d451447f08b55630ca/html5/thumbnails/15.jpg)
Cloud computing provides numerous economic advantages
For clients:
– No upfront commitment in buying/leasing hardware
– Can scale usage according to demand
– Barriers to entry lowered for startups
For providers:
– Increased utilization of datacenter resources
1/25/2010 en.600.412 Spring 2010 15
![Page 16: Security and Privacy in Cloud Computingcs.jhu.edu/~ragib/sp10/cs412/lectures/600.412.lecture01.pdfCloud computing is a new computing paradigm, involving data and/or computation outsourcing,](https://reader034.vdocument.in/reader034/viewer/2022050512/5f9ca4d451447f08b55630ca/html5/thumbnails/16.jpg)
Cloud computing means selling “X as a service”
IaaS: Infrastructure as a Service
– Selling virtualized hardware
PaaS: Platform as a service
– Access to a configurable platform/API
SaaS: Software as a service
– Software that runs on top of a cloud
1/25/2010 en.600.412 Spring 2010 16
![Page 17: Security and Privacy in Cloud Computingcs.jhu.edu/~ragib/sp10/cs412/lectures/600.412.lecture01.pdfCloud computing is a new computing paradigm, involving data and/or computation outsourcing,](https://reader034.vdocument.in/reader034/viewer/2022050512/5f9ca4d451447f08b55630ca/html5/thumbnails/17.jpg)
Cloud computing architecture
1/25/2010 en.600.412 Spring 2010 17
e.g., Web browser
SaaS , e.g., Google Docs
PaaS, e.g., Google AppEngine
IaaS, e.g., Amazon EC2
![Page 18: Security and Privacy in Cloud Computingcs.jhu.edu/~ragib/sp10/cs412/lectures/600.412.lecture01.pdfCloud computing is a new computing paradigm, involving data and/or computation outsourcing,](https://reader034.vdocument.in/reader034/viewer/2022050512/5f9ca4d451447f08b55630ca/html5/thumbnails/18.jpg)
Different types of cloud computing
1/25/2010 en.600.412 Spring 2010 18
Amazon EC2Clients can rent virtualized hardware, can control the software stack on the rented machines
Google AppEngineProvides a programmable platform that can scale easily
Microsoft AzureClients can choose languages, but can’t change the operating system or runtime
IaaSPaaS
![Page 19: Security and Privacy in Cloud Computingcs.jhu.edu/~ragib/sp10/cs412/lectures/600.412.lecture01.pdfCloud computing is a new computing paradigm, involving data and/or computation outsourcing,](https://reader034.vdocument.in/reader034/viewer/2022050512/5f9ca4d451447f08b55630ca/html5/thumbnails/19.jpg)
So, if cloud computing is so great, why aren’t everyone doing it?
1/25/2010 en.600.412 Spring 2010 19
Clouds are still subject to traditional data confidentiality,
integrity, availability, and privacy issues, plus some
additional attacks
![Page 20: Security and Privacy in Cloud Computingcs.jhu.edu/~ragib/sp10/cs412/lectures/600.412.lecture01.pdfCloud computing is a new computing paradigm, involving data and/or computation outsourcing,](https://reader034.vdocument.in/reader034/viewer/2022050512/5f9ca4d451447f08b55630ca/html5/thumbnails/20.jpg)
Companies are still afraid to use clouds
1/25/2010 en.600.412 Spring 2010 20
[Chow09ccsw]
![Page 21: Security and Privacy in Cloud Computingcs.jhu.edu/~ragib/sp10/cs412/lectures/600.412.lecture01.pdfCloud computing is a new computing paradigm, involving data and/or computation outsourcing,](https://reader034.vdocument.in/reader034/viewer/2022050512/5f9ca4d451447f08b55630ca/html5/thumbnails/21.jpg)
Anatomy of fear …
Confidentiality
– Will the sensitive data stored on a cloud remain confidential? Will cloud compromises leak confidential client data (i.e., fear of loss of control over data)
– Will the cloud provider itself be honest and won’t peek into the data?
1/25/2010 en.600.412 Spring 2010 21
![Page 22: Security and Privacy in Cloud Computingcs.jhu.edu/~ragib/sp10/cs412/lectures/600.412.lecture01.pdfCloud computing is a new computing paradigm, involving data and/or computation outsourcing,](https://reader034.vdocument.in/reader034/viewer/2022050512/5f9ca4d451447f08b55630ca/html5/thumbnails/22.jpg)
Anatomy of fear …
Integrity
– How do I know that the cloud provider is doing the computations correctly?
– How do I ensure that the cloud provider really stored my data without tampering with it?
1/25/2010 en.600.412 Spring 2010 22
![Page 23: Security and Privacy in Cloud Computingcs.jhu.edu/~ragib/sp10/cs412/lectures/600.412.lecture01.pdfCloud computing is a new computing paradigm, involving data and/or computation outsourcing,](https://reader034.vdocument.in/reader034/viewer/2022050512/5f9ca4d451447f08b55630ca/html5/thumbnails/23.jpg)
Anatomy of fear …
Availability
– Will critical systems go down at the client, if the provider is attacked in a Denial of Service attack?
– What happens if cloud provider goes out of business?
1/25/2010 en.600.412 Spring 2010 23
![Page 24: Security and Privacy in Cloud Computingcs.jhu.edu/~ragib/sp10/cs412/lectures/600.412.lecture01.pdfCloud computing is a new computing paradigm, involving data and/or computation outsourcing,](https://reader034.vdocument.in/reader034/viewer/2022050512/5f9ca4d451447f08b55630ca/html5/thumbnails/24.jpg)
Anatomy of fear …
Privacy issues raised via massive data mining
– Cloud now stores data from a lot of clients, and can run data mining algorithms to get large amounts of information on clients
1/25/2010 en.600.412 Spring 2010 24
![Page 25: Security and Privacy in Cloud Computingcs.jhu.edu/~ragib/sp10/cs412/lectures/600.412.lecture01.pdfCloud computing is a new computing paradigm, involving data and/or computation outsourcing,](https://reader034.vdocument.in/reader034/viewer/2022050512/5f9ca4d451447f08b55630ca/html5/thumbnails/25.jpg)
Anatomy of fear …
Increased attack surface
– Entity outside the organization now stores and computes data, and so
– Attackers can now target the communication link between cloud provider and client
– Cloud provider employees can be phished
1/25/2010 en.600.412 Spring 2010 25
![Page 26: Security and Privacy in Cloud Computingcs.jhu.edu/~ragib/sp10/cs412/lectures/600.412.lecture01.pdfCloud computing is a new computing paradigm, involving data and/or computation outsourcing,](https://reader034.vdocument.in/reader034/viewer/2022050512/5f9ca4d451447f08b55630ca/html5/thumbnails/26.jpg)
Anatomy of fear …
Auditability and forensics
– Difficult to audit data held outside organization in a cloud
– Forensics also made difficult since now clients don’t maintain data locally
1/25/2010 en.600.412 Spring 2010 26
![Page 27: Security and Privacy in Cloud Computingcs.jhu.edu/~ragib/sp10/cs412/lectures/600.412.lecture01.pdfCloud computing is a new computing paradigm, involving data and/or computation outsourcing,](https://reader034.vdocument.in/reader034/viewer/2022050512/5f9ca4d451447f08b55630ca/html5/thumbnails/27.jpg)
Anatomy of fear …
Legal quagmire and transitive trust issues
– Who is responsible for complying with regulations (e.g., SOX, HIPAA, GLBA)?
– If cloud provider subcontracts to third party clouds, will the data still be secure?
1/25/2010 en.600.412 Spring 2010 27
![Page 28: Security and Privacy in Cloud Computingcs.jhu.edu/~ragib/sp10/cs412/lectures/600.412.lecture01.pdfCloud computing is a new computing paradigm, involving data and/or computation outsourcing,](https://reader034.vdocument.in/reader034/viewer/2022050512/5f9ca4d451447f08b55630ca/html5/thumbnails/28.jpg)
What we need is to …
• Adapt well known techniques for resolving some cloud security issues
• Perform new research and innovate to make clouds secure
1/25/2010 en.600.412 Spring 2010 28
![Page 29: Security and Privacy in Cloud Computingcs.jhu.edu/~ragib/sp10/cs412/lectures/600.412.lecture01.pdfCloud computing is a new computing paradigm, involving data and/or computation outsourcing,](https://reader034.vdocument.in/reader034/viewer/2022050512/5f9ca4d451447f08b55630ca/html5/thumbnails/29.jpg)
Final quote
1/25/2010 en.600.412 Spring 2010 29
[Cloud Computing] is a security nightmare and it can't be handled in traditional ways.
John ChambersCISCO CEO
![Page 30: Security and Privacy in Cloud Computingcs.jhu.edu/~ragib/sp10/cs412/lectures/600.412.lecture01.pdfCloud computing is a new computing paradigm, involving data and/or computation outsourcing,](https://reader034.vdocument.in/reader034/viewer/2022050512/5f9ca4d451447f08b55630ca/html5/thumbnails/30.jpg)
1/25/2010 30en.600.412 Spring 2010
Further Reading
Armbrust et al., Above the Clouds: A Berkeley View of Cloud Computing, UC Berkeley Tech Report UCB/EECS-2009-28, February 2009.
Chow et al., Cloud Computing: Outsourcing Computation without Outsourcing Control, 1st ACM Cloud Computing Security Workshop, November 2009.