Embed Size (px)
DESCRIPTION
Security Framework For Cloud Computing. - Sharath Reddy Gajjala. INTRODUCTION. Cloud computing emerged as modern technology and considered as next big thing to come. It has grown up from just being a concept to a major part of IT industry. So requires new security issues and new challenges - PowerPoint PPT Presentation
Citation preview
Security Framework For Cloud Computing
-Sharath Reddy Gajjala
INTRODUCTION
• Cloud computing emerged as modern technology and considered as next big thing to come.
• It has grown up from just being a concept to a major part of IT industry.
• So requires new security issues and new challenges
• Changed the entire process of distributed computing.
INTRODUCTION
• Generally works on three type of architecture namely.
• SaaS (Software as a Service)• PaaS (Platform as a Service)• IaaS (Infrastructure as a Service)• Different issue and challenges with each
technology.
Software as a Service (SaaS)
• Hosts and manages a given application in their data center.
• Makes it available to multiple users over the web.
• Examples:• Oracles CRM on Demand, Salesforce.com
Platform as a Service (PaaS)
• Application development and deployment platform for developers.
• No cost and complexity of buying and managing the infrastructure.
• All the facilities required for lifecycle are entirely available.
• Includes Database, Middleware, development tools and infrastructure software.
• Google App engine and Engine yard
Infrastructure as a Service (IaaS)
• Delivery of hardware and software as a service.
• Does not require any long-term commitment.• Allows users to provision resourses on
demand.
Cloud Computing Environment
Security Challenges
• Cloud Service Security Accidents in Recent Years: March 2009 Google leaked a large no of documents. Microsoft Azure stopped working for 22 hours. April 2011 Amazon EC2 service disruptions Influences on the service of Quora, Reddit etc.Caused a great loss even devastating blow.
Threats To Cloud Computing
• Changes to business model• Abusive use of cloud computing• Insecure interfaces and API• Malicious insiders• Shared technology issues• Data loss and leakage• Service hijacking• Risk profiling• Identity theft
Attacks on Cloud Computing
• Zombie Attack• Service injection attack• Attacks on virtualization• Man-in-the Middle attack• Metadata spoofing• Phishing• Backdoor channel attack
Proposed Security Model
• User can be certified by 3rd party CA• Issued token for service by End User Service
Portal.• User can use services provided by single
service provider.• EUSP provides secure access control using
VPN (Virtual Private Network) and cloud service managing and configuration.
Proposed Security Model
Framework For Secure Cloud Computing
• Based on security model• Describes each component• Apply needed technologies for
implementation between components.• Access control process is done on each
component for providing flexible service.
Framework Components
• Client• End-User Service Portal• Single sign-on (SSO)• Service Configuration• Service Gateway, Service Broker• Security Control• Security Management• Trust Management• Service Monitoring
Framework
Conclusion
• Cloud computing is a technology of rapid development.
• Security is the main obstacle which must be solved.
• security is not just a technical problem it also involves standardization, Supervising mode, laws and regulations and many other aspects.
• Future research should be directed towards management of risks, developing risk assessment.
Thank You
