Embed Size (px)
Citation preview
A Cyber Security Model in Cloud Computing Environments
Guided By:Presented By:
Name Name
Content
Cloud Computing
Cyber Security
Cyber Security in Cloud Computing
Mean Failure Cost
Security Requirements
System Focus
Security Threats
Supporting Cloud Computing Business Model
Conclusion
Cloud Computing
Cloud Computing is using the Internet to access
someone else’s software running on someone else’s
hardware in someone else’s data center.
Cloud Architecture includes:
Cloud Service Model
Cloud Deployment Model
Essential Characteristics of Cloud
Cloud Computing Cloud Service Model
IaaS (Infrastructure as a Service)
PaaS (Platform as a Service)
SaaS (Software as a Service)
Cloud Deployment Model
Public Cloud
Private Cloud
Community Cloud
Hybrid Cloud
Essential Characteristic of Cloud
On demand self service
Broad Network Access
Resource Pooling
Rapid Elasticity
Measured Service
Cyber Security
Cyber Security is the collection of tools, policies,
security concepts, security safeguards, guidelines,
risk management approaches, actions, training, best
practices assurance & technologies that can be used
to protect the cyber environment & organization and
user’s assets.
Provides measures to be taken to protect a
computer or computer system against unauthorized
access or attack when connected to Internet.
Cyber Security
Cyber Crime Includes:
Illegal access
Illegal Interception
System Interference
Data Interference
Misuse of devices
Fraud
Cyber Security helps to defend from hacks and virus.
Cyber security or Cyberspace security is the preservation
of confidentiality, integrity and availability of information in
the Cyberspace.
Cyber Security in Cloud Computing
Today all Individual & Organizations are moving
towards cloud computing that has a direct impact
on cyber security.
It's a threat that's only getting bigger, the risk of
hackers stealing data has grown exponentially.
Mean Failure Cost
An MFC is a Measure of Cyber Security.
Measures the security in terms of the loss that each
stakeholder stands to sustain as a result of security
breakdown.
It uses 3 matrices to measure the cost or to
estimate the risk,
The Stakes matrix
The Dependency matrix
The Impact matrix
Mean Failure Cost
Mean Failure Cost
Mean Failure Cost
Summarizing,
Given Stakes matrix (ST), Dependability matrix (DP),
Impact matrix (IM) & Threat vector (PT).
The vector of Mean Failure Cost (MFC) can be derived by
the following formula,
MFC = ST . DP. IM . PT
=> MFC = ST . DP. PE
=> MFC = ST . PR
Where, PR = Vector of Probability of failing security
requirements
PE = Vector of Probability of events
Security Requirements
Stakeholder focus Security Requirements
Three class of stakeholders in cloud computing can
be considered,
The Service Provider
The Corporate/ Organizational Subscribers
The Individual Subscribers
Three important pillars of Cloud Security S/W
assurance,
Availability
Integrity
Confidentiality
Security Requirements
Availability
Critical Data
Archival Data
Integrity
Critical Data
Archival Data
Confidentiality
Highly Classified Data
Proprietary Data
Public Data
System Focus
Cloud Computing System focuses on two parts,
The Front End (Components)
The Back End (Services)
Front End is,
The Client side &
The Applications required to access the cloud system.
Back End is,
Cloud Section of the System with various services & servers,
data storages, s/w and physical/ virtual computers.
Cost is optimized by virtualization technique in cloud
computing paradigm.
Security Threats
Virtualization causes major security risks.
It’s a s/w layer that emulates h/w to increase
utilization and it ensures different instances are
running on the same physical machine are isolated
from each-other.
Therefore cloud computing system in threaten by
many types of attacks, which includes:
Security Threats originating from the host (hypervisor)
Security Threats originating between the customer &
the datacenter
Security Threats originating from the virtual machines
Security Threats
Security Threats originating from the host
(hypervisor),
Monitoring virtual machines from host
Virtual machine modification
Threats on communications between virtual machines
and host
Placement of malicious VM images on physical systems
Security Threats
Security Threats originating between the customer
& the datacenter,
Flooding attacks
Denial of service (DoS)
Data loss or leakage
Malicious insiders
Account, service and traffic hijacking
Abuse and nefarious use of cloud computing
Insecure application programing interfaces
Security Threats
Security Threats originating from the virtual
machines,
Monitoring VMs from other VMs
Virtual machine mobility
Threats on communications between virtual machines
Supporting Cloud Computing Business Model
The security cost model enables us to rationalized
security related decision making. For example,
Pricing Security Upgrade
Judging the cost effectiveness security enhancement
Conclusion
Cloud computing does not offer absolute security.
But we can measure security by offering
quantitative model that quantify the risks on the
basis of analysis.
The proposed matric offers:
Security in economic term, enabling stakeholder to
quantify risks.
Depending on the stakes security value changes
The value of MFC security matric reflects the
heterogeneity of the security requirements.
~~~THANK YOU~~~
