A Seminar on Securities In Cloud Computing

1
A Seminar on Securities In Cloud Computing

• Presented by
• Sanjib Kumar Raul
  Mtech(ICT)
• Roll-10IT61B09
• IIT
  Kharagpur
• Under the
  supervision of
• Prof. Indranil
  Sengupta
• HOD,Computer Science

2
Content

• What is Cloud Computing
• Cloud Architecture
• Cloud Structure
• Types of security in cloud computing
• Security concern
• Data Confidentiality in cloud computing.
• Problem in cloud computing.
• Conclusion
• References

3
What is Cloud Computing

• It is an Internet-based computing technology,
  where shared resources such as software,
  platform, storage and information are provided to
  customers on demand.
• Cloud Computing is a computing platform for
  sharing resources that include infrastructures,
  software, applications, and business
• processes.
• Cloud Computing is a virtual pool of computing
  resources.It provides computing resources in the
  pool for users through internet.

4
Cloud Architecture
A Basic Cloud Network
5
Cont..

• Components of cloud computing
• Front end
• The front end is the clients network
  or computer, and the applications
  used to access the cloud.
• Back end
• The back end is the cloud itself,
  which comprises of various computers, servers and
  data storage devices.

6
Cloud structure and Types

• The user can access any service which he/she
  wants for a specific task and for a specific
  amount of time.

7
Types

• Public cloud In public clouds, multiple
  customers share the computing resources provided
  by a single service provider.
• Private cloud In the private cloud, computing
  resources are used and controlled by a private
  enterprise.

8
Cont..

• Hybrid cloud A third type can be hybrid cloud
  that is typical combination of public and private
  cloud.
• Community cloud Several organizations jointly
  construct and share the same cloud infrastructure
  as well as policies,requirements, values, and
  concerns.

9
Models of Cloud Computing

• Model 1Infrastructure as a service(Iaas)
• Model 2Platform as a Service(PaaS)

10
Cont..

• Model 3Software as a Service(SaaS)
• Model 4Business Process as a Service(BaaS)

11
Types of Security in Cloud Computing

• 1-Data Security
• It focuses on protecting the software
  and hardware associated with the cloud.
• 2-Network Security
• Protecting the network over which cloud
  is running from various attacks DOS, DDOS, IP
  Spoofing.

12
Security Concern

• There are multiple issues in a cloud computing.
• Loss of Control
• The first issue associated with cloud
  computing is the loss of control of an
  organisations data.
• Data retention
• Another issue associated with cloud
  computing can be seen with how old data is
  managed. Once data is used it is generally stored
  indefinitely in the cloud.

13
Implementing and achieving security

• The company secure the data by establish an
  information security policy (InSPy).
• Security through password protection

14
Data Confidentiality Protection

• Confidentiality is defined as the assurance that
  sensitive information is not disclosed to
  unauthorized persons, processes, or Devices.
• Users confidential data is disclosed to a
  service provider if all of the following three
  conditions are satisfied simultaneously

15
Cont..

• 1) the service provider knows where the users
  confidential data is located in the cloud
  computing systems.
• 2) the service provider has privilege to access
  and collect the users confidential data in
  cloud.
• 3) the service provider can understand the
  meaning of the users data.

16
Problems With CurrentCloud Computing
Cloud computing system architecture
17
Cont..

• The following are the major problems of current
  cloud computing system
• A. Each service provider has its own software
  layer, platform layer and infrastructure layer.
  When a user uses a cloud application from a
  service provider, the user is forced to use
• the platform and infrastructure provided by the
  same service provider, and hence the service
  provider knows where the users data is located
  and has full access privileges to the data.

18
Cont..

• B. The user is forced to use the interfaces only
  provided by the service provider, and users data
  has to be in a fixed format specified by the
  service provider, and hence the service provider
  knows all the information required understanding
  users data.
• Therefore, we cannot prevent service
  providers from satisfying all of the three
  Conditions

19
Cont..

• Approach to Protect Confidentiality
• In our approach,we have the following seven
  entities Software Cloud,Infrastructure Cloud,
  Software Service Broker, Infrastructure Service
  Broker, Software Service Attestation Authority,
  DataObfuscator and Data De-obfuscator

20
McCabes Cyclomatic Complexity Measures
Approach to protect confidentiality
21
Cont..

• Our approach makes sure that any of these
  entities in a cloud computing system does not
  satisfy the three conditions simultaneously.
• Software Cloud A Software Cloud provides
  software as a service upon users requests. Each
  software cloud may contain multiple software
  services, and each software service can be
  discovered and accessed by users through Software
  Service Broker.
• .

22
Cont..

• Infrastructure Cloud An Infrastructure Cloud
  provides virtualized system resources, such as
  CPU, memory, and network resources. An
  authenticated user can request a virtual machine
  on which the user can deploy any platform or
  operating system to execute a software service
  instance.
• Software Service BrokerIt provides identity
  anonymization service, by which users can use
  pseudonyms instead of their true identities so
  that the users can acquire service instances

23

• without revealing their identities.
• Infrastructure Service BrokerIt helps users
  automatically discover and useavailable
  infrastructure services. It also provides
  identity anonymization service to prevent the
  system from revealing users true identities.
• The Software Service Attestation Authority
  (SSAA)The SSAA is a third party authority to
  verify that a service instance does not perform
  any malicious activity that may disclose users
  confidential data

24
Cont..

• A Data Obfuscator A Data Obfuscator is a
  middleware provided by a user that can be
  deployed on a virtual machine in an
  infrastructure Cloud. The Data Obfuscator
  provides an operating system environment for
  software service instance to be run in an
  Infrastructure Cloud.
• A Data De-obfuscator It de-obfuscates obfuscated
  data so that a user can see the plain data. A
  Data De-obfuscator remains in the users personal
  computer all the time.

25
Summary.

• S1) a) A user requests a Software Service Broker
  to find a software service by providing the
  specification of the software service. b) The
  Software Service Broker performs automatic
  service discovery to find a service instance in
  the Software Cloud that satisfies the users
  requested service requirement specification. c)
  The Software Service Broker acquires the
  discovered software instance using an anonymous
  credential.
• S2) a) The Software Service Broker deploys the
  acquired service instance to the testing platform
  of a

26
Cont..
SSAA. The SSAA verifies whether the service
instance performs according to the service
description, and the service instance does not
transmit users data to any unauthorized entity.
b) After the verification procedure, the software
service instance is sent back to the Software
Service Broker. S3) a) The user asks the
Infrastructure Service Broker to find an
infrastructure service compatible to the service
instance. b) The Infrastructure Service Broker
discovers an infrastructure service provider, who
has the capability to execute the acquired
software service instance.
27
Cont..

• S4) The user requests the infrastructure service
  provider to set up a virtual machine and then
  deploys the Data Obfuscator on the virtual
  machine using the Agent Deployment Plans (ADPs),
  for automated middleware deployment and migration
  in service based systems .
• S5) a) The service instance acquired in S1) is
  sent to Infrastructure Service Broker. b) The
  service instance is deployed on the workflow of
  the Data Obfuscator set up in S4).
• S6) a) The user sends his/her data to the
  workflow to process.

28
An Illustrative Example
An example of online video conferencing
to illustrate our approach
29
Cont..

• S1) a) The leader of the group requests a
  Software Service Broker
• to find the Voice Communication Service, Video
  Communication
• Service, File Sharing Service and Instant
  Messaging Service. b)
• The Software Service Broker discovers the
  services. c) The
• Software Service Broker downloads the service
  instances of the
• five software services.
• S2) a) The Software Service Broker deploys the
  service instances
• to the testing platform of a SSAA. b) The SSAA
  verifies the
• software service instances.
• S3) a) The leader of the group requests an
  Infrastructure Service
• Broker to find an infrastructure service
  compatible to the service
• instances. b) The Infrastructure Service Broker
  discovers an
• infrastructure service.

30
Cont..

• S4) A virtual machine is set up in the
  infrastructure cloud. The
• leader of the group deploys the Data Obfuscator
  on the virtual
• Machine.
• S5) a) The service instances are sent to the
  Infrastructure Service
• Broker. b) The service instances are deployed on
  the Data
• Obfuscator. The five service instances are
  composed to a
• workflow. The workflow provides all the
  functionalities for
• online conferencing.
• S6) a) The users of the group send their input
  data to the
• workflow to process. During the processing of the
  users input
• data, the input data is obfuscated. After
  completing the processing,
• a service response of the workflow is sent to all
  the users of the
• group that the processing of their input data has
  been completed.

31
Conclusions

• Here an approach to protecting users
  confidential data in cloud computing. Our
  approach is based on three features (1)
  separation of software service providers and
  infrastructure service providers, (2) hiding
  information about the owner of data and (3) data
  obfuscation.

32
References

• 1 Stephen S. Yau and Ho G, Protection of
  users data confidentialityfrom ACM digital
  library.2 J. Heiser and M. Nicolett,
  Assessing the security risks of
• cloud computing,from ACM digital
  library.
• 3 LaQuata Sumter, Cloud Computing
  Security Risk from ACM digital library.
• 4 Gary Anthes,Security in the Cloud
  november 2010 vol. 53 no. 11 communications
  of the acm 11.
• 5 S N Dhage, B B Meshram, Cloud Computing
  Environment
• International Conference and Workshop on
  Emerging Trends in Technology (ICWET 2011)
  TCET, Mumbai, India.

33

• Thank you
• Any Query
• ?