1 / 17

Security Framework For Cloud Computing

Security Framework For Cloud Computing. - Sharath Reddy Gajjala. INTRODUCTION. Cloud computing emerged as modern technology and considered as next big thing to come. It has grown up from just being a concept to a major part of IT industry. So requires new security issues and new challenges

archer
Télécharger la présentation

Security Framework For Cloud Computing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Framework For Cloud Computing -Sharath Reddy Gajjala

  2. INTRODUCTION • Cloud computing emerged as modern technology and considered as next big thing to come. • It has grown up from just being a concept to a major part of IT industry. • So requires new security issues and new challenges • Changed the entire process of distributed computing.

  3. INTRODUCTION • Generally works on three type of architecture namely. • SaaS (Software as a Service) • PaaS (Platform as a Service) • IaaS (Infrastructure as a Service) • Different issue and challenges with each technology.

  4. Software as a Service (SaaS) • Hosts and manages a given application in their data center. • Makes it available to multiple users over the web. • Examples: • Oracles CRM on Demand, Salesforce.com

  5. Platform as a Service (PaaS) • Application development and deployment platform for developers. • No cost and complexity of buying and managing the infrastructure. • All the facilities required for lifecycle are entirely available. • Includes Database, Middleware, development tools and infrastructure software. • Google App engine and Engine yard

  6. Infrastructure as a Service (IaaS) • Delivery of hardware and software as a service. • Does not require any long-term commitment. • Allows users to provision resourseson demand.

  7. Cloud Computing Environment

  8. Security Challenges • Cloud Service Security Accidents in Recent Years: • March 2009 Google leaked a large no of documents. Microsoft Azure stopped working for 22 hours. • April 2011 Amazon EC2 service disruptions Influences on the service of Quora, Reddit etc. • Caused a great loss even devastating blow.

  9. Threats To Cloud Computing • Changes to business model • Abusive use of cloud computing • Insecure interfaces and API • Malicious insiders • Shared technology issues • Data loss and leakage • Service hijacking • Risk profiling • Identity theft

  10. Attacks on Cloud Computing • Zombie Attack • Service injection attack • Attacks on virtualization • Man-in-the Middle attack • Metadata spoofing • Phishing • Backdoor channel attack

  11. Proposed Security Model • User can be certified by 3rd party CA • Issued token for service by End User Service Portal. • User can use services provided by single service provider. • EUSP provides secure access control using VPN (Virtual Private Network) and cloud service managing and configuration.

  12. Proposed Security Model

  13. Framework For Secure Cloud Computing • Based on security model • Describes each component • Apply needed technologies for implementation between components. • Access control process is done on each component for providing flexible service.

  14. Framework Components • Client • End-User Service Portal • Single sign-on (SSO) • Service Configuration • Service Gateway, Service Broker • Security Control • Security Management • Trust Management • Service Monitoring

  15. Framework

  16. Conclusion • Cloud computing is a technology of rapid development. • Security is the main obstacle which must be solved. • security is not just a technical problem it also involves standardization, Supervising mode, laws and regulations and many other aspects. • Future research should be directed towards management of risks, developing risk assessment.

  17. Thank You

More Related