140 likes | 157 Vues
Security and Privacy in Cloud Computing. Ragib Hasan Johns Hopkins University en.600.412 Spring 2011. Lecture 8 04 / 11 / 2011. Cloud Network Security. Goal : Examine techniques for securing cloud networking Review Assignment #8: (Due 4/ 18)
 
                
                E N D
Security and Privacy in Cloud Computing Ragib HasanJohns Hopkins Universityen.600.412 Spring 2011 Lecture 8 04/11/2011
Cloud Network Security Goal: Examine techniques for securing cloud networking Review Assignment #8: (Due 4/18) Challenges for Cloud Network Security, HP Labs tech Report, 2010. en.600.412 Spring 2011 Lecture 9 | JHU | Ragib Hasan
Recap:Airavat (Cloud Privacy) Strengths? Weaknesses? Ideas? en.600.412 Spring 2011 Lecture 9 | JHU | Ragib Hasan
Today’s talk • Will discuss a position paper (not an implementation or systems description paper) • Will introduce the notion of cloud networking as a service, and its security implications • We will discuss what will be the issues in such a model en.600.412 Spring 2011 Lecture 9 | JHU | Ragib Hasan
For your review Instead of writing pros and cons of the paper, write the following: • Why security is a problem in cloud networking? (a brief paragraph) • 3 or more challenges in cloud network security • 3 or more techniques that may be used to secure cloud networks en.600.412 Spring 2011 Lecture 9 | JHU | Ragib Hasan
Cloud Networking Cloud computing requires • More performance from existing networks (bandwidth, quality, availability) • More flexibility Most of existing work on cloud focuses on single data centers and providers • But clouds can also be distributed (across different locations for same provider, or across different providers) en.600.412 Spring 2011 Lecture 9 | JHU | Ragib Hasan
Cloud Networking Cloud Networking involves • Ability to swiftly reconfigure networks according to client requirement (Network as a Service or NaaS) • Runs on top of intranet and the Internet • Uses network virtualization to connect clouds and users en.600.412 Spring 2011 Lecture 9 | JHU | Ragib Hasan
Cloud Networking • Cloud networking extends network virtualization beyond the data centre to bring two new aspects to cloud computing: • the ability to connect the user to services in the cloud and • the ability to interconnect services that are geographically distributed across cloud infrastructures en.600.412 Spring 2011 Lecture 9 | JHU | Ragib Hasan
SAIL project from HP / EU • Major European Union and HP project • Goal is to • develop networking functions for applications with highly variable demands, • integrating these functions with computing and storage • along with the necessary tools for management and security. en.600.412 Spring 2011 Lecture 9 | JHU | Ragib Hasan
Threat Model Attacker: • External or Internal • Internal attacker can be disgruntled employee, or even hardware/software manufacturers embedding a trapdoor in code/firmware Threats • All traditional threats on networks (eavesdropping, DoS, Man-in-the-middle etc.) • Legal attacks (e.g., network crosses legal borders) en.600.412 Spring 2011 Lecture 9 | JHU | Ragib Hasan
Secure cloud Networking: Challenges • Users view network as a private one, but it is built on top of public infrastructures • How to implement security? • Component based: Virtual components themselves manage security • Infrastructure based: Network manages security en.600.412 Spring 2011 Lecture 9 | JHU | Ragib Hasan
Secure Cloud Networking: Challenges Integrity • How to ensure routing security (integrity and availability of routing information) en.600.412 Spring 2011 Lecture 9 | JHU | Ragib Hasan
Secure Cloud Networking: challenges How the virtual network provider guarantees a certain network capacity to a customer, How the access to this virtual network is controlled, and How the virtual network usage is accounted for (metering) en.600.412 Spring 2011 Lecture 9 | JHU | Ragib Hasan
Further reading SAIL Project: http://www.sail-project.eu en.600.412 Spring 2011 Lecture 9 | JHU | Ragib Hasan