Cloud Computing Trends and Security Challenges

Center for IP-based Service Innovation
University of Stavanger
Cloud Trends & Security Challenges
Chunm|ng kong
Chalr (CloudCom)
ulrecLor (ClSl)
rofessor (ulS)
chunming.rong@uis.no

.org
2 Cloud 1rends and SecurlLy Challenges
110111011111101100111010111001
Computing in Clouds
2009 2010 2011
What now Go!
Anywhere, Anytime
Cloud 1rends and SecurlLy Challenges 3
nype Cyc|e for Lmerg|ng 1echno|og|es, 2010
Source: Gartner (August 2010)
Using it already
Ethernet LAN
Opr
Workstation
Backbone
Fibre
Radiolink
Satellite
Backbone
Network
Wireless sensornetwork
M
A
N
MAN
WiMax
Floater
PAN
3G 3G
IEEE802.20 IEEE802.20
Mobile BWA Mobile BWA
WAN WAN
ETSI ETSI
HiperAccess HiperAccess
IEEE802.16 IEEE802.16
BWA BWA
BAN BAN
ETSI ETSI
HiperMAN HiperMAN
IEEE802.16a IEEE802.16a
WMAN WMAN
MAN MAN
ETSI ETSI
HiperLAN HiperLAN
IEEE802.11 IEEE802.11
WLAN WLAN LAN LAN
ETSI ETSI
HiperPAN HiperPAN
IEEE802.15 IEEE802.15
Bluetooth Bluetooth PAN PAN
International standards
LAN
Ethernet
Ethernet
LAN
ERP
Virtualized Computing Resource
Cloud 1rends and SecurlLy Challenges
Scalable Computing Resource
7
Origin of the term Cloud Computing
Comes from Lhe early days of Lhe lnLerneL where we
drew Lhe neLwork as a cloud. we dldn'L care where Lhe
messages wenL. Lhe cloud hld lL from us"
- kevln Marks, Coogle

! cloud 1.0 - neLworklng: 1C/l absLracuon
! cloud 2.0 - documenLs: WWW daLa absLracuon
! 1he emerglng cloud 3.0 - absLracLs lnfrasLrucLure complexlues
of servers, appllcauons, daLa, and heLerogeneous plauorms
- (muck" as Amazon's CLC !e 8ezos calls lL)
Connected ! Cloud
Definition by NIST (v16)
Cloud compuung ls
a model for enabllng
convenlenL, on-demand neLwork access
Lo a shared pool of congurable compuung resources
(e.g., neLworks, servers, sLorage, appllcauons, and servlces)
LhaL can be !"#$%&' provlsloned and released
wlLh ($)$("& managemenL eorL
or servlce provlder lnLeracuon.

The NIST Cloud Definition Framework
Commun|ty
C|oud
r|vate
C|oud
ub||c C|oud
Pybrld Clouds
ueploymenL
Models
Servlce
Models
Lssenual
CharacLerlsucs
Common
CharacLerlsucs
Soware as a
Servlce (SaaS)
lauorm as a
Servlce (aaS)
lnfrasLrucLure as a
Servlce (laaS)
8esource oollng
8road neLwork Access 8apld LlasuclLy
Measured Servlce
Cn uemand Self-Servlce
Low CosL Soware
vlrLuallzauon Servlce CrlenLauon
Advanced SecurlLy
PomogenelLy
Masslve Scale 8eslllenL Compuung
Ceographlc ulsLrlbuuon
Alternative Descriptions
Masslve, absLracLed (vlrLuallzed)
lnfrasLrucLure
ComponenLs declded for you
uynamlc provlslonlng, scallng, locauon
8esource on-demand
ay per use
no long-Lerm commlLmenLs
CS, appllcauon archlLecLure lndependenL
no hardware or soware Lo lnsLall
Cloud Computing Services
Cloud Computing Management Services
Workload
Management
Provisioning Monitoring
V|rtua||zed hys|ca|
Servers
hys|ca| Servers
Enterprise
Cloud
Private Cloud

Web Hosting
Cloud

Consumer
Large Scale
Cloud
Self-service
Portal
VM template
Templates
SLA, Billing,
Metering,
Capacity Planning
Administration
Workflows
C|oud
Compunng
Serv|ces
V|rtua||zed
kesources
Management
Cloud: Evolution of Hosting
Source lorresLer
Infrastructure as a Service
(IaaS)
Platform as a Service
(PaaS)
Software as a Service
(SaaS)
Data as a Service
1110001100
1001001001
0100100001
lnfrasLrucLure as a Servlce
lauorm as a Servlce
Appllcauon as a Servlce
lnformauon Servlces
8uslness Servlces
M
n
g
L
.

&

S
e
c
u
r
l
L
y

Cloud
Lnabler
vlrLual
Servers
vlrLual
Mlddleware
vlrLual
Appllcauon
Cloud causes a Radical Shift in IT
Cloud vs Grid
Cloud = Crld + LlasuclLy ?
dynamlcally creaLed servlces ln grld
L.g. WS8l: Web Servlces 8esource lramework
uaLa lnLenslve compuung
locus on daLa amounL, noL speed
Lasy Lo use and Lo develop appllcauon
8y common users (no experL requlremenL)
Openness Shareability and Freedom

Cpen soware
- Cpen servlces
- Cpen daLa
Developments in Information Technology
" Moore's |aw - doub||ng of
compunng and stor|ng capac|ty
every 18 months
" 1.2 b||||on users on Internet -
|ncrease of 30 m||||ons per month
" Semannc Web
Web Serv|ces
Cnto|og|es
" 1he new I1 waves
Automanon
Data everywhere (w|re|ess)
Cyber commun|nes
C|oud compunng
.
1970 2006 201S
Compunng and stor|ng capac|ty 1970-201S
28
Oceans of Data, Skinny Pipes
1 1erabyLe
Lasy Lo sLore
Pard Lo move
Disks MB / s Time
Seagate Barracuda 115 2.3 hours
Seagate Cheetah 125 2.2 hours
Networks MB / s Time
Home Internet < 0.625 > 18.5 days
Gigabit Ethernet < 125 > 2.2 hours
Map-Reduce Programming Paradigm
uS aLenL 7,630,331: "SysLem and meLhod for emclenL large-scale daLa processlng".

luncuonal-sLyle code auLomaucally parallellzed and scheduled ln a dlsLrlbuLed sysLem.
Map
Reduce
Map
Reduce
Map
Reduce
Map
Reduce
Map/Reduce
30
Cpen-source !ava Map8educe for rellable, scalable, dlsLrlbuLed compuung.

Subpro[ecLs:

nadoop Common: 1he common uullues LhaL supporL Lhe oLher Padoop subpro[ecLs.
Avro: A daLa serlallzauon sysLem LhaL provldes dynamlc lnLegrauon wlLh scrlpung languages.
Chukwa: A daLa collecuon sysLem for managlng large dlsLrlbuLed sysLems.
n8ase: A scalable, dlsLrlbuLed daLabase LhaL supporLs sLrucLured daLa sLorage for large Lables.
nDIS: A dlsLrlbuLed le sysLem LhaL provldes hlgh LhroughpuL access Lo appllcauon daLa.
n|ve: A daLa warehouse lnfrasLrucLure LhaL provldes daLa summarlzauon and ad hoc querylng.
Mapkeduce: framework for dlsLrlbuLed processlng of large daLa seLs on compuLe clusLers.
|g: A hlgh-level daLa-ow language and execuuon framework for parallel compuLauon.
2ookeeper: A hlgh-performance coordlnauon servlce for dlsLrlbuLed appllcauons.

"Mov|ng Computanon |s Cheaper than Mov|ng Data"
Desiderata for Data Intensive Systems
locus on uaLa
1erabyLes, noL Lera-lLCS
roblem-CenLrlc rogrammlng
lauorm-lndependenL expresslon of daLa parallellsm
lnLeracuve Access
lrom slmple querles Lo masslve compuLauons
8obusL laulL 1olerance
ComponenL fallures are handled as rouune evenLs
+,)-!".- -, /0$.1)2 3$24 5/!6,!(")7/ +,(#81)2 935+: .'.-/(.
System Comparison: Data
uaLa sLored ln separaLe reposlLory
no supporL for collecuon or
managemenL
8roughL lnLo sysLem for compuLauon
1lme consumlng
LlmlLs lnLeracuvlLy
SysLem collecLs and malnLalns daLa
Shared, acuve daLa seL
CompuLauon collocaLed wlLh sLorage
lasLer access
SysLem SysLem
uaLa lnLenslve
Compuung
Convenuonal
Plgh erformance
Compuung
System Comparison: Programming Models
rograms descrlbed aL very low level
Speclfy deLalled conLrol of processlng &
communlcauons
8ely on small number of soware
packages
Wrluen by speclallsLs
LlmlLs classes of problems & soluuon
meLhods
Appllcauon programs wrluen ln Lerms
of hlgh-level operauons on daLa
8unume sysLem conLrols schedullng,
load balanclng, .
Convenuonal Plgh erformance Compuung
Pardware
Machlne-uependenL
rogrammlng Model
Soware
ackages
Appllcauon
rograms
Pardware
Machlne-lndependenL
rogrammlng Model
8unume
SysLem
Appllcauon
rograms
uaLa lnLenslve Compuung
Wikipedia Page Views Monitoring
trendingtopics.org
User Centric Cloud
8esource avallable ln Lhe Cloud"
WlLhouL (dependenL on / concern abouL) a physlcal server
Lo a physlcal locauon
Servlce follows you & your devlces
Accesslble anywhere
Sharlng wlLh oLhers
messages
calendar
maps
mulumedla
emall
news
conLacLs
vol
sLorage
.
Requirements by Todays Users
- AccesslblllLy
Access from anywhere and from muluple devlces
- ShareablllLy
Make sharlng as easy as creaung and savlng
- lreedom
users don'L wanL Lhelr daLa held hosLage
- SlmpllclLy
Lasy-Lo-learn, easy-Lo-use
- SecurlLy
1rusL LhaL daLa wlll noL be losL or seen by unwanLed
parues
Sharing Data among Clouds
New Security Issues
(Cen) unknown resource locauon
Mulu-Lenancy: proLecL agalnsL oLher users
vlrLual Machlne lmage securlLy
Mallclously modled lmages (or apps)
Cver-allocauon of dynamlc resources
lnLenuonal
schedullng uoS auack (wlLh sLolen accounL)
unlnLenuonal
runaway [obs
.

Questions from Users
Where ls my lnformauon?
Who conLrols lL?
Pow Lo proof my daLa ownershlp?
Who has access?
Who ls lL belng shared wlLh?
Pow Lo proLecL my prlvacy?
Pow ls belng used?
Who ls looklng ouL for my lnLeresLs?
Pow Lo assure Lhe lnformauon ls auLhenuc?

Legal Issues
Appllcable Law and compeLenL [urlsdlcuon
Data |eakage protecnon
Data r|vacy
ulrecuve 93/46/LC on proLecuon of lndlvlduals w.r.L. processlng
and free movemenL of personal daLa
lnformauon auLhenuclLy
lnLellecLual properLy
Law enforcemenL
local auLhorlLy access Lo daLa and lnfo
LlablllLy of Lhe sLakeholders
SubconLracung
lnLeroperablllLy
lree-movemenL ;.. vendor lock-ln"
Transfer of data outside the EEA?
ulrecuve prohlblLs Lransfers of personal daLa Lo counLrles whlch
do noL ensure an adequaLe level of proLecuon, unless:

uaLa Sub[ecL's ConsenL noL convenlenL
Safe Parbor rlnclples Cnly Lo uS
Model ConLracLs Cnly 'olnL Lo olnL' Lransfer
8lndlng CorporaLe 8ules WlLhln same Co. enuues
9</6= >!17&/. ?@A?B:
SDOs
lLLL Cloud Compuung SLandard SLudy Croup (lLLL CCSSC)
lnLernauonal SLandard Crganlzauon (lSC)
Cloud SecurlLy Alllance (CSA)
Cpen Crld lorum (CCl)
lnLernauonal 1elecommunlcauons unlon (l1u)
l1u Cloud Compuung locus group
ulsLrlbuLed ManagemenL 1ask lorce (uM1l)
SLorage neLworklng lndusLry Assoclauon (SnlA)
Cpen Cloud Consoruum (CCC)
Crganlzauon for Lhe AdvancemenL of SLrucLured
lnformauon SLandards (CASlS)
lnLerneL Lnglneerlng 1ask lorce (lL1l)
Luropean 1elecommunlcauons SLandards lnsuLuLe (L1Sl)
Cb[ecL ManagemenL Croup (CMC)
Cross-SDOs Cloud Standards
SLandards are needed across dlerenL SLandard-
ueveloplng Crganlzauons (SuCs) ln order Lo
achleve lnLeroperablllLy among clouds
neLwork archlLecLure
uaLa formaL
MeLerlng and bllllng
CuallLy of Servlces (CoS)
rovlslonlng
SecurlLy, rlvacy, ldenuLy
.
Possible Cloud Standards
lederaLed securlLy across clouds
lederaLed cloud sLorage
Cloud uaLa Leakage revenuon (uL)
uaLa lnLeroperablllLy across clouds
Cloud monlLorlng and managemenL sLandards
Cloud developmenL and deploymenL sLandards
Appllcauon porLablllLy across dlerenL laaSs
.
Cloud Storage Pros.
LxLreme capaclLy of sLorage
Cn-demand servlce provlslon
LlasuclLy of Scale
ay per use
ublqulLous avallablllLy
8ellablllLy
Cloud Storage Cons. (current issues)
users have no conLrol over
Cloud servlces, cloud plauorms, cloud
lnfrasLrucLure
1he 1rusL lssue
Pow do you prevenL
lllegal sharlng
Server mallclous access

SLorlng daLa on a cloud ls llke keeplng your
money ln a sLranger's pockeL
Data Leakage Prevention (DLP)
uaLa ulsplay
uaLa ln
1ranslL
uaLa SLorage
62
Data Storage with untrusted Provider
A Cloud DLP Solution
C
A
C
8
A
C
8
ubllsher
Cloud SLorage
A
8
63
Q&A

Cloud Computing Trends and Security Challenges

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cloud Computing Trends and Security Challenges

Uploaded by

Copyright:

Available Formats

Center for IP-based Service Innovation

You might also like