Technical Security Issues in Cloud Computing by yaoyufang


 Cloud Service Models
 Service Model Architecture
 Common Security Requirements
 WS – Security
 Cloud Computing Security Issues
 Conclusion
Cloud Service Models
 Cloud Software as a Service (SaaS)
   Use provider’s applications over a network
 Cloud Platform as a Service (PaaS)
   Deploy customer-created applications to a cloud
 Cloud Infrastructure as a Service (IaaS)
   Rent processing, storage, network capacity, and other
    fundamental computing resources
Service Model Architectures
     Cloud Infrastructure   Cloud Infrastructure   Cloud Infrastructure
                                                          IaaS            Software as a Service
                                   PaaS                   PaaS                   (SaaS)
            SaaS                   SaaS                   SaaS                Architectures

     Cloud Infrastructure   Cloud Infrastructure
                                   IaaS             Platform as a Service (PaaS)
            PaaS                   PaaS                     Architectures

     Cloud Infrastructure
            IaaS                Infrastructure as a Service (IaaS)
Common Security Requirements
 Confidentiality
 Integrity
 Availability
 Non - Repudiation
WS - Security
 Web Services security is implemented by defining a
  SOAP header that carries the WS- Security extensions.
 Defines how the existing XML security standards are
  applied to SOAP messages like:
   XML Signature – Allows XML fragments to be digitally
    signed to ensure integrity & authenticity.
   XML Encryption – Allows XML fragments to be
    encrypted to ensure data confidentiality.
WS – Security (contd .)
 <SignatureMethod Algorithm="..."/>
 <Reference URI="..." >
 <DigestMethod Algorithm="...">
Transport Layer Security

 Transport layer security is implemented as SSL and has
 two main parts:
   Record Layer encrypts/decrypts TCP data streams using
   keys are negotiated in the TLS Handshake which is used
    to authenticate the server and optionally the client and
    is very common in every web browser.
XML Signature

 XML Signature Element Wrapping is a well known
 type of attack on protocols using XML signature for
 authentication or integrity protection.
Example SOAP Message after attack
Web Service Attacks
 Web is a common tool:
    SaaS : Web browsers
    PaaS : Web APIs
    IaaS : Web portals
 Legacy Same Origin Policy
    Origin : ( domain name, protocol)
    DNS cache poisoning
 Unsecure Browser Authentication
    Username/password
    Token based authentication
        Ex: Microsoft Passport
Web Service Attacks (cont.)
 Existing (ad-hoc) solutions
    TLS Federation
    SAML 2.0 Holder-of-key Assertion profile
    Strong Locked Same Origin Policy
    TLS session binding
 Long-term Solutions
    Build XML signature and encryption APIs in web
 Cloud Malware Injection Attack
    Attack by injecting a malicious service
     implementation or virtual machine into the Cloud
     system leading to data modifications, functionality
     changes or blockings.
    Addressed by performing service instance integrity
     check prior to using a service instance for incoming
 Metadata spoofing Attack
    Attack by modification of Web Service Description
     Language (WSDL)
    Address by binding between WSDL and
Flooding Attacks
 Downgrade/disable the victim service and service in
 the same core or the whole cloud.
  o Denial of Service
  o Indirect Denial of Service
 Address by accounting and accountability.
 Threats to cloud computing security are numerous and
 require in-depth analysis on their potential impact and
 relevance to real world scenarios.

 From observations, cloud computing security can be
 improved by strengthening the security capabilities of
 both web browsers and web service frameworks and
 integrating them.

To top