Overview Cloud Service Models Service Model Architecture Common Security Requirements WS – Security Cloud Computing Security Issues Conclusion Cloud Service Models Cloud Software as a Service (SaaS) Use provider’s applications over a network Cloud Platform as a Service (PaaS) Deploy customer-created applications to a cloud Cloud Infrastructure as a Service (IaaS) Rent processing, storage, network capacity, and other fundamental computing resources Service Model Architectures Cloud Infrastructure Cloud Infrastructure Cloud Infrastructure IaaS Software as a Service PaaS PaaS (SaaS) SaaS SaaS SaaS Architectures Cloud Infrastructure Cloud Infrastructure IaaS Platform as a Service (PaaS) PaaS PaaS Architectures Cloud Infrastructure IaaS Infrastructure as a Service (IaaS) Architectures Common Security Requirements Confidentiality Integrity Availability Non - Repudiation WS - Security Web Services security is implemented by defining a SOAP header that carries the WS- Security extensions. Defines how the existing XML security standards are applied to SOAP messages like: XML Signature – Allows XML fragments to be digitally signed to ensure integrity & authenticity. XML Encryption – Allows XML fragments to be encrypted to ensure data confidentiality. WS – Security (contd .) <Signature> <SignedInfo> <CanonicalizationMethod Algorithm="..."/> <SignatureMethod Algorithm="..."/> <Reference URI="..." > <DigestMethod Algorithm="..."> <DigestValue>...</DigestValue> </Reference> </SignedInfo> <SignatureValue>...</SignatureValue> </Signature> Transport Layer Security Transport layer security is implemented as SSL and has two main parts: Record Layer encrypts/decrypts TCP data streams using algorithms. keys are negotiated in the TLS Handshake which is used to authenticate the server and optionally the client and is very common in every web browser. XML Signature XML Signature Element Wrapping is a well known type of attack on protocols using XML signature for authentication or integrity protection. Example SOAP Message after attack Web Service Attacks Web is a common tool: SaaS : Web browsers PaaS : Web APIs IaaS : Web portals Legacy Same Origin Policy Origin : ( domain name, protocol) DNS cache poisoning Unsecure Browser Authentication Username/password Token based authentication Ex: Microsoft Passport Web Service Attacks (cont.) Existing (ad-hoc) solutions TLS Federation SAML 2.0 Holder-of-key Assertion profile Strong Locked Same Origin Policy TLS session binding Long-term Solutions Build XML signature and encryption APIs in web browser. Cloud Malware Injection Attack Attack by injecting a malicious service implementation or virtual machine into the Cloud system leading to data modifications, functionality changes or blockings. Addressed by performing service instance integrity check prior to using a service instance for incoming requests. Metadata spoofing Attack Attack by modification of Web Service Description Language (WSDL) Address by binding between WSDL and Hash(image) Flooding Attacks Downgrade/disable the victim service and service in the same core or the whole cloud. o Denial of Service o Indirect Denial of Service Address by accounting and accountability. Conclusion Threats to cloud computing security are numerous and require in-depth analysis on their potential impact and relevance to real world scenarios. From observations, cloud computing security can be improved by strengthening the security capabilities of both web browsers and web service frameworks and integrating them.
Pages to are hidden for
"Technical Security Issues in Cloud Computing"Please download to view full document