報告人 :葉瑞群日期 :2011/11/10

出處 :IEEE Transactions on Knowledge and Data Engineering

1.Introduction

2.Information Security Policies

3.Cloud RAS Issues

4.Solutions for Against Cloud Security Problems

5.Conclusion

2

What is Cloud Computing?

Cloud computing is a network-based environment that focuses on sharing computations or resources.

In cloud, costumers must only pay for what they use and have not to pay for local resources which they need to such as storage or infrastructure.

3

The three types of cloud environments: 1.Public Cloud 2.Private Cloud 3.Hybrid Cloud

The three major types of service in the cloud environment:

1.SaaS(Software as a Service) 2.PaaS(Platform as a Service) 3.IaaS(Infrastructure as a Service)

4

What is RAS(Reliability Availability Security)?

For having good and high performance such as: 1.Availability management

2.Access control management 3.Vulnerability and problem management 4.Patch and configuration management 5.Countermeasure 6.Cloud system using and access monitoring

5

In cloud computing technology there are a set ofimportant policy issues, which include issues of privacy,security, anonymity,government surveillance, reliability, and liability, amongothers .

But the most important between them is securityand how cloud provider assures it.

6

Gartner's seven security issues which cloud clients should advert as mentioned below:

1.Privileged user access 2.Regulatory compliance 3.Data location 4.Data segregation 5.Recovery 6.Investigative support 7.Long-term viability

7

Using Cloud results applications and data will move under third-party control.

This shared responsibility model will bring new security management challenges to the organization's IT operations staff .

8

First, the data will store away from the customer's local machine.

Second, the data is moving from asingle-tenant to a multi-tenant environment.

These changes can raise an important concern that called data leakage.

9

All of users who use same virtual machine as infrastructure, if a hacker steals a virtual machine or take control over it, he will be able to access to all users' data within it.

The hacker can copy them into his local machine before cloud provider detect that virtual machine is in out of control then the hacker with analysis the data may be find valuable data afterward

10

What is DDoS(Distributed Denial of Service)?

Serious problem is when a malicious user deliberately done a DDoS attacks using botnet.

Unfortunately, similar to IPS(Intrusion Prevention Systems) solutions,firewalls are vulnerable and ineffective against DDoS attacks.

11

There are several traditional solutions to mitigatesecurity problems that exist in the Internet environment, as a cloud infrastructure, but nature of cloud causes some security problem that they are especially exist in cloud environment.

12

1. Control access to information.

2. Manage user access rights.

3. Encourage good access practices.

4. Control access to network services.

5. Control access to operating systems.

6. Control access to applications and systems.

13

1.Partitioning

2.Migration

3.Workload Analysis and Allocation

14

As a solution, cloud providers can add more resource to protect themselves from such attacks but unfortunately there is no defense against a powerful DDoS attack which has good sapience.

15

END

16