cloud computing.ppt

Introduction to
Cloud Computing
(First Module)
Computer Science Engineering

What is Cloud Computing?
2
According to US National Institute of Standards and Technology
(NIST) Cloud Computing is defined as:
“Cloud computing is a model for enabling ubiquitous, convenient, on-demand network
access to a shared pool of configurable computing resources (e.g. networks, servers,
storage, applications, and services) that can be rapidly provisioned and released with
minimal management effort or service provider interaction. ”

3
Cloud Computing is referred to the accessing and storing of data and providing services
related to computing over the internet. It is simply referred to as remote services on the
internet to manage and access data online rather than any local drives. The data can be
anything like images, videos, audio, documents, files, etc.

4
Cloud is a parallel and distributed computing system consisting of a collection of inter-
connected and virtualized computers that are dynamically provisioned and presented as
one or more unified computing resources based on service-level agreements (SLA)
established through negotiation between the service provider and consumers.
Clouds are a large pool of easily usable and accessible virtualized resources (such as
hardware, development platforms, and/or services). These resources can be dynamically
reconfigured to adjust to a variable load (scale), allowing also for optimum resource
utilization. This pool of resources is typically exploited by a pay-per-use model in
which guarantees are offered by the Infrastructure Provider by means of customized
Service Level Agreements.

5
 Cloud computing is an umbrella term used to refer to Internet-based
development and services
 A number of characteristics define cloud data, applications services, and
infrastructure:
 Remotely hosted: Services or data are hosted on remote infrastructure.
 Ubiquitous: Services or data are available from anywhere.
 Commodified: The result is a utility computing model similar to
traditional that of traditional utilities, like gas and electricity - you pay
for what you would want!

Essential Characteristics
6
• On-demand self-service
• A consumer can unilaterally provision computing capabilities, such as server
time and network storage, as needed automatically without requiring human
interaction with each service provider.
• Broad network access
• Capabilities are available over the network and accessed through standard
mechanisms that promote use by heterogeneous thin or thick client platforms
(e.g., mobile phones, tablets, laptops, and workstations).
• Resource pooling
• The provider’s computing resources are pooled to serve multiple consumers
using a multi-tenant model, with different physical and virtual resources
dynamically assigned and reassigned according to consumer demand.

Essential Characteristics
7
• Measured Service
– Cloud systems automatically control and optimize resource use by leveraging a
metering capability at some level of abstraction appropriate to the type of
service (e.g., storage, processing, bandwidth, and active user accounts).
Resource usage can be monitored, controlled, and reported, providing
transparency for both the provider and consumer of the utilized service.
• Rapid elasticity
– Capabilities can be elastically provisioned and released, in some cases
automatically, to scale rapidly outward and inward commensurate with demand.
To the consumer, the capabilities available for provisioning often appear to be
unlimited and can be appropriated in any quantity at any time.

Common Characteristics
8
• Massive Scale- Computer systems where processing power, memory, data storage, and networks are assembled at
scale to tackle computational tasks beyond the capabilities of everyday computers.
• Resilient Computing- Resiliency is the ability of your system to react to failure and still remain functional.
It's not about avoiding failure, but accepting failure and constructing your cloud-native services to respond to it.
• Homogeneity- One where everything is from the same vendor.
• Geographic Distribution- By spanning multiple data centers at different geographical locations, can provide a
cloud platform with much larger capacities.
• Virtualization- Virtual representations of servers, storage, networks, and other physical machines.
• Service Orientation- Each service provides a business capability, and services can also communicate with each
other across platforms and languages.
• Low-Cost Software
• Advanced Security

History of Cloud Computing
9
• Before Computing came into existence, client Server Architecture was used where
all the data and control of the client resides on the Server side. If a single user wants
to access some data, firstly user needs to connect to the server, and after that user
will get appropriate access. But it has many disadvantages.
• So, After Client Server computing, Distributed Computing was come into
existence, in this type of computing all computers are networked together with the
help of this, user can share their resources when needed. It also has certain
limitations. So in order to remove limitations faced in a distributed system, cloud
computing emerged.

10
• In 1961, John MacCharty delivered his speech at MIT that “Computing Can be sold
as a Utility, like Water and Electricity.” According to John MacCharty, it was a
brilliant idea. But people at that time don’t want to adopt this technology. They
thought the technology they are using was efficient enough for them. So, this
concept of computing was not appreciated much so, and very less will research on
it. But as time fleet technology caught the idea after a few years this idea is
implemented. So, this is implemented by Salesforce.com in 1999.
• This company started delivering an enterprise application over the internet and this
way the boom of Cloud Computing was started.
• In 2002, Amazon started Amazon Web Services (AWS), and Amazon started
providing storage and computation over the internet. In 2006 Amazon launched
Elastic Compute Cloud Commercial Service which is open for Everybody to use.

11
• After that in 2009, Google Play also started providing Cloud Computing Enterprise
Applications, as the other companies see the emergence of cloud Computing, they
also started providing their cloud services. Thus, in 2009, Microsoft launched
Microsoft Azure and after that other companies like Alibaba, IBM, Oracle, and
HP also introduces their Cloud Services. Today Cloud Computing become a very
popular and important skill.

Disadvantages of Client-Server
Architecture
12
• Network Traffic Congestion: The main disadvantage of a client-server model is the
danger of a system overload owing to a lack of resources to service all of the clients.
If too many different clients try to connect to the shared network at the same time,
the connection may fail or slow down. Additionally, if the internet connection is
down, any website or client in the world will be unable to access the information.
Large businesses may be at risk if they are unable to get important information.
• High Cost: In client-server networks, the cost of setting up and maintaining the
server is typically higher than the cost of running the network. The networks might
be expensive to buy because of their strength. The users won't all be able to afford
them as a result.
• Robustness: The whole network will be interrupted if the primary server
experiences failure or interference. Client-server networks lack hence in terms of
resilience since client-server networks are centralized.

Disadvantages of Client-Server
Architecture
13
• Maintenance Difficulty: When the servers are put in place, they will run
continuously, which implies they need to receive the necessary care. If there are any
mistakes, they must be fixed right away without further delay. As a result, a qualified
network manager should be hired to look after the server.
• Unacquirable Resources: Not all of the resources on the server are available for
acquisition. For instance, you cannot immediately print a document from the web or
change any information stored on the client's hard drive.

Disadvantages of Distributed Computing
14
 Complexity- Distributed computing systems are more difficult to deploy, maintain
and troubleshoot/debug than their centralized counterparts. The increased
complexity is not only limited to the hardware as distributed systems also need
software capable of handling security and communications.
 Higher Initial Cost-The deployment cost of distribution is higher than a single
system. Increased processing overhead due to additional computation and exchange
of information also adds up to the overall cost.
 Security Concerns- Data access can be controlled fairly easily in a centralized
computing system, but it’s not an easy job to manage the security of distributed
systems. Not only the network itself has to be secured, users also need to control
replicated data across multiple locations.

Difference between Distributed Computing
and Cloud Computing
15
Cloud Computing Distributed Computing
Cloud computing refers to providing on-
demand IT resources/services like servers,
storage, database, networking, analytics,
software, etc. over the internet.
Distributed computing refers to solving a
problem over distributed autonomous
computers and they communicate between
them over a network.
In simple cloud computing can be said as a
computing technique that delivers hosted
services over the internet to its
users/customers.
Simple distributed computing can be said as a
computing technique that allows multiple
computers to communicate and work to solve
a single problem.
Cloud computing provides services such as
hardware, software, networking resources
through internet.
Distributed computing helps to achieve
computational tasks faster than using a single
computer as it takes a lot of time.
The goal of cloud computing is to provide
on-demand computing services over the
internet on pay per use model.
The goal of distributed computing is to
distribute a single task among multiple
computers and to solve it quickly by
maintaining coordination between them.

Cloud Services Models
16
• Software as a Service (SaaS)
 The capability provided to the consumer is to use the provider’s applications
running on a cloud infrastructure. The applications are accessible from various client
devices through either a thin client interface, such as a web browser (e.g., web-based
email), or a program interface.
• The consumer does not manage or control the underlying cloud infrastructure
including network, servers, operating systems, storage, or even individual
application capabilities, with the possible exception of limited user-specific
application configuration settings.
• E.g.: Google Spread Sheet

17
Platform as a Service (PaaS)
The capability provided to the consumer is to deploy onto the cloud infrastructure
consumer-created or acquired applications created using programming languages,
libraries, services, and tools supported by the provider.
The consumer does not manage or control the underlying cloud infrastructure including
network, servers, operating systems, or storage, but has control over the deployed
applications and possibly configuration settings for the application-hosting
environment.

18
Cloud Infrastructure as a Service (IaaS)
The capability provided to provision processing, storage, networks, and other
fundamental computing resources
Consumers can deploy and run arbitrary software
E.g.: Amazon Web Services and Flexi scale.

Types of Cloud (Deployment
Models)
20
Private cloud.
The cloud infrastructure is provisioned for exclusive use by a single organization
comprising multiple consumers (e.g., business units). It may be owned, managed, and
operated by the organization, a third party, or some combination of them, and it may
exist on or off premises.

Models)
21
Community cloud
The cloud infrastructure is provisioned for exclusive use by a specific community of
consumers from organizations that have shared concerns (e.g., mission, security
requirements, policy, and compliance considerations). It may be owned, managed, and
operated by one or more of the organizations in the community, a third party, or some
combination of them, and it may exist on or off premises.

Models)
22
Public cloud.
The cloud infrastructure is provisioned for open use by the general public. It may be
owned, managed, and operated by a business, academic, government organization, or
some combination of them. It exists on the premises of the cloud provider.

Models)
23
Hybrid cloud.
The cloud infrastructure is a composition of two or more distinct cloud infrastructures
(private, community, or public) that remain unique entities, but are bound together by
standardized or proprietary technology that enables data and application portability
(e.g., cloud bursting for load balancing between clouds).

Advantages of Cloud Computing
24
•Lower computer costs:
– No need for a high-powered and high-priced computer to run cloud computing’s
web-based applications.
– Since applications run in the cloud, not on the desktop PC, your desktop PC
does not need the processing power or hard disk space demanded by traditional
desktop software.
– When you are using web-based applications, your PC can be less expensive,
with a smaller hard disk, less memory, more efficient processor...
– In fact, your PC in this scenario does not even need a CD or DVD drive, as no
software programs have to be loaded and no document files need to be saved.

25
•Improved performance:
– With a few large programs hogging your computer's memory, you will see better
performance from your PC.
– Computers in a cloud computing system boot and run faster because they have
fewer programs and processes loaded into memory.
•Reduced software costs:
– Instead of purchasing expensive software applications, you can get most of what
you need for free.
• most cloud computing applications today, such as the Google Docs suite are
better than paying for similar commercial software.

26
• Instant software updates
– Another advantage to cloud computing is that you are no longer faced with
choosing between obsolete software and high upgrade costs.
– When the application is web-based, updates happen automatically
– When you access a web-based application, you get the latest version without
needing to pay for or download an upgrade.
• Improved document format compatibility.
– You do not have to worry about the documents you create on your machine
being compatible with other users' applications or OS.
– There are less format incompatibilities when everyone is sharing documents
and applications in the cloud.

27
• Unlimited storage capacity
– Cloud computing offers virtually limitless storage.
– Your computer's current 1 Tera Bytes hard drive is small compared to the
hundreds of Peta Bytes available in the cloud.
• Increased data reliability
– Unlike desktop computing, in which if a hard disk crashes and destroy all
your valuable data, a computer crashing in the cloud should not affect the
storage of your data.
• If your personal computer crashes, all your data is still out there in the
cloud, still accessible
– In a world where few individual desktop PC users back up their data on a
regular basis, cloud computing is a data-safe computing platform. For e.g.
Dropbox, Skydrive

28
• Universal information access
– That is not a problem with cloud computing, because you do not take your
documents with you.
– Instead, they stay in the cloud, and you can access them whenever you have a
computer and an Internet connection
– Documents are instantly available from wherever you are.
• Latest version availability
– When you edit a document at home, that edited version is what you see when
you access the document at work.
– The cloud always hosts the latest version of your documents as long as you are
connected, you are not in danger of having an outdated version.

29
• Easier group collaboration
– Sharing documents leads directly to better collaboration.
– Many users do this as it is an important advantage of cloud computing
Multiple users can collaborate easily on documents and projects
• Device independence
– You are no longer tethered to a single computer or network.
– Changes to computers, applications, and documents follow you through the
cloud.
– Move to a portable device, and your applications and documents are still
available.

Disadvantages of Cloud Computing
30
• Requires a constant internet connection
– Cloud computing is impossible if you cannot connect to the Internet.
– Since you use the Internet to connect to both your applications and
documents if you do not have an Internet connection you cannot access
anything, even your own documents.
– A dead Internet connection means no work and in areas where Internet
connections are few or inherently unreliable, this could be a deal-breaker.
• Does not work well with low-speed connections
– Similarly, a low-speed Internet connection, such as that found with dial-up
services, makes cloud computing painful at best and often impossible.
– Web-based applications require a lot of bandwidth to download, as do large
documents.

Disadvantages of Cloud
Computing
31
• Features might be limited
– This situation is bound to change, but today many web-based
applications simply are not as full-featured as their desktop-based
applications.
• For example, you can do a lot more with Microsoft PowerPoint
than with Google Presentation's web-based offering
• Can be slow
– Even with a fast connection, web-based applications can sometimes be
slower than accessing a similar software program on your desktop PC.
– Everything about the program, from the interface to the current
document, has to be sent back and forth from your computer to the
computers in the cloud.
– If the cloud servers happen to be backed up at that moment, or if the
Internet is having a slow day, you would not get the instantaneous
access you might expect from desktop applications.

Disadvantages of Cloud
Computing
32
• Stored data might not be secured
– With cloud computing, all your data is stored in the cloud.
• The question is How secure is the cloud?
– Can unauthorized users gain access to your confidential data?
• Stored data can be lost!
– Theoretically, data stored in the cloud is safe and replicated across multiple
machines.
– But on the off chance that your data goes missing, you have no physical or
local backup.
• Put simply, relying on the cloud puts you at risk if the cloud lets you
down.

Risk in Cloud Computing
33
Data Loss
Data loss is the most common cloud security risk of cloud computing. It is also
known as data leakage. Data loss is the process in which data is deleted, corrupted,
and unreadable by a user, software, or application. In a cloud computing
environment, data loss occurs when our sensitive data is in somebody else’s hands,
one or more data elements can not be utilized by the data owner, the hard disk is not
working properly, and the software is not updated.
Hacked Interfaces and Insecure APIs
As we all know, cloud computing completely depends on the Internet, so it is
compulsory to protect interfaces and APIs that are used by external users. APIs are
the easiest way to communicate with most cloud services. In cloud computing, few
services are available in the public domain. These services can be accessed by third
parties, so there may be a chance that these services are easily harmed and hacked by
hackers.

34
Data Breach
Data Breach is the process in which confidential data is viewed, accessed, or stolen
by a third party without any authorization, so an organization's data is hacked by
hackers.
Vendor lock-in
Vendor lock-in is the of the biggest security risks in cloud computing. Organizations
may face problems when transferring their services from one vendor to another. As
different vendors provide different platforms, that can cause difficulty moving from
one cloud to another.
Increased complexity strains IT staff
Migrating, integrating, and operating the cloud services is complex for the IT staff.
IT staff must require the extra capability and skills to manage, integrate, and
maintain the data in the cloud.

35
Spectre & Meltdown
Spectre & Meltdown allows programs to view and steal data that is currently
processed on the computer. It can run on personal computers, mobile devices, and in
the cloud. It can store the password, and your personal information such as images,
emails, and business documents in the memory of other running programs.
Denial of Service (DoS) attacks
Denial of service (DoS) attacks occur when the system receives too much traffic to
buffer the server. Mostly, DoS attackers target web servers of large organizations
such as banking sectors, media companies, and government organizations. To
recover the lost data, DoS attackers charge a great deal of time and money to handle
the data.
Account hijacking
Account hijacking is a serious security risk in cloud computing. It is the process in
which an individual user's or organization's cloud account (bank account, e-mail
account, and social media account) is stolen by hackers. The hackers use the stolen
account to perform unauthorized activities.

Applications of Cloud Computing
36
• Mail and Messaging
• Archiving
• Backup
• Storage
• Security
• Virtual Servers
• CRM (Customer Relationship Management)
• Collaboration across enterprises
• Hosted PBX (Private Branch Exchange)
• Video Conferencing

Online Social Networks and
Applications
37
•Social networks can be hosted in a cloud environment, and scalable apps can be used.
•Via storing heavy multimedia content in cloud storage systems, social networks help
improves Internet usability. Vendors of cloud computing, such as Salesforce and
Amazon, currently provide numerous services, including Customer Relationship
Management (CRM) and Enterprise Resource Planning (ERP). When they deliver these
items through cloud storage, without buying standalone software or hardware,
consumers can use the simplicity and scalability of the system.
•Cloud storage is useful in the event of a catastrophe by reducing the expense of data
backup and recovery.
•Social networks and messaging applications such as Snapchat rely on anonymity and
will potentially use these tools to provide their users with a more reliable and faster
service.
•For data analytics, social networks use cloud computing.

IaaS Economics
38
In house server Cloud server
Purchase Cost $9600 (x86,3QuadCore,12GB RAM,
300GB HD)
0
Cost/hr (over 3 years) $0.36 $0.68
Cost ratio: Cloud/In house 1.88
Efficiency 40% 80%
Cost/Effective hr $0.90 $0.85
Power and cooling $0.36 0
Management Cost $0.10 $0.01
Total cost/effective hr $1.36 $0.86
Cost ratio: In house/Cloud 1.58
Source: Enterprise Cloud Computing by Gautam Shroff

Benefits for Small and Medium Businesses
(<250 employees)
Source: http://www.microsoft.com/en-us/news/presskits/telecom/docs/SMBCloud.pdf
39

Benefits for the end user while using
public cloud
40
• High utilization
• High scalability
• No separate hardware procurement
• No separate power cost
• No separate IT infrastructure administration/maintenance required
• Public clouds offer user friendly SLA by offering high availability (~99%) and
also provide compensation in case of SLA miss
• Users can rent the cloud to develop and test prototypes before making major
investments in technology

Benefits for the end user while using
public cloud
41
• In order to enhance portability from one public cloud to another, several
organizations such as Cloud Computing Interoperability Forum and Open
Cloud Consortium are coming up with standards for portability.
• For e.g. Amazon EC2 and Eucalyptus share the same API interface.
• Software startups benefit tremendously by renting computing and storage
infrastructure on the cloud instead of buying them as they are uncertain
about their own future.

Benefits of private
cloud
42
• Cost of 1 server with 12 cores and 12 GB RAM is far lower than the cost
of 12 servers having 1 core and 1 GB RAM.
• Confidentiality of data is preserved
• Virtual machines are cheaper than actual machines
• Virtual machines are faster to provision than actual machines

Economics of PaaS vs
IaaS
43
• Consider a web application that needs to be available 24X7, but
where the transaction volume is unpredictable and can vary rapidly
• Using an IaaS cloud, a minimal number of servers would need to be
provisioned at all times to ensure availability
• In contrast, merely deploying the application on the PaaS cloud costs
nothing. Depending upon the usage, costs are incurred.
• The PaaS cloud scales automatically to successfully handle increased
requests to the web application.
Source: Enterprise Cloud Computing by Gautam Shroff

PaaS
benefits
44
• No need for the user to handle scaling and load balancing of requests
among virtual machines
• PaaS clouds also provide a web-based Integrated Development
Environment for the development and deployment of applications on the
PaaS cloud.
• Easier to migrate code from the development environment to the actual
production environment.
• Hence developers can directly write applications on the cloud and
don’t have to buy separate licenses of IDE.

SaaS
benefits
45
• Users subscribe to web services and web applications instead of buying
and licensing software instances.
• For e.g. Google Docs can be used for free, instead of buying document
reading software such as Microsoft Word.
• Enterprises can use web-based SaaS Content Relationship Management
applications, instead of buying servers and installing CRM software
and associated databases on them.
Customer relationship management

Benefits, as perceived by the IT
industry
46

Factors driving investment in cloud
Source: http://www.cloudtweaks.com/2012/01/infographic-whats-driving-investment-in-cloud-
computing/
47

Factors driving investment in cloud
Source: http://www.cloudtweaks.com/2012/01/infographic-whats-driving-investment-in-cloud-computing/
48

Purpose of cloud computing in
organizations
49
• Providing an IT platform for business processes involving multiple
organizations
• Backing up data
• Running CRM, ERP, and chain management applications
• Providing personal productivity and collaboration tools to employees
• Developing and testing software
• Storing and archiving large files (e.g., video or audio)
• Analyzing customer or operations data
• Running e-business or e-government websites
Source: http://askvisory.com/research/key-drivers-of-cloud-computing-activity/

Amazon Web Services (AWS)
50
AWS (Amazon Web Services) is a comprehensive, evolving cloud computing
platform provided by Amazon that includes a mixture of infrastructure-as-a-service
(IaaS), platform-as-a-service (PaaS), and packaged-software-as-a-service (SaaS)
offerings. AWS services can offer tools such as compute power, database storage, and
content delivery services to an organization.
Amazon.com Web Services launched its first web services in 2002 from the internal
infrastructure that Amazon.com built to handle its online retail operations. In 2006, it
began offering its defining IaaS services. AWS was one of the first companies to
introduce a pay-as-you-go cloud computing model that scales to provide users with
computing, storage, or throughput as needed.

Amazon Web Services (AWS)
51
Groups such as government agencies, education institutions, non-profits, and private
organizations can use AWS services.
How AWS works
AWS is separated into different services; each can be configured in different ways
based on the user's needs. Users can see configuration options and individual server
maps for an AWS service.

Services provided by AWS
52
• compute
• storage
• databases
• data management
• migration
• hybrid cloud
• networking
• development tools
• management
• monitoring
• security
• governance
• Big data management
• analytics
• artificial intelligence (AI)
• mobile development
• messages and notification

Amazon Elastic Compute Cloud (Amazon
EC2)
53
Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing
capacity in the Amazon Web Services (AWS) Cloud.
Using Amazon EC2 eliminates your need to invest in hardware upfront, so you can
develop and deploy applications faster.
You can use Amazon EC2 to launch as many or as few virtual servers as you need,
configure security and networking, and manage storage.
Amazon EC2 enables you to scale up or down to handle changes in requirements or
spikes in popularity, reducing your need to forecast traffic.

Features of Amazon EC2
54
•Virtual computing environments, known as instances
•Preconfigured templates for your instances, known as Amazon Machine Images
(AMIs), that package the bits you need for your server (including the operating
system and additional software)
•Various configurations of CPU, memory, storage, and networking capacity for your
instances, known as instance types
•Secure login information for your instances using key pairs (AWS stores the public
key, and you store the private key in a secure place)
•Storage volumes for temporary data that are deleted when you stop, hibernate, or
terminate your instance, known as instance store volumes
•Persistent storage volumes for your data using Amazon Elastic Block Store
(Amazon EBS), known as Amazon EBS volumes

Features of Amazon EC2
55
• Multiple physical locations for your resources, such as instances and Amazon EBS
volumes, known as Regions and Availability Zones
• A firewall that enables you to specify the protocols, ports, and sources IP ranges that
can reach your instances using security groups
• Static IPv4 addresses for dynamic cloud computing, known as Elastic IP addresses
• Metadata, known as tags, that you can create and assign to your Amazon EC2
resources
• Virtual networks you can create that are logically isolated from the rest of the AWS
Cloud and that you can optionally connect to your own network, known as virtual
private clouds (VPCs)

Assignment Question
56
•Explain Cloud computing?
•Difference between Cloud computing, Client-Server Architecture, and Distributed
computing.
•Explain the cloud computing service models?
•Explain the cloud computing deployment models?
•Explain why SMIs are migrating to cloud computing?
•Short notes on AWS and Amazon EC2.

(Second Module)
Cloud Computing
Architecture

Major building blocks of Cloud Computing
Architecture
Source: http://www.sei.cmu.edu/library/assets/presentations/Cloud%20Computing%20Architecture%20-%20Gerald%20Kaefer.pdf
58

Context: High Level Architectural Approach
59
 Technical Architecture
– Structuring according to XaaS stack
– Adopting cloud computing paradigms
– Structuring cloud services and cloud components
– Showing relationships and external endpoints
– Middleware and communication
– Management and security
 Deplpyment Operation Architecture:
– Geo-location check (Legal issues, export control)
– Operation and Monitoring

Cloud Computing Architecture - XaaS
60

XaaS Stack views: Customer view vs
Provider view
61

Microsoft Azure vs Amazon EC2
62

Architecture for elasticity
63

Service Models (XaaS)
64
 Combination of Service-Oriented Infrastructure (SOI) and cloud
computing realizes to XaaS.
 X as a Service (XaaS) is a generalization for cloud-related services
 XaaS stands for "anything as a service" or "everything as a service“
 XaaS refers to an increasing number of services that are delivered over
the Internet rather than provided locally or on-site
 XaaS is the essence of cloud computing.

Source: Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance by Tim Mather and Subra Kumaraswamy
66

67
⚫ Most common examples of XaaS are
 Software as a Service (SaaS)
 Platform as a Service (PaaS)
 Infrastructure as a Service (IaaS)
⚫ Other examples of XaaS include
 Business Process as a Service (BPaaS)
 Storage as a service (another SaaS)
 Security as a service (SECaaS)
 Database as a service (DaaS)
 Monitoring/management as a service (MaaS)
 Communications, content and computing as a service (CaaS)
 Identity as a service (IDaaS)
 Backup as a service (BaaS)
 Desktop as a service (DaaS)

Requirements of CSP (Cloud Service
Provider)
68
• Increase productivity
• Increase end user satisfaction
• Increase innovation
• Increase agility

• Broad network access (cloud) + resource pooling (cloud) + business-driven
infrastructure on-demand (SOI) + service- orientation (SOI) = XaaS
• Xaas fulfils all the 4 demands!
Source: Understanding the Cloud Computing Stack: PaaS,SaaS,IaaS© Diversity Limited, 2011
69

Classical Service Model
 All the Layers(H/W, Operating System,
Development, Tools, Applications) Managed by the
user.
 Users bear the costs of the hardware, maintenance,
and technology.
 Each system is designed and funded for a specific
business activity: custom build-to-order.
 Systems are deployed as a vertical stack of “layers”
which are tightly coupled, so no single part can be
easily replaced or changed.
 Prevalent of manual operations for provisioning, and
management.
70
Source:Dragan, “XaaSasaModernInfrastructureforeGoverementBusinesModelin theRepublicofCroatia”

The key impact of cloud computing on IT
function: From Legacy ITto Evergreen IT
Dedicated Infrastructure
Application
End-user devices
Simplified ITStack
Dedicated Infrastructure
Application
End-user devices
Simplified ITStack
Legacy IT
71
Evergreen IT

ClientServerArchitecture
Source:Wikipedia
73

ClientServerArchitecture
74
• Consists of one or more load-balanced servers servicing requests sent by the
clients
• Clients and servers exchange message in a request-response fashion
• Client is often a thin client or a machine with low computational capabilities
• Server could be a load-balanced cluster or a stand-alone machine.

T
h
ree-Tier Client-Server Architecture
Source: Wikipedia
75

ClientServermodelvs. Cloud model
76
Client-server model Cloud computing model
• Simple service model where
server services client requests
• May/may not be load balanced
• Scalable to some extent in a
cluster environment.
• No concept of virtualization
• Variety of complex service
models, such as, IaaS, PaaS,
SaaS can be provided
• Load balanced
• Theoretically infinitely scalable
• Virtualization is the core concept

Cloud Services
Source : http://www.opengroup.org/soa/source-book/socci/extend.htm#figure2
77

Cloud servicemodels
Source: http://www.cs.helsinki.fi/u/epsavola/seminaari/Cloud%20Service%20Models.pdf
78

Simplified descriptionof cloud service models
79
 SaaS applications are designed for end users and are delivered over the web
 PaaS is the set of tools and services designed to make coding and deploying
applications quickly and efficiently
 IaaS is the hardware and software that powers it all – servers, storage,
network, operating systems
Source:http://broadcast.rackspace.com/hosting_knowledge/whitepapers/Understanding-the-Cloud-Computing-Stack.pdf

TransportationAnalogy
80
• By itself, infrastructure isn’t useful – it just sits there waiting for someone to
make it productive in solving a particular problem. Imagine the Interstate
transportation system in the U.S. Even with all these roads built, they
wouldn’t be useful without cars and trucks to transport people and goods. In
this analogy, the roads are the infrastructure and the cars and trucks are the
platforms that sit on top of the infrastructure and transport the people and
goods. These goods and people might be considered software and information
in the technical realm.
Source: http://broadcast.rackspace.com/hosting_knowledge/whitepapers/Understanding-the-Cloud-Computing-Stack.pdf

Softwareas a Service
81
• SaaS is defined as software that is deployed over the internet. With SaaS,
a provider licenses an application to customers either as a service on
demand, through a subscription, in a “pay-as-you-go” model, or
(increasingly) at no charge when there is an opportunity to generate
revenue from streams other than the user, such as from advertisement or
user list sales.
Source: http:/ / broadcast.rackspace.com/hosting_knowledge/ whitepapers/Understanding-the-Cloud-Computing-Stack.pdf

SaaScharacteristics
82
• Software is managed from a central location
• Software is delivered in a ‘one to many’ model
• Users are not required to handle software upgrades and patches
• Application Programming Interfaces (API) allow for integration between
different pieces of software.
Source: http:/ / broadcast.rackspace.com/hosting_knowledge/ whitepapers/Understanding-the-Cloud-Computing-Stack.pdf

Applications whereSaaSisused
83
• Applications where there is significant interplay between the organization and
the outside world. E.g. email newsletter campaign software
• Applications that have a need for web or mobile access. E.g. mobile sales
management software
• Software that is only to be used for a short-term need.
• Software where demand spikes significantly.E.g. Tax/Billing
• E.g. of SaaS: Sales Force Customer Relationship Management (CRM)
software

Applications where SaaS may not be
the best option
84
• Applications where extremely fast processing of real-time data is needed
• Applications where legislation or other regulation does not permit data to be
hosted externally
• Applications where an existing on-premise solution fulfills all of the
organization’s needs

Platformas a Service
85
• Platform as a Service (PaaS) brings the benefits that SaaS bought for
applications, but over to the software development world. PaaS can be
defined as a computing platform that allows the creation of web
applications quickly and easily and without the complexity of buying and
maintaining the software and infrastructure underneath it.
• PaaS is analogous to SaaS except that, rather than being software delivered
over the web, it is a platform for the creation of software, delivered over
the web.

Characteristicsof PaaS
86
 Services to develop, test, deploy, host, and maintain applications in the same
integrated development environment. All the varying services needed to fulfill
the application development process.
 Web-based user interface creation tools help to create, modify, test, and
deploy different UI scenarios.
 Multi-tenant architecture where multiple concurrent users utilize the same
development application.
 Built in the scalability of deployed software including load balancing and
failover.
 Integration with web services and databases via common standards.
 Support for development team collaboration – some PaaS solutions include
project planning and communication tools.
 Tools to handle billing and subscription management

ScenarioswherePaaSisused
87
 PaaS is especially useful in any situation where multiple developers will be
working on a development project or where other external parties need to
interact with the development process
 PaaS is useful where developers wish to automate testing and
deployment services.
 The popularity of agile software development, a group of software development
methodologies based on iterative and incremental development, will also
increase the uptake of PaaS as it eases the difficulties around rapid development
and iteration of the software.
 PaaS Examples: Microsoft Azure, Google App Engine

Scenarioswhere PaaSisnotideal
88
• Where the application needs to be highly portable in terms of where it is
hosted.
• Where proprietary languages or approaches would impact the
development process
• Where application performance requires customization of the underlying
hardware and software

Infrastructureas a Service
89
• Infrastructure as a Service (IaaS) is a way of delivering Cloud Computing
infrastructure – servers, storage, network, and operating systems– as an
on-demand service.
• Rather than purchasing servers, software, data center space, or network
equipment, clients instead buy those resources as a fully outsourced
service on demand.

Characteristics of IaaS
90
• Resources are distributed as a service
• Allows for dynamic scaling
• Has a variable cost, utility pricing model
• Generally includes multiple users on a single piece of hardware

Scenarioswhere IaaSmakes sense
91
 Where demand is very volatile – any time there are significant spikes
and troughs in terms of demand for the infrastructure
 For new organizations without the capital to invest in hardware
 Where the organization is growing rapidly and scaling hardware would be
problematic
 Where there is pressure on the organization to limit capital expenditure and
move to operating expenditure
 For specific lines of business, trial, or temporary infrastructural needs

ScenarioswhereIaaSmay notbe thebestoption
92
• Where regulatory compliance makes the offshoring or outsourcing of data
storage and processing difficult
• Where the highest levels of performance are required, and on-premise or
dedicated hosted infrastructure has the capacity to meet the organization’s needs
 Source: http://broadcast.rackspace.com/hosting_knowledge/whitepapers/Understanding-the-Cloud-Computing-Stack.pdf

SaaSproviders
93

Feature comparison of PaaS providers
94

Featurecomparisonof IaaSproviders
95

XaaS
Managed
by
service
provider
Storage
Servers
Network
O/S
Middleware
Virtualization
Data
Applications
Runtime
Managed
by
user
Managed
by
user
Managed
by
service
provider
Storage
Servers
Network
O/S
Middleware
Virtualization
Applications
Runtime
Data
Managed
by
service
provider
Storage
Servers
Network
O/S
Middleware
Virtualization
Applications
Runtime
Data
96
SaaS IaaS
PaaS

RoleofNetworkingincloud computing
97
• In cloud computing, network resources can be provisioned dynamically.
• Some of the networking concepts that form the core of cloud computing are
Virtual Local Area Networks, Virtual Private Networks, and the different
protocol layers.
• Examples of tools that help in setting up different network topologies and
facilitate various network configurations are OpenSSH, OpenVPN, etc.
Source: http://www.slideshare.net/alexamies/networking-concepts-and-tools-for-the-cloud

Networking indifferentcloud models
Source: http://www.slideshare.net/alexamies/networking-concepts-and-tools-for-the-cloud
98

DeploymentModels
99
• Public Cloud
• Private Cloud
• Hybrid Cloud
• Community Cloud

PublicCloud
 Cloud infrastructure is provisioned for open use by the general public. It may
be owned, managed, and operated by a business, academic, government
organization, or some combination of them. It exists on the premises of
the cloud provider.
 Examples of Public Cloud:
 Google App Engine
 Microsoft Windows Azure
 IBM Smart Cloud
 Amazon EC2
Source:Marcus Hogue,Chris Jacobson,”Security of Cloud Computing”

PublicCloud
• In a Public setting, the provider's computing and storage resources are
potentially large; the communication links can be assumed to be implemented
over the public Internet; and the cloud serves a diverse pool of clients (and
possibly attackers).
Source: LeeBadger, and Tim Grance “NIST DRAFT Cloud Computing Synopsis and Recommendations “

Public Cloud
• Workload locations are hidden from clients (public):
– In the public scenario, a provider may migrate a subscriber's workload,
whether processing or data, at any time.
– Workload can be transferred to data centers where cost is low
– Workloads in a public cloud may be relocated anywhere at any time
unless the provider has offered (optional) location restriction policies
• Risks from multi-tenancy (public):
– A single machine may be shared by the workloads of any combination of
subscribers (a subscriber's workload may be co-resident with the workloads
of competitors or adversaries)
• Introduces both reliability and security risk

PublicCloud
• Organizations considering the use of an on-site private cloud
should consider:
– Network dependency (public):
• Subscribers connect to providers via the public Internet.
• Connection depends on Internet Infrastructure like
– Domain Name System (DNS) servers
– Router infrastructure,
– Inter-router links

PublicCloud
• Limited visibility and control over data regarding security (public):
– The details of provider system operation are usually considered
proprietary information and are not divulged to subscribers.
– In many cases, the software employed by a provider is usually proprietary
and not available for examination by subscribers
– A subscriber cannot verify that data has been completely deleted from a
provider's systems.
• Elasticity: illusion of unlimited resource availability (public):
– Public clouds are generally unrestricted in their location or size.
– Public clouds potentially have a high degree of flexibility in the movement
of subscriber workloads to correspond with available resources.

PublicCloud
• Low up-front costs to migrate into the cloud (public)
• Restrictive default service level agreements (public):
– The default service level agreements of public clouds specify
limited promises that providers make to subscribers

Private Cloud
• The cloud infrastructure is provisioned for exclusive use by a single
organization comprising multiple consumers (e.g., business units). It may
be owned, managed, and operated by the organization, a third party, or
some combination of them, and it may exist on or off premises.
• Examples of Private Cloud:
– Eucalyptus
– Ubuntu Enterprise Cloud - UEC
– Amazon VPC (Virtual Private Cloud)
– VMware Cloud Infrastructure Suite
– Microsoft ECI data center.

Private Cloud
• Contrary to popular belief, a private cloud may exist off-premises and can be
managed by a third party. Thus, two private cloud scenarios exist, as follows:
• On-site Private Cloud
– Applies to private clouds implemented at a customer’s premises.
• Outsourced Private Cloud
– Applies to private clouds where the server side is outsourced to a hosting
company.

On-site Private Cloud
 The security perimeter extends around both the subscriber’s on-site
resources and the private cloud’s resources.
 Security perimeter does not guarantee control over the private cloud’s
resources but subscribers can exercise control over the resources.

• Organizations considering the use of an on-site private cloud should consider:
– Network dependency (on-site-private):
– Subscribers still need IT skills (on-site-private):
• Subscriber organizations will need the traditional IT skills required to
manage user devices that access the private cloud and will require to
cloud IT skills as well.
– Workload locations are hidden from clients (on-site-private):
• To manage a cloud's hardware resources, a private cloud must be able to
migrate workloads between machines without inconveniencing clients.
With an on-site private cloud, however, a subscriber organization
chooses the physical infrastructure, but individual clients still may not
know where their workloads physically exist within the subscriber
organization's infrastructure

On-sitePrivate Cloud
• Risks from multi-tenancy (on-site-private):
– Workloads of different clients may reside concurrently on the same
systems and local networks, separated only by access policies
implemented by a cloud provider's software. A flaw in the software or the
policies could compromise the security of a subscriber organization by
exposing client workloads to one another
• Data import/export, and performance limitations (on-site-private):
– On-demand bulk data import/export is limited by the on-site private
cloud's network capacity, and real-time or critical processing may be
problematic because of networking limitations.

On-sitePrivate Cloud
11
1
• Potentially strong security from external threats (on-site-private):
– In an on-site private cloud, a subscriber has the option of implementing an
appropriately strong security perimeter to protect private cloud resources
against external threats to the same level of security as can be achieved for
non-cloud resources.
• Significant-to-high up-front costs to migrate into the cloud (on-site-
private):
– An on-site private cloud requires that cloud management software be
installed on computer systems within a subscriber organization. If the
cloud is intended to support process-intensive or data-intensive workloads,
the software will need to be installed on numerous commodity systems or
on a more limited number of high-performance systems. Installing cloud
software and managing the installations will incur significant up-front
costs, even if the cloud software itself is free, and even if much of the
hardware already exists within a subscriber organization.

• Limited resources (on-site-private):
– An on-site private cloud, at any specific time, has a fixed computing and
storage capacity that has been sized to correspond to anticipated workloads
and cost restrictions.

Outsourced Private Cloud
• Outsourced private cloud has two security perimeters, one implemented
by a cloud subscriber (on the right) and one implemented by a provider.
• Two security perimeters are joined by a protected communications link.
• The security of data and processing conducted in the outsourced private cloud
depends on the strength and availability of both security perimeters and the
protected communication link.

• Organizations considering the use of an outsourced private cloud should
consider:
– Network Dependency (outsourced-private):
• In the outsourced private scenario, subscribers may have the option to
provision unique protected, and reliable communication links with the
provider.
– Workload locations are hidden from clients (outsourced-private):
– Risks from multi-tenancy (outsourced-private):
• The implications are the same as those for an on-site private cloud.

• Data import/export, and performance limitations (outsourced-private):
– On-demand bulk data import/export is limited by the network capacity between
a provider and subscriber, and real-time or critical processing may be
problematic because of networking limitations. In the outsourced private cloud
scenario, however, these limits may be adjusted, although not eliminated, by
provisioning high-performance and/or high-reliability networking between the
provider and subscriber.
• Potentially strong security from external threats (outsourced-private):
– As with the on-site private cloud scenario, a variety of techniques exist to
harden a security perimeter. The main difference with the outsourced private
cloud is that the techniques need to be applied both to a subscriber's perimeter
and the provider's perimeter and that the communications link needs to be
protected.

• Modest-to-significant up-front costs to migrate into the cloud (outsourced-
private):
– In the outsourced private cloud scenario, the resources are provisioned by the
provider
– Main start-up costs for the subscriber relate to:
• Negotiating the terms of the service level agreement (SLA)
• Possibly upgrading the subscriber's network to connect to the outsourced
private cloud
• Switching from traditional applications to cloud-hosted applications,
• Porting existing non-cloud operations to the cloud
• Training

• Extensive resources available (outsourced-private):
– In the case of the outsourced private cloud, a subscriber can rent resources in any
quantity offered by the provider. Provisioning and operating computing
equipment at scale is a core competency of providers.

CommunityCloud
 Cloud infrastructure is provisioned for exclusive use by a specific community of
consumers from organizations that have shared concerns (e.g., mission, security
requirements, policy, and compliance considerations). It may be owned, managed,
and operated by one or more of the organizations in the community, a third party,
or some combination of them, and it may exist on or off premises.
 Examples of Community Cloud:
⚫ Google Apps for Government
⚫ Microsoft Government Community Cloud

On-siteCommunityCloud
• Community cloud is made up of a set of participant organizations. Each
participant organization may provide cloud services, consume cloud services,
or both
• At least one organization must provide cloud services
• Each organization implements a security perimeter

• The participant organizations are connected via links between the
boundary controllers that allow access through their security perimeters
• Access policy of a community cloud may be complex
– Ex. : if there are N community members, a decision must be made, either
implicitly or explicitly, on how to share a member's local cloud resources
with each of the other members
– Policy specification techniques like role-based access control (RBAC),
attribute-based access control can be used to express sharing policies.

On-site Community Cloud
• Organizations considering the use of an on-site community cloud should consider:
– Network Dependency (on-site community):
• The subscribers in an on-site community cloud need to either provision
controlled inter-site communication links or use cryptography over a less
controlled communications media (such as the public Internet).
• The reliability and security of the community cloud depend on
the reliability and security of the communication links.

• Subscribers still need IT skills (on-site-community).
– Organizations in the community that provides cloud resources, require
IT skills similar to those required for the on-site private cloud scenario
except that the overall cloud configuration may be more complex and
hence require a higher skill level.
– Identity and access control configurations among the participating
organizations may be complex
• Workload locations are hidden from clients (on-site-community):
– Participant Organizations providing cloud services to the community
cloud may wish to employ an outsourced private cloud as a part of its
implementation strategy.

• Data import/export, and performance limitations (on-site-community):
– The communication links between the various participant organizations in a
community cloud can be provisioned to various levels of performance,
security, and reliability, based on the needs of the participant organizations.
The network-based limitations are thus similar to those of the outsourced-
private cloud scenario.
• Potentially strong security from external threats (on-site-community):
– The security of a community cloud from external threats depends on the
security of all the security perimeters of the participant organizations and
the strength of the communications links. These dependencies are
essentially similar to those of the outsourced private cloud scenario, but
with possibly more links and security perimeters.

• Highly variable up-front costs to migrate into the cloud (on-site-
community):
– The up-front costs of an on-site community cloud for a participant
organization depend greatly on whether the organization plans to consume
cloud services only or also to provide cloud services. For a participant
organization that intends to provide cloud services within the community
cloud, the costs appear to be similar to those for the on-site private cloud
scenario (i.e., significant-to- high).

Outsourced CommunityCloud

• Organizations considering the use of an on-site community cloud
should consider:
• Network dependency (outsourced community):
– The network dependency of the outsourced community cloud is similar to
that of the outsourced private cloud. The primary difference is that
multiple protected communications links are likely from the community
members to the provider's facility.
• Workload locations are hidden from clients (outsourced- community).
– Same as the outsourced private cloud

• Risks from multi-tenancy (outsourced-community):
– Same as the on-site community cloud
• Data import/export, and performance limitations (outsourced-
community):
– Same as outsourced private cloud
• Potentially strong security from external threats (outsourced-
community):
– Same as the on-site community cloud
• Modest-to-significant up-front costs to migrate into the cloud
(outsourced-community):
• Same as outsourced private cloud

• Extensive resources available (outsourced community).
– Same as outsourced private cloud

HybridCloud
• The cloud infrastructure is a composition of two or more distinct cloud
infrastructures (private, community, or public) that remain unique entities,
but are bound together by standardized or proprietary technology that
enables data and application portability
• Examples of Hybrid Cloud:
– Windows Azure (capable of Hybrid Cloud)
– VMware vCloud (Hybrid Cloud Services)

HybridCloud
• A hybrid cloud is composed of two or more private, community, or public
clouds.
• They have significant variations in performance, reliability, and security
properties depending upon the type of cloud chosen to build hybrid cloud.
Source: LeeBadger, and Tim Grance “NISTDRAFT Cloud Computing Synopsis and Recommendations “

HybridCloud
• A hybrid cloud can be extremely complex
• A hybrid cloud may change over time with constituent clouds joining and
leaving.

(Second Module)
Cloud Computing
Virtualization

Virtualization
 The dictionary includes many definitions for the word “cloud.”
 A cloud can be a mass of water droplets, gloom, an obscure area, or a mass of
similar particles such as dust or smoke.
 When it comes to cloud computing, the definition that best fits the context is
“a collection of objects that are grouped together.”
 It is that act of grouping or creating a resource pool that is what succinctly
differentiates cloud computing from all other types of networked systems.
133

Virtualization
 The benefits of pooling resources to allocate them on demand are so compelling
as to make the adoption of these technologies a priority. Without resource
pooling, it is impossible to attain efficient utilization, provide reasonable costs to
users, and proactively react to demand.
 Virtualization abstracts the physical resources such as processors, memory, disk,
and network capacity into virtual resources. When you use cloud computing, you
are accessing pooled resources using a technique called Virtualization.
134

Virtualization
 Virtualization assigns a logical name for a physical resource and then provides a
pointer to that physical resource when a request is made.
 Virtualization provides a means to manage resources efficiently because the
mapping of virtual resources to physical resources can be both dynamic and
facile.
 Virtualization is dynamic in that the mapping can be assigned based on rapidly
changing conditions, and it is facile because changes to a mapping assignment
can be nearly instantaneous.
135

Virtualization
Different types of virtualization that are characteristic of cloud computing:
 Access: A client can request access to a cloud service from any location.
 Application: A cloud has multiple application instances and directs requests to
an instance based on conditions.
 CPU: Computers can be partitioned into a set of virtual machines with each
machine being assigned a workload. Alternatively, systems can be virtualized
through load-balancing technologies.
 Storage: Data is stored across storage devices and often replicated for
redundancy. To enable these characteristics, resources must be highly
configurable and flexible.
136

Virtualization
Features in software and hardware that enable flexibility by conforming to
one or more of the following mobility patterns:
 P2V: Physical to Virtual
 V2V: Virtual to Virtual
 V2P: Virtual to Physical
 P2P: Physical to Physical
 D2C: Datacentre to Cloud
 C2C: Cloud to Cloud
 C2D: Cloud to Datacentre
 D2D: Datacentre to Datacentre
137

Virtualization
Properties
 Service-based: A service-based architecture is where clients are abstracted
from service providers through service interfaces.
 Scalable and elastic: Services can be altered to affect capacity and
performance on demand.
 Shared services: Resources are pooled in order to create greater efficiencies.
 Metered usage: Services are billed on a usage basis.
 Internet delivery: The services provided by cloud computing are based on
Internet protocols and formats.
138

IaaS – Infrastructure as a Service
13
9
• What does a subscriber get?
– Access to virtual computers, network-accessible storage, network
infrastructure components such as firewalls, and configuration services.
• How are usage fees calculated?
– Typically, per CPU hour, data GB stored per hour, network bandwidth
consumed, network infrastructure used (e.g., IP addresses) per hour, value-
added services used (e.g., monitoring, automatic scaling)

IaaS Provider/Subscriber Interaction
Dynamics
The provider has a number of available virtual machines
(vm’s) that it can allocate to clients.
– Client A has access to vm1 and vm2, Client B has access to vm3 and Client
C has access to vm4, vm5 and vm6
– Provider retains only vm7 through vmN
14
0

IaaS Component Stack and Scope of Control
• IaaS component stack comprises of hardware, operating system,
middleware, and applications layers.
• Operating system layer is split into two layers.
– Lower (and more privileged) layer is occupied by the Virtual Machine Monitor (VMM),
which is also called the Hypervisor
– Higher layer is occupied by an operating system running within a VM called a guest
operating system
14
1

IaaS Component Stack and Scope of
Control
14
2
• In IaaS Cloud provider maintains total control over the physical hardware
and administrative control over the hypervisor layer
• Subscriber controls the Guest OS, Middleware and Applications layers.
• Subscriber is free (using the provider's utilities) to load any supported
operating system software desired into the VM.
• Subscriber typically maintains complete control over the operation of the
guest operating system in each VM.

IaaS Component Stack and Scope of
Control
14
3
• A hypervisor uses the hardware to synthesize one or more Virtual Machines
(VMs); each VM is "an efficient, isolated duplicate of a real machine" .
• Subscriber rents access to a VM, the VM appears to the subscriber as actual
computer hardware that can be administered (e.g., powered on/off,
peripherals configured) via commands sent over a network to the provider.

IaaS Cloud Architecture
• Logical view of IaaS cloud structure and operation
14
4

14
5
• Three-level hierarchy of components in IaaS cloud systems
– Top level is responsible for central control
– Middle level is responsible for management of possibly large computer
clusters that may be geographically distant from one another
– Bottom level is responsible for running the host computer systems on
which virtual machines are created.
• Subscriber queries and commands generally flow into the system at the top
and are forwarded down through the layers that either answer the queries or
execute the commands

14
6
• Cluster Manager can be geographically distributed
• Within a cluster manger computer manger is connected via high speed
network.

Operation of the Cloud Manager
14
7
• Cloud Manager is the public access point to the cloud where subscribers sign
up for accounts, manage the resources they rent from the cloud, and access
data stored in the cloud.
• Cloud Manager has mechanism for:
– Authenticating subscribers
– Generating or validating access credentials that subscriber uses when
communicating with VMs.
– Top-level resource management.
• For a subscriber’s request cloud manager determines if the cloud has enough
free resources to satisfy the request

Data Object Storage (DOS)
14
8
• DOS generally stores the subscriber’s metadata like user credentials,
operating system images.
• DOS service is (usually) single for a cloud.

Operation of the Cluster Managers
14
9
• Each Cluster Manager is responsible for the operation of a collection of
computers that are connected via high speed local area networks.
• Cluster Manager receives resource allocation commands and queries from
the Cloud Manager, and calculates whether part or all of a command can be
satisfied using the resources of the computers in the cluster.
• Cluster Manager queries the Computer Managers for the computers in the
cluster to determine resource availability, and returns messages to the
Cloud Manager.

Operation of the Cluster Managers
15
0
• Directed by the Cloud Manager, a Cluster Manager then instructs the
Computer Managers to perform resource allocation, and reconfigures the
virtual network infrastructure to give the subscriber uniform access.
• Each Cluster Manager is connected to Persistent Local Storage (PLS).
• PLS provide persistent disk-like storage to Virtual Machine.

Operation of the Computer Managers
15
1
• At the lowest level in the hierarchy computer manger runs on each computer
system and uses the concept of virtualization to provide Virtual Machines to
subscribers
• Computer Manger maintains status information including how many virtual
machines are running and how many can still be started
• Computer Manager uses the command interface of its hypervisor to start, stop,
suspend, and reconfigure virtual machines

Virtualization
App. A App. B App. C
Operating System
App. D
Hardware
Virtualization Layer
Virtual
Container
App. A
App. B
Hardware
Virtual
Container
App. C
App. D
15
2
‘Non-virtualized’ system
A single OS controls all hardware platform
resources
Virtualized system
• Virtualization is a broad term (virtual memory, storage, network, etc)
Virtualization basically allows one computer to do the job of multiple
computers, by sharing the resources of a single hardware across multiple
environments
It makes it possible to run multiple Virtual Containers on
a single physical platform
Source: www.dc.uba.ar/events/eci/2008/courses/n2/Virtualization-

Virtualization
• Virtualization is way to run multiple operating systems and user applications on the
same hardware
– E.g., run both Windows and Linux on the same laptop
• How is it different from dualboot?
– Both OSes run simultaneously
• The OSes are completely isolated from each other
15
3

Source: www.dc.uba.ar/events/eci/2008/courses/n2/Virtualization-Introduction.ppt
15
4
Hypervisor or Virtual Machine
Monitor
A hypervisor or virtual machine monitor runs the guest OS directly on the CPU.
(This only works if the guest OS uses the same instruction set as the host OS.)
Since the guest OS is running in user mode, privileged instructions must be
intercepted or replaced. This further imposes restrictions on the instruction set for
the CPU, as observed in a now-famous paper by Popek and Goldberg identify
three goals for a virtual machine architecture:
•Equivalence: The VM should be indistinguishable from the underlying hardware.
•Resource control: The VM should be in complete control of any virtualized
resources.
•Efficiency: Most VM instructions should be executed directly on the underlying
CPU without involving the hypervisor.

Hypervisor or Virtual Machine
Monitor
15
5
Popek and Goldberg describe (and give formal proof of) the requirements for the CPU's
instruction set to allow these properties. The main idea here is to classify instructions into
•privileged instructions, which cause a trap if executed in user mode, and
•sensitive instructions, which change the underlying resources (e.g. doing I/O or changing
the page tables) or observe information that indicates the current privilege level (thus
exposing the fact that the guest OS is not running on the bare hardware).
•The former class of sensitive instructions is called control sensitive and the latter
behavior sensitive in the paper, but the distinction is not particularly important.
What Popek and Goldberg show is that we can only run a virtual machine with all three
desired properties if the sensitive instructions are a subset of the privileged instructions. If
this is the case, then we can run most instructions directly, and any sensitive instructions
trap to the hypervisor which can then emulate them (hopefully without much slowdown).

VMM and VM
Equivalence Resource
Control Efficiency
Privileged instructions
Control sensitive
Behavior sensitive
15
6
• For any conventional third generation computer, a VMM may be constructed if
the set of sensitive instructions for that computer is a subset of the set of
privileged instructions
• A conventional third generation computer is recursively virtualizable if it is
virtualizable and a VMM without any timing dependencies can be constructed
for it.

Load Balancing and Virtualization
15
7
• One characteristic of cloud computing is virtualized network access to a
service. No matter where you access the service, you are directed to the
available resources. The technology used to distribute service requests to
resources is referred to as load balancing.
• Load balancing is an optimization technique. it can be used to increase
utilization and throughput, lower latency, reduce response time, and avoid
system overload
• The following network resources can be load balanced:
a. Network interfaces and services such as
b. DNS, FTP, and HTTP
c. Connections through intelligent switches
d. Processing through computer system assignment
e. Storage resources
f. Access to application instances

Load Balancing and Virtualization
15
8
• Without load balancing, cloud computing would very difficult to manage.
• Load balancing provides the necessary redundancy to make an intrinsically
unreliable system reliable through managed redirection.
• It also provides fault tolerance when coupled with a failover mechanism.
• Load balancing is nearly always a feature of server farms and computer clusters
and for high-availability applications.
• A load-balancing system can use different mechanisms to assign service
direction.

Load BalancingMechanism
15
9
• In the simplest load-balancing mechanisms, the load balancer listens to a
network port for service requests.
• When a request from a client or service requester arrives, the load balancer uses
a scheduling algorithm to assign where the request is sent.
• Typical scheduling algorithms in use today are round robin and weighted round
robin, fastest response time, least connections and weighted least connections,
and custom assignments based on other factors.

Load Balancing Mechanism
16
0
• A session ticket is created by the load balancer so that subsequent related traffic
from the client that is part of that session can be properly routed to the same
resource.
• Without this session record or persistence, a load balancer would not be able to
correctly failover a request from one resource to another.
• Persistence can be enforced using session data stored in a database and
replicated across multiple load balancers.
• Other methods can use the client's browser to store a client-side cookie or the
use of a rewrite engine that modifies the URL.

Load Balancing Mechanism
16
1
• Of all these methods, a session cookie stored on the client has the least amount
of overhead for a load balancer because it allows the load balancer an
independent selection of resources.
• The algorithm can be based on a simple round-robin system where the next
system in a list of systems gets the request.
• Round robin DNS is a common application, where IP addresses are assigned
out of a pool of available IP addresses. Google uses round-robin DNS

Approaches to Server Virtualization
16
2

Evolution of Software Solutions
virtualization (Binary
rewriting)
– Software Based
– VMware and
Microsoft
• 3rd Generation: Silicon-
based (Hardware-
assisted) virtualization
– Unmodified guest
– VMware and Xen on
virtualization-aware
hardware platforms
• 1st Generation: Full • 2nd Generation:
Para-virtualization
– Cooperative
virtualization
– Modified guest
– VMware, Xen
Dynamic Translation
Virtual
Machine
Hardware
Operating System
Virtual
Machine
…
Hypervisor
Hardware
VM VM
Hardware
Virtualization Logic
Virtual
Machine… Virtual
Machine
Hypervisor
…
16
3

Full Virtualization
• 1st Generation offering of x86/x64 server
virtualization
• Dynamic binary translation
– Emulation layer talks to an operating system which
talks to the computer hardware
– Guest OS doesn't see that it is used in an emulated
environment
• All of the hardware is emulated including the
CPU
• Two popular open source emulators are QEMU
and Bochs
Emulated
Hardware
Virtual
Machine
Guest
OS
Device Drivers
App.
A
App.
B
App.
C
Hardware
Host OS
Device Drivers
16
4

Full Virtualization - Advantages
16
5
• Emulation layer
– Isolates VMs from the host OS and from each other
– Controls individual VM access to system resources, preventing an unstable
VM from impacting system performance
• Total VM portability
– By emulating a consistent set of system hardware, VMs have the ability to
transparently move between hosts with dissimilar hardware without any
problems
• It is possible to run an operating system that was developed for another
architecture on your own architecture
• A VM running on a Dell server can be relocated to a Hewlett-Packard
server

Full Virtualization - Drawbacks
• Hardware emulation comes with a performance price
• In traditional x86 architectures, OS kernels expect to run privileged code in
Ring 0
– However, because Ring 0 is controlled by the host OS, VMs are forced to
execute
at Ring 1/3, which requires the VMM to trap and emulate instructions
• Due to these performance limitations, para-virtualization and hardware-assisted
virtualization were developed
16
6

Para-Virtualization
• Guest OS is modified and thus run kernel-
level operations at Ring 1 (or 3)
– Guest is fully aware of how to process privileged
instructions
– Privileged instruction translation by the VMM is no
longer necessary
– Guest operating system uses a specialized API to talk
to the VMM and, in this way, execute the privileged
instructions
• VMM is responsible for handling the virtualization
requests and putting them to the hardware
VirtualMachine Monitor
Virtual
Machine
Guest
OS
Device Drivers
App.
A
App.
B
App.
C
Specialized API
Hardware
Hypervisor
Device Drivers
Server virtualization approaches
16
7

Para-Virtualization
16
8
Today, VM guest operating systems are para-virtualized using two different approaches:
–Recompiling the OS kernel
• Para-virtualization drivers and APIs must reside in the guest operating system kernel
• You do need a modified operating system that includes this specific API, requiring a compiling
operating system to be virtualization aware
– Some vendors (such as Novell) have embraced para-virtualization and have provided para-virtualized
OS builds, while other vendors (such as Microsoft) have not
–Installing para-virtualized drivers
• In some operating systems it is not possible to use complete para-virtualization, as it requires a
specialized version of the operating system
• To ensure good performance in such environments, para-virtualization can be applied for
individual devices
• For example, the instructions generated by network boards or graphical interface cards can be
modified before they leave the virtualized machine by using para-virtualized drivers

Hardware-assisted virtualization
• Guest OS runs at ring 0
• VMM uses processor extensions (such as Intel®- VT
or AMD-V) to intercept and emulate privileged
operations in the guest
• Hardware-assisted virtualization removes many of the
problems that make writing a VMM a challenge
• VMM runs in a more privileged ring than 0, a
Virtual-1 ring is created
VirtualMachine Monitor
Virtual
Machine
Guest
OS
Device Drivers
App.
A
App.
B
App.
C
Specialized API
Hardware
Hypervisor
Device Drivers
Server virtualization approaches
16
9

Hardware-assisted virtualization
17
0
• Pros
– It allows to run unmodified OSs (so legacy OS can be run without
problems)
• Cons
– Speed and Flexibility
• An unmodified OS does not know it is running in a virtualized
environment and so, it can’t take advantage of any of the
virtualization features
– It can be resolved using para-virtualization partially

Network Virtualization
Making a physical network appear as multiple logical ones
Physical Network Virtualized Network - 1 Virtualized Network - 2
17
1

Why Virtualize?
17
2
• Hard to come up with a one-size-fits-all architecture
– Almost impossible to predict what future might unleash
• Why not create an all-sizes-fit-into-one instead!
– Open and expandable architecture
• Testbed for future networking architectures and protocols

Related Concepts
17
3
• Virtual Private Networks (VPN)
– Virtual network connecting distributed sites
– Not customizable enough
– Active and Programmable Networks
– Customized network functionalities
– Programmable interfaces and active codes
• Overlay Networks
– Application layer virtual networks
– Not flexible enough

Network Virtualization Model
17
4
• Business Model
• Architecture
• Design Principles
• Design Goals

Design Principles
 Concurrence of multiple
heterogeneous virtual networks
🞑 Introduces diversity
 Recursion of virtual networks
🞑 Opens the door for network virtualization
economics
 Inheritance of architectural attributes
🞑 Promotes value-addition
 Revisitation of virtual nodes
🞑 Simplifies network operation and
management
35
Hierarchy of Roles
ServiceProvider 0
Infrastructure
Provider 0
Infrastructure
Provider 1
Virtual Network 0
ServiceProvider 1
Infrastructure
Provider 2
Virtual Network 1
Infrastructure
Provider N+1
Service Provider N
VirtualNetwork N
…

Design Goals (1)
17
7
• Flexibility
– Service providers can choose
• arbitrary network topology,
• routing and forwarding functionalities,
• customized control and data planes
– No need for co-ordination with others
• IPv6 fiasco should never happen again
• Manageability
– Clear separation of policy from mechanism
– Defined accountability of infrastructure and service providers
– Modular management

Design Goals (2)
17
8
• Scalability
– Maximize the number of co-existing virtual networks
– Increase resource utilization and amortize CAPEX and OPEX
• Security, Privacy, and Isolation
– Complete isolation between virtual networks
• Logical and resource
– Isolate faults, bugs, and misconfigurations
• Secured and private

Design Goals (3)
17
9
• Programmability
– Of network elements e.g. routers
– Answer “How much” and “how”
– Easy and effective without being vulnerable to threats
• Heterogeneity
– Networking technologies
• Optical, sensor, wireless etc.
– Virtual networks

Design Goals (4)
18
0
• Experimental and Deployment Facility
– PlanetLab, GENI, VINI
– Directly deploy services in the real world from the testing phase
• Legacy Support
– Consider the existing Internet as a member of the collection of
multiple virtual Internet
– Very important to keep all concerned parties satisfied

Definition
18
1
Network virtualization is a networking environment that allows multiple service
providers to dynamically compose multiple heterogeneous virtual networks
that co-exist together in isolation from each other, and to deploy customized
end-to-end services on the fly as well as manage them on those virtual
networks for the end-users by effectively sharing and utilizing underlying
network resources leased from multiple infrastructure providers.

Typical Approach
18
2
• Networking technology
– IP
, A
TM
• Layer of virtualization
• Architectural domain
– Network resource management, Spawning networks
• Level of virtualization
– Node virtualization, Full virtualization

(Third Module)
Cloud Security

Security - Basic Components
18
4
 Confidentiality
 Keeping data and resources hidden
 Integrity
 Data integrity (integrity)
 Origin integrity (authentication)
 Availability
 Enabling access to data and resources

Security Attacks
 Any action that compromises the security of
 information.
 Four types of attack:
1. Interruption
2. Interception
3. Modification
4. Fabrication
 Basic model:
D
Destination
S
Source 18
5

Security Attacks (contd.)
 Interruption:
 Attack on availability
 Interception:
 Attack on confidentiality
S D
S D
I
18
6

Security Attacks
 Modification:
 Attack on integrity
 Fabrication:
 Attack on authenticity
S D
S D
I
I
18
7

Classes of Threats
18
8
 Disclosure
 Snooping
 Deception
 Modification, spoofing, repudiation of origin, denial of receipt
 Disruption
 Modification
 Usurpation
 Modification, spoofing, delay, denial of service

Policies and Mechanisms
18
9
 Policy says what is, and is not, allowed
 This defines “security” for the site/system/etc.
 Mechanisms enforce policies
 Composition of policies
 If policies conflict, discrepancies may create security
vulnerabilities

Goals of Security
19
0
 Prevention
 Prevent attackers from violating security policy
 Detection
 Detect attackers’ violation of security policy
 Recovery
 Stop attack, assess and repair damage
 Continue to function correctly even if the attack succeeds

Trust and Assumptions
19
1
 Underlie all aspects of security
 Policies
 Unambiguously partition system states
 Correctly capture security requirements
 Mechanisms
 Assumed to enforce policy
 Support mechanisms work correctly

Types of Mechanisms
secure precise broad
set of reachable states set of secure states
19
2

Assurance
19
3
 Specification
 Requirements analysis
 Statement of desired functionality
 Design
 How the system will meet the specification
 Implementation
 Programs/systems that carry out design

Operational Issues
19
4
 Cost-Benefit Analysis
 Is it cheaper to prevent or recover?
 Risk Analysis
 Should we protect something?
 How much should we protect this thing?
 Laws and Customs
 Are desired security measures illegal?
 Will people do them?

Human Issues
19
5
 Organizational Problems
 Power and responsibility
 Financial benefits
 People problems
 Outsiders and insiders
 Social engineering

Tying Together
Threats
Policy
Specification
Design
Implementation
Operation
19
6

Passive and Active Attacks
19
7
 Passive attacks
 Obtain information that is being transmitted
(eavesdropping).
 Two types:
 Release of message contents:- It may be desirable to prevent
the opponent from learning the contents of the transmission.
 Traffic analysis:- The opponent can determine the location and
identity of communicating hosts, and observe the frequency
and length of messages being exchanged.
 Very difficult to detect.

Passive and Active Attacks
19
8
 Active attacks
 Involve some modification of the data stream or the
creation of a false stream.
 Four categories:
 Masquerade:- One entity pretends to be a different entity.
 Replay:- Passive capture of a data unit and its subsequent
retransmission to produce an unauthorized effect.
 Modification:- Some portion of a legitimate message is
altered.
 Denial of service:- Prevents the normal use of
communication facilities.

Security Services
19
9
 Confidentiality (privacy)
 Authentication (who created or sent the data)
 Integrity (has not been altered)
 Non-repudiation (the order is final)
 Access control (prevent misuse of resources)
 Availability (permanence, non-erasure)
 Denial of Service Attacks
 Virus that deletes files

Role of Security
20
0
 A security infrastructure provides:
 Confidentiality – protection against loss of privacy
 Integrity – protection against data alteration/ corruption
 Availability – protection against denial of service
 Authentication – identification of legitimate users
 Authorization – determination of whether or not an
operation is allowed by a certain user
 Non-repudiation – ability to trace what happened, &
prevent denial of actions
 Safety – protection against tampering, damage & theft

Types of Attack
20
1
 Social engineering/phishing
 Physical break-ins, theft, and curb shopping
 Password attacks
 Buffer overflows
 Command injection
 Denial of service
 Exploitation of faulty application logic
 Snooping
 Packet manipulation or fabrication
 Backdoors

Network Security…
20
2
 Network security works like this:
 Determine network security policy
 Implement network security policy
 Reconnaissance
 Vulnerability scanning
 Penetration testing
 Post-attack investigation

Step 1: Determine Security
Policy
20
3
 A security policy is a full security roadmap
 Usage policy for networks, servers, etc.
 User training about password sharing, password strength, social
engineering, privacy, etc.
 Privacy policy for all maintained data
 A schedule for updates, audits, etc.
 The network design should reflect this policy
 The placement/protection of database/file servers
 The location of demilitarized zones (DMZs)
 The placement and rules of firewalls
 The deployment of intrusion detection systems (IDSs)

Step 2: Implement Security
Policy
20
4
 Implementing a security policy includes:
 Installing and configuring firewalls
 iptables is a common free firewall configuration for Linux
 Rules for incoming packets should be created
 These rules should drop packets by default
 Rules for outgoing packets may be created
 This depends on your security policy
 Installing and configuring IDSes
 snort is a free and upgradeable IDS for several platforms
 Most IDSs send alerts to log files regularly
 Serious events can trigger paging, E-Mail, telephone

Step 2: Implement Security Policy
20
5

Step 2: Implement Security Policy
20
6
 Firewall
 Applies filtering rules to packets passing through it
 Comes in three major types:
 Packet filter – Filters by destination IP, port or protocol
 Stateful – Records information about ongoing TCP sessions, and ensures
out-of-session packets are discarded
 Application proxy – Acts as a proxy for a specific application, and scans
all layers
for malicious data
 Intrusion Detection System (IDS)
 Scans the incoming messages, and creates alerts when suspected
scans/attacks are in progress
 Honeypot/honeynet (e.g. honeyd)
 Simulates a decoy host (or network) with services

Step 3: Reconnaissance
20
7
 First, we learn about the network
 IP addresses of hosts on the network
 Identify key servers with critical data
 Services running on those hosts/servers
 Vulnerabilities on those services
 Two forms: passive and active
 Passive reconnaissance is undetectable
 Active reconnaissance is often detectable by IDS

Step 4: Vulnerability Scanning
20
8
 We now have a list of hosts and services
 We can now target these services for attacks
 Many scanners will detect vulnerabilities (e.g. nessus)
 These scanners produce a risk report
 Other scanners will allow you to exploit them (e.g. metasploit)
 These scanners find ways in, and allow you to choose the payload to
use (e.g. obtain a root shell, download a package)
 The payload is the code that runs once inside
 The best scanners are updateable
 For new vulnerabilities, install/write new plug-ins
 e.g. Nessus Attack Scripting Language (NASL)

Step 5: Penetration Testing
20
9
 We have identified vulnerabilities
 Now, we can exploit them to gain access
 Using frameworks (e.g. Metasploit), this is as simple as
selecting a payload to execute
 Otherwise, we manufacture an exploit
 We may also have to try to find new vulnerabilities
 This involves writing code or testing functions accepting
user input

Step 6: Post-Attack
Investigation
21
0
 Forensics of Attacks
 This process is heavily guided by laws
 Also, this is normally done by a third party
 Retain chain of evidence
 The evidence in this case is the data on the host
 The log files of the compromised host hold the footsteps and
fingerprints of the attacker
 Every minute with that host must be accounted for
 For legal reasons, you should examine a low-level copy of the disk
and not modify the original

Cloud Computing
21
1
• Cloud computing is a new computing paradigm, involving data and/or
computation outsourcing, with
– Infinite and elastic resource scalability
– On demand “just-in-time” provisioning
– No upfront cost … pay-as-you-go
• Use as much or as less you need, use only when you want, and
pay only what you use

Economic Advantages of Cloud
Computing
21
2
• For consumers:
– No upfront commitment in buying/leasing hardware
– Can scale usage according to demand
– Minimizing start-up costs
• Small-scale companies and startups can reduce CAPEX (Capital
Expenditure)
• For providers:
– Increased utilization of data center resources

Why aren’t Everyone using
Cloud?
Clouds are still subject to traditional
data confidentiality, integrity,
availability, and privacy issues, plus
some additional attacks
21
3

Survey on Potential Cloud
Barriers
Source: IDC Ranking Security Challenges
21
5

Why Cloud Computing brings New
Threats?
21
6
• Traditional system security mostly means keeping attackers out
• The attacker needs to either compromise the authentication/access control
system or impersonate existing users
• But the cloud allows co-tenancy: Multiple independent users share the same
physical infrastructure
– An attacker can legitimately be in the same physical machine as the target
• Customer’s lack of control over his own data and application.
• Reputation fate-sharing

Security Stack
• IaaS: entire infrastructure from facilities to hardware
• PaaS: application, middleware, database, and messaging
supported by IaaS
– Customer-side system administrator manages the same with
provider handling platform, infrastructure security
• SaaS: self-contained operating environment: content,
presentation, apps, management
– Service levels, security, governance, compliance, liability, and
expectations of the customer & provider are contractually
defined
Increase
in
Provider’s
Security
Responsibility
Increase
in
Customer’s
Security
Responsibility
21
7

Sample Clouds
Source: “Security Guidance for Critical Areas of Focus in Cloud Computing” v2.1, p.18
21
8

Gartner’s Seven Cloud Computing Security Risks
21
9
• Gartner:
– http://www.gartner.com/technology/about.jsp
– Cloud computing has “unique attributes that require risk assessment in
areas such as data integrity, recovery and privacy, and an evaluation of
legal issues in areas such as e-
discovery, regulatory compliance, and auditing,” Gartner says
• Security Risks
– Privileged User Access
– Regulatory Compliance & Audit
– Data Location
– Data Segregation
– Recovery
– Investigative Support
– Long-term Viability

Privileged User Access
22
0
• Sensitive data processed outside the enterprise brings with it an inherent
level of risk
• Outsourced services bypass the “physical, logical, and personnel controls” of
traditional in-house deployments.
• Get as much information as you can about the people who manage your
data
• “Ask providers to supply specific information on the hiring and oversight of
privileged administrators, and the controls over their access,” Gartner says.

Regulatory Compliance &Audit
22
1
• Traditional service providers are subjected to external audits and security
certifications.
• Cloud computing providers who refuse to undergo this scrutiny are “signaling
that customers can only use them for the most trivial functions,” according to
Gartner.
• Shared infrastructure – isolation of user-specific log
• No customer-side auditing facility
• Difficult to audit data held outside the organization in a cloud
– Forensics also made difficult since now clients don’t maintain data locally
• Trusted third-party auditor?

Data Location
22
2
• Hosting of data, jurisdiction?
• Data centers: located at geographically dispersed locations
• Different jurisdiction & regulations
– Laws for cross-border data flows
• Legal implications
– Who is responsible for complying with regulations (e.g., SOX, HIPAA,
etc.)?
– If the cloud provider subcontracts to third-party clouds, will the data
still be secure?

Data Segregation
22
3
• Data in the cloud is typically in a shared environment alongside data from other
customers.
• Encryption is effective but isn’t a cure-all. “Find out what is done to segregate data at
rest,” Gartner advises.
• Encrypt data in transit, which needs to be decrypted at the time of processing
– Possibility of interception
• Secure key store
– Protect encryption keys
– Limit access to key stores
– Key backup & recoverability
• The cloud provider should provide evidence that encryption schemes were designed
and tested by experienced specialists.
• “Encryption accidents can make data totally unusable, and even normal encryption can
complicate availability,” Gartner says.

Recovery
22
4
• Even if you don’t know where your data is, a cloud provider should tell you what will happen to
your data and service in case of a disaster.
• “Any offering that does not replicate the data and application infrastructure across multiple sites is
vulnerable to a total failure,” Gartner says. Ask your provider if it has “the ability to do a complete
restoration, and how long it will take.”
• Recovery Point Objective (RPO): The maximum amount of data that will be lost following an
interruption or disaster.
• Recovery Time Objective (RTO): The period of time allowed for recovery i.e., the time that is
allowed to elapse between the disaster and the activation of the secondary site.
• Backup frequency
• Fault tolerance
– Replication: mirroring/sharing data over disks that are located in separate physical locations to
maintain consistency
– Redundancy: duplication of critical components of a system with the intention of increasing
the reliability of the system, usually in the case of a backup or fail-safe.

Investigative Support
22
5
• Investigating inappropriate or illegal activity may be impossible in cloud
computing
• Monitoring
– To eliminate the conflict of interest between the provider and the consumer, a
neural third-party organization is the best solution to monitor performance.
• Gartner warns. “Cloud services are especially difficult to investigate because
logging and data for multiple customers may be co-located and may also be
spread across an ever-changing set of hosts and data centers.”

Long-term Viability
22
6
• “Ask potential providers how you would get your data back and if it would
be in a format that you could import into a replacement application,”
Gartner says.
• When to switch cloud providers?
– Contract price increase
– Provider bankruptcy
– Provider service shutdown
– Decrease in service quality
– Business dispute
• Problem: vendor lock-in

Other Cloud Security
Issues…
22
7
• Virtualization
• Access Control & Identity Management
• Application Security
• Data Life Cycle Management

Virtualization
22
8
• Components:
– Virtual machine (VM)
– Virtual machine manager (VMM) or hypervisor
• Two types:
– Full virtualization: VMs run on hypervisor that interacts with the hardware
– Para virtualization: VMs interact with the host OS.
• Major functionality: resource isolation
• Hypervisor vulnerabilities:
– Shared clipboard technology– transferring malicious programs from VMs to
host

Virtualization (contd…)
22
9
• Hypervisor vulnerabilities:
– Keystroke logging: Some VM technologies enable the logging of keystrokes
and screen updates to be passed across virtual terminals in the virtual
machine, writing to host files and permitting the monitoring of encrypted
terminal connections inside the VM.
– Virtual machine backdoors: covert communication channel
– ARP Poisoning: redirect packets going to or from the other VM.
• Hypervisor Risks
– Rogue hypervisor rootkits
• Initiate a ‘rogue’ hypervisor
• Hide itself from normal malware detection systems
• Create a covert channel to dump unauthorized code

Virtualization (contd…)
23
0
• Hypervisor Risks
– External modification to the hypervisor
• Poorly protected or designed hypervisor: source of attack
• May be subjected to direct modification by the external intruder
– VM escape
• Improper configuration of VM
• Allows malicious code to completely bypass the virtual environment,
and obtain full root or kernel access to the physical host
• Some vulnerable virtual machine applications: Vmchat, VMftp, Vmcat
etc.
– Denial-of-service risk
• Threats:
– Unauthorized access to virtual resources – loss of confidentiality, integrity,
availability

Access Control & Identity
Management
23
1
• Access control: similar to traditional in-house IT network
• Proper access control: to address CIA tenets of information security
• Prevention of identity theft – major challenge
– Privacy issues raised via massive data mining
• Cloud now stores data from a lot of clients, and can run data mining
algorithms to get large amounts of information on clients
• Identity Management (IDM) – authenticate users and services
based on credentials and characteristics

Application Security
23
2
• Cloud applications – Web service based
• Similar attacks:
– Injection attacks: introduce malicious code to change the course of execution
– XML Signature Element Wrapping: By this attack, the original body of an XML message is
moved to a newly inserted wrapping element inside the SOAP header, and a new body is
created.
– Cross-Site Scripting (XSS): XSS enables attackers to inject client-side script into Web pages
viewed by other users to bypass access controls.
– Flooding: Attacker sending a huge amount of requests to a certain service and causing a
denial of
service.
– DNS poisoning and phishing: browser-based security issues
– Metadata (WSDL) spoofing attacks: Such attack involves malicious reengineering of Web
Services’ metadata description
• Insecure communication channel

Data Life Cycle Management
23
3
• Data security
– Confidentiality:
• Will the sensitive data stored on a cloud remain confidential?
• Will cloud compromise leak confidential client data (i.e., fear of loss of
control over data)
• Will the cloud provider itself be honest and won’t peek into the data?
– Integrity:
• How do I know that the cloud provider is doing the computations
correctly?
• How do I ensure that the cloud provider really stored my data without
tampering with it?

Data Life Cycle Management
(contd.)
23
4
 Availability
 Will critical systems go down at the client if the provider is
attacked in a Denial of Service attack?
 What happens if a cloud provider goes out of business?
 Data Location
 All copies, and backups stored only at the location allowed by
contract, SLA, and/or regulation
 Archive
 Access latency

Research Article
23
5
• Research Paper:
– Hey, You, Get Off of My Cloud! Exploring Information Leakage in Third-Party
Compute Clouds. by Thomas Ristenpart, Eran Tromer, Hovav Shacham, and
Stefan Savage. In Proceedings of CCS 2009, pages 199–212. ACM Press, Nov.
2009.
– First work on cloud cartography
• Attack launched against commercially available “real” cloud (Amazon
EC2)
• Claims up to 40% success in co-residence with target VM

New Risks in Cloud
23
6
• Trust and dependence
– Establishing new trust relationship between customer and cloud provider
– Customers must trust their cloud providers to respect the privacy of their data
 and integrity of their computations
• Security (multi-tenancy)
– Threats from other customers due to the subtleties of how physical resources
can be transparently shared between virtual machines (VMs)

Multi-tenancy
23
7
• Multiplexing VMs of disjoint customers upon the same physical hardware
– Your machine is placed on the same server with other customers
– Problem: you don’t have the control to prevent your instance from being co-resident with an adversary
• New risks
– Side-channels exploitation
• Cross-VM information leakage due to sharing of physical resource (e.g., CPU’s data caches)
• Has the potential to extract RSA & AES secret keys
– Vulnerable VM isolation mechanisms
• Via a vulnerability that allows an “escape” to the hypervisor
– Lack of control who you’re sharing server space

Attack Model
23
8
• Motivation
– To study practicality of mounting cross-VM attacks in existing third-party compute clouds
• Experiments have been carried out on real IaaS cloud service provider (Amazon
EC2)
• Two steps of attack:
– Placement: adversary arranging to place its malicious VM on the same physical machine as that of
the target customer
– Extraction: extract confidential information via side channel attack

Threat Model
23
9
• Assumptions of the threat model:
– Provider and infrastructure to be trusted
– Do not consider attacks that rely on subverting administrator functions
– Do not exploit vulnerabilities of the virtual machine monitor and/or other software
– Adversaries: non-providers-affiliated malicious parties
– Victims: users running confidentiality-requiring services in the cloud
• Focus on new cloud-related capabilities of the attacker and implicitly
expanding the attack surface

Threat Model (contd…)
24
0
• Like any customer, the malicious party can run and control many
instances in the cloud
– Maximum of 20 instances can be run parallel using an Amazon EC2 account
• Attacker’s instance might be placed on the same physical hardware as
potential victims
• Attack might manipulate shared physical resources to learn otherwise
confidential information
• Two kinds of attack may take place:
– Attack on some known hosted service
– Attacking a particular victim’s service

Addresses the Following…
24
1
• Q1: Can one determine where in the cloud infrastructure an instance is
located?
• Q2: Can one easily determine if two instances are co-resident on the same
physical machine?
• Q3: Can an adversary launch instances that will be co-resident with other
user’s instances?
• Q4: Can an adversary exploit cross-VM information leakage once co-
resident?

Amazon EC2 Service
24
2
• Scalable, pay-as-you-go compute capacity in the cloud
• Customers can run different operating systems within a virtual machine
• Three degrees of freedom: instance-type, region, availability zone
• Different computing options (instances) available
– m1.small, c1. medium: 32-bit architecture
– m1.large, m1.xlarge, c1.xlarge: 64-bit architecture
• Different regions available
– US, EU, Asia
• Regions split into availability zones
– In US: East (Virginia), West (Oregon), West (Northern California)
– Infrastructures with separate power and network connectivity
• Customers randomly assigned to physical machines based on their instance, region, and availability
zone choices

Amazon EC2 Service (contd…)
24
3
• Xen hypervisor
– Domain0 (Dom0): privileged virtual machine
• Manages guest images
• Provisions physical resources
• Access control rights
• Configured to route packets for its guest images and reports itself as a hop in traceroutes.
– When an instance is launched, it is assigned to a single physical machine for its lifetime
• Each instance is assigned internal and external IP addresses and domain names
– External IP: public IPv4 address [IP: 75.101.210.100/domain name: ec2-75-101-210-100.compute-1.amazonaws.com]
– Internal IP: RFC 1918 private address [IP: 10.252.146.52/domain name: domU-12-31-38-00-8D-C6.compute-1.internal]
• Within the cloud, both domain names resolve to the internal IP address
• Outside the cloud, external name is mapped to the external IP address

Q1: Cloud Cartography
24
4
• Instance placing is not disclosed by Amazon but is needed to launch co-
residency attack
• Map the EC2 service to understand where potential targets are located in the
cloud
• Determine instance creation parameters needed to attempt establishing co-
residence of an adversarial instance
• Hypothesis: different availability zones and instance types correspond to
different IP address ranges

Network Probing
24
5
• Identify public servers hosted in EC2 and verify co-residence
• Open-source tools have been used to probe ports (80 and 443)
– nmap – perform TCP connect probes (attempt to complete a 3-way hand-shake between a source and target)
– hping – perform TCP SYN traceroutes, which iteratively sends TCP SYN packets with increasing TTLs, until no ACK is
received
– wget – used to retrieve web pages
• External probe: probe originating from a system outside EC2 and has an EC2 instance as
destination
• Internal probe: originates from an EC2 instance, and has destination another EC2 instance
• Given an external IP address, DNS resolution queries are used to determine:
– External name
– Internal IP address

Survey Public Servers on
EC2
24
6
• Goal: to enable identification of the instance type and availability zone of one or more potential targets
• WHOIS: used to identify distinct IP address prefixes associated with EC2
• EC2 public IPs: /17, /18, /19 prefixes
– 57344 IP addresses
• Use external probes to find responsive IPs:
– Performed TCP connect probe on port 80
• 11315 responsive IPs
– Followed up with wget on port 80
– Performed a TCP scan on port 443
• Used DNS lookup service
– Translate each public IP address that responded to either the port 80 or 443 scan into an internal EC2 address
– 14054 unique internal IPs obtained

Instance Placement Parameters
• EC2’s internal address space is cleanly partitioned between availability zones
– Three availability zone; five instance-type/zone
– 20 instances launched for each of the 15 availability zone/instance type pairs from a particular
account (Say, Account A)
⚫ Samples from each zone are assigned IP addresses from disjoint portions of the observed internal address space
⚫ Assumption: internal IP addresses are statically assigned to physical machines
⚫ To ease out IP routing
⚫ Availability zones use separate physical infrastructure
24
7

Instance Placement Parameters
(contd…)
• 100 instances have been launched in Zone 3 using two different accounts: A & B (39 hours
after terminating the Account A instances)
⚫ Of 100 Account A Zone 3 instances
⚫ 92 had unique /24 prefixes
⚫ Four /24 prefixes had two instances each
⚫ Of 100 Account B Zone 3 instances
⚫ 88 had unique /24 prefixes
⚫ Six of the /24 prefixes had two instances each
⚫ A single /24 had both an m1.large and m1.xlarge instance
⚫ Of 100 Account B IP’s, 55 were repeats of IP addresses assigned to instances for Account A
24
8

Q2: Determining Co-residence
24
9
• Network-based co-residency checks: instances are likely to be co-
resident if they have-
– Matching Dom0 IP address: determine an uncontrolled instance’s Dom0 IP by
performing a TCP SYN traceroute to it from another instance and inspect the last hop
– Small packet round-trip times: 10 probes were performed and the average is taken
– Numerically close internal IP addresses (e.g., within 7): the same Dom0 IP will be
shared by instances with contiguous sequence of internal IP addresses

Verifying Co-residency Check
25
0
• If two (under self-control) instances can successfully transmit via the covert channel, then they
are co-resident, otherwise not
• Experiment: hard-disk-based covert channel
– To send a 1, sender reads from random locations on a shared volume, to send a 0 sender does nothing
– Receiver times reading from a fixed location on the disk: longer read times mean a 1 is set, shorter a 0
• 3 m1.small EC2 accounts: control, victim, probe
– 2 control instances in each of 3 availability zones, 20 victim and 20 probe instances in Zone 3
• Determine Dom0 address for each instance
• For each ordered pair (A, B) of 40 instances, perform co-residency checks
• After 3 independent trials, 31 (potentially) co-resident pairs have been identified - 62 ordered
pairs
• 5 bit message from A to B was successfully sent for 60 out of 62 ordered pairs

Effective Co-residency Check
25
1
• For checking co-residence with target instances:
– Compare internal IP addresses to see if they are close
– If yes, perform a TCP SYN traceroute to an open port on the target and see if
there is only a single hop (Dom0 IP)
• Check requires sending (at most) two TCP SYN packets
– No full TCP connection is established
• Very “quiet” check (little communication with the victim)

Q3: Causing Co-residence
25
2
• Two strategies to achieve “good” coverage (co-residence with a
good fraction of target set)
– Brute-force placement:
• run numerous probe instances over a long period of time and see how many targets one can
achieve co-residence with.
• For co-residency check, the probe performed a wget on port 80 to ensure the target was still
serving web pages
• Of the 1686 target victims, the brute-force probes achieved co-residency with 141 victim
servers (8.4% coverage)
• Even a naïve strategy can successfully achieve co-residence against a not-so-small fraction of
targets
– Target recently launched instances:
• take advantage of the tendency of EC2 to assign fresh instances to small set of machines

Leveraging Placement Locality
25
3
• Placement locality
– Instances launched simultaneously from same account do not run on the same physical machine
– Sequential placement locality: exists when two instances run sequentially (the first terminated before
launching the second) are often assigned to the same machine
– Parallel placement locality: exists when two instances run (from distinct accounts) at roughly the same time
are often assigned to the same machine.
• Instance flooding: launch lots of instances in parallel in the appropriate availability zone
and of the appropriate type

Leveraging Placement
Locality (contd…)
25
4
• Experiment
– Single victim instance is launched
– Attacker launches 20 instances within 5 minutes
– Perform co-residence check
– 40% of the time the attacker launching just 20 probes achieves co-residence against a specific target
instance

Q4: Exploiting Co-residence
25
5
• Cross-VM attacks can allow for information leakage
• How can we exploit the shared infrastructure?
– Gain information about the resource usage of other instances
– Create and use covert channels to intentionally leak information from one instance to
another
– Some applications of this covert channel are:
• Co-residence detection
• Surreptitious detection of the rate of web traffic a co-resident site receives
• Timing keystrokes by an honest user of a co-resident instance

Exploiting Co-residence (contd…)
25
6
• Measuring cache usage
– Time-shared cache allows an attacker to measure when other instances are
experiencing computational load
– Load measurement: allocate a contiguous buffer B of b bytes, s is cache line size (in
bytes)
• Prime: read B at s-byte offsets in order to ensure that it is cached.
• Trigger: busy-loop until CPU’s cycle counter jumps by a large value
• Probe: measure the time it takes to again read B at s-byte offset
– Cache-based covert channel:
• Sender idles to transmit a 0 and frantically accesses memory to transmit a 1
• Receiver accesses a memory block and observes the access latencies
• High latencies are indicative that “1” is transmitted

• Instances in Trial 1 and Trial 2 were co-resident on distinct physical machines; instances in Trial 3 were not co-
resident
⚫ Load-based co-residence check
25
7
⚫ Co-residence check can be done without network- base technique
⚫ Adversary can actively cause load variation due to a publicly-accessible service running on the target
⚫ Use a priori knowledge about load variation
⚫ Induce computational load (lots of HTTP requests) and observe the differences in load samples

• Estimating traffic rates
– Load measurement might provide a method for estimating the number of visitors to a co-resident web
server
– It might not be a public information and could be damaging
– Perform 1000 cache load measurements in which
• no HTTP requests are sent
• HTTP requests sent at a rate of (i) 50 per minute, (ii) 100 per minute, (iii) 200 per minutes
25
8

25
9
• Keystroke timing attack
– The goal is to measure the time between keystrokes made by a victim typing a
password (or other sensitive information)
– Malicious VM can observe keystroke timing in real time via cache-based load
measurements
– Inter-keystroke times if properly measures can be used to perform recovery of the
password
– In an otherwise idle machine, a spike in load corresponds to a letter being typed
into the co-resident VM’s terminal
– Attacker does not directly learn exactly which keys are pressed, the attained
timing resolution suffices to conduct the password-recovery attacks on SSH
sessions

Preventive Measures
26
0
• Mapping
– Use a randomized scheme to allocate IP addresses
– Block some tools (nmap, traceroute)
• Co-residence checks
– Prevent identification of Dom0
• Co-location
– Not allow co-residence at all
• Beneficial for cloud user
• Not efficient for cloud provider
• Information leakage via side-channel
– No solution

Summary
26
1
• New risks from cloud computing
• Shared physical infrastructure may and most likely will cause
problems
– Exploiting software vulnerabilities not addressed here
• Practical attack performed
• Some countermeasures proposed

Security Issues in Cloud Computing
2
6
2
• Unique security features:
– Co-tenancy
– Lack of control on outsourced data and application
• General concerns among cloud customers [Liu’11]:
– Inadequate policies and practices
– Insufficient security controls
• Customers use cloud services to serve their clients
• Need to establish trust relationships
• Beneficial to both stakeholders

Security Responsibilities
2
6
3

SaaS Cloud-based Collaboration
• APIs for sharing resources/information
– Service consumer(customers): human users, applications, organizations/domains,
etc.
– Service provider: SaaS cloud vendor
• SaaS cloud-centric collaboration: valuable and essential
– Data sharing
– Problems handled: inter-disciplinary approach
• Common concerns:
– Integrity of data, shared across multiple users, may be compromised
– Choosing an “ideal” vendor 4
Nirnay Ghosh, Securing Loosely-coupled Collaborations in a SaaS
Cloud through Risk Estimation and Access Conflict Mediation, PhD
Thesis, IIT Kharagpur, 2016

SaaS Cloud-based Collaboration
2
6
5
• Types of collaboration in multi-domain/cloud systems:
– Tightly-coupled or federated
– Loosely-coupled
• Challenges: securing loosely-coupled collaborations in cloud
environment
– Security mechanisms: mainly proposed for tightly-coupled
systems
– Restrictions in the existing authentication/authorization
mechanisms in clouds

Motivations and Challenges
2
6
6
• SaaS cloud delivery model: maximum lack of control
• No active data streams/audit trails/outage report
– Security: Major concern in the usage of cloud services
• Broad scope: address security issues in SaaS clouds
• Cloud marketplace: rapid growth due to recent advancements
• Availability of multiple service providers
– Choosing SPs from SLA guarantees: not reliable
• Inconsistency in service level guarantees
• Non-standard clauses and technical specifications
• Focus: selecting an “ideal” SaaS cloud provider and address the security issues

Motivations and Challenges
2
6
7
• Online collaboration: popular
• Security issue: unauthorized disclosure of sensitive information
– Focus: selecting an ideal SaaS cloud provider and secure the
collaboration service offered by it
• Relevance in today’s context: loosely-coupled collaboration
– Dynamic data/information sharing
• Final goal (problem statement): selecting an ideal SaaS cloud
provider and securing the loosely-coupled collaboration in its
environment

Objective - I
9/20/201
7
A framework (SelCSP) for selecting a trustworthy and competent
collaboration service provider.

Select requests (for accessing local resources) from anonymous users, such that
both access risk and security uncertainty due to information sharing are kept low.
Objective - II

Formulate a heuristic for solving the IDRM problem, such that minimal
excess privilege is granted
Objective - III

A distributed secure collaboration framework, which uses only local information to
dynamically detect and remove access conflicts.
Objective - IV

Selection ofTrustworthy and
Competent SaaS Cloud Provider
for Collaboration

Trust Models in Cloud
• Challenges
– Most of the reported works have not presented mathematical formulation
or validation of their trust and risk models
– Web service selection [Liu’04][Garg’13] based on QoS and trust are
available
• Select resources (e.g. services, products, etc.) by modeling their
performance
• Objective: Model trust/reputation/competence of service provider

Service Level Agreement (SLA) for
Clouds
• Challenges:
– Majority of the cloud providers guarantee “availability” of services
– Consumers not only demand availability guarantee but also other
performance related assurances which are equally business critical
– Present day cloud SLAs contain non-standard clauses regarding assurances
and compensations following a violation[Habib’11]
• Objective: Establish a standard set of parameters for cloud SLAs, since it
reduces the perception of risk in outsourced services

Recommending Access Requests from
Anonymous Users for Authorization

Risk-based Access Control
(RAC)
• RAC: Gives access to subjects even though they lack proper permissions
– Goal: balance between access risk and security uncertainty due to information
sharing
– Flexible compared to binary MLS
• Challenges
– Computing security uncertainty: not addressed
– Authorization in existing RAC system: based on risk threshold and operational
need.
• Operational need: not quantified.
• Discards many requests which potentially maximizes information sharing

Distributed RAC using Fuzzy Inference
System

Mapping of Authorized Permissions
into Local Roles

Inter-Domain Role Mapping
(IDRM)
• Finds a minimal set of role which encompasses the requested permission set.
– No polynomial time solution
– Greedy search-based heuristics: suboptimal solutions
• Challenges:
– There may exist multiple minimal role sets
– There may not exist any role set which exactly maps all permissions
• Two variants of IDRM proposed: IDRM-safety, IDRM-availability
• Objective: formulate a novel heuristic to generate better solution for the IDRM-
availability problem.
• Minimize the number of additional permissions

Distributed Role Mapping
Framework
Distributed Role Mapping Framework

Dynamic Detection and Removal
of Access Policy Conflicts

Access
Conflicts
Cyclic Inheritance Conflict Violation of SoD Constraint

Objective
• Dynamic detection of conflicts to address security issue
• Removal of conflicts to address availability issue
• Proposed: distributed secure collaboration framework
⚫ Role Sequence Generation
⚫ Interoperation request: pair
of entry (from requesting
domain), exit (from providing
domain) roles
⚫ Role sequence: ordered
succession of entry and exit
roles
⚫ Role cycle:
⚫ Safe role cycle
⚫ Unsafe role cycle
Distributed Secure
Collaboration
Framework

Conflict
Detection
• Detection of inheritance conflict
– Necessary condition: at least one exit role
– Sufficient condition: current entry role is senior to at least one exit role
• Detection of SoD constraint violation
– Necessary condition: at least one exit role
– Sufficient condition: current entry role and at least one exit role forms
conflicting pair Conflict Detection Algorithm

Conflict
Removal
Cyclic Inheritance
•Two cases arise:
– Exactly matched role set exists
• RBAC hybrid hierarchy
– I-hierarchy, A-hierarchy, IA-hierarchy
• Replacing IA-relation with A-relation between exit role in previous
domain and entry role in current domain
– No-exactly matched role set exists
• Introduce a virtual role

Cyclic Inheritance: Inheritance Conflict Removal Rule for Exactly Matched Role
Conflict Removal

Conflict Removal
Cyclic Inheritance: Inheritance Conflict Removal Rule for No-
Exactly Matched Role

Conflict
Removal
SoD Constraint Violation
•Two cases: similar to removal of inheritance conflict
– Additional constraint: identifying conflicting permission between
collaborating role and entry role in current domain
– Conflicting permission
• Objects are similar
• Hierarchical relation exists between access modes
•Remove conflicting permission from permission set of
collaborating role

SoD Constraint Violation: SoD Conflict Removal Rule for Exactly Matched Role
Conflict Removal

SoD Constraint Violation: SoD Conflict Removal Rule for No-Exactly Matched Role
Conflict Removal

Summary
29
3
 Secure Collaboration SaaS Clouds: A Typical
Approach
• Selection of Trustworthy and Competent SaaS Cloud
Provider for Collaboration
• Recommending Access Requests from Anonymous
Users for Authorization
• Mapping of Authorized Permissions into Local Roles
• Dynamic Detection and Removal of Access Policy
Conflicts

cloud computing.ppt

More Related Content

What's hot (20)

Similar to cloud computing.ppt (20)

More from MunmunSaha7 (6)

Recently uploaded (20)

cloud computing.ppt