Cloud computing security algorithms ppt

autonomic security in cloud computing ppt and cloud computing security issues and solutions ppt
LexiWills Profile Pic
LexiWills,United Kingdom,Professional
Published Date:01-08-2017
Your Website URL(Optional)
Comment
Cloud Security: Yesterday, Today, and Tomorrow Presentation by Gunnar Peterson www.arctecgroup.net ©2005-9 Arctec Group “Everything  we  think  of  as  a   computer  today  is  really   just  a  device  that  connects   to  the  big  computer  that  we   are  all  collec;vely  building”   ©2005-9 Arctec Group Cloudanatomy www.rationalsurvivability.com ©2005-9 Arctec Group ©2005-9 Arctec Group ©2005-9 Arctec Group ©2005-9 Arctec Group ©2005-9 Arctec Group ©2005-9 Arctec Group STRIDE Threat Model Examples Threat   Descrip-on   Example   Spoofing   Assume  iden;ty  of  client,  server   Phishing  aDack  to  fool  user   or  request/response   into  sending  creden;als  to   fake  site   Tampering   Alter  contents  of  request  of   Message  or  data  integrity   response   compromised  to  change   parameters  or  values   Repudia;on   Dispute  legi;mate  transac;on   Illegi;mately  claiming  a   transac;on  was  not   completed   Informa;on  Disclosure   Unauthorized  release  of  data   Unencrypted  message  sniffed   off  the  network   Denial  of  Service   Service  not  available  to   System  flooded  by  requests   authorized  users   un;l  web  server  fails   Eleva;on  of  privilege   Bypass  authoriza;on  system   ADacker  changes  group   membership  Threat Model + Countermeasure Examples Threat   Security  Service   Spoofing   Authen;ca;on   Tampering   Digital  Signature,  Hash   Repudia;on   Audit  Logging   Informa;on  Disclosure   Encryp;on   Denial  of  Service   Availability   Eleva;on  of  privilege   Authoriza;on  Attack Surface •  Describes the locations an attacker can launch, propagate and detonate an attack –  Attack Surface = Data + Method + Channel –  Example Web Service Attack Surface •  Data: XML •  Method: SOAP, URI •  Channel: HTTP ©2005-9 Arctec Group Threat Model + Attack Surface Threat   Security  Service   Data   Method   Channel   Spoofing   Authen;ca;on   Tampering   Digital  Signature   Repudiation Audit  Logging   Informa;on   Encryp;on   Disclosure   Denial  of   Availability   Service   Eleva;on  of   Authoriza;on,   privilege   Input  valida;on  Threat Model + Attack Surface Threat   Security  Service   Data   Method   Channel   Spoofing   Authen;ca;on   Tampering   Digital  Signature   Repudiation Audit  Logging   Informa;on   Encryp;on   SSL   Disclosure   Denial  of   Availability   Service   Eleva;on  of   Authoriza;on,   privilege   Input  valida;on  …but what kind of security services should we build? ©2005-9 Arctec Group What we have is a design problem ©2005-9 Arctec Group ..its not just that we need stronger mechanisms ©2005-9 Arctec Group

Advise: Why You Wasting Money in Costly SEO Tools, Use World's Best Free SEO Tool Ubersuggest.