Security and Privacy Management in the Cloud

By: Emiley J Emailed: 1697 times Printed: 2196 times    

Latest comments
By: rohit kumar - how this program is work
By: Kirti - Hi..thx for the hadoop in
By: Spijker - I have altered the code a
By: ali mohammed - why we use the java in ne
By: ali mohammed - why we use the java in ne
By: mizhelle - when I exported the data
By: raul - no output as well, i'm ge
By: Rajesh - thanx very much...
By: Suindu De - Suppose we are executing

Any application in the SaaS model hast to be designed from the ground up with Security and Privacy in mind. The development strategy starts by understanding the cloud application stack as shown in figure below and identifying the malicious attacker. The attacker can be of two types namely Insider and Outsider.

The Insider, can be malicious employees at client, malicious employees at cloud provider or the cloud provider itself whereas the outsider, can be intruders and network attackers.

Malicious insiders could affect Security and privacy by either of these two ways. At client side, the malicious attacker could learn passwords/authentication information or gain control of the VMs by accessing the hosted instances directly. At the cloud side, the operator could log client communications by inside employees.

Malicious insiders at the cloud provider side could read unencrypted data, can possibly peek into VMs, or make copies of VMs or even monitor network communication and application patters.

The motivation of these inside attackers could be to gain information about client data, gain information on client behaviour and then use these information for itself or sell the information.

The outside attacker on the other hand could listen to network traffic or insert malicious traffic, or probe cloud structure or launch a Denial of Service attack. These activities could directly affect the Confidentiality, Integrity and Availability of the services provided.

With this background information you can combat all the identified security and privacy threats by taking the following mitigation techniques.

SN

Common Security and Privacy Threat

Mitigation technique

How iConnect4M implements mitigation technique

1

Spoofing identity

· Authentication

· Protect secrets

· Do not store secrets

Strong authentication technique to be used for the portal and for VMs Key files are used instead of simple username/login.

2

Tampering with data

· Authorization

· Hashes

· Message authentication codes

· Digital signatures

· Tamper-resistant protocols

All database related transactions and connections are to be restricted with tamper proof authentication and Security groups are to be utilized to restrict access based on roles

3

Repudiation

· Digital signatures

· Timestamps

· Audit trails

Audit trails to be captured at every user transaction including admin and super admin activities with timestamps

4

Information disclosure

· Authorization

· Privacy-enhanced protocols

· Encryption

· Protect secrets

· Do not store secrets

All important data should be transmitted over HTTPS and SSL. Passwords are to be encoded and cleartext is should not be used or saved.

5

Denial of service

· Authentication

· Authorization

· Filtering

· Throttling

· Quality of service

Strong authentication should be imposed for accessing any of the client side applications which prevents unauthorized simulation which should be coupled with monitoring service to alert inadvertent spikes.

6

Elevation of privilege

· Run with least privilege

All root privileges are to be removed from external and role based access and privileges to be imposed at all levels.


Cloud Home | All Cloud Tutorials | Latest Cloud Tutorials

Sponsored Links

If this tutorial doesn't answer your question, or you have a specific question, just ask an expert here. Post your question to get a direct answer.



Bookmark and Share

Comments(0)


Be the first one to add a comment

Your name (required):


Your email(required, will not be shown to the public):


Your sites URL (optional):


Your comments:



More Tutorials by Emiley J
Password must include both numeric and alphabetic characters - Magento
What is Hadoop?
Returning multiple values from a web service
Tomcat and httpd configured in port 8080 and 80
Java Webservices using Netbeans and Tomcat
Java WebService connected to Database
How to Deploy a Java Web Service
Call a webservice in Java
Java WebService - Create your first web service in Java
package javax.jws does not exist
Getting Started with Android
HTML5 Location - getCurrentPosition() in HTML5
HTML5 Canvas - Using Canvas in HTML5
HTML5 - Introduction
HTML5 Video - Handling video in HTML5

More Tutorials in Cloud
Mac with Google Apps
HA and DR in a cloud environment such as Amazon EC2
Backup and recovery in a cloud environment such as Amazon EC2
Application Security in a cloud environment such as Amazon EC2
Security and Privacy Management in the Cloud
Upgrade micro instance to small instance in Amazon ec2

More Latest News
Most Viewed Articles (in Cloud )
Security and Privacy Management in the Cloud
Upgrade micro instance to small instance in Amazon ec2
HA and DR in a cloud environment such as Amazon EC2
Backup and recovery in a cloud environment such as Amazon EC2
Application Security in a cloud environment such as Amazon EC2
Mac with Google Apps
Most Emailed Articles (in Cloud)
HA and DR in a cloud environment such as Amazon EC2
Upgrade micro instance to small instance in Amazon ec2
Backup and recovery in a cloud environment such as Amazon EC2
Security and Privacy Management in the Cloud
Application Security in a cloud environment such as Amazon EC2
Mac with Google Apps