Document Details

EntrancingOxygen

Uploaded by EntrancingOxygen

Rajiv Gandhi Institute of Petroleum Technology, Jais, Amethi

Dr. Kalka Dubey

Tags

cloud computing software as a service web services information technology

Summary

This document provides an overview of Cloud Computing (CS574) concepts and includes discussions about Software as a Service (SaaS), security concerns, and web service applications. The presentation covers various aspects of cloud computing infrastructure, data security, and different functionalities. It's intended for use by university students.

Full Transcript

RAJIV GANDHI INSTITUTE OF PETROLEUM TECHNOLOGY, JAIS, AMETHI Department of Computer Science and Engineering B.Tech. 3rd Year (CSE) + B.Tech Final Year (PE+CH) Cloud Computing (CS574) By Dr. Kalka Dubey...

RAJIV GANDHI INSTITUTE OF PETROLEUM TECHNOLOGY, JAIS, AMETHI Department of Computer Science and Engineering B.Tech. 3rd Year (CSE) + B.Tech Final Year (PE+CH) Cloud Computing (CS574) By Dr. Kalka Dubey Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi 1 UNIT-IV (Software as a Service) Introduction of SaaS Security in Cloud Environment Web Service Applications and Web Portal Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi 2 Cloud Services Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi 3 Cloud Layer Platform Software (as a Service) (as a Service) manage Applications You Applications Data Data Runtime Runtime Middleware Middleware Managed by vendor O/S Managed by O/S vendor Virtualization Virtualization Servers Servers Storage Storage Networking Networking 4 Introduction to SaaS Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi 5 Software as a Service (SaaS) Definition: Software as a Service (SaaS) is a software delivery model in which software and its associated data are hosted centrally and accessed using a thin client, usually a web browser over the internet. [Wikipedia] SaaS is a method for delivering software that provides remote access to the software as a web-based service. The software service can be purchased with a monthly fee and pay as you go. Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi 6 Software as a Service (SaaS) SaaS is a model of software deployment where an application is hosted as a service provided to customers across the Internet. SaaS alleviates the burden of software maintenance/support but users relinquish control over software versions and requirements. Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi 7 Applicability of SAAS Enterprise Software application: Sharing of data between internal and external users e.g. : Salesforce CRM application. Single user Software application: Runs on single-user computer and serves 1 user at a time e.g. : Microsoft office. Business Utility SaaS - Applications like Salesforce automation are used by businesses and individuals for managing and collecting data, streamlining collaborative processes and providing actionable analysis. Social Networking SaaS - Applications like Facebook are used by individuals for networking and sharing information, photos, videos, etc. Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi 8 Consideration for SAAS Application development Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi 9 Important factors for good design of SAAS model Three distinct points that separate a well-design from a poorly designed SAAS application Scalability Multi-tenant efficient Configurable Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi 10 Scalability Maximizing concurrency, and efficient use of resources Optimizing locking duration Statelessness Sharing pooled resources such as threads and network connections Caching reference data Partitioning large databases Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi 11 Multi-tenancy Important architectural shift from designing isolated, single-tenant applications One application instance should accommodate users from multiple other companies at the same time while providing transparency This requires an architecture that maximizes the sharing of resources efficiently across tenants Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi 12 Configurable A single application instance on a single server has to accommodate users from several different companies Traditionally customizing an application would mean changes in the code. Each customer must use metadata to configure the way the application appears and behaves for its users. Customers configuring applications must be simple and easy without any extra development or operation costs Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi 13 SAAS service providers Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi 14 Salesforce.com Salesforce CRM provides a complete solution for that includes feature-rich solutions for marketing, sales, services, partner management and community management. CRM is originally software for managing customer interaction, such as scheduling tasks, emailing, texting, and many more. Salesforce grew into a cloud software solution and acquired several other companies for Paas(Platform as a Service) and Saas (Software as a Service). Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi 15 Salesforce services Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi 16 Advantages of SaaS Compared to traditional applications, SaaS applications are less clunky. They do not require users to install/uninstall binary code on their machines. Due to the delivery nature of Sass through the internet, SaaS applications are able to run on a wide variety of devices. Allows for better collaboration between teams since the data is stored in a central location. Change in SaaS applications is much faster. SaaS favors an Agile development life cycle. Software changes and frequent and on-demand. Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi 17 Advantages of SaaS Easy to use – Most SaaS applications do not require more than a web browser to run Cheap- The pay as you go pricing model of SaaS makes it affordable to small businesses and individuals. Applications are less risk zone to data loss since data is being stored in the cloud. Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi 18 Disadvantages of SaaS Privacy Security Reliability Robustness Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi 19 Security in Cloud Environment Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi 20 Causes of Problems Associated with Cloud Most security problems stem from: Loss of control Lack of trust (mechanisms) Multi-tenancy These problems exist mainly in 3rd party management models Self-managed clouds still have security issues, but not related to above Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi 21 Loss of Control in the Cloud Consumer’s loss of control Data, applications, resources are located with provider User identity management is handled by the cloud User access control rules, security policies and enforcement are managed by the cloud provider Consumer relies on provider to ensure Data security and privacy Resource availability Monitoring and repairing of services/resources Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi 22 Lack of Trust in the Cloud A brief deviation from the talk (But still related) Trusting a third party requires taking risks Defining trust and risk Opposite sides of the same coin (J. Camp) People only trust when it pays (Economist’s view) Need for trust arises only in risky situations Third-party management schemes Hard to balance trust and risk Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi 23 Multi-tenancy Issues in the Cloud The conflict between tenants’ opposing goals Tenants share a pool of resources and have opposing goals How does multi-tenancy deal with conflict of interest? Can tenants get along together and ‘play nicely’ ? If they can’t, can we isolate them? How to provide separation between tenants? Cloud Computing brings new threats Multiple independent users share the same physical infrastructure Thus an attacker can legitimately be in the same physical machine as the target Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi 24 Taxonomy of Fear Confidentiality Fear of loss of control over data Will the sensitive data stored on a cloud remain confidential? Will cloud compromises leak confidential client data Will the cloud provider itself be honest and won’t peek into the data? Integrity How do I know that the cloud provider is doing the computations correctly? How do I ensure that the cloud provider really stored my data without tampering with it? 25 Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi Taxonomy of Fear (cont.) Availability Will critical systems go down at the client, if the provider is attacked in a Denial of Service attack? What happens if a cloud provider goes out of business? Would cloud scale well enough? Often-voiced concern Although cloud providers argue their downtime compares well with cloud user’s own data centers 26 Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi Taxonomy of Fear (cont.) Privacy issues raised via massive data mining Cloud now stores data from a lot of clients, and can run data mining algorithms to get large amounts of information on clients Increased attack surface Entity outside the organization now stores and computes data, and so Attackers can now target the communication link between cloud provider and client Cloud provider employees can be phished 27 Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi Taxonomy of Fear (cont.) Auditability and forensics (out of control of data) Difficult to audit data held outside organization in a cloud Forensics also made difficult since now clients don’t maintain data locally Legal quagmire and transitive trust issues Who is responsible for complying with regulations? If cloud provider subcontracts to third party clouds, will the data still be secure? Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi 28 Threat Model A threat model helps in analyzing a security problem, design mitigation strategies, and evaluating solutions Steps: Identify attackers, assets, threats, and other components Rank the threats Choose mitigation strategies Build solutions based on the strategies Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi 29 Threat Model Basic components Attacker modeling Choose what attacker to consider insider vs. outsider? single vs. collaborator? Attacker motivation and capabilities Attacker goals Vulnerabilities / threats 30 Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi What is the issue? The core issue here is the levels of trust Many cloud computing providers trust their customers Each customer is physically commingling its data with data from anybody else using the cloud while logically and virtually you have your own space The way that the cloud provider implements security is typically focused on they fact that those outside of their cloud are evil, and those inside are good. 31 Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi Attacker Capability: Malicious Insiders At client Learn passwords/authentication information Gain control of the VMs At cloud provider Log client communication Can read unencrypted data Can possibly peek into VMs, or make copies of VMs Can monitor network communication, application patterns Why? Gain information about client data Gain information on client behavior Sell the information or use itself From www.cs.jhu.edu/~ragib/sp10/cs412 32 Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi Attacker Capability: Outside attacker What? Listen to network traffic (passive) Insert malicious traffic (active) Probe cloud structure (active) Launch DoS Goal? Intrusion Network analysis Man in the middle Cartography 33 Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi Challenges for the attacker How to find out where the target is located? How to be co-located with the target in the same (physical) machine? How to gather information about the target? 34 Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi Infrastructure Security Network Level Host Level Application Level 35 Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi The Network Level Ensuring confidentiality and integrity of your organization’s data-in-transit to and from your public cloud provider Ensuring proper access control (authentication, authorization, and auditing) to whatever resources you are using at your public cloud provider Ensuring availability of the Internet-facing resources in a public cloud that are being used by your organization, or have been assigned to your organization by your public cloud providers Replacing the established model of network zones and tiers with domains 36 Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi The Host Level SaaS/PaaS Both the PaaS and SaaS platforms abstract and hide the host OS from end users Host security responsibilities are transferred to the CSP (Cloud Service Provider) You do not have to worry about protecting hosts However, as a customer, you still own the risk of managing information hosted in the cloud services. 37 Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi The Application Level DoS EDoS(Economic Denial of Sustainability) An attack against the billing model that underlies the cost of providing a service with the goal of bankrupting the service itself. End user security Who is responsible for Web application security in the cloud? SaaS/PaaS/IaaS application security Customer-deployed application security Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi 38 Data Security and Storage Several aspects of data security, including: Data-in-transit Confidentiality + integrity using secured protocol Confidentiality with non-secured protocol and encryption Data-at-rest Generally, not encrypted , since data is commingled with other users’ data Encryption if it is not associated with applications? But how about indexing and searching? Then homomorphic encryption vs. predicate encryption? Processing of data, including multitenancy For any application to process data, not encrypted 39 Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi Data Security and Storage (cont.) Data lineage Knowing when and where the data was located in cloud is important for audit/compliance purposes e.g., Amazon AWS Store Process Restore Data provenance Computational accuracy (as well as data integrity) E.g., financial calculation: sum ((((2*3)*4)/6) -2) = $2.00 ? Correct : assuming US dollar How about dollars of different countries? Correct exchange rate? 40 Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi Third-Party Cloud Computing Like Amazon’s EC2, Microsoft’s Azure Allow users to instantiate Virtual Machines Allow users to purchase required quantity when required Allow service providers to maximize the utilization of sunk capital costs Confidentiality is very important Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi 41 New Vulnerabilities & Attacks Threats arise from other consumers Due to the subtleties of how physical resources can be transparently shared between VMs Such attacks are based on placement and extraction A customer VM and its adversary can be assigned to the same physical server Adversary can penetrate the VM and violate customer confidentiality Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi 42 More on attacks… Collaborative attacks Mapping of internal cloud infrastructure Identifying likely residence of a target VM Instantiating new VMs until one gets co-resident with the target Cross-VM side-channel attacks Extract information from target VM on the same machine Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi 43 Web Service Applications and Web Portal Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi 44 Web Services Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi 45 Definition Many definitions “…technologies that allow for making connections” “a software system designed to support interoperable m2m interaction over the network” “..a service offered by an electronic device to another electronic device, communicating with each other via WWW” Web services may use SOAP protocol over http (or ftp, smtp,..) for their communication http is utilized for m2m communication and for transferring information in XML or JSON Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi 46 Service A function that is well defined, self contained, does not depend on the context or state of other services, can be accessed remotely and updated independently. Services carry out a function, such as producing data, validating a customer, or retrieve a credit card statement. Web services: connection technology of SOA. Most APIs in cloud computing are implemented as SOAP or RESTful Web services Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi 47 Web Services vs Websites A Web site is typically intended for human consumption (human-to-computer interaction), whereas web services are typically intended for computer-to-computer interaction. A Web service may have GUI or API, a Web site may implement Web Services in the background Paypal has both GUI and implements web services (e.g. for payments, use management etc.) Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi 48 A Service example Basic service oriented architecture: The service provider returns a response message to the service consumer (client). Simple data, message passing The request and subsequent response connections are defined in some way that is understandable to both the service consumer and service provider Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi 49 End of Unit 4 Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi 50 THANKS….. Dr. Kalka Dubey Assistant Professor RGIPT Jais Amethi 51

Use Quizgecko on...
Browser
Browser