1

SECURITY IN
COMPUTING,
FIFTH EDITION
Chapter 8: Cloud Computing

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 2

Objectives for Chapter 8

• Define cloud services, including types and service models
• How to define cloud service requirements and identify
appropriate services
• Survey cloud-based security capabilities and offerings
• Discuss cloud storage encryption considerations
• Protection of cloud-based applications and infrastructures
• Explain the major federated identity management
standards and how they differ

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 3

What Is Cloud Computing?

• On-demand self-service
• Add or subtract resources as necessary
• Broad network access
• Mobile, desktop, mainframe
• Resource pooling
• Multiple tenants (customers) share resources that can be
reassigned dynamically according to need and invisibly to the
tenants
• Rapid elasticity
• Services can quickly and automatically scale up or down to meet
customer need
• Measure service
• Like water, gas, or telephone service, usage can be monitored for
billing
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 4

Service Models
• Software as a service (SaaS)
• The cloud provider gives the customer access to applications
running in the cloud
• Platform as a service (PaaS)
• The customer has his or her own applications, but the cloud
provides the languages and tools for creating and running them
• Infrastructure as a service (IaaS)
• The cloud provider offers processing, storage, networks, and other
computing resources that enable customers to run any kind of
software

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 5

Deployment Models
• Private cloud
• Infrastructure that is operated exclusively by and for the
organization that owns it
• Community cloud
• Shared by several organizations with common needs, interests, or
goals
• Public cloud
• Owned by a cloud service provider and offered to the general
public
• Hybrid cloud
• Composed of two or more types of clouds, connected by
technology that enables data and applications to balance loads
among those clouds
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 6

Cloud Migration Risk Analysis

• Identify assets
• Determine vulnerabilities
• Estimate likelihood of exploitation
• Compute expected loss
• Survey and select new controls
• Project savings

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 7

Cloud Provider Assessment

• Security issues to consider:
• Authentication, authorization, and access control options
• Encryption options
• Audit logging capabilities
• Incident response capabilities
• Reliability and uptime

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 8

Security Benefits of Cloud Services

• Geographic diversity
• Many cloud providers run data centers in disparate geographic
locations and mirror data across locations, providing protection
from natural and other local disasters.
• Platform and infrastructure diversity
• Different platforms and infrastructures mean different bugs and
vulnerabilities, which makes a single attack or error less likely to
bring a system down. Using cloud services as part of a larger
system can be a good way to diversify your technology stack.

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 9

Cloud-Based Security Functions

• Some security functions may be best handled by cloud
service providers:
• Email filtering
• Since email is already hopping through a variety of SMTP servers,
adding a cloud-based email filter is as simple as adding another hop.
• DDoS protection
• Cloud-based DDoS protection services update your DNS records to
insert their servers as proxies in front of yours. They maintain sufficient
bandwidth to handle the flood of attack traffic.
• Network monitoring
• Cloud-based solutions can help customers deal with steep hardware
requirements and can provide monitoring and incident response
expertise.

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 10

Cloud Storage
• By default, most cloud storage solutions either store
users’ data unencrypted or encrypt all data for all
customers using a single key and therefore don’t provide
strong confidentiality
• Some cloud services provide better confidentiality by
generating keys on a per-user basis based on that user’s
password or some other secret
• For maximum confidentiality, some cloud providers
embrace a trust no one (TNO) model in which even the
provider does not have the keys to decrypt user data

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 11

Data Loss Prevention (DLP)

• DLP is more difficult in cloud environments than on-
premise environments, as cloud customers have much
less control over data ingress and egress points
• DLP options for cloud-based corporate data:
• Force users to work through the corporate virtual private network
(VPN) to access corporate-contracted cloud resources
• Install DLP agents on users’ corporate systems
• In IaaS environments, insert a DLP server as a proxy between user
systems and other corporate cloud servers

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 12

Cloud Application Security

• Attacks against shared resources
• Shared computing resources change the threat landscape. Sharing
a system with a vulnerable application may result in those shared
resources becoming compromised and consequently spreading
attacks to your applications.
• Attacks against insecure APIs
• Cloud vendors have a history of using known broken APIs. A recent
survey of cloud security incidents over a 5-year period found that
almost one-third of those incidents were caused by insecure
interfaces and APIs.1

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 13

Federated Identity Management (FIdM)

Authentication/
2 Authorization
Request

Authorization
Response 5

3
Authentication
Third-Party Request Identity
Service 6 Access Management
Provider Request
System
Access
Response
Authentication
1 Credentials
4

User
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 14

Security Assertion Markup Language

(SAML)
• An XML-based standard that defines a way for systems to
securely exchange user identity and privilege information
• Commonly used when a company wants to give its
employees access to corporate cloud service
subscriptions
• If an employee leaves the company, his corporate login
credentials are disabled and, by extension, so are his
login rights to the cloud service

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 15

SAML Authentication Process

1
2 3
5 4
6
Service User
Provider (Subject) Identity Provider
(SP) (IdP)

Customer Network

SAML Authentication Process

1. Subject navigates to the SP site for login
2. SP sends the subject’s browser an authentication request
3. Browser relays the authentication request to the IdP
4. IdP attempts to authenticate the subject, then returns the
authentication response to the browser
5. Browser relays the authentication response to the SP
6. SP reads the authentication response and, if the user is
authorized, logs the user in with the privileges the IdP specified

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 16

OAuth
• Whereas SAML is an authentication standard, OAuth is
an authorization standard
• OAuth enables a user to allow third-party applications to
access APIs on that user’s behalf
• When Facebook asks a user if a new application can
have access to his photos, that’s OAuth
• OAuth allows users to give third-party applications access
to only the account resources they need, and to do so
without sharing passwords; users can revoke access at
any time

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 17

OpenID Connect (OIDC)

• OAuth has been extended to support authentication in the
form of OIDC
• OIDC is a relatively new standard for FIdM
• Works by adding an identity token to the existing
authorization tokens, essentially treating identity
information as another authorization right

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 18

Securing IaaS
• Shared storage
• When you deallocate shared storage, it gets reallocated to other users,
potentially exposing your data. Encrypted storage volumes are the
most reliable mitigation.
• Shared network
• Typical practice among IaaS providers prevents users from sniffing
one another’s network traffic, but the safest bet is to encrypt all
network traffic to and from virtual machines whenever possible
• Host access
• Require two-factor authentication
• Do not use shared accounts
• Enforce the principle of least privilege
• Use OAuth rather than passwords to give applications access to API
interfaces
• Use FIdM wherever possible so as to only manage one set of
accounts

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 19

IaaS Security Architecture

FTP Proxy FTP Servers

Internet FTP Proxy Enclave

FTP Enclave

Boundary Web Proxy

Protection
Enclave Web Proxy Enclave Web Servers

Web Enclave

IaaS Environment
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.