Recent Advancements in Cloud Security · •SLA is a blueprint and warranty for the cloud •The...
Transcript of Recent Advancements in Cloud Security · •SLA is a blueprint and warranty for the cloud •The...
![Page 1: Recent Advancements in Cloud Security · •SLA is a blueprint and warranty for the cloud •The performance the data center will have and more recently performance of the network](https://reader036.fdocuments.us/reader036/viewer/2022071014/5fcc9c5e176fad3dec2fd0c1/html5/thumbnails/1.jpg)
Recent Advancements in Cloud Security
Matthew Mitchell
![Page 2: Recent Advancements in Cloud Security · •SLA is a blueprint and warranty for the cloud •The performance the data center will have and more recently performance of the network](https://reader036.fdocuments.us/reader036/viewer/2022071014/5fcc9c5e176fad3dec2fd0c1/html5/thumbnails/2.jpg)
“Rather then attempt to restrict usage, the goal should be to enable the freedom employees need to do their jobs better, without
compromising company security and liability.”-Lynda Stadtmueller
![Page 3: Recent Advancements in Cloud Security · •SLA is a blueprint and warranty for the cloud •The performance the data center will have and more recently performance of the network](https://reader036.fdocuments.us/reader036/viewer/2022071014/5fcc9c5e176fad3dec2fd0c1/html5/thumbnails/3.jpg)
Outline
• Introduction• What is the cloud• Different types of cloud services
• Existing approaches to data disclosure• Security circle
• Browserflow• Data flow control
• Conclusion
![Page 4: Recent Advancements in Cloud Security · •SLA is a blueprint and warranty for the cloud •The performance the data center will have and more recently performance of the network](https://reader036.fdocuments.us/reader036/viewer/2022071014/5fcc9c5e176fad3dec2fd0c1/html5/thumbnails/4.jpg)
The Cloud
• Access programs over the internet
• Data is stored on vendors servers
• Easily accessible data
https://xrm.com/reference/cloud/
![Page 5: Recent Advancements in Cloud Security · •SLA is a blueprint and warranty for the cloud •The performance the data center will have and more recently performance of the network](https://reader036.fdocuments.us/reader036/viewer/2022071014/5fcc9c5e176fad3dec2fd0c1/html5/thumbnails/5.jpg)
• Software-as-a-Service (SaaS)
• Platform-as-a-Service (PaaS)
• Infrastructure-as-a-Service (IaaS)
Most Common Cloud Service Provider (CSP)
https://www.globaldots.com/cloud-computing-types-of-cloud/
![Page 6: Recent Advancements in Cloud Security · •SLA is a blueprint and warranty for the cloud •The performance the data center will have and more recently performance of the network](https://reader036.fdocuments.us/reader036/viewer/2022071014/5fcc9c5e176fad3dec2fd0c1/html5/thumbnails/6.jpg)
https://www.statista.com/
https://www.statista.com/
Spending on cloud infrastructure
![Page 7: Recent Advancements in Cloud Security · •SLA is a blueprint and warranty for the cloud •The performance the data center will have and more recently performance of the network](https://reader036.fdocuments.us/reader036/viewer/2022071014/5fcc9c5e176fad3dec2fd0c1/html5/thumbnails/7.jpg)
https://www.statista.com/
Internet Users (World)
![Page 8: Recent Advancements in Cloud Security · •SLA is a blueprint and warranty for the cloud •The performance the data center will have and more recently performance of the network](https://reader036.fdocuments.us/reader036/viewer/2022071014/5fcc9c5e176fad3dec2fd0c1/html5/thumbnails/8.jpg)
Service level agreement (SLA)
• SLA is a blueprint and warranty for the cloud
• The performance the data center will have and more recently performance of the network
• Cloud service provider(CSP) agrees to what kind of monitoring and reporting
![Page 9: Recent Advancements in Cloud Security · •SLA is a blueprint and warranty for the cloud •The performance the data center will have and more recently performance of the network](https://reader036.fdocuments.us/reader036/viewer/2022071014/5fcc9c5e176fad3dec2fd0c1/html5/thumbnails/9.jpg)
• Users have access to multiple types of cloud services
• How to enforce data disclose polices
• Track the users activities with in the browser
![Page 10: Recent Advancements in Cloud Security · •SLA is a blueprint and warranty for the cloud •The performance the data center will have and more recently performance of the network](https://reader036.fdocuments.us/reader036/viewer/2022071014/5fcc9c5e176fad3dec2fd0c1/html5/thumbnails/10.jpg)
Existing approaches• Data leak prevention system
• Data flow tracking system
• Static data flow analysis
• Browser-side enforcement
• Client-side middleware
![Page 11: Recent Advancements in Cloud Security · •SLA is a blueprint and warranty for the cloud •The performance the data center will have and more recently performance of the network](https://reader036.fdocuments.us/reader036/viewer/2022071014/5fcc9c5e176fad3dec2fd0c1/html5/thumbnails/11.jpg)
Data leak prevention system
• Protects sensitive data
• Analyzes endpoint
• By inspecting outgoing network traffic
![Page 12: Recent Advancements in Cloud Security · •SLA is a blueprint and warranty for the cloud •The performance the data center will have and more recently performance of the network](https://reader036.fdocuments.us/reader036/viewer/2022071014/5fcc9c5e176fad3dec2fd0c1/html5/thumbnails/12.jpg)
Data flow tracking system
• Tracked by attaching labels to data
• Used for precise data flow, such as tracking passwords
• Computation heavy, thus has a big performance overhead
![Page 13: Recent Advancements in Cloud Security · •SLA is a blueprint and warranty for the cloud •The performance the data center will have and more recently performance of the network](https://reader036.fdocuments.us/reader036/viewer/2022071014/5fcc9c5e176fad3dec2fd0c1/html5/thumbnails/13.jpg)
Static data flow analysis
• Tracking data by analyzing source code
• Produces conservative results
• Unusable for legacy programs
![Page 14: Recent Advancements in Cloud Security · •SLA is a blueprint and warranty for the cloud •The performance the data center will have and more recently performance of the network](https://reader036.fdocuments.us/reader036/viewer/2022071014/5fcc9c5e176fad3dec2fd0c1/html5/thumbnails/14.jpg)
Browser-side enforcement
• Data is encrypted before the sensitive data is uploaded
• Not ideal since a CSP may have to index, search and inspect the original data
• Doesn't allow collaborative editing similar to Google Docs
![Page 15: Recent Advancements in Cloud Security · •SLA is a blueprint and warranty for the cloud •The performance the data center will have and more recently performance of the network](https://reader036.fdocuments.us/reader036/viewer/2022071014/5fcc9c5e176fad3dec2fd0c1/html5/thumbnails/15.jpg)
Client-side middleware
• Protects the confidentiality of users information from an untrusted CSP
• Decoupling the data from application logic.
![Page 16: Recent Advancements in Cloud Security · •SLA is a blueprint and warranty for the cloud •The performance the data center will have and more recently performance of the network](https://reader036.fdocuments.us/reader036/viewer/2022071014/5fcc9c5e176fad3dec2fd0c1/html5/thumbnails/16.jpg)
BROWSERFLOW • Group of researchers from The Imperial College London
• Protects against disclosure by users.
• Actively scans text.
• Enforces data exposure between cloud services.
• Done on the browser
![Page 17: Recent Advancements in Cloud Security · •SLA is a blueprint and warranty for the cloud •The performance the data center will have and more recently performance of the network](https://reader036.fdocuments.us/reader036/viewer/2022071014/5fcc9c5e176fad3dec2fd0c1/html5/thumbnails/17.jpg)
![Page 18: Recent Advancements in Cloud Security · •SLA is a blueprint and warranty for the cloud •The performance the data center will have and more recently performance of the network](https://reader036.fdocuments.us/reader036/viewer/2022071014/5fcc9c5e176fad3dec2fd0c1/html5/thumbnails/18.jpg)
![Page 19: Recent Advancements in Cloud Security · •SLA is a blueprint and warranty for the cloud •The performance the data center will have and more recently performance of the network](https://reader036.fdocuments.us/reader036/viewer/2022071014/5fcc9c5e176fad3dec2fd0c1/html5/thumbnails/19.jpg)
![Page 20: Recent Advancements in Cloud Security · •SLA is a blueprint and warranty for the cloud •The performance the data center will have and more recently performance of the network](https://reader036.fdocuments.us/reader036/viewer/2022071014/5fcc9c5e176fad3dec2fd0c1/html5/thumbnails/20.jpg)
![Page 21: Recent Advancements in Cloud Security · •SLA is a blueprint and warranty for the cloud •The performance the data center will have and more recently performance of the network](https://reader036.fdocuments.us/reader036/viewer/2022071014/5fcc9c5e176fad3dec2fd0c1/html5/thumbnails/21.jpg)
![Page 22: Recent Advancements in Cloud Security · •SLA is a blueprint and warranty for the cloud •The performance the data center will have and more recently performance of the network](https://reader036.fdocuments.us/reader036/viewer/2022071014/5fcc9c5e176fad3dec2fd0c1/html5/thumbnails/22.jpg)
• By using an plagiarism detection algorithm to create a digital fingerprint
• There algorithms are well studied problems
• There are four steps that are used to calculate the fingerprint of a text segment
![Page 23: Recent Advancements in Cloud Security · •SLA is a blueprint and warranty for the cloud •The performance the data center will have and more recently performance of the network](https://reader036.fdocuments.us/reader036/viewer/2022071014/5fcc9c5e176fad3dec2fd0c1/html5/thumbnails/23.jpg)
• Normalize the text by removing punctuation, whitespace and character case
“Hello World!”“helloworld”
• Taking an nth-gram • Example of 6-grams
“hellow”, “ellowo”, “llowor”, “loworl”, “oworld”
![Page 24: Recent Advancements in Cloud Security · •SLA is a blueprint and warranty for the cloud •The performance the data center will have and more recently performance of the network](https://reader036.fdocuments.us/reader036/viewer/2022071014/5fcc9c5e176fad3dec2fd0c1/html5/thumbnails/24.jpg)
• Create a hash values from the grams{51, 42, 53, 10, 22}
• Creating an overlapping set of hashes{51, 42, 53}, {42,53,10}, {53,10,22}
• Min value to get the fingerprint
{42,10}
![Page 25: Recent Advancements in Cloud Security · •SLA is a blueprint and warranty for the cloud •The performance the data center will have and more recently performance of the network](https://reader036.fdocuments.us/reader036/viewer/2022071014/5fcc9c5e176fad3dec2fd0c1/html5/thumbnails/25.jpg)
•
![Page 26: Recent Advancements in Cloud Security · •SLA is a blueprint and warranty for the cloud •The performance the data center will have and more recently performance of the network](https://reader036.fdocuments.us/reader036/viewer/2022071014/5fcc9c5e176fad3dec2fd0c1/html5/thumbnails/26.jpg)
•
![Page 27: Recent Advancements in Cloud Security · •SLA is a blueprint and warranty for the cloud •The performance the data center will have and more recently performance of the network](https://reader036.fdocuments.us/reader036/viewer/2022071014/5fcc9c5e176fad3dec2fd0c1/html5/thumbnails/27.jpg)
![Page 28: Recent Advancements in Cloud Security · •SLA is a blueprint and warranty for the cloud •The performance the data center will have and more recently performance of the network](https://reader036.fdocuments.us/reader036/viewer/2022071014/5fcc9c5e176fad3dec2fd0c1/html5/thumbnails/28.jpg)
https://cps-vo.org/
![Page 29: Recent Advancements in Cloud Security · •SLA is a blueprint and warranty for the cloud •The performance the data center will have and more recently performance of the network](https://reader036.fdocuments.us/reader036/viewer/2022071014/5fcc9c5e176fad3dec2fd0c1/html5/thumbnails/29.jpg)
Conclusion
What we covered• What the Cloud, security that's offered
• Enforce polices by analyzing text on the browser
![Page 30: Recent Advancements in Cloud Security · •SLA is a blueprint and warranty for the cloud •The performance the data center will have and more recently performance of the network](https://reader036.fdocuments.us/reader036/viewer/2022071014/5fcc9c5e176fad3dec2fd0c1/html5/thumbnails/30.jpg)
Questions?
Thanks to Elena Machkasova and Kevin Arhelger for their input