Principles of Computer Security

Explore cloud computing, client-server architecture, and NIST definitions of cloud computing services like SaaS, PaaS, and IaaS. Dive into Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS) models, their capabilities, and consumer control over cloud infrastructure components.

• Computer Security
• Cloud Computing
• NIST Definitions
• SaaS
• PaaS

jaque Follow

Uploaded on Mar 07, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. Principles of Computer Security Instructor: Haibin Zhang hbzhang@umbc.edu

2. Cloud Computing and Cloud Security

3. Client-Server Architecture

4. --> Cloud Computing

5. NIST Definitions of Cloud Computing Software as a service (SaaS) Platform as a service (PaaS) Infrastructure as a service (IaaS)

6. Software as a service (SaaS) The capability provided to the consumer is to use the provider's applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.

7. Platform as a Service (PaaS) The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.

8. Infrastructure as a Service (IaaS) Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).

9. Go Beyond These Definitions

10. Go Beyond These Definitions Someone could modify your cloud according to your need!

11. Go Beyond These Definitions Someone could modify your cloud according to your need! You could own your own cloud!

12. Go Beyond These Definitions Someone could modify your cloud according to your need! You could own your own cloud! OpenStack allows you to do that, with some (painful) price

13. Azure and EC2 MS and Amazon s specific IaaS

14. EC2

15. Azure Storage Questions How does Azure prevent from disaster? Did Azure use Paxos? What s the replication factor in Azure? Azure Storage is an append-only storage. What does it mean?

16. Azure Storage

17. OpenStack (In a Nutshell) Nova Keystone Cinder Swift Glance Neutron

18. Deployment Scenarios

19. BTW, cloud side channel attacks

20. Nova Open-source IaaS

21. OpenStack (Slightly More Complex)

22. The following: Visualizing OpenStack Dependency Flow Haibin Zhang

23. Basic---Launching an Instance Creating/Running a VM without Networks (Neutron), without Persistent Storage (Cinder) Time User credentials token token; request; project Id Keystone Success token vrf (interactive) token vrf (interactive) Nova token; request for VM image image Glance Slide 23

24. Extending Basic for Complex Settings 1) Adding persistent storage/Cinder; 2) Adding networks/Neutron Time User credentials token token; request; project Id Keystone Success token vrf (interactive) token vrf (interactive) Nova token; request for VM image Cinder image Network Ready Glance Neutron Slide 24

25. So far we use Glance as a black-box What s behind it? How it interacts with backend storage? Time User credentials token token; request; project Id Keystone Success token vrf (interactive) token vrf (interactive) Nova token; request for VM image image Glance Backend Storage e.g., Swift Slide 25

26. Method 1: Glance as a proxy (default; direct_URL is disabled) Time User credentials token token; request; project Id Keystone Success token vrf (interactive) token vrf (interactive) Nova token; request for VM image image Glance Backend Storage e.g., Swift Slide 26

27. Method 2: Glance return image/object URL; Nova contacts Swift directly Time User credentials token token; request; project Id Keystone Success token vrf (interactive) token vrf (interactive) Nova token; request for VM image image Glance Backend Storage e.g., Swift Slide 27

28. Note that this is for the most recent API Time User credentials token token; request; project Id Keystone Success token vrf (interactive) token vrf (interactive) Nova token; request for VM image image Glance Backend Storage e.g., Swift Slide 28

29. Keystone and OpenStack Token UUID: 32 bytes PKI PKIz Fernet token