Standards Acceleration to Jumpstart Adoption of Cloud Computing (SAJACC

)
Lee Badger Tim Grance

May. 20, 2010

Information Technology Laboratory

Computer Security Division

cloudcomputing@nist.gov

NIST
National Institute of Standards and Technology

Outline
1 2 Brief review of clouds, and introduction to SAJACC. (15 minutes) Security issues in the cloud. (15 minutes)

3 Preliminary Cloud Computing Use Cases. (20 minutes) 4 Questions! (10 minutes)

more feedback?

Note: Any mention of a vendor or product is NOT an endorsement or recommendation.

Information Technology Laboratory

Computer Security Division

cloudcomputing@nist.gov

2

NIST
National Institute of Standards and Technology

1 Brief review of clouds, and introduction to SAJACC

Information Technology Laboratory

Computer Security Division

cloudcomputing@nist.gov

3

NIST
National Institute of Standards and Technology

NIST Working Cloud Definition (1 of 3)
5 Key Characteristics
1

On-demand self service

4

Elasticity ×
Jan Feb Mar …… Dec

$
renting takes minutes

$( $(
5

=
rent it in any quantity

) )

×

Jan

2

Ubiquitous network access

Resource pooling

anywhere / any device

reduces cost

3

Metered use

=
conserve resources
Information Technology Laboratory

off

off

on

Computer Security Division

cloudcomputing@nist.gov

4

NIST
National Institute of Standards and Technology

NIST Working Cloud Definition (1 of 3)
5 Key Characteristics
1

On-demand self service

4

Elasticity ×
Jan Feb Mar …… Dec

$
renting takes minutes

$( $(
5

=
rent it in any quantity

) )

×

Jan

2

Ubiquitous network access

Resource pooling

anywhere / any device

reduces cost

3

Metered use

=
conserve resources
Information Technology Laboratory

off

off

on

where is my workload?
Computer Security Division

cloudcomputing@nist.gov

5

NIST
National Institute of Standards and Technology

NIST Working Cloud Definition (2 of 3)
3 Deployment Models
Cloud Provider
1 Software as a Service (SaaS) Admin control Total control Application e.g., mail Middleware e.g., .Net Operating System Hardware

Cloud Customer
Limited Admin control No control

2 Platform

as a Service (PaaS)

Admin control Total control

Application Middleware Operating System Hardware

Limited programmability No control

3 Infrastructure

as a Service (IaaS)

No control Admin control

Application Middleware Operating System Hypervisor Hardware

Total control No control

Information Technology Laboratory

Computer Security Division

cloudcomputing@nist.gov

6

NIST
National Institute of Standards and Technology

NIST Working Cloud Definition (3 of 3)
4 Delivery Models
Cloud Provider Infrastructure
1 Private

Cloud Customer Data Center

management

2 Community

3 Public

4 Hybrid

Information Technology Laboratory

Computer Security Division

cloudcomputing@nist.gov

7

NIST
National Institute of Standards and Technology

A Quick Trip Through the (simplified) API
Setting up: aws.amazon.com create account set password email confirmation PEM-encoded RSA private key x.509 cert Steady state (simplified) RegisterImage

TLS

Configure storage

Manage keypairs

CreateKeyPair

Configure Manage IP addresses Instances: (routable) run reboot terminate query

Use to talk with new VMs

DeregisterImage

Credit: [8], aws.amazon.com [1]
Information Technology Laboratory

Every operation digitally signed. Every key pair public key stored in the cloud infrastructure.

Computer Security Division

cloudcomputing@nist.gov

9

NIST
National Institute of Standards and Technology

Important Cloud Computing Requirements
•  interoperability: clouds work together •  portability: workloads can move around •  security: customer workloads protected (to the extent possible)
•  Well-formulated standards could help, but…

Information Technology Laboratory

Computer Security Division

cloudcomputing@nist.gov

10

NIST
National Institute of Standards and Technology

Standards Creation is Time Consuming

•  Critical features (interoperability, portability) require high quality, mature standards. •  But standards development is a consensusoriented process: often years to complete. •  Even longer for international standards.
Information Technology Laboratory

Computer Security Division

cloudcomputing@nist.gov

11

NIST
National Institute of Standards and Technology

Shorter Term Standards Effort
•  Until standards mature: •  What is needed is a process to test important cloud system requirements --- NIST will provide that.
Portable Interoperable Secure (as possible)

SAJACC

Standards Acceleration Jumpstarting Adoption of Cloud Computing

Information Technology Laboratory

Computer Security Division

cloudcomputing@nist.gov

12

NIST
National Institute of Standards and Technology

SAJACC Communication Strategy
NIST will deploy and populate NIST Cloud Standards Portal Use Cases
Community Outreach
specifications

Validated Specifications

Reference Implementations

Standards Development Organizations

standards

•  Populate a web portal that distributes cloud specifications and reference implementations that are:
–  Known to work for critical use cases (e.g., interoperability, portability, bulk data transfer). –  Can be easily used by cloud service providers and consumers. –  Provide a basis for innovation i.e. are extensible.
•  Enables future innovation.
Information Technology Laboratory

Computer Security Division

cloudcomputing@nist.gov

13

NIST
National Institute of Standards and Technology

Populating the Portal
NIST Cloud Standards Portal Use Cases Validated Specifications Reference Implementations

Three complementary activities, all performed in collaboration with other agencies and standards development organizations: (1)  NIST inserts existing standards and de-facto interfaces as specifications. –  NIST identifies and validates specifications using use cases. (2) Organizations contribute open specifications. –  NIST receives and coordinates the prioritization of specifications, and validates using use cases. (3) NIST identifies gaps in cloud standards (and specifications) and publishes the gaps on the portal: produces opportunity for outside organizations to fill them.
Information Technology Laboratory

Computer Security Division

cloudcomputing@nist.gov

14

NIST
National Institute of Standards and Technology

(1) NIST Inserts Existing Standards and De-facto Interfaces
1

NIST Cloud Standards Portal
Success? 4
yes

Initial Use Cases Provided by Gov. 2 Legacy specifications Identified by Gov.

Use Cases Validated Specifications Proposed Specifications Reference Implementations Reference Implementations

Government-run Validation Exercises
Spec 1 Spec 2 … Spec n Test 1 Test 2 … Test n

3

Generate Test cases

•  •  •  • 

specifications, use cases: provide insight on how clouds can work reference implementations: enable validation exercises continuously growing portal: new content added over time publically available: anyone can access
cloudcomputing@nist.gov
15

Information Technology Laboratory

NIST
National Institute of Standards and Technology

Computer Security Division

(2) Organizations Contribute Open Specifications
1

NIST Cloud Standards Portal
Success? 4
yes

Initial Use Cases Provided by Gov. 2 Legacy specifications Identified by Gov.

Use Cases Validated Specifications Proposed Specifications Reference Implementations Reference Implementations

Government-run Validation Exercises
Spec 1 Spec 2 … Spec n Test 1 Test 2 … Test n

3 Organization-submitted specifications

•  continuously growing portal: new content added over time •  publically available: anyone can access or submit

Information Technology Laboratory

Computer Security Division

cloudcomputing@nist.gov

16

NIST
National Institute of Standards and Technology

2

Security issues in the cloud.

Information Technology Laboratory

Computer Security Division

cloudcomputing@nist.gov

17

NIST
National Institute of Standards and Technology

Security is a Major Issue

[3]
Information Technology Laboratory

Computer Security Division

cloudcomputing@nist.gov

18

NIST
National Institute of Standards and Technology

What is Security?
•  Traditionally, approximately:
–  confidentiality: your data not leaked –  integrity: your data or system not corrupted –  availability: your system keeps running

•  What does this mean in the cloud?
–  without user physical control

•  Some issues
–  with dynamically changing infrastructure –  secure access to the cloud –  protecting different users from one another
Information Technology Laboratory

Computer Security Division

cloudcomputing@nist.gov

19

NIST
National Institute of Standards and Technology

Analyzing Cloud Security
•  Some key issues:
–  trust, multi-tenancy, encryption, compliance

•  Clouds are massively complex systems that can be reduced to simple primitives that are replicated thousands of times and common functional units •  Cloud security is a tractable problem
–  There are both advantages and challenges
Former Intel CEO, Andy Grove: “only the paranoid survive”
Information Technology Laboratory

Computer Security Division

cloudcomputing@nist.gov

20

NIST
National Institute of Standards and Technology

General Security Advantages
•  Shifting public data to a external cloud reduces the exposure of the internal sensitive data •  Cloud homogeneity makes security auditing/testing simpler •  Clouds enable automated security management •  Redundancy / Disaster Recovery
Information Technology Laboratory

Computer Security Division

cloudcomputing@nist.gov

21

NIST
National Institute of Standards and Technology

General Security Challenges
•  •  •  •  •  •  Trusting vendor’s security model Customer inability to respond to audit findings Obtaining support for investigations Indirect administrator accountability Proprietary implementations can’t be examined Loss of physical control

Information Technology Laboratory

Computer Security Division

cloudcomputing@nist.gov

22

NIST
National Institute of Standards and Technology

Data Storage Services
•  Advantages
–  Data fragmentation and dispersal –  Automated replication –  Provision of data zones (e.g., by country) –  Encryption at rest and in transit –  Automated data retention

•  Challenges
–  Isolation management / data multi-tenancy –  Storage controller
•  Single point of failure / compromise?

–  Exposure of data
Information Technology Laboratory

Computer Security Division

cloudcomputing@nist.gov

23

NIST
National Institute of Standards and Technology

Cloud Processing Infrastructure
•  Advantages
–  Ability to secure masters and push out secure images

•  Challenges
–  Application multi-tenancy –  Reliance on hypervisors –  Process isolation / Application sandboxes

Information Technology Laboratory

Computer Security Division

cloudcomputing@nist.gov

24

NIST
National Institute of Standards and Technology

Additional Issues
•  •  Issues with moving sensitive data to the cloud
–  –  – 
•  • 

Privacy impact assessments Contingency planning and disaster recovery for cloud implementations Using SLAs to obtain cloud security
Suggested requirements for cloud SLAs Issues with cloud forensics

Risk assessment

• 

Handling compliance
–  –  –  –  –  FISMA HIPAA SOX PCI SAS 70 Audits
cloudcomputing@nist.gov
25

Information Technology Laboratory

NIST
National Institute of Standards and Technology

Computer Security Division

Putting it Together
•  Most clouds will require very strong security controls •  All models of cloud may be used for differing tradeoffs between threat exposure and efficiency •  There is no one “cloud”. There are many models and architectures. •  How does one choose?
Information Technology Laboratory

Computer Security Division

cloudcomputing@nist.gov

26

NIST
National Institute of Standards and Technology

3 Use Cases to drive portability, interoperability, security in clouds

Information Technology Laboratory

Computer Security Division

cloudcomputing@nist.gov

27

NIST
National Institute of Standards and Technology

Use Cases
Use Case: a description of how groups of users and their resources may interact with one or more systems to achieve specific goals.
Goal

abstract use case

add concrete details
Step 1 Step 2 …

OR

Step a Step b …

OR

Step I Step j …

... case study

Information Technology Laboratory

Computer Security Division

cloudcomputing@nist.gov

28

NIST
National Institute of Standards and Technology

Use Cases
Use Case: a description of how groups of users and their resources may interact with one or more cloud computing systems to achieve specific goals.
Goal

abstract use case

add concrete details
Step 1 Step 2 …

OR

Step a Step b …

OR

Step I Step j …

... case study

Example: Parent

$ $
cloudcomputing@nist.gov
29

Bank

Student

Information Technology Laboratory

NIST
National Institute of Standards and Technology

Computer Security Division

Preliminary Use Case Taxonomy for a Public Cloud (focus on IaaS)
Portability Interoperability Security

File/Object System Like •  sharing access •  access by name •  access by pattern •  strong erase •  cloud drive7 - synchronization

Job Control & Programming
•  alloc/start/stop…1 •  queueing1 • horizontal scaling of data/ processing •  services

Cloud-2-Cloud •  inter-cloud data transfer •  multi-hop data transfer •  storage peering7 •  backup between clouds7 •  cloud broker4 •  cloud burst •  VM migration •  dynamic dispatch5 •  fault-tolerant group

Admin •  SLA comparison •  info discovery7 •  user Acct mgmt •  compliance4 •  special security4

Data Management •  transfer data in •  transfer data out •  backup to cloud7 •  restore from cloud7 •  archive/preservation to cloud7

Note: these use cases are preliminary. Credits: SNIA [7], aws.amazon.com [1], DMTF [4], libcloud [5]
Information Technology Laboratory

Computer Security Division

cloudcomputing@nist.gov

30

NIST
National Institute of Standards and Technology

File/Object System Like
Sharing access
Customer
 1
 grant‐cmd
 Provider
 2
 data
 data
 read
/foo/bar
 data
 Provider
 other
Customers
 Users


Access by name

Customer


Compa&ble
modes:

read,
 write,
append,
truncate,
 chown,
chmod,
chgrp,
…


Access by pattern

Customer


query
“pa>ern”
 matching
 records


Provider


Specifying
pa<erns,
records.
 Access
control?


Strong erase

Customer


erase‐cmd
 “ok!”


Provider


GeAng
confidence?
 Zero
out,
mul&‐pass?
 DoD
5220‐22?
 Looks
like
a
local
disk
 Synchroniza&on?
 Security
defaults?
 31

Cloud Drive
credit:
SNIA
[7]

Information Technology Laboratory

Customer
 like
NFS,
AFS


Provider


Computer Security Division

cloudcomputing@nist.gov

NIST
National Institute of Standards and Technology

Job Control and Programming
Alloc/start/stop
Configure External Resources allocate compatibility, portability… Configure Internal resources Manage Instances: run, restart, terminate…

credit:
aws.amazon.com
[1]


deallocate

Queue services ...
upstream workers downstream workers

(thread synchronization in the large)

credit:
aws.amazon.com
[1]


compatibility, portability… like ordinary hosting, but with more scale, less location awareness.

Services

“services”

Information Technology Laboratory

Computer Security Division

cloudcomputing@nist.gov

32

NIST
National Institute of Standards and Technology

Cloud-2-Cloud
Inter-cloud data transfer
Provider
1
 Data
Object
 request
 Customer
 Network
Scenario
 request
 request
 Customer
 Physical
Scenario
 Provider
2
 Provider
1
 Physical
Data
 Container
 Provider
2
 request


protection of data in transit verification of data received some issues: coherent naming compatible crypto compatible access control metadata, ownership

Multi-hop inter-cloud data transfer

Provider
1

Data
Object


Provider
2


Provider
1

Physical
Data
 Container


Provider
2


request
 Customer


request


request
 Customer
 Physical
Scenario


request


Network
Scenario


same issues, and in addition: after round trip, data is still as useful
Information Technology Laboratory

Computer Security Division

cloudcomputing@nist.gov

33

NIST
National Institute of Standards and Technology

Cloud-2-Cloud (2)
Storage peering
Provider
1

some
 client
data
 common
 policies


Provider
2

other

 client
data


need common policies for naming of data objects, access control, snapshot/ cloning, etc.

credit:
SNIA
[7]


Customer
 backup
 restore


Backup/restore between clouds
credit:
SNIA
[7]


Provider
1

client
working
 data


Provider
2

backup
 data


Customer
 Provider
1


(an example of multi-hop) Provider
2

(resources)


common archival format, procedures, data protection in transit, verification, key management, …

Cloud broker

(resources)


(no
resources)
 credit:
DMTF
[4]

Information Technology Laboratory

broker


Customer


broker could provide a simple or stable interface to customers, even when providers change or have diverse APIs.

Computer Security Division

cloudcomputing@nist.gov

34

NIST
National Institute of Standards and Technology

Cloud-2-Cloud (3)
Cloud Burst
1
 Customer
Datacenter
 vm1

 vm2

 ... vmN

 Customer
Datacenter
 2
 vm1

 vm2

 ... vmN

 Customer
Datacenter
 3
 vm1

 vm2

 ... vmN

 Provider

 Provider

 need common policies for naming of data objects, access control, snapshot/ cloning, etc. Provider

 vmN+1

 vmN+2

 vmN+M



VM migration (suspendresume or live)

Provider
1
 vm1

 vm2

 ... vmN



Provider
2
 vm2

 ... vmN



dynamic config of networks, VM formats (e.g., OVF [6]), hypervisor diversity…

Customer


Information Technology Laboratory

Computer Security Division

cloudcomputing@nist.gov

35

NIST
National Institute of Standards and Technology

Cloud-2-Cloud (4)
Dynamic dispatch
credit:
libCloud
[5]


Customer


cloud
 API
2
 API
 access
 …
 library
 API
N



API
1


wrappers for clouds (e.g., libCloud)

Fault-tolerant group

Customer


transac&ons

replicaYon
 concurrency
control
 nesYng
 ACID
properYes
 byzanYne?
 other…


standardized fault tolerance protocols, QOS requirements, etc.

Information Technology Laboratory

Computer Security Division

cloudcomputing@nist.gov

36

NIST
National Institute of Standards and Technology

Admin
SLA comparison
Customer
 An SLA Template?

?

SLA 1 SLA 2 SLA 3
...

Cloud Provider Promises
availability remedies for failure to perform data preservation legal care of customer info

Limitations
scheduled outages force majeure events changes to the SLA security service API changes

User Promises
acceptable use policies provided software on-time payment

perhaps as a prelude to more detailed terms that extend but do not contradict?

Info Discovery
credit:
SNIA
[7]


A search service that retrieves documents subpoenaed for court.

who gets notified? who bears costs? timeliness? How to prevent “jar’ing” of customer-customers when providers change?

User Acct Mgmt

A cloud customer may have his/her own customers, and a provider sometimes provides SaaS-style customer management services.

Information Technology Laboratory

Computer Security Division

cloudcomputing@nist.gov

37

NIST
National Institute of Standards and Technology

Admin (2)
Compliance
credit:
DMTF
[4]


Providers sometimes assert compliance with (HIPPA, PCI, Sarbanes-Oxley, FISMA) requirements.

how can customers tell?

Special Security
credit:
DMTF
[4]


E.g., a “mono-tenancy” requirement for a customer’s workloads.

how can customers specify and tell?

Information Technology Laboratory

Computer Security Division

cloudcomputing@nist.gov

38

NIST
National Institute of Standards and Technology

Data Management
Provider
 Data
Object
 Provider
 Physical
Data
Container


Customer
 Network
Scenario


Customer
 Physical
Scenario


•  transfer data in •  transfer data out •  backup to cloud •  restore from cloud •  archive/preservation to cloud

protection in transit; verification of correct data received; correct naming; initialization of access rules; …

Information Technology Laboratory

Computer Security Division

cloudcomputing@nist.gov

39

NIST
National Institute of Standards and Technology

References
[1] Amazon Web Services, aws.amazon.com. [2] “Eucalyptus: A Technical Report on an Elastic Utility Computing Architecture Linking Your Programs to Useful Systems”, UCSB Computer Science Technical Report Number 2008-10. [3] IDC Enterprise Panel, August 2008 n=244 [4] “Interoperable Clouds, A White Paper from the Open Cloud Standards Incubator”, Distributed Management Task Force, Version 1.0, DMTF Informational, Nov. 11, 2009, DSP-IS0101 [5] libcloud, http://incubator.apache.org/libcloud/ [6] “Open Virtualization Format Specification”, DMTF Document Number DSP0243, Version 1.0, Feb. 22, 2009. [7] “Cloud Storage Use Cases”, Storage Network Industry Association, Version 0.5 rev 0, June 8, 2009. [8] “Starting Amazon EC2 with Mac OS X”. Robert Sosinski. http://www.robertsosinski.com/2008/01/26 /starting-amazon-ec2-with-mac-os-x/ [9] “The Eucalyptus Open-source Cloud-computing System”, D. Nurmi, R. Wolski, C. Grzegorcyk, G. Obertelli, S. Soman, L. Youseff, D. Zagorodnov, in Proceedings of Cloud Computing and Its Applications, Oct. 2008. [10] “Ubuntu Enterprise Cloud Architecture”, S. Wardley, E. Goyer and N. Barcet, Technical White Paper, 2009, www.canonical.com

Information Technology Laboratory

Computer Security Division

cloudcomputing@nist.gov

40

NIST
National Institute of Standards and Technology

Questions?

Information Technology Laboratory

Computer Security Division

8 cloudcomputing@nist.gov

41

NIST
National Institute of Standards and Technology

Sign up to vote on this title
UsefulNot useful