CS6262 Lecture 18 - Cloud Computing & VM Monitoring

What is the general definition of cloud computing?

A model for enabling convenient, on-demand network access to a shared pool of configurable computing resources such as networks, servers, storage, applications, and services

What is a key feature of cloud computing regarding resource provisioning?

Resources can be rapidly provisioned and require low management overhead

Why is the cloud computing industry considered complex?

It represents a large ecosystem of many models, vendors, and markets

What core technology is central to cloud computing and discussed in cloud security?

Virtualization

What are the five essential characteristics of cloud computing?

On-demand self-service, broad network access, resource pooling, rapid elasticity, measured service

What does Software as a Service (SaaS) enable a customer to do?

Use a provider's applications running on a cloud infrastructure, accessible through thin clients like web browsers

What does Platform as a Service (PaaS) enable a consumer to do?

Deploy consumer-created applications onto the cloud infrastructure using programming languages and tools supported by the provider

What does Infrastructure as a Service (IaaS) enable a consumer to do?

Provision processing, storage, networks, and other computing resources and deploy/run arbitrary software including operating systems and applications

What is a private cloud?

A cloud infrastructure operated solely for an organization, managed by the organization or a third party, on-premise or off-premise

What is a community cloud?

A cloud infrastructure shared by several organizations supporting a specific community with shared concerns

What is a public cloud?

A cloud infrastructure made available to the general public or a large industry group, owned by an organization selling cloud services

What is a hybrid cloud?

A composition of two or more cloud deployment models

Which cloud service model is associated with risks like data security, data locality, and unauthorized access?

Software as a Service (SaaS)

Which cloud service model is associated with risks like SOA-related issues and API-related issues?

Platform as a Service (PaaS)

Which cloud service model is associated with risks like virtual machine security and hypervisor security?

Infrastructure as a Service (IaaS)

Why is security considered a primary concern in cloud computing?

Because users do not manage the cloud environment directly and multiple organizations may share the same infrastructure

Why is cloud security challenging despite simple primitives and functions?

Because these primitives and functions are replicated thousands of times, creating massive complexity

Why is it easier to manage testing and security patches in cloud computing?

Most systems use the same software, simplifying updates

How does cloud computing simplify recovery?

Identical systems can be quickly set up for rapid recovery

What is a primary challenge regarding trust in cloud computing?

Users must rely on cloud providers who directly administer the environment

Why is lack of physical control a security concern in cloud computing?

Users cannot directly manage or inspect the computing resources they use

What are some security advantages of cloud provisioning services?

Rapid reconstitution of services and greater data availability through multiple data centers

What is the main security challenge of cloud provisioning services?

If the provisioning service is compromised, the impact can be highly disruptive

What is one security advantage of cloud data storage services?

Data can be fragmented and dispersed, increasing resilience

How does cloud storage improve data confidentiality?

Data can be encrypted at rest and in transit

What is a security challenge related to multi-tenant cloud storage?

Data from multiple organizations may reside on the same storage server

Why can the location of cloud storage servers be a security concern?

Different countries may have different regulations

What is a main security advantage of cloud processing infrastructure?

The master copy of a program can be secured and replicated throughout the environment

What are some security challenges in cloud processing infrastructure?

Multiple applications can run on the same hardware and isolation is difficult

How do cloud support services enhance security?

They provide on-demand security controls for customer applications

What is a network security challenge in cloud computing?

Creating security zones is difficult because applications share resources

What are some legal and regulatory challenges for cloud security?

International privacy laws, subpoenas, and data ownership issues

Why is isolation important in cloud security?

Multiple organizations use the same environment, requiring strong isolation protection

What are additional risks related to cloud infrastructure security?

Attacker interest due to scale and reliance on secure hypervisors

What challenge arises when an organization uses a public cloud in terms of security policies?

Reconciling internal network security policies with external cloud policies

Why is controlling software versions difficult in a public cloud using SaaS?

Customers cannot control what software or version is used

What is the recommended method to protect data security in the cloud?

Encrypt data at rest and encrypt access to resources

What percentage of cloud service providers encrypt data in transit?

Close to 90%

What percentage of cloud service providers encrypt data at rest?

Only about 10%

What is PII in cloud security?

Personally identifiable information that can identify an individual

What should customers negotiate with cloud providers to ensure data protection?

A security service level agreement (SLA)

How can customers verify that cloud providers meet agreed security levels?

By obtaining proof that SLAs have been satisfied

Which compliance standards must cloud providers consider for healthcare and payment data?

HIPAA and PCI

Name some foundational technologies supporting cloud computing.

Virtualization, grid technology, service-oriented architectures, distributed computing, broadband networks

What does virtualization involve with regard to hardware and operating systems?

Creating virtual machines using existing hardware and operating systems

What is the role of a hypervisor in virtualization?

Acts as a Virtual Machine Manager

Which type of hypervisor is installed directly on hardware?

Type 1 hypervisor

Which type of hypervisor emulates system devices and runs under a host OS?

Type 2 hypervisor

Why is virtualization considered critical for cloud computing?

It separates applications from hardware and allows multiple VMs to run on one machine

What is the purpose of a security virtual machine in virtualization?

To provide isolated security analysis and monitoring

Why is memory analysis essential for virtual machine security?

Memory reveals current runtime state including processes and decrypted data

What is virtual machine introspection?

Analyzing a VM’s memory from an external security VM

What distinguishes active monitoring from passive monitoring?

Active monitoring is event-driven and can stop attacks before execution

What is the goal of Secure In-VM Monitoring (SIM)?

To combine security of out-of-VM monitoring with performance of in-VM monitoring

How does SIM achieve high performance?

By accessing memory at native speed without switching to the hypervisor

What mechanism does SIM use for switching control?

Entry Gate and Exit Gate

What hardware feature does SIM use in the invocation checker?

Last Branch Recording (LBR)

How does SIM protect its address space?

Through hypervisor memory protection

How does SIM achieve native-speed memory access?

By reading memory directly without hypervisor interception

How does the performance of SIM compare to out-of-VM monitoring?

SIM is significantly faster