Prerequisites: Minimum Knowledge!
Course Level: Bachelor
Learning effort: min. of 150 hours of study (30 hrs. e-learning directed study, 15 hrs. collaborative online lab, 15 hrs. collaborative project, 60 hrs. preparation/follow up of labs/project, 30 hrs. follow up independent study and individual preparation for exam).
Credits: 6 ECTS
Teaching method: Blended Learning
The instructor answers students’ questions (Q&A), presents demos and moderates the presentation of case studies conducted by industry experts, moderates discussions using interactive systems, e.g. webinar or video conference. These weekly supportive sessions are announced a priori to the participants.
After completing this course the student will be able to:
- Understand the architecture and the services of a Cloud computing system.
- Understand the design of Cloud environments
- Understand and evaluate the security level of a Cloud
- Investigate attacks and discover vulnerabilities of a Cloud
- Understand the importance of secure virtualizations to assuring secure Cloud environments
- Understand the risk of attacks for the users of a Cloud
- Use active and reactive tools and techniques to protect the Cloud environment
- Enhance communication protocol security through applying specific mechanisms to the network infrastructure
The course presents the main concepts of Cloud Computing, risks, interoperability, standards and security. Fundamental topics on distributed computing, grid computing and virtualization will be introduced first, followed by the concept of Cloud Computing, functional and operational architecture, Cloud deployment models, public and private environments, as well as the leverage of services: IaaS, PaaS and SaaS. Various threats to Cloud Computing will be discussed as such abuse and nefarious use, insecure application interfaces, shared technology vulnerabilities, data leakage, service and traffic hijacking. Case studies by industry partners related to the associated risks and security are presented, i.e. exploiting the weaknesses of a Cloud, attacking organization data in the Cloud, Cloud-specific security indicators. The methods and tools used today for protecting cloud computing systems are also introduced. The last part of the course involves the students' capabilities to deploy, develop and use a private Cloud-based environment. This infrastructure will be tested on the basis of common and advanced attacks, applying methods and mechanism to avoid these risks.
The course is structured into 14 Units grouped on 7 main chapters:
- Chap. 1 – Introduction: course structure and course requirements, presentation of the online laboratory infrastructure, assignments and cooperative projects, course material and instructor support. Introduction to distributed computing, grid computing and virtualization.
- Chap. 2 – Cloud Computing Concept: functional and operational architecture, Cloud deployment models, public and private environments, type of services: IaaS, PaaS and SaaS.
- Chap. 3 – Risk Management and Regulation: summary of the risk management and regulation framework. Threats to Cloud computing such as abuse and nefarious use, insecure application interfaces, shared technology vulnerabilities, data leakage, service and traffic hijacking. Case studies by industry partners related to the associated risks and security, i.e. exploiting weaknesses of a Cloud, attacking organization data in the Cloud, Cloud-specific security indicators.
- Chap. 4 – Identity and Access Management: main concepts about Identity and Access (I&A) Management weakness. Case study: Identity and Access Management related to the actual "killer-app" combined scenario: WebServices and eCommerce. Main risks study: impersonation, exploits and privilege escalation
- Chap. 5 - Service Integrity: service integrity management problem from very specialized standpoints: securization of virtualized environments and their maintenance. Main risks study: viruses, malware, ransomware, obsolescence, DoS.
- Chap. 6 – End-point Integrity: Cloud technologies open up a complex ecosystem of new devices and communication techniques that have to coexist together with the legacy devices. Integrity analysis of intermediate/end points: mobile devices, Access Points, virtual devices, etc. Main risks study: omnipresence vs. identity thief, MoM.
- Chap. 7– Information Integrity and Secure Communication: integrity analysis focused on information and encryption solutions. The methods and tools used today for protection of Cloud computing. Case studies. Main risks study: decryption, corruption, networking spoofing.
The Labs/projects will focus on the student’s capabilities to deploy, develop, use and protect a private Cloud-based environment. The student will develop the ability to understand and identify the architectures and services of Cloud environments. Cloud infrastructures will be tested using common and advanced attacks. Methods and mechanisms will be applied to protect the Cloud infrastructure and avoid the risks caused by various types of attacks. Assignments are divided into 3 practical extended labs composed of 2 sessions accordingly, with the following structure (all content is especially related to the studied chapters following the course e-structure):
- Lab 1: Understanding a Cloud Based Environment: definition, deployment and configuration of Cloud services. Tools. Environmental parameters.
- Section 1: Virtual machines, operative systems and networks. (Ch. 1)
- Section 2: Cloud services configuration (Ch. 2)
- Lab 2: Pentesting of Cloud services. Peripheral scanning. Vulnerabilities analysis. Exploiting. Privileges escalation. DoS.
- Section 1: Pentesting process (Chapter 3)
- Section 2: Privilege escalation (Chapter 4)
- Lab 3: Securizing the Cloud: Tools. Global firewalling. Intrusion detection. Persistent attacks analysis.
- Section 1: Analysis of vulnerabilities and corrections (Chapter 5)
- Section 2: Advanced tools: Honeypots, DMZ and advanced systems (Ch. 6 & 7)
Collaborative and cumulative project:
A project will be assigned to the students. The project will be carried out in a collaborative manner by international teams of 2-3 students. It will be presented in a form of a wiki, a presentation or a portfolio. The project will be cumulative, i.e. each project step is based on the framework provided by the prior steps. The project results will be evaluated by the instructor of the course.
Throughout the course, students will be involved in e-discussions related to the course content, through means specific to e-learning, such as forums, wikis, e-portfolios, etc. As part of the virtual community, each student will give feedback to at least two colleagues in the forums.
- Lab performance = 30% of the final grade.
- Project performance = 20% of the final grade.
- Discussions performance = 10% of the final grade.
- Written presence exam (60 min.) = 40% of the final grade. (conducted at the home university with a help of a trusted teacher)
- Michael J. Kavis:” Architecting the Cloud: Design Decisions for Cloud Computing Service Models (SaaS,PaaS, IaaS)”, John Wiley Ed., 2014
- Thomas Erl, Rardo Puttini, Zaigham Mahmood: “Cloud Computing Concepts Technology and Architecture”, Prentice Hall, 2013
- Raghuram Yeluri: “Building the Infrastructure for Cloud Security”, ApressOpen distributed by Springer Science-Business,New York, 2014
- John Rhoton:” Cloud Computing Protected : Security Assessment Handbook”, Rnonaudiblet, Editor, eBook, 2013
- Ciprian Popoviciu; “Building the IPv6 cloud: Two interdependent inflection points”, in searchCloudProvider.com, http://searchcloudprovider.techtarget.com
- NIST definition of Cloud. NIST 500-292 “NIST Cloud Computing Reference Architecture”
- NIST Special Publication 500-316, Framework for Cloud Usability, December 2015, http://www.nist.gov/itl/cloud/upload/CloudFrameworkSP500_316-2.pdf
- NIST definitions and API homepages. www.cloud-standards.org
- HP: “A comprehensive framework for securing virtualized data centers”, White paper
- Jericho Forum Cloud Cube Model. www.opengroup.org/jericho/cloud_cube_model_v1.0.pdf
Dr. Alberto Eloy García Gutiérrez Associated Professor in the Telematic Engineering Group, University of Cantabria, Spain Research interests: Energy Efficiency and Applied Security “I am a passionate teacher and enjoy passing on my research knowledge to students as a practical approach to the lectures. As an engineer, I am very fond of all the challenges and upcoming trends Internet presents us with. During my free time, I am partial to a glass of beer in enjoyable company. Bienvenido a nuestro curso!"