Back to course
Week 01

key terms

Cloud Computing Basics

  • Cloud Computing: The practice of storing data and applications on remote servers and accessing them via the Internet, rather than saving or installing them on a personal or office computer [1-3].
  • SaaS (Software as a Service): A service model that provides ready-to-use software accessed remotely via a web browser or thin client (e.g., Gmail, Dropbox) [4-7]. The provider manages the entire underlying stack [8].
  • PaaS (Platform as a Service): A service model that provides the execution runtime, database, and web server, while the client manages the applications and data [6, 8, 9].
  • IaaS (Infrastructure as a Service): A service model that delivers underlying technology infrastructure like virtual machines, servers, and storage. The client manages the operating system, middleware, and applications [4, 6, 9, 10].
  • Public Cloud: A deployment model hosted by a cloud service provider who rents space to many different customers or tenants [9, 11, 12].
  • Private Cloud: A deployment model dedicated to a single tenant, allowing for greater control and customization [9, 12].
  • Hybrid Cloud: A combination of public and private clouds, allowing workloads to burst into the public cloud during spikes in demand [9, 12].
  • On-demand Self-service: A characteristic where computing resources are provisioned automatically as they are required [13, 14].
  • Broad Network Access: A characteristic where resources are available over the network and accessed through standard mechanisms like mobile phones, tablets, and PCs [13, 14].
  • Resource Pooling: A characteristic where the provider's computing resources are pooled to serve multiple consumers simultaneously [13, 14].
  • Rapid Elasticity: The ability to dynamically and elastically scale resource provisioning outward and inward based on demand [13, 15].
  • Measured Service: The capability of cloud systems to automatically monitor, control, and report resource usage [13, 15].

Virtualization

  • Virtualization: The creation of a virtual, rather than actual, version of something (like an operating system, server, or storage device) that hides physical hardware characteristics from users [16-18].
  • Server Virtualization: Enables different operating systems to share the same physical hardware and makes it easy to move operating systems between different hardware hosts [16, 19].
  • Storage Virtualization: Creates an abstraction layer between the applications running on servers and the actual storage they use for data [16, 19].
  • Hypervisor (Virtual Machine Monitor / VMM): Computer software, firmware, or hardware that creates and manages virtual machines [5, 17, 19].
  • Type 1 Hypervisor: Runs directly on the host's system hardware to control it and manage guest operating systems [5, 17, 20].
  • Type 2 Hypervisor: Runs as a program on top of a conventional host operating system [5, 17, 20].
  • Virtual Machine (VM): An operating system and application environment installed on a hypervisor that imitates dedicated physical hardware [20-22].
  • VM Migration: The process of moving a virtual machine from one physical server host to another, which boosts disaster recovery and business agility [22, 23].
  • VM Snapshot: A copy of a virtual machine's disk file at a specific point in time, used to restore the VM if a system error occurs [22, 24].

Security and Privacy Concepts

  • Confidentiality: Ensures that information in a computer system and transmitted data are accessible only for reading by authorized parties [21, 25, 26]. Overcome by Encryption [26, 27].
  • Authentication: Ensures that the origin of a message or identity is correctly identified and not false [21, 25, 28]. Overcome by Passwords, Biometrics, or Digital Signatures [27, 28].
  • Integrity: Ensures that unauthorized parties cannot modify computer system assets and transmitted information [21, 27, 29]. Overcome by Hash functions [27, 29].
  • Non-repudiation: Ensures that neither the sender nor the receiver of a message can deny the transmission took place [27, 30]. Overcome by Digital Signatures [27, 30].

Attacks and Vulnerabilities

  • Eavesdropping (Passive Attack): An attacker monitors communication between a consumer and the cloud to intercept information [21, 25, 31].
  • Masquerade / Impersonation (Active Attack): An attacker falsely impersonates either the consumer or the cloud service [21, 25, 32].
  • Modification (Active Attack): An attacker alters the message, data, or information being exchanged [21, 25, 32].
  • Deny / Delay (Active Attack): A user or server falsely denies sending or receiving a message (e.g., denying a payment was made) [25, 32].
  • Outside Attack: An attack initiated from outside the security perimeter by an unauthorized user, such as a hacker or eavesdropper [27, 33].
  • Inside Attack (Malicious Insider): An attack initiated by someone inside the security perimeter (like an IT staff member or network manager) who abuses their authorized access [34, 35].
  • Dictionary Attack: A password cracking method that tries every word in a dictionary as a potential input to find a matching hash [34, 36].
  • Rainbow Table Attack: A password attack utilizing a pre-computed table of dictionary words and their corresponding hash values for fast lookups [37, 38].
  • Brute Force Attack: A password attack that tries every possible combination of letters, special characters, and numbers [37, 39, 40].
  • Inter-VM Attack: An attacker places a malicious VM on the same physical server as a target VM to access sensitive data [37, 41, 42].
  • Side Channel Attack: An attacker monitors shared physical hardware resources (like the CPU data cache or branch prediction) to extract cryptographic keys from another VM [43, 44].

Cryptography

  • Conventional Encryption Model: A system where a sender uses an algorithm and a Secret Key to convert plaintext into ciphertext, and the receiver uses the exact same key to decrypt it [39, 45, 46].
  • Substitution Cipher: An encryption method where the letters of the plaintext are replaced by other letters, numbers, or symbols [43].
  • Caesar Cipher: The earliest known substitution cipher, which encrypts messages by shifting each letter of the plaintext alphabet exactly three places further down the alphabet (Key = 3) [47-49].
  • Shift Cipher: A general version of the Caesar cipher where the plaintext alphabet is shifted by any number of positions to the left to create the ciphertext alphabet [50, 51].

Other materials this week

summary