Index. BIOS rootkit, 119 Broad network access, 107

Size: px
Start display at page:

Download "Index. BIOS rootkit, 119 Broad network access, 107"

Transcription

1 Index A Administrative components, 81, 83 Anti-malware, 125 ANY policy, 47 Asset tag, 114 Asymmetric encryption, 24 Attestation commercial market, 85 facts, 79 Intel TXT conceptual architecture, 85 models, 83 TPM, 84 trusted launch, pools and compliance, 83 local attestations, 80 meaning, 79 Mt. Wilson technology, 87 OpenAttestation, platforms and use models, 79 remote attestations, 80 service components capabilities, 82 endpoint, service and administrative components, 81 overview, 81 TCG defines, 79 transparent, 88 Attestation Identity Key (AIK), 23 Authenticated code module (ACM), 5, 18, 92 types, 18 verification and protection, 18 Autopromotion, 59 B BIOS rootkit, 119 Broad network access, 107 C Cloud computing, 7 8 cloud delivery models hybrid cloud model, Infrastructure as a Service model, 109 Platform as a Service model, 109 private model, public model, Software as a Service model, 109 cloud variants, 106 broad network access, 107 definition, 107 measured service, 107 on-demand self-service, 107 rapid elasticity, 107 resource pooling, 107 compliance datacenter vs. cloud, 105 extended trusted pools asset tag, 114 benefits of tags, geolocation & asset descriptors, geotag, 114 Intel TXT and attestation, 115 Intel TXT models, 110 trusted compute pools trusted launch model,

2 index Common Event Format (CEF), 102 Compliance Cryptographic hash functions, 24 checksums, 25 digital fingerprint, 25 digital signature, 25 message authentication, 25 properties, 25 Cryptography asymmetric encryption, 24 cryptographic hash functions, 24 decryption, 23 encryption, 23 symmetric encryption, 24 D Data-at-rest, 2 Datacenter security cloud delivery models hybrid cloud model, Infrastructure as a Service model, 109 Platform as a Service model, 109 private model, public model, Software as a Service model, 109 cloud variants, 106 broad network access, 107 definition, 107 measured service, 107 on-demand self-service, 107 rapid elasticity, 107 resource pooling, 107 compliance datacenter vs. cloud, 105 extended trusted pools asset tag, 114 benefits of tags, geolocation & asset descriptors, geotag, 114 Intel TXT and attestation, 115 Intel TXT models, 110 trusted compute pools trusted launch model, 110 Data-in-flight, 2 Data-in-use, 3 Dell PowerEdge R410, 39 E Enablement. See also Management and policy tools layer; Operating system or hypervisor enablement basics BIOS and TPM, 92 components, 92 elements, 92 menu structure, 93 OEM platform requirements and opportunities, 92 platform default, 92 security setup screen, 93 extended attestation services, 94 provisioning, 94 reporting and logging capability, 95 trusted computing, 94 updates, 94 layered pyramid model, 89 security applications layer broad security missions, 102 integration, 101 Intel TXT enabled platforms, 102 questions remain, 103 RSA, 102 SIEM and GRC management tools, 91 steps and requirements, 90 trusted launch and pools use model, 91 Endpoint component, 81 F Firmware Interface Table (FIT), 92 G Gathering platform, 81 Geotag, 114 Governance, risk, and compliance (GRC) tools, 90 Guest operating system, 6 130

3 Index H Hash Method of Authentication (HMAC) value, 20, 25 Host operating system, 6 Hypervisor enablement (see Operating system and hypervisor enablement) rootkit, 119 I, J, K Infrastructure as a Service (IaaS) model, 109 Intel Trusted Execution Technology (Intel TXT) attack types, 2 attestation, 9 benefits, 9 cloud computing, 7 cloud service provider/service client, 10 configuration, 4 description, 4 disadvantage, 11 dynamic chain of trust, 5 flexibility, 4 goal, 1, 4 measured launch environment, 6 7 measurement process, 4 roles and responsibilities host operating system, 13 OEM, 12 TPM ownership, 12 sealed storage, 1 security level, 2 server enhancement BIOS inclusion, 11 client and server platforms, 12 processor-based CRTM, 11 RAS features, 11 server architecture complexity, 12 System Management Module code, 12 static chain of trust, 5 third-party software, 13 TPM chip, 4 trusted compute pool, 10 trusted servers, 4 virtualization, 6 Intel TXT attestation, 35 boot sequence, 29 concepts, 26 conceptual architecture, 85 cryptography asymmetric encryption, 24 cryptographic hash functions, 24 decryption, 23 encryption, 23 symmetric encryption, 24 dynamic measurements, 28 launch control policy, 33 MLE element, 34 NV policy data, 35 PCONF, 34 platform supplier and owner policy, 34 protection, 35 measured launch process, 31 measurements, 26 models, 83, 110 operating system, 28 platform configuration, 28 reset attack protection, 33 sealing, 35 secure measurements, 27 static measurements, 27 TPM Attestation Identity Key, 23 interface, 19 nonvolatile random access memory, 22 ownership and access enforcement, 23 platform configuration registers, 21 public and private key, 21 random number generator, 20 RSA asymmetric algorithm, 21 security functions, trusted launch, pools and compliance, 83 Intel TXT capable platform components authenticated code module, 18 BIOS, 17 chipsets, 17 processor, 16 Trusted Platform Module, 17 definition, 16 Intel Virtualization Technology (Intel VT), 38 L Launch control policy (LCP), 61, 80 ACM, 48 ANY, 47 ANY policy specification, 53 autopromotion requirement, 64 considerations, 59 decision matrix, 77 establish trusted pools, 56 flow, 49 generator, 49 host operating systems MLE policy creation tools, 71 OS/VMM vendor, 71 impact of BIOS updates, 73 OS/VMM updates,

4 index Launch control policy (LCP) (cont.) platform configuration changes, 73 SINIT updates, 72 insights, 47 management multiple lists for version control, 74 signed list usage, 74 simplest policy, 75 single policy for server groups, 73 vendor-signed policies, 74 measured launch process, 47 MLE element specification, 52 NV Policy Data, 48 overview, 62 PCONF element specification, 51 PCONF policy, challenges, 70 PcrDump, 69 PCRInfo, 70 remote attestation, 64 specification, 65 policy data structure, 48 prevent interference by platform supplier policy, 56 reduce need for remote attestation, 58 remote attestation, 63 reset attack protection, 59, 64 revoke platform default policy, 54 signed lists, 50 strategies available tools, 76 confidence, 75 PCRs, 76 remote attestation, 76 reset protections, 76 risk, 76 training, 75 trusted pools, 76 TPM access restriction, 64 TPM password, 77 trusted ACM specification, 53 LIST policy, 49 Local attestations, 80 M Management and policy tools layer attestation services, 100 evolutionary enhancement, 99 HyTrust appliance, 99 provisioning, 100 reporting and logging functions, 100 roles, 99 server trust status, 101 trusted compute pools, 97 updates, 100 McAfee epolicy Orchestrator (epo), 102 Measured launch environment, 6 7 code, 6 7, 48, 52 policy, 61 Measured service, 107 Mt. Wilson technology, N Nonvolatile random access memory, 22 NV Policy Data, 48 O OEM platform enablement requirements and opportunities, 92 On-demand self-service, 107 One-party encryption. See Symmetric encryption OpenAttestation, 86 Open-source project, 86 Operating system and hypervisor enablement basic enablement, 96 ISV, 96 key trusted platforms, 96 SINIT module, 96 TCB and LCP, 96 TPM, 96 trust-based reporting and logging capabilities, 97 trusted computing stack, 95 P, Q Physical presence interface, 40 Platform as a Service (PaaS) model, 109 Platform Configuration (PCONF) policy, 61, 64 challenges, 70 PcrDump, 69 PCRInfo, 70 specification, 65 Platform configuration registers (PCRs), 5, 21 Platform default (PD) policy, 54 Platform trust, 117 Provisioning BIOS setup automating BIOS provisioning, 40 enable and activate TPM, 38 enable Intel TXT, 39 enable supporting technology, 38 summary of, 39 create owner s launch control policy (see Launch control policy (LCP)) establish TPM ownership (see Trusted Platform Module (TPM)) steps to provision new platform,

5 Index trusted host operating system OS/VMM installation, 45 Ubuntu, 45 VMware ESXi, 45 R Random number generator (RNG), 20 Rapid elasticity, 107 Remote attestations, 80 Reporting and logging capability, 95 Resource pooling, 107 Risk management, 118 Root kits, 3 S SDK architecture overview, 87 Security applications layer broad security missions, 102 integration, 101 Intel TXT enabled platforms, 102 questions remain, 103 RSA, 102 Security incident management and analysis tools (SIEM), 90 Service components capabilities, 82 conceptual architecture, 81 endpoint, service and administrative components, 81 overview, 81 Signed BIOS policy, 59 SINIT policy, 61 Software as a Service (SaaS) model, 109 Software development kit (SDK), 86 Symmetric encryption, 24 T, U, V Trusted Boot (TBOOT) module, 31, 45 Trusted Compute Base (TCB), 96 Trusted compute pools (TCP) Trusted computing anti-malware, 125 BIOS rootkit, 119 End-to-End Trust, 124 evolution, 123 guest images, 124 Hypervisor rootkit, 119 IT security toolbox, 119 launch time measurement, private and public cloud computing, 120 protections and assurance cryptographic measurement techniques, 121 ecosystem, 121 GRC, 122 hardware, 120 hypervisor integrity, 121 requirements, 121 virtualized/cloud models, 122 stack integrity asset and location control aspect, 126 datacenter and security, 127 digital certificates, 126 host integrity, 126 McAfee, 125 McAfee MOVE Antivirus, 127 McAfee SiteAdvisor, 126 threats, 122 whitelist approach, 123 Trusted Computing Group (TCG), 3, 79 Trusted launch and pools use model, 91 Trusted launch model, 110 Trusted operating system, 6 Trusted Platform Module (TPM), 17 18, 92 Attestation Identity Key, 23 chip, 4 enable and activate, 38 interface, 19 control protocol, 20 localities, 19 nonvolatile random access memory, 22 ownership and access enforcement, 23 authorization values, 43 definition, 40 establish ownership, 40 local pass-through TPM model, 41 management server model, 42 remote pass-through TPM model, 41 Platform Configuration Registers, 21 public and private key, 21 random number generator, 20 RSA asymmetric algorithm, 21 security functions, W, X, Y, Z Whitelisting,

Trusted Geolocation in The Cloud Technical Demonstration

Trusted Geolocation in The Cloud Technical Demonstration Trusted Geolocation in The Cloud Technical Demonstration NIST Interagency Report 7904 - Trusted Geolocation in the Cloud: Proof of Concept Implementation Trusted Geolocation in the Cloud Business Business

More information

Intel Cloud Builders Guide: Cloud Design and Deployment on Intel Platforms

Intel Cloud Builders Guide: Cloud Design and Deployment on Intel Platforms Intel Cloud Builders Guide Intel Xeon Processor 5600 Series Parallels* Security Monitoring and Service Catalog for Public Cloud VPS Services Parallels, Inc. Intel Cloud Builders Guide: Cloud Design and

More information

Trusted Geolocation in the Cloud. Based on NIST Interagency Report 7904 - Trusted Geolocation in the Cloud: Proof of Concept Implementation

Trusted Geolocation in the Cloud. Based on NIST Interagency Report 7904 - Trusted Geolocation in the Cloud: Proof of Concept Implementation Trusted Geolocation in the Cloud Based on NIST Interagency Report 7904 - Trusted Geolocation in the Cloud: Proof of Concept Implementation 2 Agenda Definition of cloud computing Trusted Geolocation in

More information

Accelerate OpenStack* Together. * OpenStack is a registered trademark of the OpenStack Foundation

Accelerate OpenStack* Together. * OpenStack is a registered trademark of the OpenStack Foundation Accelerate OpenStack* Together * OpenStack is a registered trademark of the OpenStack Foundation Where are your workloads running Ensuring Boundary Control in OpenStack Cloud. Raghu Yeluri Principal Engineer,

More information

Control your corner of the cloud.

Control your corner of the cloud. Chapter 1 of 5 Control your corner of the cloud. From the halls of government to the high-rise towers of the corporate world, forward-looking organizations are recognizing the potential of cloud computing

More information

Building Trust and Compliance in the Cloud with Intel Trusted Execution Technology

Building Trust and Compliance in the Cloud with Intel Trusted Execution Technology WHITE PAPER Intel Trusted Execution Technology Intel Xeon Processor Secure Cloud Computing Building Trust and Compliance in the Cloud with Intel Trusted Execution Technology The Taiwan Stock Exchange Corporation

More information

NIST Interagency Report 7904 (Draft) Trusted Geolocation in the Cloud: Proof of Concept Implementation (Draft)

NIST Interagency Report 7904 (Draft) Trusted Geolocation in the Cloud: Proof of Concept Implementation (Draft) NIST Interagency Report 7904 (Draft) Trusted Geolocation in the Cloud: Proof of Concept Implementation (Draft) Erin K. Banks Michael Bartock Kevin Fiftal David Lemon Karen Scarfone Uttam Shetty Murugiah

More information

Chapter 5 Boundary Control in the Cloud: Geo-Tagging and Asset Tagging

Chapter 5 Boundary Control in the Cloud: Geo-Tagging and Asset Tagging Chapter 5 Boundary Control in the Cloud: Geo-Tagging and Asset Tagging Chapters 3 and 4 focused on platform boot integrity, trusted compute pools, and the attestation architecture. They covered the reference

More information

One-Stop Intel TXT Activation Guide

One-Stop Intel TXT Activation Guide One-Stop Intel TXT Activation Guide DELL* PowerEdge 12G Server Systems Intel Trusted Execution Technology (Intel TXT) for Intel Xeon processor-based servers is commonly used to enhance platform security

More information

One-Stop Intel TXT Activation Guide

One-Stop Intel TXT Activation Guide One-Stop Intel TXT Activation Guide HP Gen8 Family Based Server Systems Intel Trusted Execution Technology (Intel TXT) for Intel Xeon processor-based servers is commonly used to enhance platform security

More information

Intel Trusted Execution Technology

Intel Trusted Execution Technology white paper Intel Trusted Execution Technology Intel Trusted Execution Technology Hardware-based Technology for Enhancing Server Platform Security Executive Summary A building is only as good as its foundation.

More information

Creating a More Secure Datacenter and Cloud

Creating a More Secure Datacenter and Cloud Chapter 7 Creating a More Secure Datacenter and Cloud Every cloud has its silver lining but it is sometimes a little difficult to get it to the mint. Don Marquis This book has discussed the utilities and

More information

TRUSTED WORKLOAD MIGRATION WITH EMC, RSA, INTEL, AND HYTRUST

TRUSTED WORKLOAD MIGRATION WITH EMC, RSA, INTEL, AND HYTRUST White Paper TRUSTED WORKLOAD MIGRATION WITH EMC, RSA, INTEL, AND HYTRUST Nondisruptive trusted workload migration between data centers Active enforcement of hardware-level security policy compliance Enhanced

More information

Cisco Trust Anchor Technologies

Cisco Trust Anchor Technologies Data Sheet Cisco Trust Anchor Technologies Overview Cisco Trust Anchor Technologies provide the foundation for trustworthy systems across Cisco. The Cisco Trust Anchor and a Secure Boot check of signed

More information

opportunity Mechanisms to Protect Data in the Open Cloud

opportunity Mechanisms to Protect Data in the Open Cloud Open Source on Intel white paper OpenStack* Intel Xeon processors Intel Trusted Execution Technology Intel Advanced Encryption Standard New Instructions Mechanisms to Protect Data in the Open Cloud Intel

More information

Swisscom Cloud. Building a secure cloud. SIGS, 09.09.2014 Christof Jungo

Swisscom Cloud. Building a secure cloud. SIGS, 09.09.2014 Christof Jungo Swisscom Cloud Building a secure cloud SIGS, 09.09.2014 Christof Jungo Cloud What is changing? 2 Enterprise Datacenter High secure tier 3 & 4 Server typ Processor architecture: various Baremetal & virtual

More information

Data Center Connector for vsphere 3.0.0

Data Center Connector for vsphere 3.0.0 Product Guide Data Center Connector for vsphere 3.0.0 For use with epolicy Orchestrator 4.6.0, 5.0.0 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

More information

Can PCI DSS Compliance Be Achieved in a Cloud Environment?

Can PCI DSS Compliance Be Achieved in a Cloud Environment? royal holloway Can Compliance Be Achieved in a Cloud Environment? Organisations are considering whether to run -based systems in a cloud environment. The security controls in the cloud may be sufficient

More information

Intel Cloud Builders Guide: Cloud Design and Deployment on Intel Platforms

Intel Cloud Builders Guide: Cloud Design and Deployment on Intel Platforms Intel Cloud Builders Guide Intel Xeon Processor Servers Enhanced Cloud Security with HyTrust* and VMware* Intel Cloud Builders Guide: Cloud Design and Deployment on Intel Platforms Enhanced Cloud Security

More information

CLOUD SECURITY: Secure Your Infrastructure

CLOUD SECURITY: Secure Your Infrastructure CLOUD SECURITY: Secure Your Infrastructure 1 Challenges to security Security challenges are growing more complex. ATTACKERS HAVE EVOLVED TECHNOLOGY ARCHITECTURE HAS CHANGED NIST, HIPAA, PCI-DSS, SOX INCREASED

More information

Attestation: Proving Trustability

Attestation: Proving Trustability Chapter 4 Attestation: Proving Trustability In the last few chapters we have looked at the first stages in a process toward establishing trust between systems. First, the establishment of roots of trust

More information

Protecting Virtual Endpoints with McAfee Server Security Suite Essentials

Protecting Virtual Endpoints with McAfee Server Security Suite Essentials Sponsored by McAfee Protecting Virtual Endpoints with McAfee Server Security Suite Essentials December 2013 A SANS Analyst Whitepaper Written by Dave Shackleford Capability Sets for Virtualization Security

More information

McAfee Public Cloud Server Security Suite

McAfee Public Cloud Server Security Suite Installation Guide McAfee Public Cloud Server Security Suite For use with McAfee epolicy Orchestrator COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766,

More information

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models. Cloud Strategy Information Systems and Technology Bruce Campbell What is the Cloud? From http://csrc.nist.gov/publications/nistpubs/800-145/sp800-145.pdf Cloud computing is a model for enabling ubiquitous,

More information

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Using etoken for SSL Web Authentication. SSL V3.0 Overview Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents

More information

Protecting Data with Short- Lived Encryption Keys and Hardware Root of Trust. Dan Griffin DefCon 2013

Protecting Data with Short- Lived Encryption Keys and Hardware Root of Trust. Dan Griffin DefCon 2013 Protecting Data with Short- Lived Encryption Keys and Hardware Root of Trust Dan Griffin DefCon 2013 Time-Bound Keys Announcements New tool: TimedKey.exe New whitepaper: Trusted Tamperproof Time on Mobile

More information

Intel Cloud Builders Guide: Cloud Design and Deployment on Intel Platforms

Intel Cloud Builders Guide: Cloud Design and Deployment on Intel Platforms Intel Cloud Builders Guide Intel Xeon Processor-based Servers Enhancing Cloud Platform Security with Enomaly ECP* HAE and Dell PowerEdge* Servers Intel Cloud Builders Guide: Cloud Design and Deployment

More information

Chapter 1: Introduction

Chapter 1: Introduction Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure

More information

McAfee Security Architectures for the Public Sector

McAfee Security Architectures for the Public Sector White Paper McAfee Security Architectures for the Public Sector End-User Device Security Framework Table of Contents Business Value 3 Agility 3 Assurance 3 Cost reduction 4 Trust 4 Technology Value 4 Speed

More information

Embedded Trusted Computing on ARM-based systems

Embedded Trusted Computing on ARM-based systems 1 / 26 Embedded Trusted Computing on ARM-based systems Martin Schramm, M.Eng. 10.04.2014 Agenda 2 of 26 martin.schramm@th-deg.de Embedded computing platforms have become omnipresent intend to alleviate

More information

Building Blocks Towards a Trustworthy NFV Infrastructure

Building Blocks Towards a Trustworthy NFV Infrastructure Building Blocks Towards a Trustworthy NFV Infrastructure IRTF NFVRG Adrian L. Shaw Hewlett-Packard Laboratories / July 22 nd, 2015 1 Why security and trust? Big requirement for critical

More information

Private Virtual Infrastructure: A Model for Trustworthy Utility Cloud Computing UMBC Computer Science Technical Report Number TR-CS-10-04

Private Virtual Infrastructure: A Model for Trustworthy Utility Cloud Computing UMBC Computer Science Technical Report Number TR-CS-10-04 Private Virtual Infrastructure: A Model for Trustworthy Utility Cloud Computing UMBC Computer Science Technical Report Number TR-CS-10-04 F. John Krautheim 1 Dhananjay S. Phatak Alan T. Sherman 1 Cyber

More information

Patterns for Secure Boot and Secure Storage in Computer Systems

Patterns for Secure Boot and Secure Storage in Computer Systems Patterns for Secure Boot and Secure Storage in Computer Systems Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany {hans.loehr,ahmad.sadeghi,marcel.winandy}@trust.rub.de

More information

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training McAfee Web Gateway Administration Intel Security Education Services Administration Course Training The McAfee Web Gateway Administration course from Education Services provides an in-depth introduction

More information

Dell Client BIOS: Signed Firmware Update

Dell Client BIOS: Signed Firmware Update Dell Client BIOS: Signed Firmware Update An Implementation and Deployment Guide to NIST SP800-147 BIOS Protections for Dell Client BIOS Rick Martinez Dell Client BIOS This white paper is for informational

More information

A TRUSTED STORAGE SYSTEM FOR THE CLOUD

A TRUSTED STORAGE SYSTEM FOR THE CLOUD University of Kentucky UKnowledge University of Kentucky Master's Theses Graduate School 2010 A TRUSTED STORAGE SYSTEM FOR THE CLOUD Sushama Karumanchi University of Kentucky, ska226@uky.edu Recommended

More information

Alliance Key Manager Solution Brief

Alliance Key Manager Solution Brief Alliance Key Manager Solution Brief KEY MANAGEMENT Enterprise Encryption Key Management On the road to protecting sensitive data assets, data encryption remains one of the most difficult goals. A major

More information

Cloud Security Specialist Certification Self-Study Kit Bundle

Cloud Security Specialist Certification Self-Study Kit Bundle Cloud Security Specialist Certification Bundle CloudSchool.com CLOUD CERTIFIED Technology Professional This certification bundle provides you with the self-study materials you need to prepare for the exams

More information

SECURING HEALTH INFORMATION IN THE CLOUD. Feisal Nanji, Executive Director, Techumen feisal@techumen.com

SECURING HEALTH INFORMATION IN THE CLOUD. Feisal Nanji, Executive Director, Techumen feisal@techumen.com SECURING HEALTH INFORMATION IN THE CLOUD Feisal Nanji, Executive Director, Techumen feisal@techumen.com Conflict of Interest Disclosure Feisal Nanji, MPP, CISSP Has no real or apparent conflicts of interest

More information

Technical Brief: Virtualization

Technical Brief: Virtualization Technical Brief: Virtualization Technology Overview Tempered Networks automates connectivity and network security for distributed devices over trusted and untrusted network infrastructure. The Tempered

More information

Planning Guide Cloud Security

Planning Guide Cloud Security SEPTEMBER 2011 Planning Guide Cloud Security Seven Steps for Building Security in the Cloud from the Ground Up Why you should read this document: This guide provides practical information to help you integrate

More information

Cloud & Security. Dr Debabrata Nayak Debu.nayak@huawei.com

Cloud & Security. Dr Debabrata Nayak Debu.nayak@huawei.com Cloud & Security Dr Debabrata Nayak Debu.nayak@huawei.com AGENDA General description of cloud Cloud Framework Top issues in cloud Cloud Security trend Cloud Security Infrastructure Cloud Security Advantages

More information

Security in the Cloud

Security in the Cloud solution brief Cloud Computing Security in the Cloud Intel Xeon Processor E5-4600/2600/2400/1600 Intel Technologies Enable More Secure Business Computing in the Cloud Would you like to begin transforming

More information

Data Center Connector 3.0.0 for OpenStack

Data Center Connector 3.0.0 for OpenStack Product Guide Data Center Connector 3.0.0 for OpenStack For use with epolicy Orchestrator 5.1.0 Software COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee,

More information

Long Distance Workload Migration

Long Distance Workload Migration Long Distance Workload Migration Secure Data Access and Movement Between Clouds Mark Lesher Sr. Director EMC 2 Cloud Infrastructure Solutions September 10 1 Drivers for Long Distance Workload Migration

More information

How to Secure Infrastructure Clouds with Trusted Computing Technologies

How to Secure Infrastructure Clouds with Trusted Computing Technologies How to Secure Infrastructure Clouds with Trusted Computing Technologies Nicolae Paladi Swedish Institute of Computer Science 2 Contents 1. Infrastructure-as-a-Service 2. Security challenges of IaaS 3.

More information

Private Virtual Infrastructure: A Model for Trustworthy Utility Cloud Computing UMBC Computer Science Technical Report Number TR-CS-10-04

Private Virtual Infrastructure: A Model for Trustworthy Utility Cloud Computing UMBC Computer Science Technical Report Number TR-CS-10-04 Private Virtual Infrastructure: A Model for Trustworthy Utility Cloud Computing UMBC Computer Science Technical Report Number TR-CS-10-04 F. John Krautheim 1 Dhananjay S. Phatak Alan T. Sherman 1 Cyber

More information

Acronym Term Description

Acronym Term Description This glossary contains definitions of terms created by TCG, or terms that have a particular meaning in trusted computing, or terms that cause particular confusion in trusted computing. Acronym Term Description

More information

TPM Key Backup and Recovery. For Trusted Platforms

TPM Key Backup and Recovery. For Trusted Platforms TPM Key Backup and Recovery For Trusted Platforms White paper for understanding and support proper use of backup and recovery procedures for Trusted Computing Platforms. 2006-09-21 V0.95 Page 1 / 17 Contents

More information

On the security of Virtual Machine migration and related topics

On the security of Virtual Machine migration and related topics Master thesis On the security of Virtual Machine migration and related topics Ramya Jayaram Masti Submitted in fulfillment of the requirements of Master of Science in Computer Science Department of Computer

More information

HyTrust Addendum to the VMware Product Applicability Guide. For. Federal Risk and Authorization Management Program (FedRAMP) version 1.

HyTrust Addendum to the VMware Product Applicability Guide. For. Federal Risk and Authorization Management Program (FedRAMP) version 1. HyTrust Product Applicability Guide For Federal Risk and Authorization Management Program (FedRAMP) VMware Compliance Reference Architecture Framework to the VMware Product Applicability Guide For Federal

More information

QTS Leverages HyTrust to Build a FedRAMP Compliant Cloud

QTS Leverages HyTrust to Build a FedRAMP Compliant Cloud CASE STUD QTS Leverages HyTrust to Build a FedRAMP Compliant Cloud The technology and expertise provided by HyTrust dramatically simplified the process of preparing for our FedRAMP certification. HyTrust

More information

Lecture Embedded System Security Dynamic Root of Trust and Trusted Execution

Lecture Embedded System Security Dynamic Root of Trust and Trusted Execution 1 Lecture Embedded System Security Dynamic Root of Trust and Execution Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Summer Term 2014 Dynamic Root

More information

A Virtualized Linux Integrity Subsystem for Trusted Cloud Computing

A Virtualized Linux Integrity Subsystem for Trusted Cloud Computing A Virtualized Linux Integrity Subsystem for Trusted Cloud Computing Stefan Berger Joint work with: Kenneth Goldman, Dimitrios Pendarakis, David Safford, Mimi Zohar IBM T.J. Watson Research Center 09/21/2011

More information

Technical Brief Distributed Trusted Computing

Technical Brief Distributed Trusted Computing Technical Brief Distributed Trusted Computing Josh Wood Look inside to learn about Distributed Trusted Computing in Tectonic Enterprise, an industry-first set of technologies that cryptographically verify,

More information

Central Agency for Information Technology

Central Agency for Information Technology Central Agency for Information Technology Kuwait National IT Governance Framework Information Security Agenda 1 Manage security policy 2 Information security management system procedure Agenda 3 Manage

More information

Cloud: Where are we now? Gerald Gerry Seaman Cloud Marketing Manager Intel - Data Center Group Enterprise High Performance Group

Cloud: Where are we now? Gerald Gerry Seaman Cloud Marketing Manager Intel - Data Center Group Enterprise High Performance Group Cloud: Where are we now? Gerald Gerry Seaman Cloud Marketing Manager Intel - Data Center Group Enterprise High Performance Group Why is Intel Talking Cloud? Service and Policy Management Analytics Cloud

More information

Issues in Cloud Security

Issues in Cloud Security Issues in Cloud Security Private, Public, Hybrid Abstract This white paper discusses the major computer security issues confronting an organization when moving to the cloud. Even for small companies, migrating

More information

Intel Service Assurance Administrator. Product Overview

Intel Service Assurance Administrator. Product Overview Intel Service Assurance Administrator Product Overview Running Enterprise Workloads in the Cloud Enterprise IT wants to Start a private cloud initiative to service internal enterprise customers Find an

More information

Software Execution Protection in the Cloud

Software Execution Protection in the Cloud Software Execution Protection in the Cloud Miguel Correia 1st European Workshop on Dependable Cloud Computing Sibiu, Romania, May 8 th 2012 Motivation clouds fail 2 1 Motivation accidental arbitrary faults

More information

TECHNOLOGY PARTNER CERTIFICATION BENEFITS AND PROCESS

TECHNOLOGY PARTNER CERTIFICATION BENEFITS AND PROCESS TECHNOLOGY PARTNER CERTIFICATION BENEFITS AND PROCESS BUSINESS BENEFITS Use of the Certified Partner seal and the Secured by RSA brand on product packaging and advertising Exposure in the Secured by RSA

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

Certification Report

Certification Report Certification Report EAL 2 Evaluation of with Gateway and Key Management v2.9 running on Fedora Core 6 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria

More information

Property Based TPM Virtualization

Property Based TPM Virtualization Property Based Virtualization Marcel Winandy Joint work with: Ahmad Reza Sadeghi, Christian Stüble Horst Görtz Institute for IT Security Chair for System Security Ruhr University Bochum, Germany Sirrix

More information

Efficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms

Efficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms Efficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms Radhika G #1, K.V.V. Satyanarayana *2, Tejaswi A #3 1,2,3 Dept of CSE, K L University, Vaddeswaram-522502,

More information

When your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work.

When your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work. Deployment Guide Revision C McAfee Web Protection Hybrid Introduction Web Protection provides the licenses and software for you to deploy Web Gateway, SaaS Web Protection, or a hybrid deployment using

More information

Improving OpenStack* Hybrid Cloud Security

Improving OpenStack* Hybrid Cloud Security SOLUTION BRIEF Intel Trusted Execution Technology Hybrid Security Improving OpenStack* Hybrid Security Together, Intel, Mirantis, and IBM SoftLayer demonstrate how Intel Trusted Execution Technology, attestation,

More information

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015 NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X

More information

TCG Based Approach for Secure Management of Virtualized Platforms State-of-the-art

TCG Based Approach for Secure Management of Virtualized Platforms State-of-the-art SICS Technical Report T2010:05 ISSN 1100-3154 TCG Based Approach for Secure Management of Virtualized Platforms State-of-the-art (June 05, 2010) Mudassar Aslam, Christian Gehrmann {Mudassar.Aslam, Christian.Gehrmann}@sics.se

More information

Securing Data on Microsoft SQL Server 2012

Securing Data on Microsoft SQL Server 2012 Securing Data on Microsoft SQL Server 2012 Course 55096 The goal of this two-day instructor-led course is to provide students with the database and SQL server security knowledge and skills necessary to

More information

Secure Data Management in Trusted Computing

Secure Data Management in Trusted Computing 1 Secure Data Management in Trusted Computing Ulrich Kühn Deutsche Telekom Laboratories, TU Berlin Klaus Kursawe (KU Leuven) Stefan Lucks (U Mannheim) Ahmad-Reza Sadeghi (RU Bochum) Christian Stüble (RU

More information

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC RE Think Invent IT & Business IBM SmartCloud Security Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC 2014 IBM Corporation Some Business Questions Is Your Company is Secure

More information

Opal SSDs Integrated with TPMs

Opal SSDs Integrated with TPMs Opal SSDs Integrated with TPMs August 21, 2012 Robert Thibadeau, Ph.D. U.S. Army SSDs Must be Opal s We also Studied using the TPM (Trusted Platform Module) with an Opal SSD (Self-Encrypting Drive) 2 Security

More information

TNC: Open Standards for Network Security Automation. Copyright 2010 Trusted Computing Group

TNC: Open Standards for Network Security Automation. Copyright 2010 Trusted Computing Group TNC: Open Standards for Network Security Automation Copyright 2010 Trusted Computing Group Agenda Introduce TNC and TCG Explanation of TNC What problems does TNC solve? How does TNC solve those problems?

More information

Hi and welcome to the Microsoft Virtual Academy and

Hi and welcome to the Microsoft Virtual Academy and Hi and welcome to the Microsoft Virtual Academy and 2012 Microsoft Corporation 1 the start of the Windows 8 Security Insights training. My name is Milad Aslaner I m part of the Premier Field Engineering

More information

Intel Cloud Builder Guide: Cloud Design and Deployment on Intel Platforms

Intel Cloud Builder Guide: Cloud Design and Deployment on Intel Platforms EXECUTIVE SUMMARY Intel Cloud Builder Guide Intel Xeon Processor-based Servers Red Hat* Cloud Foundations Intel Cloud Builder Guide: Cloud Design and Deployment on Intel Platforms Red Hat* Cloud Foundations

More information

Jort Kollerie SonicWALL

Jort Kollerie SonicWALL Jort Kollerie Cloud 85% of businesses said their organizations will use cloud tools moderately to extensively in the next 3 years. 68% of spend in private cloud solutions. - Bain and Dell 3 Confidential

More information

NCTA Cloud Architecture

NCTA Cloud Architecture NCTA Cloud Architecture Course Specifications Course Number: 093019 Course Length: 5 days Course Description Target Student: This course is designed for system administrators who wish to plan, design,

More information

VMware ESXi 3.5 update 2

VMware ESXi 3.5 update 2 VMware ESXi 3.5 update 2 VMware ESXi 3.5 Exec Summary What is it? What does it do? What is unique? Who can use it? How do you use it? Next generation, thin hypervisor for FREE Partitions servers to create

More information

MS-55096: Securing Data on Microsoft SQL Server 2012

MS-55096: Securing Data on Microsoft SQL Server 2012 MS-55096: Securing Data on Microsoft SQL Server 2012 Description The goal of this two-day instructor-led course is to provide students with the database and SQL server security knowledge and skills necessary

More information

Security Model for VM in Cloud

Security Model for VM in Cloud Security Model for VM in Cloud 1 Venkataramana.Kanaparti, 2 Naveen Kumar R, 3 Rajani.S, 4 Padmavathamma M, 5 Anitha.C 1,2,3,5 Research Scholars, 4Research Supervisor 1,2,3,4,5 Dept. of Computer Science,

More information

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com Introduction to Cloud Computing Srinath Beldona srinath_beldona@yahoo.com Agenda Pre-requisites Course objectives What you will learn in this tutorial? Brief history Is cloud computing new? Why cloud computing?

More information

Securing the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation

Securing the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation Securing the Cloud with IBM Security Systems 1 2012 2012 IBM IBM Corporation Corporation IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns

More information

Using BroadSAFE TM Technology 07/18/05

Using BroadSAFE TM Technology 07/18/05 Using BroadSAFE TM Technology 07/18/05 Layers of a Security System Security System Data Encryption Key Negotiation Authentication Identity Root Key Once root is compromised, all subsequent layers of security

More information

White Paper How Noah Mobile uses Microsoft Azure Core Services

White Paper How Noah Mobile uses Microsoft Azure Core Services NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah

More information

Cloud Courses Description

Cloud Courses Description Courses Description 101: Fundamental Computing and Architecture Computing Concepts and Models. Data center architecture. Fundamental Architecture. Virtualization Basics. platforms: IaaS, PaaS, SaaS. deployment

More information

McAfee MOVE / VMware Collaboration Best Practices

McAfee MOVE / VMware Collaboration Best Practices McAfee MOVE / VMware Collaboration Best Practices Christie J. Karrels Sales Engineer Federal DoD January 11, 2013 1 P a g e Contents Introduction... 3 Traditional Anti-Malware vs. Optimized Anti-Malware...

More information

Cloud security and OpenStack Primož Cigoj Laboratorij za odprte sisteme in mreže IJS-E5. www.kc-class.eu

Cloud security and OpenStack Primož Cigoj Laboratorij za odprte sisteme in mreže IJS-E5. www.kc-class.eu Cloud security and OpenStack Primož Cigoj Laboratorij za odprte sisteme in mreže IJS-E5 www.kc-class.eu 1 1 Outline Cloud computing General overview Deployment and service models Security issues Threats

More information

CLOUD COMPUTING OVERVIEW

CLOUD COMPUTING OVERVIEW CLOUD COMPUTING OVERVIEW http://www.tutorialspoint.com/cloud_computing/cloud_computing_overview.htm Copyright tutorialspoint.com Cloud Computing provides us a means by which we can access the applications

More information

Data Protection: From PKI to Virtualization & Cloud

Data Protection: From PKI to Virtualization & Cloud Data Protection: From PKI to Virtualization & Cloud Raymond Yeung CISSP, CISA Senior Regional Director, HK/TW, ASEAN & A/NZ SafeNet Inc. Agenda What is PKI? And Value? Traditional PKI Usage Cloud Security

More information

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS CLOUD COMPUTING Cloud computing is a model for enabling convenient, ondemand network access to a shared pool of configurable computing

More information

Chapter 4 Application, Data and Host Security

Chapter 4 Application, Data and Host Security Chapter 4 Application, Data and Host Security 4.1 Application Security Chapter 4 Application Security Concepts Concepts include fuzzing, secure coding, cross-site scripting prevention, crosssite request

More information

Attestation and Authentication Protocols Using the TPM

Attestation and Authentication Protocols Using the TPM Attestation and Authentication Protocols Using the TPM Ariel Segall June 21, 2011 Approved for Public Release: 11-2876. Distribution Unlimited. c 2011. All Rights Reserved. (1/28) Motivation Almost all

More information

HyTrust Logging Solution Brief: Gain Virtualization Compliance by Filling Log Data Gaps

HyTrust Logging Solution Brief: Gain Virtualization Compliance by Filling Log Data Gaps WHITE PAPER HyTrust Logging Solution Brief: Gain Virtualization Compliance by Filling Log Data Gaps Summary Summary Compliance with PCI, HIPAA, FISMA, EU, and other regulations is as critical in virtualized

More information

McAfee Firewall Enterprise System Administration Intel Security Education Services Administration Course

McAfee Firewall Enterprise System Administration Intel Security Education Services Administration Course McAfee Firewall Enterprise System Administration Intel Security Education Services Administration Course The McAfee Firewall Enterprise System Administration course from McAfee University is a fast-paced,

More information

Intel vpro Provisioning

Intel vpro Provisioning Intel vpro Provisioning Introduction............................................................ 2 AMT Setup and Configuration............................................... 2 SMB Mode - AMT Setup and

More information

Lecture 02b Cloud Computing II

Lecture 02b Cloud Computing II Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,

More information

Intel Cloud Builders Guide to Cloud Design and Deployment on Intel Platforms

Intel Cloud Builders Guide to Cloud Design and Deployment on Intel Platforms Intel Cloud Builders Guide Intel Xeon Processor-based Servers Power Management & Security within Open Source Private Cloud with Intel & OpenStack Intel Cloud Builders Guide to Cloud Design and Deployment

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure

More information

Topics. Images courtesy of Majd F. Sakr or from Wikipedia unless otherwise noted.

Topics. Images courtesy of Majd F. Sakr or from Wikipedia unless otherwise noted. Cloud Computing Topics 1. What is the Cloud? 2. What is Cloud Computing? 3. Cloud Service Architectures 4. History of Cloud Computing 5. Advantages of Cloud Computing 6. Disadvantages of Cloud Computing

More information