Security Considerations for Virtual Platform Provisioning

Size: px
Start display at page:

Download "Security Considerations for Virtual Platform Provisioning"

Transcription

1 Security Considerations for Virtual Platform Provisioning Mudassar Aslam, Christian Gehrmann Swedish Institute of Computer Science (SICS) Isafjordsgatan 22, SE Kista, Sweden {mudassar.aslam, Abstract The concept of virtualization is not new but leveraging virtualization in different modes and at different layers has revolutionized its usage scenarios. Virtualization can be applied at application layer to create sandbox environment, operating system layer to virtualize shared system resources (e.g. memory, CPU), at platform level or in any other useful possible hybrid scheme. When virtualization is applied at platform level, the resulting virtualized platform can run multiple virtual machines as if they were physically separated real machines. Provisioning virtualized platforms in this way is often also referred to as Platform as a Service (PaaS) in the cloud computing terminology. Different business models, like datacenters or telecommunication providers and operators, can get business benefits by using platform virtualization due to the possibility of increased resource utilization and reduced upfront infrastructure setup expenditures. This opportunity comes together with new security issues. An organization that runs services in form of virtual machine images on an offered platform needs security guarantees. In short, it wants evidence that the platforms it utilizes are trustworthy and that sensitive information is protected. Even if this sounds natural and straight forward, few attempts have been made to analyze in details what these expectations means from a security technology perspective in a realistic deployment scenario. In this paper we present a telecommunication virtualized platform provisioning scenario with two major stakeholders, the operator who utilizes virtualized telecommunication platform resources and the service provider, who offers such resources to operators. We make threats analysis for this scenario and derive major security requirements from the different stakeholders perspectives. Through investigating a particular virtual machine provisioning use case, we take the first steps towards a better understanding of the major security obstacles with respect to platform service offerings. The last couple of years we have seen increased activities around security for clouds regarding different usage and business models. We contribute to this important area through a thorough security analysis of a concrete deployment scenario. Finally, we use the security requirements derived through the analysis to make a comparison with contemporary related research and to identify future research challenges in the area. Keywords security; trust; virtualization; virtual private server; telecommunication networks I. INTRODUCTION Past years we have seen a strong move in the market place towards usage of virtualization technologies 1. Virtualization 1 The virtualization technology we discuss here is the approach when a complete software system (including OS) runs on top of a hypervisor. This allows one to run legacy applications unmodified on new hardware platforms. This is realized through on-the-fly translation from one hardware instruction set to another with the assistance of a so called hypervisor or Virtual Machine Monitor (VMM). A hypervisor runs in the most privileged mode in a system and has full control over vital system resources. A hypervisor-based system not only allows instruction translation, but above all, increased system utilization as multiple Virtual Machines (VM) can run simultaneously on a single powerful hardware platform, opening for new business models and a new business landscape. This implies for example that existing services can rather easily be migrated into large computing clusters or what often is referred to as the cloud. The term cloud in general refers to offering a service of any category ranging from application to infrastructure. Commonly know broader categories are Software-as-a-Service (SaaS), Platform-as-a- Service (PaaS) and Infrastructure-as-a-Service (IaaS). There are many other possible cloud based services as well, like Application-as-a-Service, Database-as- a-service, Storage-as-a- Service, etc. These all are usually referred to as Anything-as-a- Service or XaaS. This paper particularly focuses on platform virtualization which provides a way to offer PaaS or IaaS. The new flexibility offered by virtualization and cloud based models have a price: increased security risks. Systems previously physically isolated, might now run on the same machine and consequently opening up to new attacks between virtual machines running simultaneously on the same hardware. A recent survey shows that despite potential benefits, companies are reluctant to migrate their businesses from existing physical platforms to more flexible and cost effective virtual platforms due to fear about security threats and loss of control of data and systems [23]. This shows the importance of a revised security requirements analysis considering stakeholders concerns and most importantly propose ways to establish stakeholders trust in a business model which provisions virtual resources. A telecommunication cloud presents such a use case in which the resource provider offers Infrastructure-as-a-Service using platform virtualization. Despite the scope of a telecommunication cloud as a future service model, few attempts have been made to do detailed security requirements analysis considering new dynamics of the proposed systems makes the illusion to the guest system of actually running directly upon the real hardware and it is often also referred to as system virtualization [16].

2 and required trust building mechanisms between stakeholders to make an acceptable business model. This paper focuses on these basic but important issues. We present a virtualized platform provisioning model thereby deriving a telecommunication cloud use case. Furthermore, we focus on security requirements by considering possible security threats in such a model. The aim of this paper is to identify security requirements which are important for establishing stakeholders trust in offering Infrastructure-as-a-Service to telecommunication operators. The main contributions of this paper are the following: We have presented a telecommunication cloud use case where virtualized telecommunication nodes are offered to different operators. We have identified, analyzed and consolidated security requirements of the stakeholders which forms the basis when creating a secure architecture for a telecommunication cloud. Finally, we have recommended a set of security mechanisms needed to create trusted telecommunication clouds. This paper is organized as follows. In Section II we describe the telecommunication cloud scenario. In Section III we present security threats and derive major security requirements. It also identifies recommended security mechanisms for a trusted telecommunication cloud. Section IV presents related work and we conclude in Section V. II. SCENARIO A TELECOMMUNICATION CLOUD USE CASE In the preceding decade, focus of virtual resource provisioning had been on virtualizing data centers [1], [6] but with the rapid expansion of telecommunication networks, user base and services offered by the operators, there are strong reasons for operators and their resource providers to adopt more flexible business models to meet the changing and increasing demands of end-customers yet remaining within a manageable budget. A telecommunication cloud offers such a model. While defining a telecommunication cloud business model, we consider conventional business model which has two major stakeholders - the Provider who provides telecommunication platforms (physical resources), and the Operator who operates the telecommunication network utilizing the platforms offered by the provider hence offering services to its end-customers. A problem with physical platform provisioning is that the operators might have to pay for the capabilities and resources which are not intended or required. On the other hand, a telecom operator might get short of resources to meet the increasing demands of their end-users. However, using the recent advancements in virtualization technologies, the platform providers could provision virtual platforms as opposed to physical platforms to address these issues. We consider a scenario in which a provider offers virtual platforms thereby encouraging operators to use telecommunication services according to their requirements. The resulting array of virtual platforms makes a Telecommunication Cloud which allows providers to charge operators for the exact type and number of resources they need. This capability is inherited from the cloud computing model. Furthermore, provider can enforce strong licensing techniques restricting operators to use only provisioned resources. An overview diagram of the stated scenario is shown in Fig.1. Figure 1. Our Proposed Telecommunication Cloud Scenario In the envisaged telecommunication cloud use case, the provider is required to offer complete platforms as a service which can then be used by different operators to launch their virtual machines. Considering the operators requirement of having full control over the provisioned platforms, a telecommunication cloud should offer Infrastructure-as-a- Service (IaaS) as opposed to offering Platform-as-a-Service (PaaS) where the consumer does not get complete freedom [25]. This means that the operator will be responsible to configure and maintain the provisioned (virtual) platform. The launching of virtual machine image and subsequently its management will be done by the operator using Operator Management Clients (OMCs) through a gateway entity. The gateway entity protects the provider internal network from unauthorized external accesses. Similarly, the provider manages the virtualized telecommunication platforms through a Provider Management Client (PMC). There are other possible business models, for example, a model with an intermediate entity which takes the responsibility of managing the telecommunication cloud. In such scenario, the provider outsources its virtual resources to the Cloud Management Entity (CME), which then provisions the available resources to the operators. The resulting infrastructure would allow a CME to offer virtual resources from different providers. This paper however focuses on two-role model involving only a provider and operator.

3 III. THREAT AND SECURITY REQUIREMENTS One of the most important hurdles for adopting a dynamic virtual telecommunication resource model is the security. The cloud provider and the operator both fear about new threats which arise due to simultaneously running virtual machines of different operators on same physical platforms. A successfully executed attack on the target platform could cause leak of confidential operator data which could lead to distrust in the offered services. Moreover, an attacker could use provider resources illegally if he or she could take control over the target platform. We have analyzed the scenario and identified major threats that are summarized in Table I. These threats have in turn been used to identify stakeholders security requirements, which we list in the subsequent sections together with some recommendations on security solutions meeting the requirements. TABLE I. TELECOMMUNICATION CLOUD THREATS Attacker Threat Target T 1 O, A Malicious code installation T 2 P Unintentional installation of hostile S/W VMM, VM MGT, VMM,VM MGT T 3 A, O Impersonate provider Gateway, VM MGT T 4 A, O Impersonate a legitimate operator Gateway, VM MGT T 5 P Access run-time or configuration data T 6 A Denial of Service attack Provider Network T 7 O Repudiate VM launch VM MGT T 8 O Interfere other operators VM T 9 O Get confidential data from other operators VM O : Legitimate Operator P : Legitimate Provider A : Outside attacker VMMGT : Management VM A. Provider Network Authentication Authentication is the binding of an identity to a principal. It is a standard security service which must be performed for any secure distributed system. Commonly used authentication mechanisms include passwords, challenge-response, certificates etc. [24]. With respect to connecting Operator Management Clients (OMCs), there is a need for authentication on two different levels, mutual authentication towards the provider network at the gateway and authentication on management VM level. The latter also applies to connecting Provider Management Clients (PMCs) to reduce threat T 3. Mutual authentication between OMCs and the gateway are needed to mitigate threats T 3, T 4 and T 6. A state-of-the-art solution would be to use existing secure session establishment protocols wherever applicable, for example, using Internet Key Exchange (IKE) protocol [9] for mutual authentication and key exchange in combination with IPsec [10] for establishing virtual private network (VPN). Authentication by the management VM of connecting OMCs and PMCs could typically be done as part of the management protocol that applies (REST, Web Service, SMTP etc.) and would for example be certificate based (see also Section C below). B. Platform Integrity and Authentication In order to mitigate threats T 1 and T 2, there is a need to have close control of the software that is executed on the virtual platforms. When the operator wants to launch its virtual machine on the provider provisioned virtual platform, he or she should check the configuration and integrity status of the target platform prior to launching the service. This implies that every piece of code, right from the beginning of the boot process, is securely reported in some protected storage such that the status later can be verified by connecting OMCs. Most relevant methods to consider include the Trusted Computing Group trusted boot and remote attestation principles [17], [18]. With regard to platform authentication in a cloud scenario, the operator is actually not interested in identity of the target platform rather its integrity which is reported in remote attestation. Thus a virtual platform is authenticated if its verified configurations are trusted according to the policies that the operator applies. C. Authentication, Attestation and VM Launch Protocol There are two important steps before the launch of a VM. First, the operator require network authentication (section A) and then remote attestation (section B). From operator s perspective, it is important that the VM launch should performed in the same session as these two steps ensure that the operator VM is launched on a platform which is previously attested. Similarly, the provider would be interested in protection against replay of VM launch command and protection against later repudiation by the operator which is listed as threat T 7 in TABLE I. In order to meet these requirements, the designed protocol should cryptographically bind the authentication, attestation and VM launch sessions. Therefore, there should be a comprehensively analyzed security protocol for authentication, attestation and VM launch with focus on replay protection, session binding, nonrepudiation of VM launch by the operator and other protocol security requirements. D. VM Isolation VM isolation is an important security requirement for virtual resource provisioning scenarios. In the virtualized telecommunication cloud environment, the VMs of different operators run on the same physical machine thus opening room for interfering other operators VMs. In order to mitigate this threat (T 8, T 9 ) it is important to ensure that operator VMs must be isolated. This isolation is provided by the hypervisor layer [2], [12], [20]. Hence, the security of the whole system depends upon the correctness of hypervisor. Hypervisors are claimed to provide isolation which is as strong as physical isolation if not better. However, to ensure this proposition, the size of hypervisor itself and the code/libraries it is built upon must be kept as small as possible to minimize hierarchical trust dependencies as recommended in [3]. Furthermore, the hypervisor implementation must meet higher evaluation assurance level (EAL) to get common criteria certification [22]. This is an important requirement in order to establish operators trust in the behavior of the provisioned platform. The operator would only be required to verify that the provider platform runs the certified hypervisor.

4 E. Confidentiality Once the operator sends VM launch command to the trusted platform, the operator VM would be launched and VM handle is returned to the operator for VM management. Preferably, considering threat T 5, the operator would like to cryptographically bind the VM including all its configurations like secure credentials to a trusted resource platform configuration. This can potential be partly be solved through usage of the sealing techniques as defined by the Trusted Computing Group [17] and specified in [19]. The actual data protection and isolation must be provided by the hypervisor though and sealing techniques will only help as long as there is a hypervisor layer that the operator can trust with respect to protecting and isolating VM security critical data (see Section D). F. Secure VM Migration VM migration is a process in which a running operator VM is migrated from one physical platform to another. The VM migration moves the active memory and execution state of the VM along with VM security credentials (e.g. keys). The provider must be able to support undetectable migration of operators VMs to allow uninterrupted access of the provisioned resources. VM migration is a resource administration tool which deals with situations like optimization of workload with in provider resource pools, performing platform hardware maintenance without scheduling downtimes and disrupting provisioned services. Where VM migration is a provider s indispensable administrative requirement, the operator s security concern is the threat T 5. There must be a mechanism for secure migration of operator s security credentials e.g. keys. VM migration is an active research topic which should also consider the protection of security credentials in transit. The TPM based migratable keys [19] could be considered in designing a secure VM migration solution. G. Summary Trust establishment between cloud stakeholders is one of the major challenges which can be met by fulfilling a set of security requirements presented in the preceding sections. Security mechanisms like secure boot, remote attestation, cryptographic bounding of operator VM to the provider platform and secure hypervisor are the main drivers for trust establishment. TABLE II. presents a summary of the threats identified in TABLE I, corresponding security requirements and recommended mechanisms which could be applied to mitigate those threats for designing a secure virtual resource provisioning architecture. TABLE II. SUMMARY OF THREATS, REQUIREMENTS AND RECOMMENDED MECHANISMS FOR A SECURE VIRTUAL RESOURCE PROVISIONING ARCHITECTURE Threat Security Requirement Security Mechanism(s) T 1 Platform Integrity Secure boot, Remote attestation T 2 Platform Integrity Secure boot, Remote attestation T 3 Provider Authentication Mutual Authentication (IPSec) T 4 Operator Authentication Mutual Authentication (IPSec) T 5 Confidentiality VM Sealing, Strong Isolation T 5 T 6 Secure VM Migration Secure Provider Network Ongoing research, TPM based migratable keys Firewall, Gateway T 7 Non-repudiation Sign VM launch T 8 VM Isolation Secure and certified hypervisor T 9 VM Isolation Secure and certified hypervisor IV. RELATED WORK In the past decade, considerable amount of work has been done in the domain of virtual resource provisioning with specific focus on the security of a virtualized data center [1], [6]. The building blocks of a data center are somehow similar to our perceived telecommunication cloud scenario, for example, both use hypervisors to compartmentalize strongly isolated Virtual Machines and both scenarios necessitate trust establishment in the provisioned platforms. However, there are few differences in terms of type of stakeholders and their security requirements. One such difference is the relationship between the resource user and resource provider. The nature of the telecommunication cloud probably defines a stronger, long and a static relationship between the user and the provider as opposed to the data center scenario with weak, short and dynamic relationships between its stakeholders. Due to such differences and consequently different security requirements, we could not find any substantial work in the data center domain which could be mapped to address the security requirements for a telecommunication cloud scenario. Even in the domain of data centers, we could not find any work which could specifically analyze all security requirements of the stakeholders which could be used as a basis for proposing future secure solutions. However, existing body of literature focuses on some security requirements for virtual data centers. For example, Trusted Virtual Datacenter (TVDc) [1], [6] focuses on solving security management challenges, which are compounded due to the complexity of a virtual data center. Similarly, the Terra [4] is a Trusted Virtual Machine Monitor (TVMM) which specifically focuses on VM isolation and gives the appearance of multiple boxes on a single hardware platform and run applications of varying assurance levels in the appropriate box. The Terra also supports certificate-based attestation to ensure platform integrity. Some other papers particularly address mechanisms for platform integrity [8], [15], [13], [7]. In [8] and [15] the authors

5 propose remote attestation which leverages TPM based cryptographic attestations by sending Integrity Measurement Log (IML) in combination with TPM_Quote which is securely computed by the TPM [19]. The verifier compares the quoted response with self computed hash value from the IML to check and decide about the integrity of the target platform. The OpenTC [17] focuses on trust establishment in virtual platforms by introducing property-based attestations instead of cryptographic attestations to make it a scalable solution for data centers. The authors in [7] also propose a similar remote attestation technique to fulfill platform integrity requirement. The architecture presented in [11] presents ways to protect the confidentiality of the user VM by leveraging sealing mechanism supported by TPM [19]. The authors in [5] propose a trusted channel which focuses on the integrity of the target platform in establishing a secure session. The trusted channels also features trusted computing mechanisms for establishing trust between end entities. V. CONCLUSION In this paper we have presented a scenario in which virtualized telecommunication resources making up the telecommunication cloud, are provisioned to different telecommunication operators. We have performed a detailed security analysis of the addressed scenario taking both stakeholders concerns into account. We started with identifying major security threats followed by a detailed security requirements analysis with the focus on trust establishment between stakeholders. Our results present a summary of probable security threats, stakeholders security requirements and our recommended mechanisms to create trusted telecommunication clouds. Finally, we presented existing related work which on comparison with our security analysis, shows that this paper consolidates possible security requirements from all existing body of literature. Furthermore, there are many other security requirements identified in this paper which are not addressed so far. Hence, this paper identifies open research areas in the area of virtual platform provisioning, and therefore may serve the basis for identification of further research in this area. REFERENCES [1] Berger, S., C aceres, R., Pendarakis, D., Sailer, R., Valdez, E., Perez, R., Schildhauer, W., Srinivasan, D.: TVDc: Managing Security in the Trusted Virtual Datacenter. SIGOPS Oper. Syst. Rev. 42(1), (2008) [2] Chisnall, D.: The Definitive Guide to the Xen Hypervisor (Prentice Hall Open Source Software Development Series). Prentice Hall PTR, Upper Saddle River, NJ, USA (2007) [3] van Doorn, L.: Trusted Computing Challenges. In: STC 07: Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing. pp ACM, New York, NY, USA (2007) [4] Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: a Virtual Machine-based Platform for Trusted Computing. pp ACM Press (2003) [5] Gasmi, Y., Sadeghi, A.R., Stewin, P., Unger, M., Asokan, N.: Beyond Secure Channels. In: STC 07: Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing. pp ACM, New York, NY, USA (2007) [6] Griffin, J.L., Jaeger, T., Perez, R., Sailer, R., Doorn, L.V., Cceres, R.: Trusted Virtual Domains: Toward Secure Distributed Services. In: In Proc. of the First Workshop on Hot Topics in System Dependability (Hotdep05. IEEE Press (2005) [7] Haldar, V., Chandra, D., Franz, M.: Semantic Remote Attestation -A Virtual Machine directed approach to Trusted Computing. In: USENIX Virtual Machine Research and Technology Symposium. pp (2004) [8] Huang, X., Peng, Y.: An Effective Approach for Remote Attestation in Trusted Computing. In: WISA 2009 : Proceedings of the 2nd International Symposium on Web Information Systems and Applications. pp Academy Publisher, FIN-90571, OULU, FINLAND (2009) [9] Internet Key Exchange (IKEv2) Protocol. Tech. Rep. RFC 4306, Internet Engineering Task Force (December 2005) [10] Security Architecture for the Internet Protocol. Tech. Rep. RFC 4301, Internet Engineering Task Force (December 2005) [11] Jansen, B., Ramasamy, H.V., Schunter, M.: Flexible Integrity Protection and Verification Architecture for Virtual Machine Monitors. In: The Second Workshop on Advances in Trusted Computing (WATC 06 Fall (2006) [12] Kernel Based Virtual Machine. [13] Landfermann, R., Kuhlmann, D., Kuhlmann, D., L, R., Ramasamy, H.V., Ramasamy, H.V., Schunter, M., Schunter, M., Ramunno, G., Ramunno, G., Vernizzi, D., Vernizzi, D.: D.: An Open Trusted Computing Architecture Secure Virtual Machines Enabling User-defined Policy Enforcement. (2006) [14] Ormandy, T.: An empirical Study into the Security Exposure to Hosts of Hostile Virtualized Environments. In: CanSecWest (2007) [15] Sailer, R., Zhang, X., Jaeger, T., Doorn, L.V., Sailer, R., Zhang, X., Jaeger, T., Doorn, L.V.: Integrity Measurement Architecture. In: The Proceedings of the 13th USENIX Security Symposium (Sec 04). pp (August 2004) [16] Smith, J.E., Nair, R.: Virtual machines: versatile platforms for systems and processes. Morgan Kaufmann Publishers (2005) [17] Trusted Computing Group. [18] TCG Specification Architecture Overview. org/resources (August 2007) [19] TPM Main Specification. trustedcomputinggroup.org/resources/tpm_main_specification (July 2007) [20] VMware Inc., Virtualization Solutions. virtualization/ [21] Santos, N., Gummadi, K. P., and Rodrigues, R Towards trusted cloud computing. In Proceedings of the 2009 Conference on Hot Topics in Cloud Computing (San Diego, California). USENIX Association, Berkeley, CA, 3-3. [22] The Common Criteria. [23] Survey: Cloud Computing 'No Hype', But Fear of Security and Control Slowing Adoption. ty/ [24] Bishop, M Introduction to Computer Security. Addison-Wesley Professional [25] Cloud Computing Deep Dive, Sepcial Report, September 2009

Trusted Integrity Measurement and Reporting for Virtualized Platforms

Trusted Integrity Measurement and Reporting for Virtualized Platforms Trusted Integrity Measurement and Reporting for Virtualized Platforms (Work-in-Progress) Serdar Cabuk 1, Liqun Chen 2, David Plaquin 2 and Mark Ryan 3 1 serdar.cabuk@gmail.com 2 Hewlett-Packard Laboratories

More information

Trusted Virtual Datacenter Radically simplified security management

Trusted Virtual Datacenter Radically simplified security management IBM T. J. Watson Research Center Trusted Virtual Datacenter Radically simplified security management Stefan Berger, Ramón Cáceres, Dimitrios Pendarakis, Reiner Sailer, Ray Valdez Secure Systems Department,

More information

Patterns for Secure Boot and Secure Storage in Computer Systems

Patterns for Secure Boot and Secure Storage in Computer Systems Patterns for Secure Boot and Secure Storage in Computer Systems Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany {hans.loehr,ahmad.sadeghi,marcel.winandy}@trust.rub.de

More information

IaaS Cloud Architectures: Virtualized Data Centers to Federated Cloud Infrastructures

IaaS Cloud Architectures: Virtualized Data Centers to Federated Cloud Infrastructures IaaS Cloud Architectures: Virtualized Data Centers to Federated Cloud Infrastructures Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF Introduction

More information

Virtual Machines and Security Paola Stone Martinez East Carolina University November, 2013.

Virtual Machines and Security Paola Stone Martinez East Carolina University November, 2013. Virtual Machines and Security Paola Stone Martinez East Carolina University November, 2013. Keywords: virtualization, virtual machine, security. 1. Virtualization The rapid growth of technologies, nowadays,

More information

How to Secure Infrastructure Clouds with Trusted Computing Technologies

How to Secure Infrastructure Clouds with Trusted Computing Technologies How to Secure Infrastructure Clouds with Trusted Computing Technologies Nicolae Paladi Swedish Institute of Computer Science 2 Contents 1. Infrastructure-as-a-Service 2. Security challenges of IaaS 3.

More information

ASSURING INTEGRITY OF DATAFLOW PROCESSING IN CLOUD COMPUTING INFRASTRUCTURE

ASSURING INTEGRITY OF DATAFLOW PROCESSING IN CLOUD COMPUTING INFRASTRUCTURE ASSURING INTEGRITY OF DATAFLOW PROCESSING IN CLOUD COMPUTING INFRASTRUCTURE R.Genga devi 1, K.Anitha 2, M.Murugeshwari 3,S.vidhya 4, Dr.K.Ramasamy 5 1, 2, 3- UG STUDENT, P.S.R.RENGASAMY COLLEGE OF ENGINEERING

More information

Position Paper: Can the Web Really Use Secure Hardware?

Position Paper: Can the Web Really Use Secure Hardware? Position Paper: Can the Web Really Use Secure Hardware? Justin King-Lacroix 1 Department of Computer Science, University of Oxford justin.king-lacroix@cs.ox.ac.uk Abstract. The Web has become the platform

More information

Seed4C: A Cloud Security Infrastructure validated on Grid 5000

Seed4C: A Cloud Security Infrastructure validated on Grid 5000 Seed4C: A Cloud Security Infrastructure validated on Grid 5000 E. Caron 1, A. Lefray 1, B. Marquet 2, and J. Rouzaud-Cornabas 1 1 Université de Lyon. LIP Laboratory. UMR CNRS - ENS Lyon - INRIA - UCBL

More information

CLOUD COMPUTING. DAV University, Jalandhar, Punjab, India. DAV University, Jalandhar, Punjab, India

CLOUD COMPUTING. DAV University, Jalandhar, Punjab, India. DAV University, Jalandhar, Punjab, India CLOUD COMPUTING 1 Er. Simar Preet Singh, 2 Er. Anshu Joshi 1 Assistant Professor, Computer Science & Engineering, DAV University, Jalandhar, Punjab, India 2 Research Scholar, Computer Science & Engineering,

More information

Keywords Distributed Computing, On Demand Resources, Cloud Computing, Virtualization, Server Consolidation, Load Balancing

Keywords Distributed Computing, On Demand Resources, Cloud Computing, Virtualization, Server Consolidation, Load Balancing Volume 5, Issue 1, January 2015 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Survey on Load

More information

Proactively Secure Your Cloud Computing Platform

Proactively Secure Your Cloud Computing Platform Proactively Secure Your Cloud Computing Platform Dr. Krutartha Patel Security Engineer 2010 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals Agenda 1 Cloud

More information

TCG Based Approach for Secure Management of Virtualized Platforms State-of-the-art

TCG Based Approach for Secure Management of Virtualized Platforms State-of-the-art SICS Technical Report T2010:05 ISSN 1100-3154 TCG Based Approach for Secure Management of Virtualized Platforms State-of-the-art (June 05, 2010) Mudassar Aslam, Christian Gehrmann {Mudassar.Aslam, Christian.Gehrmann}@sics.se

More information

Providing Flexible Security as a Service Model for Cloud Infrastructure

Providing Flexible Security as a Service Model for Cloud Infrastructure Providing Flexible Security as a Service Model for Cloud Infrastructure Dr. M. Newlin Rajkumar, P. Banu Priya, Dr. V. Venkatesakumar Abstract Security-as-a-Service model for cloud systems enable application

More information

International Journal of Innovative Technology & Adaptive Management (IJITAM) ISSN: 2347-3622, Volume-1, Issue-5, February 2014

International Journal of Innovative Technology & Adaptive Management (IJITAM) ISSN: 2347-3622, Volume-1, Issue-5, February 2014 An Overview on Cloud Computing Services And Related Threats Bipasha Mallick Assistant Professor, Haldia Institute Of Technology bipasm@gmail.com Abstract. Cloud computing promises to increase the velocity

More information

Security Model for VM in Cloud

Security Model for VM in Cloud Security Model for VM in Cloud 1 Venkataramana.Kanaparti, 2 Naveen Kumar R, 3 Rajani.S, 4 Padmavathamma M, 5 Anitha.C 1,2,3,5 Research Scholars, 4Research Supervisor 1,2,3,4,5 Dept. of Computer Science,

More information

GUEST OPERATING SYSTEM BASED PERFORMANCE COMPARISON OF VMWARE AND XEN HYPERVISOR

GUEST OPERATING SYSTEM BASED PERFORMANCE COMPARISON OF VMWARE AND XEN HYPERVISOR GUEST OPERATING SYSTEM BASED PERFORMANCE COMPARISON OF VMWARE AND XEN HYPERVISOR ANKIT KUMAR, SAVITA SHIWANI 1 M. Tech Scholar, Software Engineering, Suresh Gyan Vihar University, Rajasthan, India, Email:

More information

Realizing Trusted Clouds

Realizing Trusted Clouds Realizing Trusted Clouds with Trusted Computing and SCAP SICS Security Seminar April 08, 2014 Mudassar Aslam (Researcher,PhD Student) Security LAB (SEC Lab) 1 Outline Cloud Computing Trusted Clouds Cloud

More information

What Is It? Business Architecture Research Challenges Bibliography. Cloud Computing. Research Challenges Overview. Carlos Eduardo Moreira dos Santos

What Is It? Business Architecture Research Challenges Bibliography. Cloud Computing. Research Challenges Overview. Carlos Eduardo Moreira dos Santos Research Challenges Overview May 3, 2010 Table of Contents I 1 What Is It? Related Technologies Grid Computing Virtualization Utility Computing Autonomic Computing Is It New? Definition 2 Business Business

More information

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com Introduction to Cloud Computing Srinath Beldona srinath_beldona@yahoo.com Agenda Pre-requisites Course objectives What you will learn in this tutorial? Brief history Is cloud computing new? Why cloud computing?

More information

Chapter 1: Introduction

Chapter 1: Introduction Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure

More information

Cloud Computing #6 - Virtualization

Cloud Computing #6 - Virtualization Cloud Computing #6 - Virtualization Main source: Smith & Nair, Virtual Machines, Morgan Kaufmann, 2005 Today What do we mean by virtualization? Why is it important to cloud? What is the penalty? Current

More information

Mutual Authentication Cloud Computing Platform based on TPM

Mutual Authentication Cloud Computing Platform based on TPM Mutual Authentication Cloud Computing Platform based on TPM Lei Peng 1, Yanli Xiao 2 1 College of Information Engineering, Taishan Medical University, Taian Shandong, China 2 Department of Graduate, Taishan

More information

Can PCI DSS Compliance Be Achieved in a Cloud Environment?

Can PCI DSS Compliance Be Achieved in a Cloud Environment? royal holloway Can Compliance Be Achieved in a Cloud Environment? Organisations are considering whether to run -based systems in a cloud environment. The security controls in the cloud may be sufficient

More information

Infrastructure as a Service (IaaS)

Infrastructure as a Service (IaaS) Infrastructure as a Service (IaaS) (ENCS 691K Chapter 4) Roch Glitho, PhD Associate Professor and Canada Research Chair My URL - http://users.encs.concordia.ca/~glitho/ References 1. R. Moreno et al.,

More information

Iaas for Private and Public Cloud using Openstack

Iaas for Private and Public Cloud using Openstack Iaas for Private and Public Cloud using Openstack J. Beschi Raja, Assistant Professor, Department of CSE, Kalasalingam Institute of Technology, TamilNadu, India, K.Vivek Rabinson, PG Student, Department

More information

Trusted Virtual Datacenter and Trusted Computing

Trusted Virtual Datacenter and Trusted Computing IBM T J Watson Research Center Trusted Virtual Datacenter and Trusted Computing What about Cryptography? Reiner Sailer IBM Thomas J Watson Research Center, Hawthorne, NY Joint work with: Stefan Berger,

More information

Cloud Infrastructure Pattern

Cloud Infrastructure Pattern 1 st LACCEI International Symposium on Software Architecture and Patterns (LACCEI-ISAP-MiniPLoP 2012), July 23-27, 2012, Panama City, Panama. Cloud Infrastructure Pattern Keiko Hashizume Florida Atlantic

More information

Migration of Virtual Machines for Better Performance in Cloud Computing Environment

Migration of Virtual Machines for Better Performance in Cloud Computing Environment Migration of Virtual Machines for Better Performance in Cloud Computing Environment J.Sreekanth 1, B.Santhosh Kumar 2 PG Scholar, Dept. of CSE, G Pulla Reddy Engineering College, Kurnool, Andhra Pradesh,

More information

Guideline on Implementing Cloud Identity and Access Management

Guideline on Implementing Cloud Identity and Access Management CMSGu2013-05 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Implementing Cloud Identity and Access Management National

More information

Payment minimization and Error-tolerant Resource Allocation for Cloud System Using equally spread current execution load

Payment minimization and Error-tolerant Resource Allocation for Cloud System Using equally spread current execution load Payment minimization and Error-tolerant Resource Allocation for Cloud System Using equally spread current execution load Pooja.B. Jewargi Prof. Jyoti.Patil Department of computer science and engineering,

More information

Cloud computing and SAP

Cloud computing and SAP Cloud computing and SAP Next Generation SAP Technologies Volume 1 of 2010 Table of contents Document history 1 Overview 2 SAP Landscape challenges 3 Infrastructure as a Service (IaaS) 4 Public, Private,

More information

SECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING

SECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING SECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING 1. K.SURIYA Assistant professor Department of Computer Applications Dhanalakshmi Srinivasan College of Arts and Science for Womren Perambalur Mail: Surik.mca@gmail.com

More information

Technical Brief Distributed Trusted Computing

Technical Brief Distributed Trusted Computing Technical Brief Distributed Trusted Computing Josh Wood Look inside to learn about Distributed Trusted Computing in Tectonic Enterprise, an industry-first set of technologies that cryptographically verify,

More information

SECURITY IN OPEN SOURCE VIRTUALIZATION

SECURITY IN OPEN SOURCE VIRTUALIZATION SECURITY IN OPEN SOURCE VIRTUALIZATION S.SELVAKUMAR B.Tech., IFET College of Engineering, - selvakkumarit@gmail.com ABSTRACT: As virtual machines become increasingly commonplace as a method of separating

More information

Security Threats in Cloud Computing Environments 1

Security Threats in Cloud Computing Environments 1 Security Threats in Cloud Computing Environments 1 Kangchan Lee Electronics and Telecommunications Research Institute chan@etr.re.kr Abstract Cloud computing is a model for enabling service user s ubiquitous,

More information

Computer Science. About PaaS Security. Donghoon Kim Henry E. Schaffer Mladen A. Vouk

Computer Science. About PaaS Security. Donghoon Kim Henry E. Schaffer Mladen A. Vouk About PaaS Security Donghoon Kim Henry E. Schaffer Mladen A. Vouk North Carolina State University, USA May 21, 2015 @ ICACON 2015 Outline Introduction Background Contribution PaaS Vulnerabilities and Countermeasures

More information

Towards Trustworthy Architectures for Secure Cloud Servers and End-User Devices

Towards Trustworthy Architectures for Secure Cloud Servers and End-User Devices Towards Trustworthy Architectures for Secure Cloud Servers and End-User Devices Jakub Szefer and Prof. Ruby B. Lee Princeton University http://palms.princeton.edu/ 2013-03-11 ARO Invitational Workshop

More information

A Survey on Virtual Machine Security

A Survey on Virtual Machine Security A Survey on Virtual Machine Security Jenni Susan Reuben Helsinki University of Technology jreubens@cc.hut.fi Abstract Virtualization plays a major role in helping the organizations to reduce the operational

More information

Chapter 2 Addendum (More on Virtualization)

Chapter 2 Addendum (More on Virtualization) Chapter 2 Addendum (More on Virtualization) Roch Glitho, PhD Associate Professor and Canada Research Chair My URL - http://users.encs.concordia.ca/~glitho/ More on Systems Virtualization Type I (bare metal)

More information

Private Virtual Infrastructure: A Model for Trustworthy Utility Cloud Computing UMBC Computer Science Technical Report Number TR-CS-10-04

Private Virtual Infrastructure: A Model for Trustworthy Utility Cloud Computing UMBC Computer Science Technical Report Number TR-CS-10-04 Private Virtual Infrastructure: A Model for Trustworthy Utility Cloud Computing UMBC Computer Science Technical Report Number TR-CS-10-04 F. John Krautheim 1 Dhananjay S. Phatak Alan T. Sherman 1 Cyber

More information

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS CLOUD COMPUTING Cloud computing is a model for enabling convenient, ondemand network access to a shared pool of configurable computing

More information

SURVEY ON VIRTUALIZATION VULNERABILITIES

SURVEY ON VIRTUALIZATION VULNERABILITIES SURVEY ON VIRTUALIZATION VULNERABILITIES Indumathy M Department of MCA, Acharya Institute of Technology, Bangalore, (India) ABSTRACT Virtualization plays a major role in serving the organizations to reduce

More information

Security and Privacy in Public Clouds. David Lie Department of Electrical and Computer Engineering University of Toronto

Security and Privacy in Public Clouds. David Lie Department of Electrical and Computer Engineering University of Toronto Security and Privacy in Public Clouds David Lie Department of Electrical and Computer Engineering University of Toronto 1 Cloud Computing Cloud computing can (and is) applied to almost everything today.

More information

Virtualization Technologies (ENCS 691K Chapter 3)

Virtualization Technologies (ENCS 691K Chapter 3) Virtualization Technologies (ENCS 691K Chapter 3) Roch Glitho, PhD Associate Professor and Canada Research Chair My URL - http://users.encs.concordia.ca/~glitho/ The Key Technologies on Which Cloud Computing

More information

Private Virtual Infrastructure: A Model for Trustworthy Utility Cloud Computing UMBC Computer Science Technical Report Number TR-CS-10-04

Private Virtual Infrastructure: A Model for Trustworthy Utility Cloud Computing UMBC Computer Science Technical Report Number TR-CS-10-04 Private Virtual Infrastructure: A Model for Trustworthy Utility Cloud Computing UMBC Computer Science Technical Report Number TR-CS-10-04 F. John Krautheim 1 Dhananjay S. Phatak Alan T. Sherman 1 Cyber

More information

A Threat Model for a Cloud Infrastructure with no Hypervisor

A Threat Model for a Cloud Infrastructure with no Hypervisor A Threat Model for a Cloud Infrastructure with no Hypervisor William A. R. de Souza, Allan Tomlinson Information Security Group Royal Holloway, University of London Egham Hill, Egham, United Kingdom Abstract

More information

Enhancing the Performance of Live Migration of Virtual Machine s with WSClock Replacement Algorithm

Enhancing the Performance of Live Migration of Virtual Machine s with WSClock Replacement Algorithm Enhancing the Performance of Live Migration of Virtual Machine s with WSClock Replacement Algorithm C.Sagana M.Geetha Dr R.C.Suganthe PG student, Assistant Professor, Professor, Dept of CSE, Dept of CSE

More information

Learn the Essentials of Virtualization Security

Learn the Essentials of Virtualization Security Learn the Essentials of Virtualization Security by Dave Shackleford by Dave Shackleford This paper is the first in a series about the essential security issues arising from virtualization and the adoption

More information

Virtual Machine Monitors. Dr. Marc E. Fiuczynski Research Scholar Princeton University

Virtual Machine Monitors. Dr. Marc E. Fiuczynski Research Scholar Princeton University Virtual Machine Monitors Dr. Marc E. Fiuczynski Research Scholar Princeton University Introduction Have been around since 1960 s on mainframes used for multitasking Good example VM/370 Have resurfaced

More information

Index. BIOS rootkit, 119 Broad network access, 107

Index. BIOS rootkit, 119 Broad network access, 107 Index A Administrative components, 81, 83 Anti-malware, 125 ANY policy, 47 Asset tag, 114 Asymmetric encryption, 24 Attestation commercial market, 85 facts, 79 Intel TXT conceptual architecture, 85 models,

More information

Trend Micro Cloud Protection

Trend Micro Cloud Protection A Trend Micro White Paper August 2015 Trend Micro Cloud Protection Security for Your Unique Cloud Infrastructure Contents Introduction...3 Private Cloud...4 VM-Level Security...4 Agentless Security to

More information

International Journal of Computer & Organization Trends Volume20 Number1 May 2015

International Journal of Computer & Organization Trends Volume20 Number1 May 2015 Performance Analysis of Various Guest Operating Systems on Ubuntu 14.04 Prof. (Dr.) Viabhakar Pathak 1, Pramod Kumar Ram 2 1 Computer Science and Engineering, Arya College of Engineering, Jaipur, India.

More information

SECURITY IN SERVICE LEVEL AGREEMENTS FOR CLOUD COMPUTING

SECURITY IN SERVICE LEVEL AGREEMENTS FOR CLOUD COMPUTING SECURITY IN SERVICE LEVEL AGREEMENTS FOR CLOUD COMPUTING Karin Bernsmed, Martin Gilje Jaatun SINTEF Information and Communication Technology, Trondheim, Norway Karin.Bernsmed@sintef.no, Martin.G.Jaatun@sintef.no

More information

Li Sheng. lsheng1@uci.edu. Nowadays, with the booming development of network-based computing, more and more

Li Sheng. lsheng1@uci.edu. Nowadays, with the booming development of network-based computing, more and more 36326584 Li Sheng Virtual Machine Technology for Cloud Computing Li Sheng lsheng1@uci.edu Abstract: Nowadays, with the booming development of network-based computing, more and more Internet service vendors

More information

Cloud Computing Security Issues And Methods to Overcome

Cloud Computing Security Issues And Methods to Overcome Cloud Computing Security Issues And Methods to Overcome Manas M N 1, Nagalakshmi C K 2, Shobha G 3 MTech, Computer Science & Engineering, RVCE, Bangalore, India 1,2 Professor & HOD, Computer Science &

More information

CA Cloud Overview Benefits of the Hyper-V Cloud

CA Cloud Overview Benefits of the Hyper-V Cloud Benefits of the Hyper-V Cloud For more information, please contact: Email: sales@canadianwebhosting.com Ph: 888-821-7888 Canadian Web Hosting (www.canadianwebhosting.com) is an independent company, hereinafter

More information

Full and Para Virtualization

Full and Para Virtualization Full and Para Virtualization Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF x86 Hardware Virtualization The x86 architecture offers four levels

More information

SPACK FIREWALL RESTRICTION WITH SECURITY IN CLOUD OVER THE VIRTUAL ENVIRONMENT

SPACK FIREWALL RESTRICTION WITH SECURITY IN CLOUD OVER THE VIRTUAL ENVIRONMENT SPACK FIREWALL RESTRICTION WITH SECURITY IN CLOUD OVER THE VIRTUAL ENVIRONMENT V. Devi PG Scholar, Department of CSE, Indira Institute of Engineering & Technology, India. J. Chenni Kumaran Associate Professor,

More information

Healthcare: La sicurezza nel Cloud October 18, 2011. 2011 IBM Corporation

Healthcare: La sicurezza nel Cloud October 18, 2011. 2011 IBM Corporation Healthcare: La sicurezza nel Cloud October 18, 2011 Cloud Computing Tests The Limits Of Security Operations And Infrastructure Security and Privacy Domains People and Identity Data and Information Application

More information

Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation

Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation Securing your Virtual Datacenter Part 1: Preventing, Mitigating Privilege Escalation Before We Start... Today's discussion is by no means an exhaustive discussion of the security implications of virtualization

More information

Trusted Platform-as-a-Service: A Foundation for Trustworthy Cloud-Hosted Applications

Trusted Platform-as-a-Service: A Foundation for Trustworthy Cloud-Hosted Applications Trusted Platform-as-a-Service: A Foundation for Trustworthy Cloud-Hosted Applications Andrew Brown Dept. of Computer Science Duke University brownan@cs.duke.edu Jeffrey S. Chase Dept. of Computer Science

More information

Getting Familiar with Cloud Terminology. Cloud Dictionary

Getting Familiar with Cloud Terminology. Cloud Dictionary Getting Familiar with Cloud Terminology Cloud computing is a hot topic in today s IT industry. However, the technology brings with it new terminology that can be confusing. Although you don t have to know

More information

Virtualisation Without a Hypervisor in Cloud Infrastructures: An Initial Analysis

Virtualisation Without a Hypervisor in Cloud Infrastructures: An Initial Analysis Virtualisation Without a Hypervisor in Cloud Infrastructures: An Initial Analysis William A. R. de Souza and Allan Tomlinson Information Security Group Royal Holloway, University of London Egham Hill,

More information

Relational Databases in the Cloud

Relational Databases in the Cloud Contact Information: February 2011 zimory scale White Paper Relational Databases in the Cloud Target audience CIO/CTOs/Architects with medium to large IT installations looking to reduce IT costs by creating

More information

Dynamic Load Balancing of Virtual Machines using QEMU-KVM

Dynamic Load Balancing of Virtual Machines using QEMU-KVM Dynamic Load Balancing of Virtual Machines using QEMU-KVM Akshay Chandak Krishnakant Jaju Technology, College of Engineering, Pune. Maharashtra, India. Akshay Kanfade Pushkar Lohiya Technology, College

More information

Enterprise Cloud Solutions

Enterprise Cloud Solutions IT(O) IT Outsourcing Options Enterprise Cloud Solutions CloudAgile Select Partner PDF v2.2 9/11/12 Cloud Computing with Latisys With the Latisys Cloud, your Enterprise can: Achieve unprecedented control,

More information

Virtualization and the U2 Databases

Virtualization and the U2 Databases Virtualization and the U2 Databases Brian Kupzyk Senior Technical Support Engineer for Rocket U2 Nik Kesic Lead Technical Support for Rocket U2 Opening Procedure Orange arrow allows you to manipulate the

More information

IBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation

IBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing

More information

Vyatta Network OS for Network Virtualization

Vyatta Network OS for Network Virtualization Complete Security and Compliance for Virtual Environments Vyatta takes the concept of virtualization beyond just applications and operating systems and allows enterprise IT to also virtualize network components

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Cloud Computing Dr. A. Askarunisa Professor and Head Vickram College of Engineering, Madurai, Tamilnadu, India N.Ganesh Sr.Lecturer Vickram College of Engineering, Madurai, Tamilnadu,

More information

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC RE Think Invent IT & Business IBM SmartCloud Security Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC 2014 IBM Corporation Some Business Questions Is Your Company is Secure

More information

A Survey on Security Issues and Security Schemes for Cloud and Multi-Cloud Computing

A Survey on Security Issues and Security Schemes for Cloud and Multi-Cloud Computing International Journal of Emerging Engineering Research and Technology Volume 3, Issue 5, May 2015, PP 1-7 ISSN 2349-4395 (Print) & ISSN 2349-4409 (Online) A Survey on Security Issues and Security Schemes

More information

AN IMPLEMENTATION OF E- LEARNING SYSTEM IN PRIVATE CLOUD

AN IMPLEMENTATION OF E- LEARNING SYSTEM IN PRIVATE CLOUD AN IMPLEMENTATION OF E- LEARNING SYSTEM IN PRIVATE CLOUD M. Lawanya Shri 1, Dr. S. Subha 2 1 Assistant Professor,School of Information Technology and Engineering, Vellore Institute of Technology, Vellore-632014

More information

PCI DSS Virtualization Guidelines. Information Supplement: PCI Data Security Standard (PCI DSS) Version: 2.0 Date: June 2011

PCI DSS Virtualization Guidelines. Information Supplement: PCI Data Security Standard (PCI DSS) Version: 2.0 Date: June 2011 Standard: Version: 2.0 Date: June 2011 Author: PCI Data Security Standard (PCI DSS) Virtualization Special Interest Group PCI Security Standards Council Information Supplement: PCI DSS Virtualization Guidelines

More information

What s New with VMware Virtual Infrastructure

What s New with VMware Virtual Infrastructure What s New with VMware Virtual Infrastructure Virtualization: Industry-Standard Way of Computing Early Adoption Mainstreaming Standardization Test & Development Server Consolidation Infrastructure Management

More information

Overcoming Security Challenges to Virtualize Internet-facing Applications

Overcoming Security Challenges to Virtualize Internet-facing Applications Intel IT IT Best Practices Cloud Security and Secure ization November 2011 Overcoming Security Challenges to ize Internet-facing Applications Executive Overview To enable virtualization of Internet-facing

More information

Efficient Cloud Management for Parallel Data Processing In Private Cloud

Efficient Cloud Management for Parallel Data Processing In Private Cloud 2012 International Conference on Information and Network Technology (ICINT 2012) IPCSIT vol. 37 (2012) (2012) IACSIT Press, Singapore Efficient Cloud Management for Parallel Data Processing In Private

More information

COS 318: Operating Systems. Virtual Machine Monitors

COS 318: Operating Systems. Virtual Machine Monitors COS 318: Operating Systems Virtual Machine Monitors Kai Li and Andy Bavier Computer Science Department Princeton University http://www.cs.princeton.edu/courses/archive/fall13/cos318/ Introduction u Have

More information

Virtualization. Jukka K. Nurminen 23.9.2015

Virtualization. Jukka K. Nurminen 23.9.2015 Virtualization Jukka K. Nurminen 23.9.2015 Virtualization Virtualization refers to the act of creating a virtual (rather than actual) version of something, including virtual computer hardware platforms,

More information

What are your firm s plans to adopt x86 server virtualization? Not interested

What are your firm s plans to adopt x86 server virtualization? Not interested The benefits of server virtualization are widely accepted and the majority of organizations have deployed virtualization technologies. Organizations are virtualizing mission-critical workloads but must

More information

IMPLEMENTATION OF VIRTUAL MACHINES FOR DISTRIBUTION OF DATA RESOURCES

IMPLEMENTATION OF VIRTUAL MACHINES FOR DISTRIBUTION OF DATA RESOURCES INTERNATIONAL JOURNAL OF ADVANCED RESEARCH IN ENGINEERING AND SCIENCE IMPLEMENTATION OF VIRTUAL MACHINES FOR DISTRIBUTION OF DATA RESOURCES M.Nagesh 1, N.Vijaya Sunder Sagar 2, B.Goutham 3, V.Naresh 4

More information

Basics of Virtualisation

Basics of Virtualisation Basics of Virtualisation Volker Büge Institut für Experimentelle Kernphysik Universität Karlsruhe Die Kooperation von The x86 Architecture Why do we need virtualisation? x86 based operating systems are

More information

Learn the essentials of virtualization security

Learn the essentials of virtualization security Learn the essentials of virtualization security White Paper Table of Contents 3 Introduction 4 Hypervisor connectivity and risks 4 Multi-tenancy risks 5 Management and operational network risks 5 Storage

More information

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services Udo Schneider Trend Micro Udo_Schneider@trendmicro.de 26.03.2013

More information

International Journal of Scientific & Engineering Research, Volume 5, Issue 1, January-2014 ISSN 2229-5518 1299

International Journal of Scientific & Engineering Research, Volume 5, Issue 1, January-2014 ISSN 2229-5518 1299 1299 TITLE Virtualization security in Data Centres & cloud Prof Sarita Dhawale. Ashoka Center for Business & Computer Studies,Nashik Head of Department of Computer Science University of Pune, Maharashtra.

More information

CLOUD SERVERS vs DEDICATED SERVERS

CLOUD SERVERS vs DEDICATED SERVERS Silicon House Rapid Action Force CLOUD SERVERS vs DEDICATED SERVERS Phone : 044 24405807 / 24412748 Enquiry : http://enquiry.siliconhouse.net Document Type E brochure Limited Circulation Only Document

More information

A Study on Analysis and Implementation of a Cloud Computing Framework for Multimedia Convergence Services

A Study on Analysis and Implementation of a Cloud Computing Framework for Multimedia Convergence Services A Study on Analysis and Implementation of a Cloud Computing Framework for Multimedia Convergence Services Ronnie D. Caytiles and Byungjoo Park * Department of Multimedia Engineering, Hannam University

More information

Microsoft Virtual Desktop Infrastructure (VDI) FAQ

Microsoft Virtual Desktop Infrastructure (VDI) FAQ Microsoft Virtual Desktop Infrastructure (VDI) FAQ Q1: What is VDI? A1: Virtual Desktop Infrastructure (VDI) is a centralized desktop delivery solution that enables organizations to store and execute desktop

More information

Cloud Database Storage Model by Using Key-as-a-Service (KaaS)

Cloud Database Storage Model by Using Key-as-a-Service (KaaS) www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume 4 Issue 7 July 2015, Page No. 13284-13288 Cloud Database Storage Model by Using Key-as-a-Service (KaaS) J.Sivaiah

More information

An Integrated CyberSecurity Approach for HEP Grids. Workshop Report. http://hpcrd.lbl.gov/hepcybersecurity/

An Integrated CyberSecurity Approach for HEP Grids. Workshop Report. http://hpcrd.lbl.gov/hepcybersecurity/ An Integrated CyberSecurity Approach for HEP Grids Workshop Report http://hpcrd.lbl.gov/hepcybersecurity/ 1. Introduction The CMS and ATLAS experiments at the Large Hadron Collider (LHC) being built at

More information

Lecture 2 Cloud Computing & Virtualization. Cloud Application Development (SE808, School of Software, Sun Yat-Sen University) Yabo (Arber) Xu

Lecture 2 Cloud Computing & Virtualization. Cloud Application Development (SE808, School of Software, Sun Yat-Sen University) Yabo (Arber) Xu Lecture 2 Cloud Computing & Virtualization Cloud Application Development (SE808, School of Software, Sun Yat-Sen University) Yabo (Arber) Xu Outline Introduction to Virtualization The Major Approaches

More information

Cloud Architect Certification Self-Study Kit Bundle

Cloud Architect Certification Self-Study Kit Bundle rchitect Certification undle Certified rchitect has demonstrated proficiency in the technology architecture that underlies cloud platforms and cloud-based IT resources and solutions, and has mastered the

More information

Distributed and Cloud Computing

Distributed and Cloud Computing Distributed and Cloud Computing K. Hwang, G. Fox and J. Dongarra Chapter 3: Virtual Machines and Virtualization of Clusters and datacenters Adapted from Kai Hwang University of Southern California March

More information

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Rob Randell, CISSP Principal Systems Engineer Security Specialist Agenda What is the Cloud? Virtualization Basics

More information

VMware for your hosting services

VMware for your hosting services VMware for your hosting services Anindya Kishore Das 2009 VMware Inc. All rights reserved Everybody talks Cloud! You will eat your cloud and you will like it! Everybody talks Cloud - But what is it? VMware

More information

Cloud Computing. Karan Saxena * & Kritika Agarwal**

Cloud Computing. Karan Saxena * & Kritika Agarwal** Page29 Cloud Computing Karan Saxena * & Kritika Agarwal** *Student, Sir M. Visvesvaraya Institute of Technology **Student, Dayananda Sagar College of Engineering ABSTRACT: This document contains basic

More information

Virtualization. Pradipta De pradipta.de@sunykorea.ac.kr

Virtualization. Pradipta De pradipta.de@sunykorea.ac.kr Virtualization Pradipta De pradipta.de@sunykorea.ac.kr Today s Topic Virtualization Basics System Virtualization Techniques CSE506: Ext Filesystem 2 Virtualization? A virtual machine (VM) is an emulation

More information

Before we can talk about virtualization security, we need to delineate the differences between the

Before we can talk about virtualization security, we need to delineate the differences between the 1 Before we can talk about virtualization security, we need to delineate the differences between the terms virtualization and cloud. Virtualization, at its core, is the ability to emulate hardware via

More information

Deployment Options for Microsoft Hyper-V Server

Deployment Options for Microsoft Hyper-V Server CA ARCserve Replication and CA ARCserve High Availability r16 CA ARCserve Replication and CA ARCserve High Availability Deployment Options for Microsoft Hyper-V Server TYPICALLY, IT COST REDUCTION INITIATIVES

More information