Building Blocks Towards a Trustworthy NFV Infrastructure

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Building Blocks Towards a Trustworthy NFV Infrastructure"

Transcription

1 Building Blocks Towards a Trustworthy NFV Infrastructure IRTF NFVRG Adrian L. Shaw Hewlett-Packard Laboratories / July 22 nd,

2 Why security and trust? Big requirement for critical infrastructures Security is not just about ACLs and crypto Workflows and service lifecycles Need for continual compliance monitoring Quick remediation Assurance requires strong visibility and infrastructure transparency

3 Where were we before? Cloud General purpose Difficult to generally automate Compute and storage centric Administrators Multiple owners and tenants NFV Very specific purpose Controlled software Focused orchestration I/O centric Operator + some customers Generally broad and difficult Opportunity for focused security

4 Trusted Computing and Remote Attestation Trusted computing: checking if platform executes expected SW Enforced through a component isolated from the software Measurement log signed by secure identity and verified remotely Remote verifier must have measurements of all expected software and configurations Different roots of trust: Measurement, storage, recovery, etc General requirement for a root of trust: Secure storage Protected memory Shielded execution Cryptographic engine

5 Hardware-based Roots of Trust Minimum piece to be trusted in order to achieve security property Why hardware? Identity in hardware helps prevent ID forgery and SW-based attacks Small functionality and immutability give high assurance A small chip is often more reliable than someone else s Python script Bind identity to platform Standards Trusted Platform Module (TPM) and Trusted Computing Group (TCG) Other HW roots of trust: Intel TXT, AMD SVM, ARM TrustZone + PUFs Provisioning & authentication: IEEE 802.1AR Secure Device Identity

6 Building blocks Platform boot time integrity Verified boot only allow signed software components Trusted boot reports the version of each software in boot chain Load time inspection Linux IMA measure each program and report to TPM before executing Measures high integrity files e.g. readable by root user Linux EVM measures integrity of file-system permissions Network integrity Bind platform certificates to root of trust Configuration measurement (e.g. SDN VLANs, MACSEC context)

7 IMA: Host-level attestation Measures and reports to the TPM every time the kernel loads: Executable programs Shared libraries Files readable by high integrity (e.g. Root user) Flexible appraisal strategy SHA-1/SHA-256 measurements Signature-based verification Overheads Speed of verification Integrity report size: Virtualized security at the network edge Montero et al

8 Trusted channel establishment 8: evaluate measurements -> 4: request integrity and verify cert <- 9: verification result Trusted Third Party OpenAttestation -> 5: request integrity report <- 7: send integrity report Host1 strongswan (initiator) 1: start trusted channel -> 2: start handshake <- 3: get cert 10: if verification is ok: establish channel 0: measure hw/sw components during the boot Host2 strongswan (responder) MEAS. MODULE (IMA) TPM RA AGENT 6: retrieve measurements and create TPM quote 11: exchange data PSCM privileged OS hypervisor hardware

9 Compliance monitoring of SDN Control plane not visualised Dataplane Monitoring plane Outboun d traffic Inbound traffic VMM Hardware Switch vswitch TrustedFW SDN controller VMM Hardware Switch TrustedFW Sync vswitch Attest switch configurations SDN verifier

10 Remote Attestation of a Network Element SDN controller SDN contex t SDN switch Network Element Introspect Measure Sync RTR Get SDN conf. Report RA agent Get RA proof SDN verifier Store Trusted RTM Device Trusted Computing Base (TCB)

11 SDN attestation report Attestation requests context TCB includes reporting agent Report covers Header matches for L1, L2, L3, L4 Action Priority Surrounding DP configuration Report signed by the TPM Prototyped on HW SNMP-based, thinking of appropriate monitoring protocol Digest: caa2c169732facea ea8a311 Digest: b6a716e7f86fc d99e805bb2e712ed6def TPM sign operation

12 Compliance monitoring for NFV Compute verifier Outbound traffic NFV software stack OSS/BSS Inbound traffic VMM vswitch Hardware Switch TrustedFW manager NFV orchestrator VIM SDN controller VMM vswitch Hardware Switch TrustedFW Attest switch configurations Errors Sync SDN verifier

13 Takeaways Great opportunity for TC to work for NFV Operator more likely to know expected software images and configurations Different building blocks can be applied for varying levels of integrity Ethemeral configurations (e.g. SDN) need monitoring Data plane security alert on unauthorised change Other needs: Control plane security separation of concerns between SDN applications Stateless infrastructure deployment Better for attestation of compute nodes without too many ringing alarm bells

14 Thank you 14

Bootstrapping "softwarised" infrastructure trust: from SDN towards NFV

Bootstrapping softwarised infrastructure trust: from SDN towards NFV Bootstrapping "softwarised" infrastructure trust: from towards NFV Ludovic Jacquin Hewlett-Packard Laboratories < ludovic.jacquin@hp.com > Cybersecurity & Privacy Innovation Forum 2015 Brussels, 28/4/2015

More information

A Virtualized Linux Integrity Subsystem for Trusted Cloud Computing

A Virtualized Linux Integrity Subsystem for Trusted Cloud Computing A Virtualized Linux Integrity Subsystem for Trusted Cloud Computing Stefan Berger Joint work with: Kenneth Goldman, Dimitrios Pendarakis, David Safford, Mimi Zohar IBM T.J. Watson Research Center 09/21/2011

More information

How to Secure Infrastructure Clouds with Trusted Computing Technologies

How to Secure Infrastructure Clouds with Trusted Computing Technologies How to Secure Infrastructure Clouds with Trusted Computing Technologies Nicolae Paladi Swedish Institute of Computer Science 2 Contents 1. Infrastructure-as-a-Service 2. Security challenges of IaaS 3.

More information

Uni-directional Trusted Path: Transaction Confirmation on Just One Device

Uni-directional Trusted Path: Transaction Confirmation on Just One Device Uni-directional Trusted Path: Transaction Confirmation on Just One Device Atanas Filyanov 1, Jonathan M. McCune 2, Ahmad-Reza Sadeghi 3, Marcel Winandy 1 1 Ruhr-University Bochum, Germany 2 Carnegie Mellon

More information

Start building a trusted environment now... (before it s too late) IT Decision Makers

Start building a trusted environment now... (before it s too late) IT Decision Makers YOU CAN T got HAP Start building a trusted environment now... IT Decision Makers (before it s too late) HAP reference implementations and commercial solutions are available now in the HAP Developer Kit.

More information

Lecture Embedded System Security Dynamic Root of Trust and Trusted Execution

Lecture Embedded System Security Dynamic Root of Trust and Trusted Execution 1 Lecture Embedded System Security Dynamic Root of Trust and Execution Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Summer Term 2014 Dynamic Root

More information

Index. BIOS rootkit, 119 Broad network access, 107

Index. BIOS rootkit, 119 Broad network access, 107 Index A Administrative components, 81, 83 Anti-malware, 125 ANY policy, 47 Asset tag, 114 Asymmetric encryption, 24 Attestation commercial market, 85 facts, 79 Intel TXT conceptual architecture, 85 models,

More information

SDN software switch Lagopus and NFV enabled software node

SDN software switch Lagopus and NFV enabled software node SDN software switch Lagopus and NFV enabled software node Kazuaki OBANA NTT Network Innovation Laboratories SDN software switch Lagopus 1 Motivation Agile and flexible networking Full automation in provisioning,

More information

Embedded Trusted Computing on ARM-based systems

Embedded Trusted Computing on ARM-based systems 1 / 26 Embedded Trusted Computing on ARM-based systems Martin Schramm, M.Eng. 10.04.2014 Agenda 2 of 26 martin.schramm@th-deg.de Embedded computing platforms have become omnipresent intend to alleviate

More information

SOFTWARE ASSET MANAGEMENT Continuous Monitoring. September 16, 2013

SOFTWARE ASSET MANAGEMENT Continuous Monitoring. September 16, 2013 SOFTWARE ASSET MANAGEMENT Continuous Monitoring September 16, 2013 Tim McBride National Cybersecurity Center of Excellence timothy.mcbride@nist.gov David Waltermire Information Technology Laboratory david.waltermire@nist.gov

More information

Control your corner of the cloud.

Control your corner of the cloud. Chapter 1 of 5 Control your corner of the cloud. From the halls of government to the high-rise towers of the corporate world, forward-looking organizations are recognizing the potential of cloud computing

More information

Secure Data Management in Trusted Computing

Secure Data Management in Trusted Computing 1 Secure Data Management in Trusted Computing Ulrich Kühn Deutsche Telekom Laboratories, TU Berlin Klaus Kursawe (KU Leuven) Stefan Lucks (U Mannheim) Ahmad-Reza Sadeghi (RU Bochum) Christian Stüble (RU

More information

Trusted Virtual Platforms: A Key Enabler for Converged Client Devices

Trusted Virtual Platforms: A Key Enabler for Converged Client Devices Trusted Virtual Platforms: A Key Enabler for Converged Client Devices Chris I Dalton, David Plaquin, Wolfgang Weidner, Dirk Kuhlmann, Boris Balacheff, Richard Brown HP Laboratories, Filton Road, Bristol

More information

Technical Brief Distributed Trusted Computing

Technical Brief Distributed Trusted Computing Technical Brief Distributed Trusted Computing Josh Wood Look inside to learn about Distributed Trusted Computing in Tectonic Enterprise, an industry-first set of technologies that cryptographically verify,

More information

Can PCI DSS Compliance Be Achieved in a Cloud Environment?

Can PCI DSS Compliance Be Achieved in a Cloud Environment? royal holloway Can Compliance Be Achieved in a Cloud Environment? Organisations are considering whether to run -based systems in a cloud environment. The security controls in the cloud may be sufficient

More information

OVAL+TPM. A Case Study in Enterprise Trusted Computing. Ariel Segall. June 21, 2011

OVAL+TPM. A Case Study in Enterprise Trusted Computing. Ariel Segall. June 21, 2011 OVAL+TPM A Case Study in Enterprise Trusted Computing Ariel Segall June 21, 2011 Approved for Public Release: 11-0144. Distribution Unlimited. c 2011. All Rights Reserved. (1/15) Motivation Goal: Demonstrate

More information

A Perspective on the Evolution of Mobile Platform Security Architectures

A Perspective on the Evolution of Mobile Platform Security Architectures A Perspective on the Evolution of Mobile Platform Security Architectures Kari Kostiainen Nokia Research Center, Helsinki TIW, June 2011 Joint work with N. Asokan, Jan-Erik Ekberg and Elena Reshetova 1

More information

A Perspective on the Evolution of Mobile Platform Security Architectures

A Perspective on the Evolution of Mobile Platform Security Architectures A Perspective on the Evolution of Mobile Platform Security Architectures N. Asokan Nokia Research Center Joint work with Kari Kostiainen, Jan-Erik Ekberg, Elena Reshetova (Intel) Padova, July 2012 1 Introduction

More information

Trusted Geolocation in the Cloud. Based on NIST Interagency Report 7904 - Trusted Geolocation in the Cloud: Proof of Concept Implementation

Trusted Geolocation in the Cloud. Based on NIST Interagency Report 7904 - Trusted Geolocation in the Cloud: Proof of Concept Implementation Trusted Geolocation in the Cloud Based on NIST Interagency Report 7904 - Trusted Geolocation in the Cloud: Proof of Concept Implementation 2 Agenda Definition of cloud computing Trusted Geolocation in

More information

THE REVOLUTION TOWARDS SOFTWARE- DEFINED NETWORKING

THE REVOLUTION TOWARDS SOFTWARE- DEFINED NETWORKING THE REVOLUTION TOWARDS SOFTWARE- DEFINED NETWORKING Transforming Networking with Open SDN Guido Appenzeller April, 2013 JOIN THE REVOLUTION TOWARDS OPEN NETWORKING Independence from closed, proprietary

More information

TNC: Open Standards for Network Security Automation. Copyright 2010 Trusted Computing Group

TNC: Open Standards for Network Security Automation. Copyright 2010 Trusted Computing Group TNC: Open Standards for Network Security Automation Copyright 2010 Trusted Computing Group Agenda Introduce TNC and TCG Explanation of TNC What problems does TNC solve? How does TNC solve those problems?

More information

Towards Trustworthy Architectures for Secure Cloud Servers and End-User Devices

Towards Trustworthy Architectures for Secure Cloud Servers and End-User Devices Towards Trustworthy Architectures for Secure Cloud Servers and End-User Devices Jakub Szefer and Prof. Ruby B. Lee Princeton University http://palms.princeton.edu/ 2013-03-11 ARO Invitational Workshop

More information

Trusted Geolocation in The Cloud Technical Demonstration

Trusted Geolocation in The Cloud Technical Demonstration Trusted Geolocation in The Cloud Technical Demonstration NIST Interagency Report 7904 - Trusted Geolocation in the Cloud: Proof of Concept Implementation Trusted Geolocation in the Cloud Business Business

More information

Palo Alto Networks. Security Models in the Software Defined Data Center

Palo Alto Networks. Security Models in the Software Defined Data Center Palo Alto Networks Security Models in the Software Defined Data Center Christer Swartz Palo Alto Networks CCIE #2894 Network Overlay Boundaries & Security Traditionally, all Network Overlay or Tunneling

More information

Patterns for Secure Boot and Secure Storage in Computer Systems

Patterns for Secure Boot and Secure Storage in Computer Systems Patterns for Secure Boot and Secure Storage in Computer Systems Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany {hans.loehr,ahmad.sadeghi,marcel.winandy}@trust.rub.de

More information

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013 CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control

More information

Virtualization, SDN and NFV

Virtualization, SDN and NFV Virtualization, SDN and NFV HOW DO THEY FIT TOGETHER? Traditional networks lack the flexibility to keep pace with dynamic computing and storage needs of today s data centers. In order to implement changes,

More information

VNF & Performance: A practical approach

VNF & Performance: A practical approach VNF & Performance: A practical approach Luc Provoost Engineering Manager, Network Product Group Intel Corporation SDN and NFV are Forces of Change One Application Per System Many Applications Per Virtual

More information

SOFTWARE DEFINED NETWORKING

SOFTWARE DEFINED NETWORKING SOFTWARE DEFINED NETWORKING Bringing Networks to the Cloud Brendan Hayes DIRECTOR, SDN MARKETING AGENDA Market trends and Juniper s SDN strategy Network virtualization evolution Juniper s SDN technology

More information

Acronym Term Description

Acronym Term Description This glossary contains definitions of terms created by TCG, or terms that have a particular meaning in trusted computing, or terms that cause particular confusion in trusted computing. Acronym Term Description

More information

HW (Fat001) TPM. Figure 1. Computing Node

HW (Fat001) TPM. Figure 1. Computing Node 1. Overview Two major components exist in our current prototype systems: the management node, including the Cloud Controller, Cluster Controller, Walrus and EBS, and the computing node, i.e. the Node Controller

More information

Towards Trustworthy Clouds

Towards Trustworthy Clouds IBM Research Zurich Christian Cachin 12 September 2013 Towards Trustworthy Clouds 2009 IBM Corporation Cloud computing? 2 Cloud services are convenient No investment cost Pay only for consumption Scalable

More information

Software Defined Networking and Network Virtualization

Software Defined Networking and Network Virtualization Software Defined Networking and Network Virtualization Aryan TaheriMonfared aryan.taherimonfared@uis.no October 02, 2013 Agenda Motivation 1 Motivation 2 What is OpenFlow? Advantages Disdvantages 3 4 5

More information

Realizing Trusted Clouds

Realizing Trusted Clouds Realizing Trusted Clouds with Trusted Computing and SCAP SICS Security Seminar April 08, 2014 Mudassar Aslam (Researcher,PhD Student) Security LAB (SEC Lab) 1 Outline Cloud Computing Trusted Clouds Cloud

More information

On the security of Virtual Machine migration and related topics

On the security of Virtual Machine migration and related topics Master thesis On the security of Virtual Machine migration and related topics Ramya Jayaram Masti Submitted in fulfillment of the requirements of Master of Science in Computer Science Department of Computer

More information

Trusted Virtual Datacenter Radically simplified security management

Trusted Virtual Datacenter Radically simplified security management IBM T. J. Watson Research Center Trusted Virtual Datacenter Radically simplified security management Stefan Berger, Ramón Cáceres, Dimitrios Pendarakis, Reiner Sailer, Ray Valdez Secure Systems Department,

More information

Linux Server Support by Applied Technology Research Center. Proxy Server Configuration

Linux Server Support by Applied Technology Research Center. Proxy Server Configuration Linux Server Support by Applied Technology Research Center Proxy Server Configuration We configure squid for your LAN. Including transparent for HTTP and proxy for HTTPS. We also provide basic training

More information

TNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is

TNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is 1 2 This slide shows the areas where TCG is developing standards. Each image corresponds to a TCG work group. In order to understand Trusted Network Connect, it s best to look at it in context with the

More information

WIND RIVER SECURE ANDROID CAPABILITY

WIND RIVER SECURE ANDROID CAPABILITY WIND RIVER SECURE ANDROID CAPABILITY Cyber warfare has swiftly migrated from hacking into enterprise networks and the Internet to targeting, and being triggered from, mobile devices. With the recent explosion

More information

A Look at the New Converged Data Center

A Look at the New Converged Data Center Organizations around the world are choosing to move from traditional physical data centers to virtual infrastructure, affecting every layer in the data center stack. This change will not only yield a scalable

More information

Networking for Caribbean Development

Networking for Caribbean Development Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g Virtualization: Architectural Considerations and Implementation Options Virtualization Virtualization is the

More information

Cloud Security Overview

Cloud Security Overview UT DALLAS Erik Jonsson School of Engineering & Computer Science Cloud Security Overview Murat Kantarcioglu Outline Current cloud security techniques Amazon Web services Microsoft Azure Cloud Security Challengers

More information

Mobile Platform Security Architectures A perspective on their evolution

Mobile Platform Security Architectures A perspective on their evolution Mobile Platform Security Architectures A perspective on their evolution N. Asokan Kari Kostiainen 1 NA, KKo, JEE, Nokia Resarch Center 2011-2012 Introduction Recent interest in smartphone security 2 NA,

More information

Oracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data

Oracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data Oracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data Will Fiveash presenter, Darren Moffat author Staff Engineer Solaris Kerberos Development Safe Harbor Statement The following

More information

Building the Internet of Things Jim Green - CTO, Data & Analytics Business Group, Cisco Systems

Building the Internet of Things Jim Green - CTO, Data & Analytics Business Group, Cisco Systems Building the Internet of Things Jim Green - CTO, Data & Analytics Business Group, Cisco Systems Brian McCarson Sr. Principal Engineer & Sr. System Architect, Internet of Things Group, Intel Corp Mac Devine

More information

Developing High-Performance, Flexible SDN & NFV Solutions with Intel Open Network Platform Server Reference Architecture

Developing High-Performance, Flexible SDN & NFV Solutions with Intel Open Network Platform Server Reference Architecture White Paper Developing Solutions with Intel ONP Server Reference Architecture Developing High-Performance, Flexible SDN & NFV Solutions with Intel Open Network Platform Server Reference Architecture Developing

More information

Software-Defined Network (SDN) & Network Function Virtualization (NFV) Po-Ching Lin Dept. CSIE, National Chung Cheng University

Software-Defined Network (SDN) & Network Function Virtualization (NFV) Po-Ching Lin Dept. CSIE, National Chung Cheng University Software-Defined Network (SDN) & Network Function Virtualization (NFV) Po-Ching Lin Dept. CSIE, National Chung Cheng University Transition to NFV Cost of deploying network functions: Operating expense

More information

Using the TPM to Solve Today s Most Urgent Cybersecurity Problems

Using the TPM to Solve Today s Most Urgent Cybersecurity Problems Using the to Solve Today s Most Urgent Cybersecurity Problems May 20, 2014 10:00AM PDT 2 Stacy Cannady, Technical Marketing Trustworthy Computing, Cisco Stacy Cannady, CISSP, is technical marketing - Trustworthy

More information

A M D DA S 1. 0 For the Manageability, Virtualization and Security of Embedded Solutions

A M D DA S 1. 0 For the Manageability, Virtualization and Security of Embedded Solutions A M D DA S 1. 0 For the Manageability, Virtualization and Security of Embedded Solutions AMD DAS (DASH, AMD Virtualization (AMD-V ) Technology, and Security) 1.0 is a term used to describe the various

More information

Software Defined Networking and Network Virtualization

Software Defined Networking and Network Virtualization Software Defined Networking and Network Virtualization Aryan TaheriMonfared aryan.taherimonfared@uis.no October 02, 2013 Software Defined Networking and Agenda Motivation 1 Motivation 2 What is OpenFlow?

More information

Management and Orchestration of Virtualized Network Functions

Management and Orchestration of Virtualized Network Functions Management and Orchestration of Virtualized Network Functions Elisa Maini Dep. of Electrical Engineering and Information Technology, University of Naples Federico II AIMS 2014, 30 th June 2014 Outline

More information

Oracle Solaris: Aktueller Stand und Ausblick

Oracle Solaris: Aktueller Stand und Ausblick Oracle Solaris: Aktueller Stand und Ausblick Detlef Drewanz Principal Sales Consultant, EMEA Server Presales The following is intended to outline our general product direction. It

More information

Property Based TPM Virtualization

Property Based TPM Virtualization Property Based Virtualization Marcel Winandy Joint work with: Ahmad Reza Sadeghi, Christian Stüble Horst Görtz Institute for IT Security Chair for System Security Ruhr University Bochum, Germany Sirrix

More information

Verfahren zur Absicherung von Apps. Dr. Ullrich Martini IHK, 4-12-2014

Verfahren zur Absicherung von Apps. Dr. Ullrich Martini IHK, 4-12-2014 Verfahren zur Absicherung von Apps Dr. Ullrich Martini IHK, 4-12-2014 Agenda Introducing G&D Problem Statement Available Security Technologies Smartcard Embedded Secure Element Virtualization Trusted Execution

More information

PLUMgrid Toolbox: Tools to Install, Operate and Monitor Your Virtual Network Infrastructure

PLUMgrid Toolbox: Tools to Install, Operate and Monitor Your Virtual Network Infrastructure Toolbox: Tools to Install, Operate and Monitor Your Virtual Network Infrastructure Introduction The concept of Virtual Networking Infrastructure (VNI) is disrupting the networking space and is enabling

More information

Securing the Journey to the Private Cloud. Dominique Dessy RSA, the Security Division of EMC

Securing the Journey to the Private Cloud. Dominique Dessy RSA, the Security Division of EMC Securing the Journey to the Private Cloud Dominique Dessy RSA, the Security Division of EMC June 2010 Securing the Journey to The Private Cloud The Journey IT Production Business Production IT-As-A-Service

More information

Security Overview of the Integrity Virtual Machines Architecture

Security Overview of the Integrity Virtual Machines Architecture Security Overview of the Integrity Virtual Machines Architecture Introduction... 2 Integrity Virtual Machines Architecture... 2 Virtual Machine Host System... 2 Virtual Machine Control... 2 Scheduling

More information

HAWAII TECH TALK SDN. Paul Deakin Field Systems Engineer

HAWAII TECH TALK SDN. Paul Deakin Field Systems Engineer HAWAII TECH TALK SDN Paul Deakin Field Systems Engineer SDN What Is It? SDN stand for Software Defined Networking SDN is a fancy term for: Using a controller to tell switches where to send packets SDN

More information

Trusted Virtual Machine Management for Virtualization in Critical Environments

Trusted Virtual Machine Management for Virtualization in Critical Environments Trusted Virtual Machine Management for Virtualization in Critical Environments Khan Ferdous Wahid Fraunhofer SIT Rheinstraße 75 64295 Darmstadt Germany www.sit.fraunhofer.de khan.wahid@sit.fraunhofer.de

More information

Digital Rights Management Demonstrator

Digital Rights Management Demonstrator Digital Rights Management Demonstrator Requirements, Analysis, and Design Authors: Andre Osterhues, Marko Wolf Institute: Ruhr-University Bochum Date: March 2, 2007 Abstract: This document describes a

More information

Microsoft Cloud Computing Research Centre

Microsoft Cloud Computing Research Centre Microsoft Cloud Computing Research Centre 1 st Annual Symposium, Cambridge 2014 Regional clouds: technical considerations Jon Crowcroft jon.crowcroft@cl.cam.ac.uk Jat Singh jatinder.singh@cl.cam.ac.uk

More information

Understanding the Business Case of Network Function Virtualization

Understanding the Business Case of Network Function Virtualization White paper Understanding the Business Case of Network Function Virtualization Part I of the series discusses the telecom market scenario in general, market and business drivers behind push for a building

More information

COMPUTING. Centellis Virtualization Platform An open hardware and software platform for implementing virtualized applications

COMPUTING. Centellis Virtualization Platform An open hardware and software platform for implementing virtualized applications COMPUTING Data Sheet Centellis VP provides the hardware and software platform to deploy carrier grade virtualized applications. Application virtualization software framework based on industry standard

More information

UNCLASSIFIED Version 1.0 May 2012

UNCLASSIFIED Version 1.0 May 2012 Secure By Default: Platforms Computing platforms contain vulnerabilities that can be exploited for malicious purposes. Often exploitation does not require a high degree of expertise, as tools and advice

More information

vtpm: Virtualizing the Trusted Platform Module

vtpm: Virtualizing the Trusted Platform Module vtpm: Virtualizing the Trusted Platform Module Stefan Berger Ramón Cáceres Kenneth A. Goldman Ronald Perez Reiner Sailer Leendert van Doorn {stefanb, caceres, kgoldman, ronpz, sailer, leendert}@us.ibm.com

More information

The New Perimeter Information Isolate the data The road to securing Information without physical controls

The New Perimeter Information Isolate the data The road to securing Information without physical controls The New Perimeter Information Isolate the data The road to securing Information without physical controls Russell Dietz, VP & CTO SafeNet, Inc. What s top of mind IA Today Identity & Access Management

More information

SPACK FIREWALL RESTRICTION WITH SECURITY IN CLOUD OVER THE VIRTUAL ENVIRONMENT

SPACK FIREWALL RESTRICTION WITH SECURITY IN CLOUD OVER THE VIRTUAL ENVIRONMENT SPACK FIREWALL RESTRICTION WITH SECURITY IN CLOUD OVER THE VIRTUAL ENVIRONMENT V. Devi PG Scholar, Department of CSE, Indira Institute of Engineering & Technology, India. J. Chenni Kumaran Associate Professor,

More information

Virtualized Network Services SDN solution for service providers

Virtualized Network Services SDN solution for service providers Virtualized Network Services SDN solution for service providers Nuage Networks Virtualized Network Services (VNS) is a fresh approach to business networking that seamlessly links your enterprise customers

More information

Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor?

Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor? Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor? Mr. Jacob Torrey February 26, 2014 Dartmouth College 153 Brooks Road, Rome, NY 315.336.3306 http://ainfosec.com @JacobTorrey

More information

OPNFV Summit 2015 Presentation. Coexistence of Commercial Solutions with OpenSource OPNFV Platform

OPNFV Summit 2015 Presentation. Coexistence of Commercial Solutions with OpenSource OPNFV Platform OPNFV Summit 25 Presentation Coexistence of Commercial Solutions with OpenSource OPNFV Platform Copyright 25 EMC Corporation. All rights reserved. Chanchal Chatterjee EMC Corporation OPNFV Making Progress

More information

Firewalls. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49. Firewall Design Principles

Firewalls. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49. Firewall Design Principles Firewalls Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Firewall Design Principles Firewall Characteristics Types of Firewalls Firewall Configurations

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules Dr. Frederic Stumpf, ESCRYPT GmbH Embedded Security, Stuttgart, Germany 1 Introduction Electronic Control Units (ECU) are embedded

More information

New Security Perspective for Virtualized Platforms

New Security Perspective for Virtualized Platforms , July 3-5, 2013, London, U.K. New Security Perspective for Virtualized Platforms Abdelmajid Lakbabi, Said El hajji, Ghizlane Orhanou, Kaouthar Chetioui Abstract Recently, an important transition in IT

More information

Virtualized Network Services SDN solution for enterprises

Virtualized Network Services SDN solution for enterprises Virtualized Network Services SDN solution for enterprises Nuage Networks Virtualized Network Services (VNS) is a fresh approach to business networking that seamlessly links your enterprise s locations

More information

Cloud Infrastructure Services for Service Providers VERYX TECHNOLOGIES

Cloud Infrastructure Services for Service Providers VERYX TECHNOLOGIES Cloud Infrastructure Services for Service Providers VERYX TECHNOLOGIES Meeting the 7 Challenges in Testing and Performance Management Introduction With advent of the cloud paradigm, organizations are transitioning

More information

Brocade SDN/OpenFlow. Norival Figueira Office of the CTO. January 9, 2015 2014/2015 BROCADE COMMUNICATIONS SYSTEMS, INC. ALL RIGHTS RESERVED.

Brocade SDN/OpenFlow. Norival Figueira Office of the CTO. January 9, 2015 2014/2015 BROCADE COMMUNICATIONS SYSTEMS, INC. ALL RIGHTS RESERVED. Brocade SDN/OpenFlow Norival Figueira Office of the CTO January 9, 2015 2014/2015 BROCADE COMMUNICATIONS SYSTEMS, INC. ALL RIGHTS RESERVED. 1 Legal Disclaimer All or some of the products detailed in this

More information

Virtual Hosting & Virtual Machines

Virtual Hosting & Virtual Machines & Virtual Machines Coleman Kane Coleman.Kane@ge.com September 2, 2014 Cyber Defense Overview / Machines 1 / 17 Similar to the network partitioning schemes described previously, there exist a menu of options

More information

Lecture 7: Privacy and Security in Mobile Computing. Cristian Borcea Department of Computer Science NJIT

Lecture 7: Privacy and Security in Mobile Computing. Cristian Borcea Department of Computer Science NJIT Lecture 7: Privacy and Security in Mobile Computing Cristian Borcea Department of Computer Science NJIT Location Privacy Location Authentication Trusted Ad Hoc Networks 2 Privacy Violated Request: Retrieve

More information

Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015

Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015 Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure Addressing the Concerns of the IT Professional Rob Weber February 2015 Page 2 Table of Contents What is BitLocker?... 3 What is

More information

Trustworthy Computing

Trustworthy Computing Stefan Thom Senior Software Development Engineer and Security Architect for IEB, Microsoft Rob Spiger, Senior Security Strategist Trustworthy Computing Agenda Windows 8 TPM Scenarios Hardware Choices with

More information

RIDE THE SDN AND CLOUD WAVE WITH CONTRAIL

RIDE THE SDN AND CLOUD WAVE WITH CONTRAIL RIDE THE SDN AND CLOUD WAVE WITH CONTRAIL Pascal Geenens CONSULTING ENGINEER, JUNIPER NETWORKS pgeenens@juniper.net BUSINESS AGILITY Need to create and deliver new revenue opportunities faster Services

More information

OPENFLOW, SDN, OPEN SOURCE AND BARE METAL SWITCHES. Guido Appenzeller (Not representing Anyone)

OPENFLOW, SDN, OPEN SOURCE AND BARE METAL SWITCHES. Guido Appenzeller (Not representing Anyone) OPENFLOW, SDN, OPEN SOURCE AND BARE METAL SWITCHES Guido Appenzeller (Not representing Anyone) October, 2014 Networking is Changing CLOSED & PROPRIETARY NETWORKING EQUIPMENT Vertically Integrated Systems

More information

Vidder PrecisionAccess

Vidder PrecisionAccess Vidder PrecisionAccess Security Architecture February 2016 910 E HAMILTON AVENUE. SUITE 410 CAMPBELL, CA 95008 P: 408.418.0440 F: 408.706.5590 WWW.VIDDER.COM Table of Contents I. Overview... 3 II. Components...

More information

Designing Virtual Network Security Architectures Dave Shackleford

Designing Virtual Network Security Architectures Dave Shackleford SESSION ID: CSV R03 Designing Virtual Network Security Architectures Dave Shackleford Sr. Faculty and Analyst SANS @daveshackleford Introduction Much has been said about virtual networking and softwaredefined

More information

Embedding Trust into Cars Secure Software Delivery and Installation

Embedding Trust into Cars Secure Software Delivery and Installation Embedding Trust into Cars Secure Software Delivery and Installation André Adelsbach, Ulrich Huber, Ahmad-Reza Sadeghi, Christian Stüble Horst Görtz Institute for IT Security, Bochum, Germany Third Workshop

More information

Integrity measurements for stronger cloud-based authentication

Integrity measurements for stronger cloud-based authentication Integrity measurements for stronger cloud-based authentication John Žic1 Thomas Hardjono 2 1 CSIRO Computational Informatics 2 MIT Kerberos and Internet of Trust Trust in the Digital World: Enabling the

More information

Virtual Switching Without a Hypervisor for a More Secure Cloud

Virtual Switching Without a Hypervisor for a More Secure Cloud ing Without a for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton) 1 Public Cloud Infrastructure Cloud providers offer computing resources

More information

Set Up a VM-Series NSX Edition Firewall

Set Up a VM-Series NSX Edition Firewall Set Up a VM-Series NSX Edition Firewall Palo Alto Networks VM-Series Deployment Guide PAN-OS 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA

More information

Secure Networks for Process Control

Secure Networks for Process Control Secure Networks for Process Control Leveraging a Simple Yet Effective Policy Framework to Secure the Modern Process Control Network An Enterasys Networks White Paper There is nothing more important than

More information

Private Virtual Infrastructure: A Model for Trustworthy Utility Cloud Computing UMBC Computer Science Technical Report Number TR-CS-10-04

Private Virtual Infrastructure: A Model for Trustworthy Utility Cloud Computing UMBC Computer Science Technical Report Number TR-CS-10-04 Private Virtual Infrastructure: A Model for Trustworthy Utility Cloud Computing UMBC Computer Science Technical Report Number TR-CS-10-04 F. John Krautheim 1 Dhananjay S. Phatak Alan T. Sherman 1 Cyber

More information

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015 NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X

More information

Windows Server Virtualization & The Windows Hypervisor

Windows Server Virtualization & The Windows Hypervisor Windows Server Virtualization & The Windows Hypervisor Brandon Baker Lead Security Engineer Windows Kernel Team Microsoft Corporation Agenda - Windows Server Virtualization (WSV) Why a hypervisor? Quick

More information

Control Tower for Virtualized Data Center Network

Control Tower for Virtualized Data Center Network Control Tower for Virtualized Data Center Network Contents 1 Virtual Machine Network Environment Analysis...3 2 "Control Tower" Must Have an Overall Picture of the Network...4 3 Virtual Machine Migration

More information

Software Defined Networking (SDN) Software Defined Security

Software Defined Networking (SDN) Software Defined Security Software Defined Networking (SDN) Software Defined Security Kurt Knochner Fortinet Senior Systems Engineer kknochner@fortinet.com Copyright Fortinet Inc. All rights reserved. How to describe the (IT) world

More information

A Coordinated. Enterprise Networks Software Defined. and Application Fluent Programmable Networks

A Coordinated. Enterprise Networks Software Defined. and Application Fluent Programmable Networks A Coordinated Virtual Infrastructure for SDN in Enterprise Networks Software Defined Networking (SDN), OpenFlow and Application Fluent Programmable Networks Strategic White Paper Increasing agility and

More information

Cloud Orchestration. Mario Cho. Open Frontier Lab. hephaex@gmail.com

Cloud Orchestration. Mario Cho. Open Frontier Lab. hephaex@gmail.com Cloud Orchestration Mario Cho Open Frontier Lab. hephaex@gmail.com Who Am I? Technical Architect HPC (High Performance Computing) for Human Brain Mapping Enterprise Architec for Storage Tiering Techincal

More information

RPM Brotherhood: KVM VIRTUALIZATION TECHNOLOGY

RPM Brotherhood: KVM VIRTUALIZATION TECHNOLOGY RPM Brotherhood: KVM VIRTUALIZATION TECHNOLOGY Syamsul Anuar Abd Nasir Fedora Ambassador Malaysia 1 ABOUT ME Technical Consultant for Warix Technologies - www.warix.my Warix is a Red Hat partner Offers

More information

Application Defined E2E Security for Network Slices. Linda Dunbar (Linda.Dunbar@huawei.com) Diego Lopez (diego.r.lopez@telefonica.

Application Defined E2E Security for Network Slices. Linda Dunbar (Linda.Dunbar@huawei.com) Diego Lopez (diego.r.lopez@telefonica. Application Defined E2E Security for Network Slices Linda Dunbar (Linda.Dunbar@huawei.com) Diego Lopez (diego.r.lopez@telefonica.com ) Into the Inter-connected World Internet Mobile Internet Internet of

More information