Security and Integrity of a Distributed File Storage in a Virtual Environment
|
|
- Myrtle Merritt
- 2 years ago
- Views:
Transcription
1 Security and Integrity of a Distributed File Storage in a Virtual Environment Gaspare Sala 1 Daniele Sgandurra 1 Fabrizio Baiardi 2 1 Department of Computer Science, University of Pisa, Italy 2 Polo G. Marconi - La Spezia, University of Pisa, Italy SISW Workskop, /23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
2 Outline 1 Introduction Secure File Sharing Requirements 2 Proposed Solution: VSFS Overall Architecture Threat Model Implementation 3 Evaluation Performance 4 Conclusion Results and Future Works 2/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
3 Secure File Sharing Applications with Distinct Trust Levels Secure file sharing among applications with distinct trust levels: Web Services. P2P applications. Users share their data only if they receive some assurance about the: Description Enforcement of the security policy that controls the sharing. 3/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
4 Requirements MAC/MLS Policies To enable secure file sharing, we need an architecture that: Describes and enforces in a centralized way a security policy to handle file requests. Forces users to respect their roles when accessing files. Supports a large set of MAC or DAC policies. 4/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
5 Requirements Distributed File System Client-server architecture to implement a distributed file system. Exports to the clients one or more directories of the shared file system. Applications access transparently remote shared files. Limitations of current solutions: untrusted client user credentials. 5/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
6 Overall Architecture Virtualization Technology Software emulation of the hardware architecture: Virtual Machines (VMs). Benefits: 1 Confinement among the VMs. 2 Server consolidation: better resource utilization. 3 Centralized management: easier administration. Widespread usage. 6/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
7 Overall Architecture Type I/II VMM 7/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
8 Overall Architecture Virtual environment Secure File System We propose a software architecture for secure file sharing composed of: A network of multiple interconnected virtual machines. Three disjoint sets of VMs: 1 Application-VMs (APP-VMs): each APP-VM runs some application processes. 2 File System-VMs (FS-VMs): export file systems shared among the application processes. 3 Administrative-VMs (A-VMs): one for each node, to set up and manage VMs for assurance, routing and administrative tasks. 8/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
9 Overall Architecture Architecture 9/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
10 Overall Architecture Application VMs (APP-VMs) Run application processes. Are labeled with a security context. 10/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
11 Overall Architecture File System VMs (FS-VMs) Export file systems. Implement MAC policies to control file sharing. 11/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
12 Overall Architecture Administrative VMs (A-VMs) Protect FS-VM integrity against attacks. Implement anti-spoofing techniques to authenticate each file request before routing it. 12/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
13 Threat Model Threat Model VMMs and A-VMs belong to the Trusted Computing Base. A malicious application may attacks other ones through shared files. Invalidate data integrity. Contamination through viruses. APP-VMs are untrusted: spoofed packets. Communications among the physical nodes cannot be forged or spoofed. Example: Service Provider using VMs. 13/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
14 Implementation Current Prototype Patch to FS-VM Linux Kernel. The prototype is based on Xen. VSFS exploits NFSv3 service to handle file requests. FS-VMs run Security-Enhanced Linux (SELinux): 1 to support DAC/MAC policies; 2 to enforce the security policy in a centralized way. 14/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
15 Implementation NFS Subject Changes to SELinux labeling and access rules: new subject corresponding to the NFS client; definition of all the operations it can invoke. the NFS server acts on behalf of NFS clients. VSFS: 1 Defines a distinct protection domain for each NFS client. 2 Dynamically pairs the NFS server process with the security context of the NFS client. Principle of least privilege. 15/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
16 Implementation NFS Request Flow 16/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
17 Implementation Assurance Virtual Machine Introspection: Standford University. Visibility: access FS-VM s state from a lower level. Robustness: protects FS-VM integrity from an A-VM. Anti-spoofing on the Xen virtual bridge: Static IP addresses bound to virtual interfaces. The AVM can freeze the execution of a VM. 17/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
18 Performance IOzone We used the IOzone Filesystem Benchmark to run NFS performance tests. Read/Write test. Four cases depending on whether: APP-VM and FS-VM are on the same or different node. Security policy is enforced or disabled. 18/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
19 Performance IOzone Read Performance Overhead is negligible 19/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
20 Performance IOzone Write Performance Overhead is negligible 20/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
21 Results and Future Works Limitations Current limitations of the prototype: No file system encryption. Assurance is limited to FS-VMs: attacks to APP-VMs are possible. Policy granularity is at the VM level. Security policy is static. 21/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
22 Results and Future Works Results Enforcement of MAC policies on a shared storage: to protect files accessed by applications with distinct trust levels. Ability of securely identifying each APP-VM: reliable association of a security context to an APP-VM according to its trust level. High assurance of the FS-VM integrity. Negligible overhead. 22/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
23 Results and Future Works Future Works Tainting: track data propagation among users and applications. File System encryption. Finer-grained security policy: user-id and NFS client-id. 1 Protection domain is a subset of the VM s domain. 2 Client side authentication. Master A-VM: controls and configures the whole network. Ex.: VM migration. Support for flexible security policies and MLS. 23/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
Chapter 11 Distributed File Systems. Distributed File Systems
Chapter 11 Distributed File Systems Introduction Case studies NFS Coda 1 Distributed File Systems A distributed file system enables clients to access files stored on one or more remote file servers A file
CS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
CMPT 471 Networking II
CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access
Transparent Monitoring of a Process Self in a Virtual Environment
Transparent Monitoring of a Process Self in a Virtual Environment PhD Lunchtime Seminar Università di Pisa 24 Giugno 2008 Outline Background Process Self Attacks Against the Self Dynamic and Static Analysis
Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation
Securing your Virtual Datacenter Part 1: Preventing, Mitigating Privilege Escalation Before We Start... Today's discussion is by no means an exhaustive discussion of the security implications of virtualization
NSA Security-Enhanced Linux (SELinux)
NSA Security-Enhanced Linux (SELinux) http://www.nsa.gov/selinux Stephen Smalley sds@epoch.ncsc.mil Information Assurance Research Group National Security Agency Information Assurance Research Group 1
How to Backup XenServer VM with VirtualIQ
How to Backup XenServer VM with VirtualIQ 1. Using Live Backup of VM option: Live Backup: This option can be used, if user does not want to power off the VM during the backup operation. This approach takes
Using the Flask Security Architecture to Facilitate Risk Adaptable Access Controls
Using the Flask Security Architecture to Facilitate Risk Adaptable Access Controls Machon Gregory Peter Loscocco mbgrego@tycho.nsa.gov loscocco@tycho.nsa.gov National Security Agency Abstract Risk Adaptable
KVM Security Comparison
atsec information security corporation 9130 Jollyville Road, Suite 260 Austin, TX 78759 Tel: 512-349-7525 Fax: 512-349-7933 www.atsec.com KVM Security Comparison a t s e c i n f o r m a t i o n s e c u
Virtual Machines and Security Paola Stone Martinez East Carolina University November, 2013.
Virtual Machines and Security Paola Stone Martinez East Carolina University November, 2013. Keywords: virtualization, virtual machine, security. 1. Virtualization The rapid growth of technologies, nowadays,
Virtual Machine Security
Virtual Machine Security CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ 1 Operating System Quandary Q: What is the primary goal
Configuring DHCP Snooping
CHAPTER 19 This chapter describes how to configure Dynamic Host Configuration Protocol (DHCP) snooping on Catalyst 4500 series switches. It provides guidelines, procedures, and configuration examples.
Hypervisors. Introduction. Introduction. Introduction. Introduction. Introduction. Credits:
Hypervisors Credits: P. Chaganti Xen Virtualization A practical handbook D. Chisnall The definitive guide to Xen Hypervisor G. Kesden Lect. 25 CS 15-440 G. Heiser UNSW/NICTA/OKL Virtualization is a technique
Lecture 02b Cloud Computing II
Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,
Open Directory. Apple s standards-based directory and network authentication services architecture. Features
Open Directory Apple s standards-based directory and network authentication services architecture. Features Scalable LDAP directory server OpenLDAP for providing standards-based access to centralized data
Overview. Firewall Security. Perimeter Security Devices. Routers
Overview Firewall Security Chapter 8 Perimeter Security Devices H/W vs. S/W Packet Filtering vs. Stateful Inspection Firewall Topologies Firewall Rulebases Lecturer: Pei-yih Ting 1 2 Perimeter Security
NetLabel: What, Why & Where
NetLabel: What, Why & Where Paul Moore paul.moore@hp.com 2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Agenda What is NetLabel? Introduction
Virtualization. Pradipta De pradipta.de@sunykorea.ac.kr
Virtualization Pradipta De pradipta.de@sunykorea.ac.kr Today s Topic Virtualization Basics System Virtualization Techniques CSE506: Ext Filesystem 2 Virtualization? A virtual machine (VM) is an emulation
Oracle Business Intelligence Enterprise Edition (OBIEE) Version 10.1.3.3.2 with Quick Fix 090406 running on Oracle Enterprise Linux 4 update 5 x86_64
122-B CERTIFICATION REPORT No. CRP250 Business Intelligence Edition (OBIEE) Version 10.1.3.3.2 with Quick Fix 090406 running on update 5 Issue 1.0 June 2009 Crown Copyright 2009 All Rights Reserved Reproduction
Introduction to OpenStack
Introduction to OpenStack Carlo Vallati PostDoc Reseracher Dpt. Information Engineering University of Pisa carlo.vallati@iet.unipi.it Cloud Computing - Definition Cloud Computing is a term coined to refer
Additional Security Considerations and Controls for Virtual Private Networks
CYBER SECURITY OPERATIONS CENTRE APRIL 2013 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL REFERENCES
UMHLABUYALINGANA MUNICIPALITY FIREWALL MANAGEMENT POLICY
UMHLABUYALINGANA MUNICIPALITY FIREWALL MANAGEMENT POLICY Firewall Management Policy Approval and Version Control Approval Process: Position or Meeting Number: Date: Originator: Recommended by Director
SPACK FIREWALL RESTRICTION WITH SECURITY IN CLOUD OVER THE VIRTUAL ENVIRONMENT
SPACK FIREWALL RESTRICTION WITH SECURITY IN CLOUD OVER THE VIRTUAL ENVIRONMENT V. Devi PG Scholar, Department of CSE, Indira Institute of Engineering & Technology, India. J. Chenni Kumaran Associate Professor,
Advanced Systems Security: Retrofitting Commercial Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
nanohub.org An Overview of Virtualization Techniques
An Overview of Virtualization Techniques Renato Figueiredo Advanced Computing and Information Systems (ACIS) Electrical and Computer Engineering University of Florida NCN/NMI Team 2/3/2006 1 Outline Resource
Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA
Firewalls Securing Networks Chapter 3 Part 1 of 4 CA M S Mehta, FCA 1 Firewalls Learning Objectives Task Statements 1.3 Recognise function of Telecommunications and Network security including firewalls,..
Exploring Layer 2 Network Security in Virtualized Environments. Ronny L. Bull & Jeanna N. Matthews
Exploring Layer 2 Network Security in Virtualized Environments Ronny L. Bull & Jeanna N. Matthews Road Map Context for the Problem of Layer 2 Network Security in Virrtualized Environments Virtualization,
VMware Security Briefing. Rob Randell, CISSP Senior Security Specialist SE
VMware Security Briefing Rob Randell, CISSP Senior Security Specialist SE Agenda Security Advantages of Virtualization Security Concepts in Virtualization Architecture Operational Security Issues with
Distributed System Monitoring and Failure Diagnosis using Cooperative Virtual Backdoors
Distributed System Monitoring and Failure Diagnosis using Cooperative Virtual Backdoors Benoit Boissinot E.N.S Lyon directed by Christine Morin IRISA/INRIA Rennes Liviu Iftode Rutgers University Phenix
Providing Flexible Security as a Service Model for Cloud Infrastructure
Providing Flexible Security as a Service Model for Cloud Infrastructure Dr. M. Newlin Rajkumar, P. Banu Priya, Dr. V. Venkatesakumar Abstract Security-as-a-Service model for cloud systems enable application
Basics of Internet Security
Basics of Internet Security Premraj Jeyaprakash About Technowave, Inc. Technowave is a strategic and technical consulting group focused on bringing processes and technology into line with organizational
Confinement Problem. The confinement problem Isolating entities. Example Problem. Server balances bank accounts for clients Server security issues:
Confinement Problem The confinement problem Isolating entities Virtual machines Sandboxes Covert channels Mitigation 1 Example Problem Server balances bank accounts for clients Server security issues:
Basics of Virtualisation
Basics of Virtualisation Volker Büge Institut für Experimentelle Kernphysik Universität Karlsruhe Die Kooperation von The x86 Architecture Why do we need virtualisation? x86 based operating systems are
Memory Forensics using Virtual Machine Introspection for Cloud Computing. Tobias Zillner, BSc MSc MSc
Memory Forensics using Virtual Machine Introspection for Cloud Computing Tobias Zillner, BSc MSc MSc About Me Tobias Zillner, BSc MSc MSc Vienna, Austria Founder of Zillner IT-Security Independent Security
Chapter 8 A secure virtual web database environment
Chapter 8 Information security with special reference to database interconnectivity Page 146 8.1 Introduction The previous three chapters investigated current state-of-the-art database security services
Microkernels, virtualization, exokernels. Tutorial 1 CSC469
Microkernels, virtualization, exokernels Tutorial 1 CSC469 Monolithic kernel vs Microkernel Monolithic OS kernel Application VFS System call User mode What was the main idea? What were the problems? IPC,
Securing Data in Oracle Database 12c
Securing Data in Oracle Database 12c Thomas Kyte http://asktom.oracle.com/ Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes
Full and Para Virtualization
Full and Para Virtualization Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF x86 Hardware Virtualization The x86 architecture offers four levels
Unmasking Virtualization Security. Eric A. Hibbard, CISSP, CISA Hitachi Data Systems
Eric A. Hibbard, CISSP, CISA Hitachi Data Systems SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA unless otherwise noted. Member companies and individual members may
COS 318: Operating Systems. Virtual Machine Monitors
COS 318: Operating Systems Virtual Machine Monitors Kai Li and Andy Bavier Computer Science Department Princeton University http://www.cs.princeton.edu/courses/archive/fall13/cos318/ Introduction u Have
RED HAT ENTERPRISE VIRTUALIZATION FOR SERVERS: COMPETITIVE FEATURES
RED HAT ENTERPRISE VIRTUALIZATION FOR SERVERS: COMPETITIVE FEATURES RED HAT ENTERPRISE VIRTUALIZATION FOR SERVERS Server virtualization offers tremendous benefits for enterprise IT organizations server
Linux Distributed Security Module 1
Linux Distributed Security Module 1 By Miroslaw Zakrzewski and Ibrahim Haddad This article describes the implementation of Mandatory Access Control through a Linux kernel module that is targeted for Linux
Cloud Computing Governance & Security. Security Risks in the Cloud
Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud
CFCC: Covert Flows Confinement For VM Coalitions Ge Cheng, Hai Jin, Deqing Zou, Lei Shi, and Alex K. Ohoussou
CFCC: Covert Flows Confinement For VM Coalitions Ge Cheng, Hai Jin, Deqing Zou, Lei Shi, and Alex K. Ohoussou 服 务 计 算 技 术 与 系 统 教 育 部 重 点 实 验 室 (SCTS) 集 群 与 网 格 计 算 湖 北 省 重 点 实 验 室 (CGCL) Outline Background
Customized Data Exchange Gateway (DEG) for Automated File Exchange across Networks
Customized Data Exchange Gateway (DEG) for Automated File Exchange across Networks *Abhishek Vora B. Lakshmi C.V. Srinivas National Remote Sensing Center (NRSC), Indian Space Research Organization (ISRO),
CS 695 Topics in Virtualization and Cloud Computing. More Introduction + Processor Virtualization
CS 695 Topics in Virtualization and Cloud Computing More Introduction + Processor Virtualization (source for all images: Virtual Machines: Versatile Platforms for Systems and Processes Morgan Kaufmann;
Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP belka@att.net
Security Frameworks An Enterprise Approach to Security Robert Belka Frazier, CISSP belka@att.net Security Security is recognized as essential to protect vital processes and the systems that provide those
Desktop virtualization using SaaS Architecture
Desktop virtualization using SaaS Architecture Pranit U. Patil, Pranav S. Ambavkar, Dr.B.B.Meshram, Prof. Varshapriya VJTI, Matunga, Mumbai, India. pranit_patil@aol.in Abstract - Desktop virtualization
Exploring Layer 2 Network Security in Virtualized Environments. Ronny L. Bull & Jeanna N. Matthews
Exploring Layer 2 Network Security in Virtualized Environments Ronny L. Bull & Jeanna N. Matthews Introduction Cloud Services Offer customers virtual server hosting in multi-tenant environments Virtual
Effective End-to-End Cloud Security
Effective End-to-End Cloud Security Securing Your Journey to the Cloud Trend Micro SecureCloud A Trend Micro & VMware White Paper August 2011 I. EXECUTIVE SUMMARY This is the first paper of a series of
VMware Virtual Desktop Manager User Authentication Guide
Technical Note VMware Virtual Desktop Manager User Authentication Guide VMware Virtual Desktop Manager The purpose of this guide is to provide details of user authentication in VMware Virtual Desktop Manager
An overwhelming majority of IaaS clouds leverage virtualization for their foundation.
1 2 3 An overwhelming majority of IaaS clouds leverage virtualization for their foundation. 4 With the use of virtualization comes the use of a hypervisor. Normally, the hypervisor simply provisions resources
S E C U R I T Y A S S E S S M E N T : B o m g a r B o x T M. Bomgar. Product Penetration Test. September 2010
S E C U R I T Y A S S E S S M E N T : B o m g a r B o x T M Bomgar Product Penetration Test September 2010 Table of Contents Introduction... 1 Executive Summary... 1 Bomgar Application Environment Overview...
Satish Mohan. Head Engineering. AMD Developer Conference, Bangalore
Satish Mohan Head Engineering AMD Developer Conference, Bangalore Open source software Allows developers worldwide to collaborate and benefit. Strategic elimination of vendor lock in OSS naturally creates
Chapter 14 Virtual Machines
Operating Systems: Internals and Design Principles Chapter 14 Virtual Machines Eighth Edition By William Stallings Virtual Machines (VM) Virtualization technology enables a single PC or server to simultaneously
Securing Commercial Operating Systems
C H A P T E R 7 Securing Commercial Operating Systems Since the discovery of the reference monitor concept during the development of Multics, there have been many projects to retrofit existing commercial
Oracle VM Server Recovery Guide. Version 8.2
Oracle VM Server Recovery Guide Version 8.2 Oracle VM Server for x86 Recovery Guide The purpose of this document is to provide the steps necessary to perform system recovery of an Oracle VM Server for
Virtualization. Types of Interfaces
Virtualization Virtualization: extend or replace an existing interface to mimic the behavior of another system. Introduced in 1970s: run legacy software on newer mainframe hardware Handle platform diversity
SSL VPN A look at UCD through the tunnel
SSL VPN A look at UCD through the tunnel Background Why? Who is it for? Stakeholders IET Library Schools and Colleges Key Requirements Integrate with existing authentication Flexible security groups within
Secure Private Cloud Architecture for Mobile Infrastructure as a Service
2012 IEEE Eighth World Congress on Services Secure Private Cloud Architecture for Mobile Infrastructure as a Service Susmita Horrow Department of mathematics IIT Roorkee, India hsusmita4@gmail.com Sanchika
Securing Virtual Applications and Servers
White Paper Securing Virtual Applications and Servers Overview Security concerns are the most often cited obstacle to application virtualization and adoption of cloud-computing models. Merely replicating
Virtualization for Cloud Computing
Virtualization for Cloud Computing Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF CLOUD COMPUTING On demand provision of computational resources
Hyper-V Network Virtualization Gateways - Fundamental Building Blocks of the Private Cloud
Hyper-V Network Virtualization Gateways - nappliance White Paper July 2012 Introduction There are a number of challenges that enterprise customers are facing nowadays as they move more of their resources
Egnyte Storage Sync For NetApp
Egnyte Storage Sync For NetApp Installation Guide Introduction... 2 Architecture... 2 Key Features... 3 Access Files From Anywhere With Any Device... 3 Easily Share Files Between Offices and Business Partners...
Architecture. The DMZ is a portion of a network that separates a purely internal network from an external network.
Architecture The policy discussed suggests that the network be partitioned into several parts with guards between the various parts to prevent information from leaking from one part to another. One part
Open Source, Scale-out clustered NAS using nfs-ganesha and GlusterFS
Open Source, Scale-out clustered NAS using nfs-ganesha and GlusterFS Anand Subramanian Senior Principal Engineer, Red Hat anands@redhat.com Agenda Introduction GlusterFS NFSv4 nfs-ganesha Nfs-ganesha Architecture
Oracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data
Oracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data Will Fiveash presenter, Darren Moffat author Staff Engineer Solaris Kerberos Development Safe Harbor Statement The following
VIRTUALIZATION INTROSPECTION SYSTEM ON KVM-BASED CLOUD COMPUTING PLATFORMS. 100356010@nccu.edu.tw Advisor: yuf@nccu.edu.tw Software Security Lab.
VIRTUALIZATION INTROSPECTION SYSTEM ON KVM-BASED CLOUD COMPUTING PLATFORMS 100356010@nccu.edu.tw Advisor: yuf@nccu.edu.tw Software Security Lab. Motivation The era of cloud computing Motivation In the
Secure Virtual Machine Systems
C H A P T E R 11 Secure Virtual Machine Systems A problem in building a new, secure operating system is that existing applications may not run on the new system. Operating systems define an application
Securing sensitive data at Rest ProtectFile, ProtectDb and ProtectV. Nadav Elkabets Presale Consultant
Securing sensitive data at Rest ProtectFile, ProtectDb and ProtectV Nadav Elkabets Presale Consultant Protecting Your Data Encrypt Your Data 1 ProtectFile StorageSecure ProtectDB ProtectV Databases File
Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping
Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control
Bootstrapping "softwarised" infrastructure trust: from SDN towards NFV
Bootstrapping "softwarised" infrastructure trust: from towards NFV Ludovic Jacquin Hewlett-Packard Laboratories < ludovic.jacquin@hp.com > Cybersecurity & Privacy Innovation Forum 2015 Brussels, 28/4/2015
ForeScout CounterACT. Device Host and Detection Methods. Technology Brief
ForeScout CounterACT Device Host and Detection Methods Technology Brief Contents Introduction... 3 The ForeScout Approach... 3 Discovery Methodologies... 4 Passive Monitoring... 4 Passive Authentication...
Virtualization. Jukka K. Nurminen 23.9.2015
Virtualization Jukka K. Nurminen 23.9.2015 Virtualization Virtualization refers to the act of creating a virtual (rather than actual) version of something, including virtual computer hardware platforms,
Secure Networks for Process Control
Secure Networks for Process Control Leveraging a Simple Yet Effective Policy Framework to Secure the Modern Process Control Network An Enterasys Networks White Paper There is nothing more important than
Dynamic Resource allocation in Cloud
Dynamic Resource allocation in Cloud ABSTRACT: Cloud computing allows business customers to scale up and down their resource usage based on needs. Many of the touted gains in the cloud model come from
Security Overview of the Integrity Virtual Machines Architecture
Security Overview of the Integrity Virtual Machines Architecture Introduction... 2 Integrity Virtual Machines Architecture... 2 Virtual Machine Host System... 2 Virtual Machine Control... 2 Scheduling
Virtualization System Security
Virtualization System Security Bryan Williams, IBM X-Force Advanced Research Tom Cross, Manager, IBM X-Force Security Strategy 2009 IBM Corporation Overview Vulnerability disclosure analysis Vulnerability
The Art of Virtualization with Free Software
Master on Free Software 2009/2010 {mvidal,jfcastro}@libresoft.es GSyC/Libresoft URJC April 24th, 2010 (cc) 2010. Some rights reserved. This work is licensed under a Creative Commons Attribution-Share Alike
Virtual Machine Monitors. Dr. Marc E. Fiuczynski Research Scholar Princeton University
Virtual Machine Monitors Dr. Marc E. Fiuczynski Research Scholar Princeton University Introduction Have been around since 1960 s on mainframes used for multitasking Good example VM/370 Have resurfaced
VMWARE Introduction ESX Server Architecture and the design of Virtual Machines
Introduction........................................................................................ 2 ESX Server Architecture and the design of Virtual Machines........................................
The Flask Security Architecture A Flexible Mandatory Access Control Mechanism For Use in Multiple Secure Systems
The Flask Security Architecture A Flexible Mandatory Access Control Mechanism For Use in Multiple Secure Systems Jeffrey Barr Professor Tom Perrine San Diego State University Computer Science 574 6 December
O2S2: Enhanced Object-based Virtualized Storage
O2S2: Enhanced Object-based Virtualized Storage Himanshu Raj College of Computing Georgia Tech Atlanta, GA rhim@cc.gatech.edu Karsten Schwan College of Computing Georgia Tech Atlanta, GA schwan@cc.gatech.edu
Virtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies
Virtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies Kurt Klemperer, Principal System Performance Engineer kklemperer@blackboard.com Agenda Session Length:
High-Performance Nested Virtualization With Hitachi Logical Partitioning Feature
High-Performance Nested Virtualization With Hitachi Logical Partitioning Feature olutions Enabled by New Intel Virtualization Technology Extension in the Intel Xeon Processor E5 v3 Family By Hitachi Data
New Security Perspective for Virtualized Platforms
, July 3-5, 2013, London, U.K. New Security Perspective for Virtualized Platforms Abdelmajid Lakbabi, Said El hajji, Ghizlane Orhanou, Kaouthar Chetioui Abstract Recently, an important transition in IT
Some Interactions Between Server Virtualization and Networking. Mendel Rosenblum
Some Interactions Between Server Virtualization and Networking Mendel Rosenblum Talk Outline What is networking? What is virtualization? The new virtualized data center Interactions with the network Some
Virtualization System Vulnerability Discovery Framework. Speaker: Qinghao Tang Title:360 Marvel Team Leader
Virtualization System Vulnerability Discovery Framework Speaker: Qinghao Tang Title:360 Marvel Team Leader 1 360 Marvel Team Established in May 2015, the first professional could computing and virtualization
Jukka Ylitalo Tik-79.5401 TKK, April 24, 2006
Rich Uhlig, et.al, Intel Virtualization Technology, Computer, published by the IEEE Computer Society, Volume 38, Issue 5, May 2005. Pages 48 56. Jukka Ylitalo Tik-79.5401 TKK, April 24, 2006 Outline of
Security technology of system virtualization platform
Security technology of system virtualization platform Dr. Qingni Shen Peking University Intel UPO Supported Main Points Security analysis of system virtualization platform Security architecture of VMM
Unicenter Remote Control r11
Data Sheet Unicenter Remote Control r11 Unicenter Remote Control TM is a highly reliable and secure application for controlling and supporting remote Windows and Linux systems. It delivers all of the features
SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity
SSL-VPN Combined With Network Security Introducing A popular feature of the SonicWALL Aventail SSL VPN appliances is called End Point Control (EPC). This allows the administrator to define specific criteria
Virtualization Technologies (ENCS 691K Chapter 3)
Virtualization Technologies (ENCS 691K Chapter 3) Roch Glitho, PhD Associate Professor and Canada Research Chair My URL - http://users.encs.concordia.ca/~glitho/ The Key Technologies on Which Cloud Computing
ReadyNAS Remote White Paper. NETGEAR May 2010
ReadyNAS Remote White Paper NETGEAR May 2010 Table of Contents Overview... 3 Architecture... 3 Security... 4 Remote Firewall... 5 Performance... 5 Overview ReadyNAS Remote is a software application that
JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA
JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA To purchase Full version of Practice exam click below; http://www.certshome.com/jk0-022-practice-test.html FOR CompTIA JK0-022 Exam Candidates
PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES
PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute
x86 ISA Modifications to support Virtual Machines
x86 ISA Modifications to support Virtual Machines Douglas Beal Ashish Kumar Gupta CSE 548 Project Outline of the talk Review of Virtual Machines What complicates Virtualization Technique for Virtualization
FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.
1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams
Cloud Security Overview
UT DALLAS Erik Jonsson School of Engineering & Computer Science Cloud Security Overview Murat Kantarcioglu Outline Current cloud security techniques Amazon Web services Microsoft Azure Cloud Security Challengers
Network Security: From Firewalls to Internet Critters Some Issues for Discussion
Network Security: From Firewalls to Internet Critters Some Issues for Discussion Slide 1 Presentation Contents!Firewalls!Viruses!Worms and Trojan Horses!Securing Information Servers Slide 2 Section 1: