Security and Integrity of a Distributed File Storage in a Virtual Environment
|
|
- Myrtle Merritt
- 8 years ago
- Views:
Transcription
1 Security and Integrity of a Distributed File Storage in a Virtual Environment Gaspare Sala 1 Daniele Sgandurra 1 Fabrizio Baiardi 2 1 Department of Computer Science, University of Pisa, Italy 2 Polo G. Marconi - La Spezia, University of Pisa, Italy SISW Workskop, /23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
2 Outline 1 Introduction Secure File Sharing Requirements 2 Proposed Solution: VSFS Overall Architecture Threat Model Implementation 3 Evaluation Performance 4 Conclusion Results and Future Works 2/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
3 Secure File Sharing Applications with Distinct Trust Levels Secure file sharing among applications with distinct trust levels: Web Services. P2P applications. Users share their data only if they receive some assurance about the: Description Enforcement of the security policy that controls the sharing. 3/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
4 Requirements MAC/MLS Policies To enable secure file sharing, we need an architecture that: Describes and enforces in a centralized way a security policy to handle file requests. Forces users to respect their roles when accessing files. Supports a large set of MAC or DAC policies. 4/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
5 Requirements Distributed File System Client-server architecture to implement a distributed file system. Exports to the clients one or more directories of the shared file system. Applications access transparently remote shared files. Limitations of current solutions: untrusted client user credentials. 5/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
6 Overall Architecture Virtualization Technology Software emulation of the hardware architecture: Virtual Machines (VMs). Benefits: 1 Confinement among the VMs. 2 Server consolidation: better resource utilization. 3 Centralized management: easier administration. Widespread usage. 6/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
7 Overall Architecture Type I/II VMM 7/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
8 Overall Architecture Virtual environment Secure File System We propose a software architecture for secure file sharing composed of: A network of multiple interconnected virtual machines. Three disjoint sets of VMs: 1 Application-VMs (APP-VMs): each APP-VM runs some application processes. 2 File System-VMs (FS-VMs): export file systems shared among the application processes. 3 Administrative-VMs (A-VMs): one for each node, to set up and manage VMs for assurance, routing and administrative tasks. 8/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
9 Overall Architecture Architecture 9/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
10 Overall Architecture Application VMs (APP-VMs) Run application processes. Are labeled with a security context. 10/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
11 Overall Architecture File System VMs (FS-VMs) Export file systems. Implement MAC policies to control file sharing. 11/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
12 Overall Architecture Administrative VMs (A-VMs) Protect FS-VM integrity against attacks. Implement anti-spoofing techniques to authenticate each file request before routing it. 12/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
13 Threat Model Threat Model VMMs and A-VMs belong to the Trusted Computing Base. A malicious application may attacks other ones through shared files. Invalidate data integrity. Contamination through viruses. APP-VMs are untrusted: spoofed packets. Communications among the physical nodes cannot be forged or spoofed. Example: Service Provider using VMs. 13/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
14 Implementation Current Prototype Patch to FS-VM Linux Kernel. The prototype is based on Xen. VSFS exploits NFSv3 service to handle file requests. FS-VMs run Security-Enhanced Linux (SELinux): 1 to support DAC/MAC policies; 2 to enforce the security policy in a centralized way. 14/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
15 Implementation NFS Subject Changes to SELinux labeling and access rules: new subject corresponding to the NFS client; definition of all the operations it can invoke. the NFS server acts on behalf of NFS clients. VSFS: 1 Defines a distinct protection domain for each NFS client. 2 Dynamically pairs the NFS server process with the security context of the NFS client. Principle of least privilege. 15/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
16 Implementation NFS Request Flow 16/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
17 Implementation Assurance Virtual Machine Introspection: Standford University. Visibility: access FS-VM s state from a lower level. Robustness: protects FS-VM integrity from an A-VM. Anti-spoofing on the Xen virtual bridge: Static IP addresses bound to virtual interfaces. The AVM can freeze the execution of a VM. 17/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
18 Performance IOzone We used the IOzone Filesystem Benchmark to run NFS performance tests. Read/Write test. Four cases depending on whether: APP-VM and FS-VM are on the same or different node. Security policy is enforced or disabled. 18/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
19 Performance IOzone Read Performance Overhead is negligible 19/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
20 Performance IOzone Write Performance Overhead is negligible 20/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
21 Results and Future Works Limitations Current limitations of the prototype: No file system encryption. Assurance is limited to FS-VMs: attacks to APP-VMs are possible. Policy granularity is at the VM level. Security policy is static. 21/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
22 Results and Future Works Results Enforcement of MAC policies on a shared storage: to protect files accessed by applications with distinct trust levels. Ability of securely identifying each APP-VM: reliable association of a security context to an APP-VM according to its trust level. High assurance of the FS-VM integrity. Negligible overhead. 22/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
23 Results and Future Works Future Works Tainting: track data propagation among users and applications. File System encryption. Finer-grained security policy: user-id and NFS client-id. 1 Protection domain is a subset of the VM s domain. 2 Client side authentication. Master A-VM: controls and configures the whole network. Ex.: VM migration. Support for flexible security policies and MLS. 23/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa
Chapter 11 Distributed File Systems. Distributed File Systems
Chapter 11 Distributed File Systems Introduction Case studies NFS Coda 1 Distributed File Systems A distributed file system enables clients to access files stored on one or more remote file servers A file
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationHow to Backup XenServer VM with VirtualIQ
How to Backup XenServer VM with VirtualIQ 1. Using Live Backup of VM option: Live Backup: This option can be used, if user does not want to power off the VM during the backup operation. This approach takes
More informationTransparent Monitoring of a Process Self in a Virtual Environment
Transparent Monitoring of a Process Self in a Virtual Environment PhD Lunchtime Seminar Università di Pisa 24 Giugno 2008 Outline Background Process Self Attacks Against the Self Dynamic and Static Analysis
More informationSecuring your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation
Securing your Virtual Datacenter Part 1: Preventing, Mitigating Privilege Escalation Before We Start... Today's discussion is by no means an exhaustive discussion of the security implications of virtualization
More informationNSA Security-Enhanced Linux (SELinux)
NSA Security-Enhanced Linux (SELinux) http://www.nsa.gov/selinux Stephen Smalley sds@epoch.ncsc.mil Information Assurance Research Group National Security Agency Information Assurance Research Group 1
More informationCMPT 471 Networking II
CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access
More informationKVM Security Comparison
atsec information security corporation 9130 Jollyville Road, Suite 260 Austin, TX 78759 Tel: 512-349-7525 Fax: 512-349-7933 www.atsec.com KVM Security Comparison a t s e c i n f o r m a t i o n s e c u
More informationOverview. Firewall Security. Perimeter Security Devices. Routers
Overview Firewall Security Chapter 8 Perimeter Security Devices H/W vs. S/W Packet Filtering vs. Stateful Inspection Firewall Topologies Firewall Rulebases Lecturer: Pei-yih Ting 1 2 Perimeter Security
More informationUsing the Flask Security Architecture to Facilitate Risk Adaptable Access Controls
Using the Flask Security Architecture to Facilitate Risk Adaptable Access Controls Machon Gregory Peter Loscocco mbgrego@tycho.nsa.gov loscocco@tycho.nsa.gov National Security Agency Abstract Risk Adaptable
More informationHypervisors. Introduction. Introduction. Introduction. Introduction. Introduction. Credits:
Hypervisors Credits: P. Chaganti Xen Virtualization A practical handbook D. Chisnall The definitive guide to Xen Hypervisor G. Kesden Lect. 25 CS 15-440 G. Heiser UNSW/NICTA/OKL Virtualization is a technique
More informationVirtual Machines and Security Paola Stone Martinez East Carolina University November, 2013.
Virtual Machines and Security Paola Stone Martinez East Carolina University November, 2013. Keywords: virtualization, virtual machine, security. 1. Virtualization The rapid growth of technologies, nowadays,
More informationFirewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA
Firewalls Securing Networks Chapter 3 Part 1 of 4 CA M S Mehta, FCA 1 Firewalls Learning Objectives Task Statements 1.3 Recognise function of Telecommunications and Network security including firewalls,..
More informationVirtual Machine Security
Virtual Machine Security CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ 1 Operating System Quandary Q: What is the primary goal
More informationnanohub.org An Overview of Virtualization Techniques
An Overview of Virtualization Techniques Renato Figueiredo Advanced Computing and Information Systems (ACIS) Electrical and Computer Engineering University of Florida NCN/NMI Team 2/3/2006 1 Outline Resource
More informationLinux Distributed Security Module 1
Linux Distributed Security Module 1 By Miroslaw Zakrzewski and Ibrahim Haddad This article describes the implementation of Mandatory Access Control through a Linux kernel module that is targeted for Linux
More informationIntroduction to OpenStack
Introduction to OpenStack Carlo Vallati PostDoc Reseracher Dpt. Information Engineering University of Pisa carlo.vallati@iet.unipi.it Cloud Computing - Definition Cloud Computing is a term coined to refer
More informationProviding Flexible Security as a Service Model for Cloud Infrastructure
Providing Flexible Security as a Service Model for Cloud Infrastructure Dr. M. Newlin Rajkumar, P. Banu Priya, Dr. V. Venkatesakumar Abstract Security-as-a-Service model for cloud systems enable application
More informationSPACK FIREWALL RESTRICTION WITH SECURITY IN CLOUD OVER THE VIRTUAL ENVIRONMENT
SPACK FIREWALL RESTRICTION WITH SECURITY IN CLOUD OVER THE VIRTUAL ENVIRONMENT V. Devi PG Scholar, Department of CSE, Indira Institute of Engineering & Technology, India. J. Chenni Kumaran Associate Professor,
More informationAdvanced Systems Security: Retrofitting Commercial Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationSecurity Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP belka@att.net
Security Frameworks An Enterprise Approach to Security Robert Belka Frazier, CISSP belka@att.net Security Security is recognized as essential to protect vital processes and the systems that provide those
More informationAdditional Security Considerations and Controls for Virtual Private Networks
CYBER SECURITY OPERATIONS CENTRE APRIL 2013 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL REFERENCES
More informationConfiguring DHCP Snooping
CHAPTER 19 This chapter describes how to configure Dynamic Host Configuration Protocol (DHCP) snooping on Catalyst 4500 series switches. It provides guidelines, procedures, and configuration examples.
More informationCFCC: Covert Flows Confinement For VM Coalitions Ge Cheng, Hai Jin, Deqing Zou, Lei Shi, and Alex K. Ohoussou
CFCC: Covert Flows Confinement For VM Coalitions Ge Cheng, Hai Jin, Deqing Zou, Lei Shi, and Alex K. Ohoussou 服 务 计 算 技 术 与 系 统 教 育 部 重 点 实 验 室 (SCTS) 集 群 与 网 格 计 算 湖 北 省 重 点 实 验 室 (CGCL) Outline Background
More informationAn overwhelming majority of IaaS clouds leverage virtualization for their foundation.
1 2 3 An overwhelming majority of IaaS clouds leverage virtualization for their foundation. 4 With the use of virtualization comes the use of a hypervisor. Normally, the hypervisor simply provisions resources
More informationVirtualization. Pradipta De pradipta.de@sunykorea.ac.kr
Virtualization Pradipta De pradipta.de@sunykorea.ac.kr Today s Topic Virtualization Basics System Virtualization Techniques CSE506: Ext Filesystem 2 Virtualization? A virtual machine (VM) is an emulation
More informationChapter 14 Virtual Machines
Operating Systems: Internals and Design Principles Chapter 14 Virtual Machines Eighth Edition By William Stallings Virtual Machines (VM) Virtualization technology enables a single PC or server to simultaneously
More informationExploring Layer 2 Network Security in Virtualized Environments. Ronny L. Bull & Jeanna N. Matthews
Exploring Layer 2 Network Security in Virtualized Environments Ronny L. Bull & Jeanna N. Matthews Road Map Context for the Problem of Layer 2 Network Security in Virrtualized Environments Virtualization,
More informationOracle Business Intelligence Enterprise Edition (OBIEE) Version 10.1.3.3.2 with Quick Fix 090406 running on Oracle Enterprise Linux 4 update 5 x86_64
122-B CERTIFICATION REPORT No. CRP250 Business Intelligence Edition (OBIEE) Version 10.1.3.3.2 with Quick Fix 090406 running on update 5 Issue 1.0 June 2009 Crown Copyright 2009 All Rights Reserved Reproduction
More informationBasics of Internet Security
Basics of Internet Security Premraj Jeyaprakash About Technowave, Inc. Technowave is a strategic and technical consulting group focused on bringing processes and technology into line with organizational
More informationSecuring Data in Oracle Database 12c
Securing Data in Oracle Database 12c Thomas Kyte http://asktom.oracle.com/ Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes
More informationSecuring Virtual Applications and Servers
White Paper Securing Virtual Applications and Servers Overview Security concerns are the most often cited obstacle to application virtualization and adoption of cloud-computing models. Merely replicating
More informationRED HAT ENTERPRISE VIRTUALIZATION FOR SERVERS: COMPETITIVE FEATURES
RED HAT ENTERPRISE VIRTUALIZATION FOR SERVERS: COMPETITIVE FEATURES RED HAT ENTERPRISE VIRTUALIZATION FOR SERVERS Server virtualization offers tremendous benefits for enterprise IT organizations server
More informationLecture 02b Cloud Computing II
Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,
More informationDistributed System Monitoring and Failure Diagnosis using Cooperative Virtual Backdoors
Distributed System Monitoring and Failure Diagnosis using Cooperative Virtual Backdoors Benoit Boissinot E.N.S Lyon directed by Christine Morin IRISA/INRIA Rennes Liviu Iftode Rutgers University Phenix
More informationConfinement Problem. The confinement problem Isolating entities. Example Problem. Server balances bank accounts for clients Server security issues:
Confinement Problem The confinement problem Isolating entities Virtual machines Sandboxes Covert channels Mitigation 1 Example Problem Server balances bank accounts for clients Server security issues:
More informationSecuring sensitive data at Rest ProtectFile, ProtectDb and ProtectV. Nadav Elkabets Presale Consultant
Securing sensitive data at Rest ProtectFile, ProtectDb and ProtectV Nadav Elkabets Presale Consultant Protecting Your Data Encrypt Your Data 1 ProtectFile StorageSecure ProtectDB ProtectV Databases File
More informationBasics of Virtualisation
Basics of Virtualisation Volker Büge Institut für Experimentelle Kernphysik Universität Karlsruhe Die Kooperation von The x86 Architecture Why do we need virtualisation? x86 based operating systems are
More informationNovel Systems. Extensible Networks
Novel Systems Active Networks Denali Extensible Networks Observations Creating/disseminating standards hard Prototyping/research Incremental deployment Computation may be cheap compared to communication
More informationCustomized Data Exchange Gateway (DEG) for Automated File Exchange across Networks
Customized Data Exchange Gateway (DEG) for Automated File Exchange across Networks *Abhishek Vora B. Lakshmi C.V. Srinivas National Remote Sensing Center (NRSC), Indian Space Research Organization (ISRO),
More informationFull and Para Virtualization
Full and Para Virtualization Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF x86 Hardware Virtualization The x86 architecture offers four levels
More informationFISMA / NIST 800-53 REVISION 3 COMPLIANCE
Mandated by the Federal Information Security Management Act (FISMA) of 2002, the National Institute of Standards and Technology (NIST) created special publication 800-53 to provide guidelines on security
More informationMicrokernels, virtualization, exokernels. Tutorial 1 CSC469
Microkernels, virtualization, exokernels Tutorial 1 CSC469 Monolithic kernel vs Microkernel Monolithic OS kernel Application VFS System call User mode What was the main idea? What were the problems? IPC,
More informationVirtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies
Virtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies Kurt Klemperer, Principal System Performance Engineer kklemperer@blackboard.com Agenda Session Length:
More informationVirtualization for Cloud Computing
Virtualization for Cloud Computing Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF CLOUD COMPUTING On demand provision of computational resources
More informationDesktop virtualization using SaaS Architecture
Desktop virtualization using SaaS Architecture Pranit U. Patil, Pranav S. Ambavkar, Dr.B.B.Meshram, Prof. Varshapriya VJTI, Matunga, Mumbai, India. pranit_patil@aol.in Abstract - Desktop virtualization
More informationCOS 318: Operating Systems. Virtual Machine Monitors
COS 318: Operating Systems Virtual Machine Monitors Kai Li and Andy Bavier Computer Science Department Princeton University http://www.cs.princeton.edu/courses/archive/fall13/cos318/ Introduction u Have
More informationOpen Directory. Apple s standards-based directory and network authentication services architecture. Features
Open Directory Apple s standards-based directory and network authentication services architecture. Features Scalable LDAP directory server OpenLDAP for providing standards-based access to centralized data
More informationVMware Security Briefing. Rob Randell, CISSP Senior Security Specialist SE
VMware Security Briefing Rob Randell, CISSP Senior Security Specialist SE Agenda Security Advantages of Virtualization Security Concepts in Virtualization Architecture Operational Security Issues with
More informationNetwork Security: From Firewalls to Internet Critters Some Issues for Discussion
Network Security: From Firewalls to Internet Critters Some Issues for Discussion Slide 1 Presentation Contents!Firewalls!Viruses!Worms and Trojan Horses!Securing Information Servers Slide 2 Section 1:
More informationEffective End-to-End Cloud Security
Effective End-to-End Cloud Security Securing Your Journey to the Cloud Trend Micro SecureCloud A Trend Micro & VMware White Paper August 2011 I. EXECUTIVE SUMMARY This is the first paper of a series of
More informationChapter 8 A secure virtual web database environment
Chapter 8 Information security with special reference to database interconnectivity Page 146 8.1 Introduction The previous three chapters investigated current state-of-the-art database security services
More informationSSL VPN A look at UCD through the tunnel
SSL VPN A look at UCD through the tunnel Background Why? Who is it for? Stakeholders IET Library Schools and Colleges Key Requirements Integrate with existing authentication Flexible security groups within
More informationDynamic Resource allocation in Cloud
Dynamic Resource allocation in Cloud ABSTRACT: Cloud computing allows business customers to scale up and down their resource usage based on needs. Many of the touted gains in the cloud model come from
More informationCS 695 Topics in Virtualization and Cloud Computing. More Introduction + Processor Virtualization
CS 695 Topics in Virtualization and Cloud Computing More Introduction + Processor Virtualization (source for all images: Virtual Machines: Versatile Platforms for Systems and Processes Morgan Kaufmann;
More informationO2S2: Enhanced Object-based Virtualized Storage
O2S2: Enhanced Object-based Virtualized Storage Himanshu Raj College of Computing Georgia Tech Atlanta, GA rhim@cc.gatech.edu Karsten Schwan College of Computing Georgia Tech Atlanta, GA schwan@cc.gatech.edu
More informationSecure Private Cloud Architecture for Mobile Infrastructure as a Service
2012 IEEE Eighth World Congress on Services Secure Private Cloud Architecture for Mobile Infrastructure as a Service Susmita Horrow Department of mathematics IIT Roorkee, India hsusmita4@gmail.com Sanchika
More informationSecuring Physical and Virtual IT Assets Without Hardware Firewalls or VLANs
white paper Securing Physical and Virtual IT Assets Without Hardware Firewalls or VLANs A New Approach: An Identity-Aware Network Inside the Perimeter Introduction For security administrators at large
More informationSecure Virtual Machine Systems
C H A P T E R 11 Secure Virtual Machine Systems A problem in building a new, secure operating system is that existing applications may not run on the new system. Operating systems define an application
More informationUnmasking Virtualization Security. Eric A. Hibbard, CISSP, CISA Hitachi Data Systems
Eric A. Hibbard, CISSP, CISA Hitachi Data Systems SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA unless otherwise noted. Member companies and individual members may
More informationSatish Mohan. Head Engineering. AMD Developer Conference, Bangalore
Satish Mohan Head Engineering AMD Developer Conference, Bangalore Open source software Allows developers worldwide to collaborate and benefit. Strategic elimination of vendor lock in OSS naturally creates
More informationOracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data
Oracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data Will Fiveash presenter, Darren Moffat author Staff Engineer Solaris Kerberos Development Safe Harbor Statement The following
More informationOpen Source, Scale-out clustered NAS using nfs-ganesha and GlusterFS
Open Source, Scale-out clustered NAS using nfs-ganesha and GlusterFS Anand Subramanian Senior Principal Engineer, Red Hat anands@redhat.com Agenda Introduction GlusterFS NFSv4 nfs-ganesha Nfs-ganesha Architecture
More informationThe Flask Security Architecture A Flexible Mandatory Access Control Mechanism For Use in Multiple Secure Systems
The Flask Security Architecture A Flexible Mandatory Access Control Mechanism For Use in Multiple Secure Systems Jeffrey Barr Professor Tom Perrine San Diego State University Computer Science 574 6 December
More informationVirtualization and Cloud Computing
Virtualization and Cloud Computing Security is a Process, not a Product Guillermo Macias CIP Security Auditor, Sr. Virtualization Purpose of Presentation: To inform entities about the importance of assessing
More informationSECURITY PLATFORM FOR HEALTHCARE PROVIDERS
SECURITY PLATFORM FOR HEALTHCARE PROVIDERS Our next-generation security platform prevents successful cyberattacks for hundreds of hospitals, clinics and healthcare networks across the globe. Palo Alto
More informationVirtualization. Jukka K. Nurminen 23.9.2015
Virtualization Jukka K. Nurminen 23.9.2015 Virtualization Virtualization refers to the act of creating a virtual (rather than actual) version of something, including virtual computer hardware platforms,
More informationInternational Journal of Scientific & Engineering Research, Volume 5, Issue 1, January-2014 ISSN 2229-5518 1299
1299 TITLE Virtualization security in Data Centres & cloud Prof Sarita Dhawale. Ashoka Center for Business & Computer Studies,Nashik Head of Department of Computer Science University of Pune, Maharashtra.
More informationNew Security Perspective for Virtualized Platforms
, July 3-5, 2013, London, U.K. New Security Perspective for Virtualized Platforms Abdelmajid Lakbabi, Said El hajji, Ghizlane Orhanou, Kaouthar Chetioui Abstract Recently, an important transition in IT
More informationForeScout CounterACT. Device Host and Detection Methods. Technology Brief
ForeScout CounterACT Device Host and Detection Methods Technology Brief Contents Introduction... 3 The ForeScout Approach... 3 Discovery Methodologies... 4 Passive Monitoring... 4 Passive Authentication...
More informationUMHLABUYALINGANA MUNICIPALITY FIREWALL MANAGEMENT POLICY
UMHLABUYALINGANA MUNICIPALITY FIREWALL MANAGEMENT POLICY Firewall Management Policy Approval and Version Control Approval Process: Position or Meeting Number: Date: Originator: Recommended by Director
More informationThe Art of Virtualization with Free Software
Master on Free Software 2009/2010 {mvidal,jfcastro}@libresoft.es GSyC/Libresoft URJC April 24th, 2010 (cc) 2010. Some rights reserved. This work is licensed under a Creative Commons Attribution-Share Alike
More informationExploring Layer 2 Network Security in Virtualized Environments. Ronny L. Bull & Jeanna N. Matthews
Exploring Layer 2 Network Security in Virtualized Environments Ronny L. Bull & Jeanna N. Matthews Introduction Cloud Services Offer customers virtual server hosting in multi-tenant environments Virtual
More informationHigh-Performance Nested Virtualization With Hitachi Logical Partitioning Feature
High-Performance Nested Virtualization With Hitachi Logical Partitioning Feature olutions Enabled by New Intel Virtualization Technology Extension in the Intel Xeon Processor E5 v3 Family By Hitachi Data
More informationVirtualization System Security
Virtualization System Security Bryan Williams, IBM X-Force Advanced Research Tom Cross, Manager, IBM X-Force Security Strategy 2009 IBM Corporation Overview Vulnerability disclosure analysis Vulnerability
More informationVirtualization. Types of Interfaces
Virtualization Virtualization: extend or replace an existing interface to mimic the behavior of another system. Introduced in 1970s: run legacy software on newer mainframe hardware Handle platform diversity
More informationHow To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)
Security principles Firewalls and NAT These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/) Host vs Network
More informationSecuring Data in a RHEL SELinux Multi-Level Secure Environment
Securing Data in a RHEL SELinux Multi-Level Secure Environment 201504 MLS Overview Red Hat Enterprise Linux (RHEL) forms the foundation of the Multi-Level Security (MLS) system Security Enhanced Linux
More informationSecure Networks for Process Control
Secure Networks for Process Control Leveraging a Simple Yet Effective Policy Framework to Secure the Modern Process Control Network An Enterasys Networks White Paper There is nothing more important than
More informationSecuring Commercial Operating Systems
C H A P T E R 7 Securing Commercial Operating Systems Since the discovery of the reference monitor concept during the development of Multics, there have been many projects to retrofit existing commercial
More informationSecurity technology of system virtualization platform
Security technology of system virtualization platform Dr. Qingni Shen Peking University Intel UPO Supported Main Points Security analysis of system virtualization platform Security architecture of VMM
More informationVirtual Machine Monitors. Dr. Marc E. Fiuczynski Research Scholar Princeton University
Virtual Machine Monitors Dr. Marc E. Fiuczynski Research Scholar Princeton University Introduction Have been around since 1960 s on mainframes used for multitasking Good example VM/370 Have resurfaced
More informationExperiment # 6 Remote Access Services
Experiment # 6 Remote Access Services 7-1 : Introduction Businesses today want access to their information anywhere, at any time. Whether on the road with customers or working from home, employees need
More informationVIRTUALIZATION INTROSPECTION SYSTEM ON KVM-BASED CLOUD COMPUTING PLATFORMS. 100356010@nccu.edu.tw Advisor: yuf@nccu.edu.tw Software Security Lab.
VIRTUALIZATION INTROSPECTION SYSTEM ON KVM-BASED CLOUD COMPUTING PLATFORMS 100356010@nccu.edu.tw Advisor: yuf@nccu.edu.tw Software Security Lab. Motivation The era of cloud computing Motivation In the
More informationArchitecture. The DMZ is a portion of a network that separates a purely internal network from an external network.
Architecture The policy discussed suggests that the network be partitioned into several parts with guards between the various parts to prevent information from leaking from one part to another. One part
More informationDMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch
DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch What You Will Learn A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside)
More informationCopyright 2013, Oracle and/or its affiliates. All rights reserved.
1 Solutions for securing and auditing Oracle database Edgars Ruņģis Technology Consultant Why Are Databases Vulnerable? 80% of IT Security Programs Don t Address Database Security Forrester Research Enterprises
More informationCloud Security. One Size Does Not Fit All
Cloud Security One Size Does Not Fit All Matti Hiltunen Principal Member of Technical Staff Research AT&T Labs Research, Florham Park, NJ New Problems in Security in Cloud Computing NSF Workshop on Security
More informationCloud Computing Governance & Security. Security Risks in the Cloud
Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud
More informationVirtualisation security: Virtual machine monitoring and introspection
Virtualisation security: Virtual machine monitoring and introspection ISATION Increasingly, critical systems are being virtualised in the name of cost savings. At the same time, there has been an increase
More informationDOBUS And SBL Cloud Services Brochure
01347 812100 www.softbox.co.uk DOBUS And SBL Cloud Services Brochure enquiries@softbox.co.uk DOBUS Overview The traditional DOBUS service is a non-internet reliant, resilient, high availability trusted
More informationThe Cloud in your office
Why Systemax Stack As A Service? Worry-free IT Fully managed IT delivered as a service Peace of mind secure, patched & kept current Eliminates the need for future IT refresh projects The Cloud in your
More informationA Survey on Virtual Machine Security
A Survey on Virtual Machine Security Jenni Susan Reuben Helsinki University of Technology jreubens@cc.hut.fi Abstract Virtualization plays a major role in helping the organizations to reduce the operational
More informationNETWORK EMULATION AND NETKIT
NETWORK EMULATION AND NETKIT Gestão e Segurança de Redes / Gestão de Redes e Serviços LERC / MEIC- T 2013/14 Artur M. Arsénio & Miguel P. Correia CLASS OBJECTIVES To understand what is meant by network
More informationVirtualization. Introduction to Virtualization Virtual Appliances Benefits to Virtualization Example Virtualization Products
Virtualization Originally prepared by Greg Bosch; last modified April 2012 by B. Davison I. Introduction to Virtualization II. Virtual Appliances III. Benefits to Virtualization IV. Example Virtualization
More informationVirtualization Technologies (ENCS 691K Chapter 3)
Virtualization Technologies (ENCS 691K Chapter 3) Roch Glitho, PhD Associate Professor and Canada Research Chair My URL - http://users.encs.concordia.ca/~glitho/ The Key Technologies on Which Cloud Computing
More informationMitigating Information Security Risks of Virtualization Technologies
Mitigating Information Security Risks of Virtualization Technologies Toon-Chwee, Wee VMWare (Hong Kong) 2009 VMware Inc. All rights reserved Agenda Virtualization Overview Key Components of Secure Virtualization
More informationHow To Set Up Egnyte For Netapp Sync For Netapp
Egnyte Storage Sync For NetApp Installation Guide Introduction... 2 Architecture... 2 Key Features... 3 Access Files From Anywhere With Any Device... 3 Easily Share Files Between Offices and Business Partners...
More informationJukka Ylitalo Tik-79.5401 TKK, April 24, 2006
Rich Uhlig, et.al, Intel Virtualization Technology, Computer, published by the IEEE Computer Society, Volume 38, Issue 5, May 2005. Pages 48 56. Jukka Ylitalo Tik-79.5401 TKK, April 24, 2006 Outline of
More informationSafety measures in Linux
S a f e t y m e a s u r e s i n L i n u x Safety measures in Linux Krzysztof Lichota lichota@mimuw.edu.pl A g e n d a Standard Unix security measures: permissions, capabilities, ACLs, chroot Linux kernel
More information