Secure information storage
|
|
- Nathan Green
- 8 years ago
- Views:
Transcription
1 Secure information storage in a private cloud built upon local network resources Student Project for Large Installation Administration Master of Science in System and Network Engineering Universiteit van Amsterdam Class of Vic Ding (vic.ding@os3.nl) Damir Musulin (damir.musulin@os3.nl) March 26, 2011 Version 1.0
2 Executive summary This project investigates how to securely store data in a private cloud where users can locally access data of each other since every user workstation is being used as storage node. Two approaches are illustrated on how to archive better security of data store. One is targeted distribution and the other one is on-the-fly cryptography. The first one focuses on store data with certain permission only in designated groups of computers. And the later one focuses on encrypt the data to prevent unauthorized access. These two methods can also be applied to public clouds. An open source implementation of private cloud storage, Swift 1 from OpenStack 2, is used to build our test environment. It is picked due to its openness and being generic. 1 storage solution from OpenStack 2 open source implementation of private cloud from NASA and RackSpace Version 1.0 2
3 Table of Contents Executive summary... 2 Chapter 1 Introduction...4 Chapter 2 Research and approach... 5 Chapter 3 Project environment...6 Chapter 3.1 What is Swift?... 7 Chapter 4 Targeted distribution... 8 Chapter 4.1 Setup for targeted distribution...9 Chapter 4.2 Operation of targeted distribution Chapter 5 Cryptography layer Chapter 5.1 Swift concept and place to inject cryptography Chapter 5.2 Revised server.py Chapter 6 Conclusion Chapter 7 Limitations & future study...17 Appendix A Cryptography methods in server.py for object storage node References Version 1.0 3
4 Chapter 1 Introduction With the evolve of the modern computer and network facilities, the power of these devices is enhanced remarkably. However, most computing power of the workstations are normally wasted when they are being idle or the CPU, memory and hard disk being only slightly used during the working hour. In order to utilize the already-paid-for equipments efficiently, a private cloud upon local network can be built to offload the burden of servers. It is not only comply with the trend of green IT but also can reduce cost for the organizations. Within the private cloud environment, data is stored across the whole network. It might then be the case that certain sensitive information get stored locally to a user who should never be able to access it or user can go around the file system to access each other's data. To address this issue, we carried out this project with the following research question: How can data be securely stored in a private cloud environment where user has local access to it? In this research two methods are discussed which can be used to mitigate the risk and secure the data stored in the private cloud Version 1.0 4
5 Chapter 2 Research and approach Based on the research question, two approaches are being investigated. The two approaches are: 1. Targeted distribution - Store the privileged data only on the computer of the privileged users. 2. Cryptography layer - Build extra layer to en/decrypt data upon read and write. The first approach deals with the problem of distribution of data in the cloud/network. If information is distributed in the cloud/network, there needs to be a way to control the distribution in the cloud/network so that information is stored in locations that are preferred. An example could be that information is stored in a network section that is more secure than the general network. The second approach deal with adding an cryptography to the private cloud software. Adding cryptography to the private cloud allows the uploader of information to encrypt the information when uploading the information to the cloud. This allows the information to be stored anywhere on the network, because the information is encrypted and you will need the password to decrypt the information. Once the user needs to retrieve the from the cloud, the user specify the information needed and gives the password to decrypt the information. With these two approaches there is a possibility two answer the research question in two different manners. The first possibility is securing data by storing it on a different part of the network thus denying access to ordinary users. The second possibility is to encrypt the data by adding an encryption layer thus the local user cannot access the information Version 1.0 5
6 Chapter 3 Project environment The research is focused on security in the private cloud. To do the research there is a need for private cloud software, so that the research approaches can be implemented on the private cloud software, when there is a possibility to do so. Because there are multiple implementations of private cloud software, the choice for a specific implementation of private cloud software is based on software with a liberal license, like GPL,BSD and the Apache license. Another criteria is that there is are problems with the private cloud software. an active community so that there is support when there For the project environment OpenStack software was chosen because of the liberal Apache license 3 and the strong community, with big companies/institutions like NASA 5 (National Aeronautics and Space Administration) and Cisco 6 supporting the project. For the research other private cloud software could be used but the liberal license and the strong community convinced us to use OpenStack in our project environment Version 1.0 6
7 Chapter 3.1 What is Swift? Swift is the object storage system for the OpenStack private cloud. OpenStack consists of individual components that together make up the OpenStack object storage. The components that make OpenStack object storage are: 1. OpenStack Swift Object storage nodes 2. OpenStack authentication system 3. OpenStack proxy system Figure 1 OpenStack Object Storage Figure 1 originated from the documentation webiste of Swift Version 1.0 7
8 Chapter 4 Targeted distribution The first approach to the security of data in the could be targeted distribution. With targeted distribution the user gets the possibility to decide to which part of the network the user data is distributed to. The idea behind targeted distribution is that a network consists of different segmented parts, with different security levels applied to the network segments. If the user has data that is mission critical then the user can decide to distribute the data over certain part of the network which is more secure that the general network. An example would be that information from company management is only distributed among the computers that meet a certain security standard of the company. Targeted distribution gives the possibility to the board of directors where to store the data and meanwhile maintaining high availability. Figure 2:logical network layout for targeted distribution In figure2 there are five logical network segments. If the company management wants to store mission critical data then the data can only be stored on computers that have a security standards that meet the needs of the data storage requirements of the company management. In this case the management can thrust their network and the network segment with elevated security standard. The management can target these computers to store the data of the management, this is the idea of targeted distribution Version 1.0 8
9 Chapter 4.1 Setup for targeted distribution To generate a network layout like figure2 for targeted distribution, the Swift object storage system needs to be modified to be aware of the different network segments. A way to make the object storage system aware of the different network segments is the use of LDAP. With the help of LDAP server and modification on Swift, it is possible to let the storage cloud be aware of different segments of the network. An issue with targeted distribution is that the scalability can be problematic. Swift storage nodes are pre-defined in the initial state of setup. In a later stage, addition of storage nodes to a network segment will require that every node in a network segment is redefined, to become aware of the addition of storage nodes. When adding nodes to a network segment, the configuration in LDAP needs to be manually changed to be able to adopt the changes Version 1.0 9
10 Chapter 4.2 Operation of targeted distribution Figure 3: LDAP operations In figure 3 node 12 requests information from the LDAP server. When node 12 receives the information from the LDAP server, node 12 can request all nodes in the same segment to become a segment with other nodes in the same segment Version
11 Chapter 5 Cryptography layer Cryptography is a common practice in securing data storage nowadays. It ensures that even the data is accessible to unauthorized person, it can still be kept safe. In our project, in order to leave the user environment as simple and independent as possible, we decide to implement the cryptography on the server side. To be more specific, we revised the code of storage node to let it encrypt and decrypt data during the upload and download of files. When user upload a file, the file contains original data without encryption. In the current version of Swift, user with local access can operate on it if he can locate the file on the local file system. We revised the code in the way that it encrypts the file during the upload time with Advanced Encryption Standard (AES) 8 using the Python Crypto library 9. In figure4, we can see the same text file before and after the encryption. Figure 4 The original file size is 2 bytes, and become 16 bytes after encryption. The file is padded by the implementation of AES, and 16 bytes is the minimum length of the file, due to the minimum key size being used. In figure5, we can see the encryption of a picture. Figure Advanced Encryption Standard Python crypto library project website Version
12 It shows clearly that users can upload any type of files, it will then be secured by encryption with the private key of the user. When user wants to download it, it will be automatically decrypted if the user can provide the same correct key. Hence, the data can be stored securely. The procedure will be elaborated in detail in next chapter Version
13 Chapter 5.1 Swift concept and place to inject cryptography First of all, according to the concept of Swift, everything must be put in a ring. Everything here includes, account, container and object. For object, there is an object ring. Since we are going to encrypt only the objects, the real file, so we choose to revised the object server, server.py. It implement the storage nodes which participate in the ring operation Figure The idea behind this file is simple. It reassembles a Web Server Gateway Interface (WSGI) 11 to handle all the requests from users. When user submits a request, it will be converted to a HTTPS request, handled by the WSGI then communicated internally with the storage nodes where the real file is being stored. The WSGI class defined in server.py for objects is the single point where both download and upload are handled. It is the ideal place to inject the cryptography codes without over altering the original Swift system. Figure Origin of figure 6 in the installation document of Swift on its official website 11 Web site of WSGI (Web Server Gateway Interface) which is a Python standard PEP Version
14 However, there is no central point of editing. As illustrated from the above Figure 6, each storage node is purposely separated from each other to maintain high scalability. Meaning to say that the WSGI is implemented on each of the server. The revised server file has to be propagated to every server. In order to save manual labour, automation tool, like CFengine 12 can be used to mitigate this problem CFengine is a powerful data center configuration automation tool Version
15 Chapter 5.2 Revised server.py Below is the code snippet we inserted into the WSGI implementation. def encrypt_file(chunk, key, IV, blocksize=64*1024): def decrypt_file(chunk, key, IV, blocksize=64*1024): These two functions serve the purpose of encryption and decryption. The hashed key of the operator's account will be used as key. The reason of hashing the key besides improved security is that the Python library we use is quite low level, it is efficient but requires pre-padded fixed length key of either 16, 24 or 32 bytes. And the product of such a Secure Hash Algorithm 256 (SHA256) 13 is just 32 bytes long 14. The Initial Vector (IV) could be 16 bytes random string. We can store the IV as the first 16 bytes of the encrypted file, and let the server read from it each time upon downloading request. The quality of IV has high impact on the quality of cryptography and does not expose information to cracker by itself. That is why we can store it together with the encrypted file and have it randomly generated each time. The block size is the size of the data chunk we are going to operate on each time. The size of the network buffer is (64 * 1024). We set here the chunk size to the same to avoid unnecessary split or merge of the chunks which will save the computational power of computer and hence leverage the efficiency. The file level operation is handled by the Swift system. What we have to do is only pass the encrypted chunk to the handler or get the encrypted chunk from the handler. The whole revised code can be found in Appendix A Secure Hash Algorithm 14 In section Comparism of SHA functions, there it indicates the length of product of SHA Version
16 Chapter 6 Conclusion The conducted research concludes a positive answer to the research question, so that by using both of the presented methods, data can be secured in the private cloud where user has local access rights. However, there are advantages and disadvantages concerning each of them. With targeted distribution, the number of computers which can be used to store data is limited by the fact that some of them fall in a lower security group. Hence the utilization of the resource is again suboptimal. But the security level can be leveraged largely as one can argue that there is no way to break the system if the cracker do not even get the system. The highly secured data are only accessible to the ones who should have the right to access it. With the cryptography layer, the number of computers which can be used to store data is only limited by the total amount of available computers in the organization. In this case, it is making optimal usage of the available resources. However, the cryptography can impulse large performance penalty especially in the case of encrypting large amount of data. Though there are still limitations and disadvantages to each of the approach, they can be possibly covered by the future studies recommended in the later chapter on limitations and future studies. During the project, investigation on the CAP (Consistency, Availability and Performance) of the storage nodes before and after modification is also being carried out. From the overview 15 of Swift, it says that the consistency is sacrificed to archive better availability and performance. The same symptom can be observed after our modification to the software package. The consistency of the files is inheritably low. In the real use cases, even after days, there are still different versions of the same file on different storage nodes even when the synchronous timer is set to every one hour. The availability is generally high in case of cryptography approach. But it is highly dependent on the amount of machines in certain group when targeted distribution is used. The performance is depending on the active machines which are handling the request Version
17 Chapter 7 Limitations & future study There are two limitations in our project: 1. There is no implementation of targeted distribution. Instead, only a proof of concept is illustrated in the report. 2. Storage node is accessible from other networks. It takes long time to implement such a targeted distribution in Swift. The distribution of the replications is controlled by the combination of the corresponding ring file and rsync which lies on the bottom layer of the software package. In order to change the behaviour of distribution, it will require modification to both the ring file and rsync. The time expected to archive such modification clearly falls out of our study scope. We only made a proof of concept as a show case instead of making a working system. In the manual 16 of Swift, it mentioned that the storage nodes contains the data and should be put into a separate network which is only accessible to local network. However, in our settings it is not the case. We ran seven virtual machines on two lab servers. One for proxy server, one for authentication server and five storage nodes. We have to simulate the situation that the storage nodes are accessible to local users. To be able to archive that effect, we use each other storage nodes as the access terminal to access the local data of other nodes. To be able to let us get into the "terminals", we have to enable the access to outside. These are the two limitations we faced and dealt during the study. We would like to recommend for limitation one a future study, implementation of targeted distribution. It is interesting to see in reality how the behaviour of the distribution can be controlled and the replications are arranged in the way that comply to organizational security policies. In addition to that, a very interesting and important further step can be taken to extend this study and make it more useful. We would like to see what is the possibility and effect to pull away the authentication server, where the keys are located, to customer side. Now many organizations' concern is if they use external storage their keys are out of their control since the authentication or key server will be located on the supplier side. If the further study can show that the keys can be kept within the organization and only communicated with the service provider in a secured way, it will certainly enhance the confidence level of customers, and can then make better use of the technology Version
18 Appendix A Cryptography methods in server.py for object storage node def encrypt_file(chunk, key, iv, blocksize=64*1024): iv = ''.join(chr(0) for i in range(16)) encryptor = AES.new(key, AES.MODE_CBC, iv) if len(chunk) % 16!= 0: chunk += ' ' * (16 - len(chunk) % 16) return encryptor.encrypt(chunk) def decrypt_file(chunk, key, iv, blocksize=64*1024): iv = ''.join(chr(0) for i in range(16)) decryptor = AES.new(key, AES.MODE_CBC, iv) return decryptor.decrypt(chunk) Version
19 References 1. storage solution from OpenStack 2. open source implementation of private cloud from NASA and RackSpace sou/ Figure 1 originated from the documentation webiste of Swift Advanced Encryption Standard Python crypto library project website 9. Origin of figure 6 in the installation document of Swift on its official website Web site of WSGI (Web Server Gateway Interface) which is a Python standard PEP CFengine is a powerful data center configuration automation tool Secure Hash Algorithm In section Comparism of SHA functions, there it indicates the length of product of SHA Version
Cloud Sync White Paper. Based on DSM 6.0
Cloud Sync White Paper Based on DSM 6.0 1 Table of Contents Introduction 3 Product Features 4 Synchronization 5 Architecture File System Monitor (Local change notification) Event/List Monitor (Remote change
More informationSimple Storage Service (S3)
Simple Storage Service (S3) Amazon S3 is storage for the Internet. It is designed to make web-scale computing easier for developers. Amazon S3 provides a simple web services interface that can be used
More informationSkyRecon Cryptographic Module (SCM)
SkyRecon Cryptographic Module (SCM) FIPS 140-2 Documentation: Security Policy Abstract This document specifies the security policy for the SkyRecon Cryptographic Module (SCM) as described in FIPS PUB 140-2.
More informationFile System Encryption in C#
INTEGRATED FILE-LEVEL CRYPTOGRAPHICAL ACCESS CONTROL Abstract Ryan Seifert ryanseifert@earthlink.net T. Andrew Yang Yang@UHCL.edu Division of Computing and Mathematics University of Houston - Clear Lake,
More informationContent Teaching Academy at James Madison University
Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect
More informationCLOUD COMPUTING SECURITY ARCHITECTURE - IMPLEMENTING DES ALGORITHM IN CLOUD FOR DATA SECURITY
CLOUD COMPUTING SECURITY ARCHITECTURE - IMPLEMENTING DES ALGORITHM IN CLOUD FOR DATA SECURITY Varun Gandhi 1 Department of Computer Science and Engineering, Dronacharya College of Engineering, Khentawas,
More informationMemeo C1 Secure File Transfer and Compliance
Overview and analysis of Memeo C1 and SSAE16 & SOX Compliance Requirements Memeo C1 Secure File Transfer and Compliance Comply360, Inc Contents Executive Summary... 2 Overview... 2 Scope of Evaluation...
More informationService Overview CloudCare Online Backup
Service Overview CloudCare Online Backup CloudCare s Online Backup service is a secure, fully automated set and forget solution, powered by Attix5, and is ideal for organisations with limited in-house
More informationSECURE, ENTERPRISE FILE SYNC AND SHARE WITH EMC SYNCPLICITY UTILIZING EMC ISILON, EMC ATMOS, AND EMC VNX
White Paper SECURE, ENTERPRISE FILE SYNC AND SHARE WITH EMC SYNCPLICITY UTILIZING EMC ISILON, EMC ATMOS, AND EMC VNX Abstract This white paper explains the benefits to the extended enterprise of the on-
More informationSync Security and Privacy Brief
Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical
More informationProject Proposal. Data Storage / Retrieval with Access Control, Security and Pre-Fetching
1 Project Proposal Data Storage / Retrieval with Access Control, Security and Pre- Presented By: Shashank Newadkar Aditya Dev Sarvesh Sharma Advisor: Prof. Ming-Hwa Wang COEN 241 - Cloud Computing Page
More informationSENSE Security overview 2014
SENSE Security overview 2014 Abstract... 3 Overview... 4 Installation... 6 Device Control... 7 Enrolment Process... 8 Authentication... 9 Network Protection... 12 Local Storage... 13 Conclusion... 15 2
More informationCredibly secure cloud storage with elfcloud
Credibly secure cloud storage with elfcloud Privacy of private clouds with the cost of the public cloud Datacenter IaaS workshop 2014 / 12.9.2014 Tuomas Tonteri Founder and CEO Abstract elfcloud is a Finland
More informationUsing Data Encryption to Achieve HIPAA Safe Harbor in the Cloud
Using Data Encryption to Achieve HIPAA Safe Harbor in the Cloud 1 Contents The Obligation to Protect Patient Data in the Cloud................................................... Complying with the HIPAA
More informationMobile Cloud Computing T-110.5121 Open Source IaaS
Mobile Cloud Computing T-110.5121 Open Source IaaS Tommi Mäkelä, Otaniemi Evolution Mainframe Centralized computation and storage, thin clients Dedicated hardware, software, experienced staff High capital
More informationA block based storage model for remote online backups in a trust no one environment
A block based storage model for remote online backups in a trust no one environment http://www.duplicati.com/ Kenneth Skovhede (author, kenneth@duplicati.com) René Stach (editor, rene@duplicati.com) Abstract
More informationDESIGN AND IMPLEMENTATION OF A SECURE MULTI-CLOUD DATA STORAGE USING ENCRYPTION
DESIGN AND IMPLEMENTATION OF A SECURE MULTI-CLOUD DATA STORAGE USING ENCRYPTION Prof. M. Ben Swarup Professor, Department of CSE Vignan's Institute of Information Technology Visakhapatnam-49, India Chukkala
More informationwww.basho.com Technical Overview Simple, Scalable, Object Storage Software
www.basho.com Technical Overview Simple, Scalable, Object Storage Software Table of Contents Table of Contents... 1 Introduction & Overview... 1 Architecture... 2 How it Works... 2 APIs and Interfaces...
More informationWorkflow Templates Library
Workflow s Library Table of Contents Intro... 2 Active Directory... 3 Application... 5 Cisco... 7 Database... 8 Excel Automation... 9 Files and Folders... 10 FTP Tasks... 13 Incident Management... 14 Security
More informationDigital Forensics Tutorials Acquiring an Image with FTK Imager
Digital Forensics Tutorials Acquiring an Image with FTK Imager Explanation Section Digital Forensics Definition The use of scientifically derived and proven methods toward the preservation, collection,
More informationGladinet Cloud Backup V3.0 User Guide
Gladinet Cloud Backup V3.0 User Guide Foreword The Gladinet User Guide gives step-by-step instructions for end users. Revision History Gladinet User Guide Date Description Version 8/20/2010 Draft Gladinet
More informationWhite Paper. BD Assurity Linc Software Security. Overview
Contents 1 Overview 2 System Architecture 3 Network Settings 4 Security Configurations 5 Data Privacy and Security Measures 6 Security Recommendations Overview This white paper provides information about
More informationAn in-building multi-server cloud system based on shortest Path algorithm depending on the distance and measured Signal strength
IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661,p-ISSN: 2278-8727, Volume 17, Issue 1, Ver. I (Jan Feb. 2015), PP 38-42 www.iosrjournals.org An in-building multi-server cloud system based
More informationSECURE INFORMATION INTEGRATION WITH A SEMANTIC WEB-BASED FRAMEWORK
SECURE INFORMATION INTEGRATION WITH A SEMANTIC WEB-BASED FRAMEWORK Pranav Parikh, Murat Kantarcioglu, Vaibhav Khadilkar, Bhavani Thuraisingham, Latifur Khan The University of Texas at Dallas Abstract In
More informationPotential Targets - Field Devices
Potential Targets - Field Devices Motorola Field Devices: Remote Terminal Units ACE 3600 Front End Devices ACE IP Gateway ACE Field Interface Unit (ACE FIU) 2 Credential Cracking Repeated attempts to
More informationSQL Injection Protection by Variable Normalization of SQL Statement
Page 1 of 9 SQL Injection Protection by Variable Normalization of SQL Statement by: Sam M.S. NG, 0 http://www.securitydocs.com/library/3388 "Make everything as simple as possible, but not simpler." --
More informationAn overwhelming majority of IaaS clouds leverage virtualization for their foundation.
1 2 3 An overwhelming majority of IaaS clouds leverage virtualization for their foundation. 4 With the use of virtualization comes the use of a hypervisor. Normally, the hypervisor simply provisions resources
More informationCTERA Agent for Mac OS-X
User Guide CTERA Agent for Mac OS-X June 2014 Version 4.1 Copyright 2009-2014 CTERA Networks Ltd. All rights reserved. No part of this document may be reproduced in any form or by any means without written
More informationMANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s
More informationUsing etoken for SSL Web Authentication. SSL V3.0 Overview
Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents
More informationChristchurch Polytechnic Institute of Technology Information Systems Acquisition, Development and Maintenance Security Standard
Christchurch Polytechnic Institute of Technology Information Systems Acquisition, Development and Maintenance Security Standard Corporate Policies & Procedures Section 1: General Administration Document
More informationOpenStack Introduction. November 4, 2015
OpenStack Introduction November 4, 2015 Application Platforms Undergoing A Major Shift What is OpenStack Open Source Cloud Software Launched by NASA and Rackspace in 2010 Massively scalable Managed by
More informationSecure Network Communications FIPS 140 2 Non Proprietary Security Policy
Secure Network Communications FIPS 140 2 Non Proprietary Security Policy 21 June 2010 Table of Contents Introduction Module Specification Ports and Interfaces Approved Algorithms Test Environment Roles
More informationSTeP-IN SUMMIT 2013. June 18 21, 2013 at Bangalore, INDIA. Performance Testing of an IAAS Cloud Software (A CloudStack Use Case)
10 th International Conference on Software Testing June 18 21, 2013 at Bangalore, INDIA by Sowmya Krishnan, Senior Software QA Engineer, Citrix Copyright: STeP-IN Forum and Quality Solutions for Information
More informationCHAPTER 1 INTRODUCTION
1 CHAPTER 1 INTRODUCTION 1.1 Introduction Cloud computing as a new paradigm of information technology that offers tremendous advantages in economic aspects such as reduced time to market, flexible computing
More informationBrown County Information Technology Aberdeen, SD. Request for Proposals For Document Management Solution. Proposals Deadline: Submit proposals to:
Brown County Information Technology Aberdeen, SD Request for Proposals For Document Management Solution Proposals Deadline: 9:10am, January 12, 2016 Submit proposals to: Brown County Auditor 25 Market
More informationTop 10 Encryption Myths
Top 10 Encryption Myths Executive Summary When you talk about encryption especially to someone who isn t a security specialist you often get a variety of interpretations. In general, encryption is most
More informationIERG 4080 Building Scalable Internet-based Services
Department of Information Engineering, CUHK Term 1, 2015/16 IERG 4080 Building Scalable Internet-based Services Lecture 4 Load Balancing Lecturer: Albert C. M. Au Yeung 30 th September, 2015 Web Server
More informationSnow Agent System Pilot Deployment version
Pilot Deployment version Security policy Revision: 1.0 Authors: Per Atle Bakkevoll, Johan Gustav Bellika, Lars, Taridzo Chomutare Page 1 of 8 Date of issue 03.07.2009 Revision history: Issue Details Who
More informationDiamondStream Data Security Policy Summary
DiamondStream Data Security Policy Summary Overview This document describes DiamondStream s standard security policy for accessing and interacting with proprietary and third-party client data. This covers
More informationPrivacy & Security of Mobile Cloud Computing (MCC)
Privacy & Security of Mobile Cloud Computing (MCC) Manmohan Chaturvedi Principal Advisor Research & Technology Development Beyond Evolution Tech Solutions Pvt. Ltd. MOBILE COMPUTING CHALLENGES Mobile devices
More informationSWIFT. Page:1. Openstack Swift. Object Store Cloud built from the grounds up. David Hadas Swift ATC. HRL davidh@il.ibm.com 2012 IBM Corporation
Page:1 Openstack Swift Object Store Cloud built from the grounds up David Hadas Swift ATC HRL davidh@il.ibm.com Page:2 Object Store Cloud Services Expectations: PUT/GET/DELETE Huge Capacity (Scale) Always
More informationCrashPlan Security SECURITY CONTEXT TECHNOLOGY
TECHNICAL SPECIFICATIONS CrashPlan Security CrashPlan is a continuous, multi-destination solution engineered to back up mission-critical data whenever and wherever it is created. Because mobile laptops
More informationIBM Crypto Server Management General Information Manual
CSM-1000-0 IBM Crypto Server Management General Information Manual Notices The functions described in this document are IBM property, and can only be used, if they are a part of an agreement with IBM.
More informationWebSpy Vantage Ultimate 2.2 Web Module Administrators Guide
WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide This document is intended to help you get started using WebSpy Vantage Ultimate and the Web Module. For more detailed information, please see
More informationHow To Protect A Web Application From Attack From A Trusted Environment
Standard: Version: Date: Requirement: Author: PCI Data Security Standard (PCI DSS) 1.2 October 2008 6.6 PCI Security Standards Council Information Supplement: Application Reviews and Web Application Firewalls
More informationECE 646, CRYPTOGRAPHY PROJECT SPECIFICATION GEORGE MASON UNIVERSITY FALL, 2013
ECE 646, CRYPTOGRAPHY PROJECT SPECIFICATION GEORGE MASON UNIVERSITY FALL, 2013 v Team members: Kunal Pillai Asrat Dea Ravi Chandra Reddy Kambalapally v Cryptographic Security for Cloud Storage Cloud storage
More informationTrustNet CryptoFlow. Group Encryption WHITE PAPER. Executive Summary. Table of Contents
WHITE PAPER TrustNet CryptoFlow Group Encryption Table of Contents Executive Summary...1 The Challenges of Securing Any-to- Any Networks with a Point-to-Point Solution...2 A Smarter Approach to Network
More informationDESlock+ Enterprise Server Manual
DESlock+ Enterprise Server Manual Contents 3 Table of Contents 1 Overview 5 2 Features 5 3 Interface and Main controls 6... 9 3.1 User States... 10 3.2 Workstation States... 11 3.3 Usage Examples 4 Installation
More informationMySQL Security: Best Practices
MySQL Security: Best Practices Sastry Vedantam sastry.vedantam@oracle.com Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes
More informationEasily Managing User Accounts on Your Cloud Servers. How modern IT and ops teams leverage their existing LDAP/Active Directory for their IaaS
Easily Managing User Accounts on Your Cloud Servers How modern IT and ops teams leverage their existing LDAP/Active Directory for their IaaS How Did We Get Here? How the move to IaaS has created problems
More information2) Xen Hypervisor 3) UEC
5. Implementation Implementation of the trust model requires first preparing a test bed. It is a cloud computing environment that is required as the first step towards the implementation. Various tools
More informationWhat s New in MySQL 5.7 Security Georgi Joro Kodinov Team Lead MySQL Server General Team
What s New in MySQL 5.7 Security Georgi Joro Kodinov Team Lead MySQL Server General Team Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationSecurity Architecture Whitepaper
Security Architecture Whitepaper 2015 by Network2Share Pty Ltd. All rights reserved. 1 Table of Contents CloudFileSync Security 1 Introduction 1 Data Security 2 Local Encryption - Data on the local computer
More informationEnterprise SSO Manager (E-SSO-M)
Enterprise SSO Manager (E-SSO-M) Many resources, such as internet applications, internal network applications and Operating Systems, require the end user to log in several times before they are empowered
More informationPrivileged Cloud Storage By MaaS JuJu
Privileged Cloud Storage By MaaS JuJu Sarita Shankar Pol 1, S. V. Gumaste 2 1 Computer Engineering, Sharadchandra College of Engineering, Otur (Pune), India 2 Professor, Computer Engineering, Sharadchandra
More informationETHERNET WAN ENCRYPTION SOLUTIONS COMPARED
HERN WAN ENCRYPTION SOLUTIONS COMPARED KEY WORDS AND TERMS MACsec, WAN security, WAN data protection, MACsec encryption, network data protection, network data security, high-speed encryption, Senetas,
More informationMANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But
More informationAn identity management solution. TELUS AD Sync
An identity management solution TELUS AD Sync June 2013 Introduction An important historic challenge faced by small and mid-sized businesses when opting for the TELUS Business E-mail Service is the requirement
More informationHarePoint Workflow Extensions for Office 365. Quick Start Guide
HarePoint Workflow Extensions for Office 365 Quick Start Guide Product version 0.91 November 09, 2015 ( This Page Intentionally Left Blank ) HarePoint.Com Table of Contents 2 Table of Contents Table of
More information365 Cloud Storage. Security Brief
365 Cloud Storage Security Brief Overview Surveys reveal time and again that security and data protection concerns are the top barriers to Cloud adoption. At, we take these concerns seriously and have
More informationApplication Design and Development
C H A P T E R9 Application Design and Development Practice Exercises 9.1 What is the main reason why servlets give better performance than programs that use the common gateway interface (CGI), even though
More informationADMINISTRATIVE POLICY # 32 8 117 (2014) Remote Access. Policy Number: ADMINISTRATIVE POLICY # 32 8 117 (2014) Remote Access
Policy Title: Remote Access Policy Type: Administrative Policy Number: ADMINISTRATIVE POLICY # 32 8 117 (2014) Remote Access Approval Date: 05/20/2014 Revised Responsible Office: Office of Information
More informationSecure cloud access system using JAR ABSTRACT:
Secure cloud access system using JAR ABSTRACT: Cloud computing enables highly scalable services to be easily consumed over the Internet on an as-needed basis. A major feature of the cloud services is that
More informationCloud Computing Backgrounder
Cloud Computing Backgrounder No surprise: information technology (IT) is huge. Huge costs, huge number of buzz words, huge amount of jargon, and a huge competitive advantage for those who can effectively
More informationData Security using Encryption in SwiftStack
Data Security using Encryption in SwiftStack May 2015 Copyright 2015 SwiftStack, Inc. swiftstack.com Page 1 of 11 Table of Contents Introduction... 3 Defining Three Threat Models... 3 Encrypted Data and
More informationData Deduplication: An Essential Component of your Data Protection Strategy
WHITE PAPER: THE EVOLUTION OF DATA DEDUPLICATION Data Deduplication: An Essential Component of your Data Protection Strategy JULY 2010 Andy Brewerton CA TECHNOLOGIES RECOVERY MANAGEMENT AND DATA MODELLING
More informationNETWORK SECURITY Staying Ahead of the Curve
NETWORK SECURITY Staying Ahead of the Curve PREFACE Very few things in this world move at the pace of technology. Today s internet infrastructure offers a tremendous value proposition to those implementing
More informationYou re FREE Guide SSL. (Secure Sockets Layer) webvisions www.webvisions.com +65 6868 1168 sales@webvisions.com
SSL You re FREE Guide to (Secure Sockets Layer) What is a Digital Certificate? SSL Certificates, also known as public key certificates or Digital Certificates, are essential to secure Internet browsing.
More informationGuardian365. Managed IT Support Services Suite
Guardian365 Managed IT Support Services Suite What will you get from us? Award Winning Team Deloitte Best Managed Company in 2015. Ranked in the Top 3 globally for Best Managed Service Desk by the Service
More informationERserver. iseries. Securing applications with SSL
ERserver iseries Securing applications with SSL ERserver iseries Securing applications with SSL Copyright International Business Machines Corporation 2000, 2001. All rights reserved. US Government Users
More informationSecurity Digital Certificate Manager
System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure
More informationHow To Get To A Cloud Storage And Byod System
Maginatics Security Architecture What is the Maginatics Cloud Storage Platform? Enterprise IT organizations are constantly looking for ways to reduce costs and increase operational efficiency. Although
More informationFileCloud Security FAQ
is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file
More informationCyber-Ark Software and the PCI Data Security Standard
Cyber-Ark Software and the PCI Data Security Standard INTER-BUSINESS VAULT (IBV) The PCI DSS Cyber-Ark s View The Payment Card Industry Data Security Standard (PCI DSS) defines security measures to protect
More informationThick Client Application Security
Thick Client Application Security Arindam Mandal (arindam.mandal@paladion.net) (http://www.paladion.net) January 2005 This paper discusses the critical vulnerabilities and corresponding risks in a two
More informationProject: Simulated Encrypted File System (SEFS)
Project: Simulated Encrypted File System (SEFS) Omar Chowdhury Fall 2015 CS526: Information Security 1 Motivation Traditionally files are stored in the disk in plaintext. If the disk gets stolen by a perpetrator,
More informationHost Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1
Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A
More informationA programming model in Cloud: MapReduce
A programming model in Cloud: MapReduce Programming model and implementation developed by Google for processing large data sets Users specify a map function to generate a set of intermediate key/value
More informationXen @ Google. Iustin Pop, <iustin@google.com> Google Switzerland. Sponsored by:
Xen @ Google Iustin Pop, Google Switzerland Sponsored by: & & Introduction Talk overview Corporate infrastructure Overview Use cases Technology Open source components Internal components
More informationDOVECOT Overview. Timo Sirainen Chief Architect Co-Founder
DOVECOT Overview Timo Sirainen, the Author of DOVECOT, started development in 2002 DOVECOT OY, the company behind Dovecot was established by Timo and his founder team with offices in Helsinki and Stuttgart.
More informationSecurity Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2
BlackBerry Enterprise Service 10 BlackBerry Device Service Solution Version: 10.2 Security Technical Overview Published: 2014-09-10 SWD-20140908123239883 Contents 1 About BlackBerry Device Service solution
More informationIntroduction. Examples of use cases:
Introduction An object store is a distributed storage platform were objects (files) can be stored, managed and queried by using simple API-calls. This is the ideal cloud storage solution for larger pieces
More informationHow to use Certificate in Microsoft Outlook
How to use Certificate in Microsoft Outlook Macau Post esigntrust Version. 2006-01.01p Agenda Configure Microsoft Outlook for using esigntrust Certificate Use certificate to sign e-mail Use Microsoft Outlook
More informationMonitoring Coyote Point Equalizers
Monitoring Coyote Point Equalizers eg Enterprise v6 Restricted Rights Legend The information contained in this document is confidential and subject to change without notice. No part of this document may
More informationSecureDoc Disk Encryption Cryptographic Engine
SecureDoc Disk Encryption Cryptographic Engine FIPS 140-2 Non-Proprietary Security Policy Abstract: This document specifies Security Policy enforced by SecureDoc Cryptographic Engine compliant with the
More informationESPRESSO: An Encryption as a Service for Cloud Storage Systems
8th International Conference on Autonomous Infrastructure, Management and Security ESPRESSO: An Encryption as a Service for Cloud Storage Systems Kang Seungmin 30 th Jun., 2014 Outline Introduction and
More informationService Organization Controls 3 Report
Service Organization Controls 3 Report Report on the Amazon Web Services System Relevant to Security For the Period April 1, 2013 March 31, 2014 Ernst & Young LLP Suite 1600 560 Mission Street San Francisco,
More informationVirtual Datacenter or Virtualization in the datacenter. (OpenStack) Larry Rudolph
Virtual Datacenter or Virtualization in the datacenter (OpenStack)! Larry Rudolph A merge of several public presentations Rackspace & NASA started it off, and OpenStack has grown dramatically All possible
More informationCloud security and OpenStack Primož Cigoj Laboratorij za odprte sisteme in mreže IJS-E5. www.kc-class.eu
Cloud security and OpenStack Primož Cigoj Laboratorij za odprte sisteme in mreže IJS-E5 www.kc-class.eu 1 1 Outline Cloud computing General overview Deployment and service models Security issues Threats
More informationSalesforce1 Mobile Security Guide
Salesforce1 Mobile Security Guide Version 1, 1 @salesforcedocs Last updated: December 8, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com,
More informationHow swift is your Swift? Ning Zhang, OpenStack Engineer at Zmanda Chander Kant, CEO at Zmanda
How swift is your Swift? Ning Zhang, OpenStack Engineer at Zmanda Chander Kant, CEO at Zmanda 1 Outline Build a cost-efficient Swift cluster with expected performance Background & Problem Solution Experiments
More informationShoal: IaaS Cloud Cache Publisher
University of Victoria Faculty of Engineering Winter 2013 Work Term Report Shoal: IaaS Cloud Cache Publisher Department of Physics University of Victoria Victoria, BC Mike Chester V00711672 Work Term 3
More informationDeploying Adobe Experience Manager DAM: Architecture blueprints and best practices
Paper Deploying Adobe Experience Manager DAM: Architecture blueprints and best practices Table of contents 1: Adobe DAM architecture blueprints 5: DAM best practices Adobe Experience Manager digital asset
More informationSkoot Secure File Transfer
Page 1 Skoot Secure File Transfer Sharing information has become fundamental to organizational success. And as the value of that information whether expressed as mission critical or in monetary terms increases,
More informationXerox DocuShare Security Features. Security White Paper
Xerox DocuShare Security Features Security White Paper Xerox DocuShare Security Features Businesses are increasingly concerned with protecting the security of their networks. Any application added to a
More informationWireless ATA: A New Data Transport Protocol for Wireless Storage
Wireless ATA: A New Data Transport Protocol for Wireless Storage Serdar Ozler and Ibrahim Korpeoglu Department of Computer Engineering, Bilkent University, 06800 Bilkent, Ankara, Turkey {ozler, korpe}@cs.bilkent.edu.tr
More informationInternal Security Concepts Users Guide
orrelog Internal Security Concepts Users Guide This guide provides overview information on the internal security concepts of the CorreLog Server needed to provide secure operation and data safety. This
More informationTrustNet Group Encryption
TrustNet Group Encryption Executive Summary Protecting data in motion has become a high priority for a growing number of companies. As more companies face the real and growing threat of data theft, along
More information