Securing the virtual machine images in Cloud computing

Size: px
Start display at page:

Download "Securing the virtual machine images in Cloud computing"

Transcription

1 Securing the virtual machine images in Cloud computing Muhammad Kazim, Rahat Masood, Muhammad Awais Shibli

2 Outline Introduction Virtual Machine Images Encrypted Virtual Disk Images in Cloud (EVDIC) EVDIC Components Virtual Machine Image encryption in Cloud using EVDIC Virtual Machine Image decryption in Cloud using EVDIC OpenStack OpenStack Swift Swift Image Encryption using EVDIC Swift Image Decryption using EVDIC Conclusion

3 1. Introduction Cloud computing is becoming popular among IT businesses due to its services being offered at Software, Platform and Infrastructure level. Infrastructure as a Service (IaaS) model offers services such as computing, network, storage and databases via internet. Virtualization enables a single system to concurrently run multiple isolated virtual machines (VMs), operating systems or multiple instances of a single operating system (OS).

4 2. Virtual Machine images A single file or directory representing the hard drive of a guest operating system. Encapsulates all components of a guest OS, including the applications and virtual resources used by guest OS. Provides the ability to quickly launch and deploy virtual machines across various hosts.

5 Virtual Machine images security in Cloud Disk images in storage can be compromised through attacks such as data leakage, malware installation on images and snapshot access in storage. NIST, CSA and PCI DSS in their security guidelines for virtualization have emphasized the importance of virtualization and disk images security.

6 3. Encrypted Virtual Disk Images in Cloud (EVDIC) To secure the virtual machine images from possible attacks in Cloud, EVDIC is proposed. EVDIC protects the virtual machine images in Cloud by encrypting them before storage on Cloud. The images are decrypted only when required by the virtual machine. EVDIC also includes the security of key management and key exchange process.

7 EVDIC Components The Image Encryption Module interacts with the Key Management Server to obtain an encryption key to encrypt the image. The encryption scheme used in IEM is Advanced Encryption Standard with key size of 256 bits (AES-256). The Image Decryption Module interacts with the Key Management Server to obtain user key for decryption. After getting the key from KMS, IDM locates the stored image on disk using the metadata stored with image.

8 EVDIC Components Key Management Server is responsible for management of keys used for encryption. Once the encryption keys are derived for users, they are stored in KMS. The unique identication of each user is maintained by a field called KeyID. Due to security purposes, the KMS is placed at a separate location form the Cloud. All communication be- tween KMS and EVDIC components takes place through Secure Socket Layer version 3.0 (SSLv3).

9 Virtual Machine Image encryption in Cloud using EVDIC Figure 1: Image Encryption through EVDIC

10 Virtual Machine Image decryption in Cloud using EVDIC Figure 2: Image Decryption through EVDIC

11 4. OpenStack Used in 178 different countries and more than 850 organizations including NASA, Rackspace. Collection of open source components Modular design IaaS Cloud Services allows users to manage: VMs, Virtual networks, storage resources.

12 5. OpenStack Swift Swift is a highly available, distributed, eventually consistent object/blob store, that can be used to store virtual machine images. Is maintained and developed by one of the largest open-source teams in the world, and is in the top 2% of all project teams on Ohloh. Has 53,605 lines of code and is written in Python.

13 Swift Image Encryption using EVDIC Glance 2. EDIC intercepts 1. PUT Request 2. Upload Image as Object Swift Proxy (Request to store image) Swift Object 3. Intercept image 5. Store encrypted image store request Image Encryption Module (IEM) 5. Encrypt Image by AES Key Request 4.Key exchange Key Management Server Figure 3: OpenStack image encryption using EVDIC

14 Swift Image Encryption using EVDIC Glance 2. EDIC intercepts 1. GET Request 2. Download Image as Object Swift Proxy (Request to access image) Swift Object 3. Intercept image 6. Download encrypted image access request Image Decryption Module (IDM) 5. Decrypt Image by AES Key Request 4.Key exchange Key Management Server Figure 4: OpenStack image decryption through EVDIC

15 6. Conclusion Image encryption module encrypts all virtual disk images before storage in Cloud. They are decrypted when required by the virtual machine. Integrity and confidentiality of virtual machine images in storage is ensured. They are secure from all possible storage attacks such as data theft, malware installation and hypervisor issues.

16 References Edouard Bugnion, Scott Devine, Mendel Rosenblum, Disco: running commodity operating systems on scalable multiprocessors, Proceedings of the sixteenth ACM symposium on Operating systems principles, pages , France, Guide to for Full Virtualization Technologies, NIST, [Last accessed: 17th Nov, 2012]. guidance for critical areas of focus in Cloud computing, [Last Accessed: 24th August, 2012] PCI Data security standards, [Last Accessed: 29th August 2012] Virtual Machines security guidelines, [Last Accessed: 26th September, 2012] A Guide to Virtualization Hardening Guides, A SANS Whitepaper, 2010, [Last accessed: 29th September 2012]

17 References storagemadeeasy.com/openstack, [Last Accessed: 24 Feb 2013] [Last Accessed: 24 Feb 2013] [Last Accessed: 17 April 2013] Carl Gebhardt, Allan Tomlinson, "Secure virtual disk images for grid computing", Trusted Infrastructure Technologies Conference APTC 08, Third Asia-Pacific, pages 19-29, China, Mikhail I. Gofman, Ruiqi Luo, Ping Yang, Kartik Gopalan, SPARC: A security and privacy aware Virtual Machine checkpointing mechanism, Proceedings of the 10th annual ACM workshop on Privacy in the electronic society, pages , Wu Zhou, Peng Ning, Xiaolan Zhang, Always up-to-date: scalable offline patching of VM images in a compute cloud, Proceedings of the 26th Annual Computer Applications Conference, pages , Jinpeng Wei, Zhang Xiaolan, Ammons Glenn, Bala Vasanth, Ning Peng, Managing security of virtual machine images in a cloud environment. In Proceedings of the 2009 ACM workshop on Cloud computing security, pages 91-96, Sandra Rueda, Rogesh Sreenivasan, Trent Jaeger, Flexible Configuration for Virtual Machines, Proceedings of the 2nd ACM workshop on Computer Architectures, pages 35-44, 2008.

A Novel Real Time Offline Patching Scheme with Secured Logging Over Cloud

A Novel Real Time Offline Patching Scheme with Secured Logging Over Cloud A Novel Real Time Offline Patching Scheme with Secured Logging Over Cloud Sunita 1, Shridevi Soma 2 1 M.Tech. (CSE) Student, Computer Science and Engineering Department, PDA College of Engg., Gulbarga,

More information

Flexible and Secure Services using Sensitive Information in the Cloud

Flexible and Secure Services using Sensitive Information in the Cloud Flexible and Secure Services using Sensitive Information in the Cloud Sponsor: NSF IUCRC Fundamental Research Program In partnership with Microsoft and IBM Faculty: Doug Blough, Ling Liu, Dan Russler (Adjunct)

More information

CIT 668: System Architecture

CIT 668: System Architecture CIT 668: System Architecture Cloud Security Topics 1. The Same Old Security Problems 2. Virtualization Security 3. New Security Issues and Threat Model 4. Data Security 5. Amazon Cloud Security Data Loss

More information

http://www.cisjournal.org Security Framework for Cloud Computing Environment: A Review Ayesha Malik, Muhammad Mohsin Nazir

http://www.cisjournal.org Security Framework for Cloud Computing Environment: A Review Ayesha Malik, Muhammad Mohsin Nazir Security Framework for Cloud Computing Environment: A Review Ayesha Malik, Muhammad Mohsin Nazir Department of Computer Science Lahore College for Women University, Lahore, Pakistan. ayesha_sadaqat@yahoo.com,

More information

2) Xen Hypervisor 3) UEC

2) Xen Hypervisor 3) UEC 5. Implementation Implementation of the trust model requires first preparing a test bed. It is a cloud computing environment that is required as the first step towards the implementation. Various tools

More information

Managing Security of Virtual Machine Images in a Cloud Environment

Managing Security of Virtual Machine Images in a Cloud Environment IBM Research, Hawthorne NY Managing Security of Virtual Machine Images in a Cloud Environment Jinpeng Wei Florida International University Xiaolan Zhang, Glenn Ammons, Vasanth Bala IBM T J Watson Research

More information

A Survey on Data Integrity of Cloud Storage in Cloud Computing

A Survey on Data Integrity of Cloud Storage in Cloud Computing A Survey on Data Integrity of Cloud Storage in Cloud Computing A B S T R A C T Mr.Vitthal Raut, Prof. Suhasini Itkar Department Computer Engineering, PES Modern College of Engineering, Pune, India. raut.vitthal@gmail.com,

More information

OpenStack Introduction. November 4, 2015

OpenStack Introduction. November 4, 2015 OpenStack Introduction November 4, 2015 Application Platforms Undergoing A Major Shift What is OpenStack Open Source Cloud Software Launched by NASA and Rackspace in 2010 Massively scalable Managed by

More information

Cloud Computing. Chapter 1 Introducing Cloud Computing

Cloud Computing. Chapter 1 Introducing Cloud Computing Cloud Computing Chapter 1 Introducing Cloud Computing Learning Objectives Understand the abstract nature of cloud computing. Describe evolutionary factors of computing that led to the cloud. Describe virtualization

More information

Security Aspects of Cloud Computing

Security Aspects of Cloud Computing Security Aspects of Cloud Computing Kunal Chadha Scholar, CSE Department University of Southern California, USA Anvita Bajpai X-Scholar, CSE Department Marist College, NY, USA ABSTRACT Cloud Computing

More information

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical

More information

Securing Storage as a Service Model of Cloud Computing using Client Authentication in Virtualized Environment

Securing Storage as a Service Model of Cloud Computing using Client Authentication in Virtualized Environment Securing Storage as a Service Model of Cloud Computing using Client Authentication in Virtualized Environment Maria Andleeb Siddiqui 1 and Hammad Kamal 2 Syed Abbas Ali 1 Lab Engineer, D.H.A Suffa Univeristy,

More information

Virtualization Impact on Compliance and Audit

Virtualization Impact on Compliance and Audit 2009 Reflex Systems, LLC Virtualization Impact on Compliance and Audit Michael Wronski, CISSP VP Product Management Reflex Systems Agenda Introduction Virtualization? Cloud? Risks and Challenges? Compliance

More information

Cloud Platform Comparison: CloudStack, Eucalyptus, vcloud Director and OpenStack

Cloud Platform Comparison: CloudStack, Eucalyptus, vcloud Director and OpenStack Cloud Platform Comparison: CloudStack, Eucalyptus, vcloud Director and OpenStack This vendor-independent research contains a product-by-product comparison of the most popular cloud platforms (along with

More information

How to Secure Infrastructure Clouds with Trusted Computing Technologies

How to Secure Infrastructure Clouds with Trusted Computing Technologies How to Secure Infrastructure Clouds with Trusted Computing Technologies Nicolae Paladi Swedish Institute of Computer Science 2 Contents 1. Infrastructure-as-a-Service 2. Security challenges of IaaS 3.

More information

Design and Implementation of IaaS platform based on tool migration Wei Ding

Design and Implementation of IaaS platform based on tool migration Wei Ding 4th International Conference on Mechatronics, Materials, Chemistry and Computer Engineering (ICMMCCE 2015) Design and Implementation of IaaS platform based on tool migration Wei Ding State Key Laboratory

More information

Cloud Security Who do you trust?

Cloud Security Who do you trust? Thought Leadership White Paper Cloud Computing Cloud Security Who do you trust? Nick Coleman, IBM Cloud Security Leader Martin Borrett, IBM Lead Security Architect 2 Cloud Security Who do you trust? Cloud

More information

UBS KeyLink Quick reference WEB Installation Guide

UBS KeyLink Quick reference WEB Installation Guide ab UBS KeyLink Quick reference WEB Installation Guide Table of contents 1. Introduction 3 1.1. Why is an Installation needed? 3 1.2. Is UBS KeyLink secure? 3 1.3. Information about Secure Sockets Layer

More information

Top 10 Encryption Myths

Top 10 Encryption Myths Top 10 Encryption Myths Executive Summary When you talk about encryption especially to someone who isn t a security specialist you often get a variety of interpretations. In general, encryption is most

More information

Microsoft s Advantages and Goals for Hyper-V for Server 2016

Microsoft s Advantages and Goals for Hyper-V for Server 2016 Virtualization is a bedrock of modern cloud environments. Hypervisors manage the virtual machines in a cloud environments, providing six fundamental features, as shown in the table below. 1 Hypervisors

More information

Virtual Datacenter or Virtualization in the datacenter. (OpenStack) Larry Rudolph

Virtual Datacenter or Virtualization in the datacenter. (OpenStack) Larry Rudolph Virtual Datacenter or Virtualization in the datacenter (OpenStack)! Larry Rudolph A merge of several public presentations Rackspace & NASA started it off, and OpenStack has grown dramatically All possible

More information

Computer Science. About PaaS Security. Donghoon Kim Henry E. Schaffer Mladen A. Vouk

Computer Science. About PaaS Security. Donghoon Kim Henry E. Schaffer Mladen A. Vouk About PaaS Security Donghoon Kim Henry E. Schaffer Mladen A. Vouk North Carolina State University, USA May 21, 2015 @ ICACON 2015 Outline Introduction Background Contribution PaaS Vulnerabilities and Countermeasures

More information

Top 10 encryption myths

Top 10 encryption myths Top 10 encryption myths White Paper Table of Contents 3 Executive overview 3 Myth #1 Encryption will degrade my system performance 4 Myth #2 Encryption terminology is too hard to understand 4 Myth #3 Managing

More information

Making Data Security The Foundation Of Your Virtualization Infrastructure

Making Data Security The Foundation Of Your Virtualization Infrastructure Making Data Security The Foundation Of Your Virtualization Infrastructure by Dave Shackleford hytrust.com Cloud Under Control P: P: 650.681.8100 Securing data has never been an easy task. Its challenges

More information

Whitepaper. What You Need to Know About Infrastructure as a Service (IaaS) Encryption

Whitepaper. What You Need to Know About Infrastructure as a Service (IaaS) Encryption Whitepaper What You Need to Know About Infrastructure as a Service (IaaS) Encryption What You Need to Know about IaaS Encryption What You Need to Know About IaaS Encryption Executive Summary In this paper,

More information

Cloud security and OpenStack Primož Cigoj Laboratorij za odprte sisteme in mreže IJS-E5. www.kc-class.eu

Cloud security and OpenStack Primož Cigoj Laboratorij za odprte sisteme in mreže IJS-E5. www.kc-class.eu Cloud security and OpenStack Primož Cigoj Laboratorij za odprte sisteme in mreže IJS-E5 www.kc-class.eu 1 1 Outline Cloud computing General overview Deployment and service models Security issues Threats

More information

Before we can talk about virtualization security, we need to delineate the differences between the

Before we can talk about virtualization security, we need to delineate the differences between the 1 Before we can talk about virtualization security, we need to delineate the differences between the terms virtualization and cloud. Virtualization, at its core, is the ability to emulate hardware via

More information

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Strategic Compliance & Securing the Cloud Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Complexity and Challenges 2 Complexity and Challenges Compliance Regulatory entities

More information

Enterprise Network Virus Protection Research Yanjie Zhou 1, Li Ma 2 Min Wen3

Enterprise Network Virus Protection Research Yanjie Zhou 1, Li Ma 2 Min Wen3 4th International Conference on Mechatronics, Materials, Chemistry and Computer Engineering (ICMMCCE 2015) Enterprise Network Virus Protection Research Yanjie Zhou 1, Li Ma 2 Min Wen3 1,2College of Mathematical

More information

Cloud Computing. A new kind of developers? Presentation by. Nick Barcet nick.barcet@canonical.com

Cloud Computing. A new kind of developers? Presentation by. Nick Barcet nick.barcet@canonical.com Cloud Computing A new kind of developers? Presentation by Nick Barcet nick.barcet@canonical.com www.canonical.com July 2011 Cloud computing stack Salesforce.com, GoogleDocs, Office, etc... GoogleApps,

More information

Building a Cloud Computing Platform based on Open Source Software. 10. 18. 2011. Donghoon Kim ( donghoon.kim@kt.com ) Yoonbum Huh ( huhbum@kt.

Building a Cloud Computing Platform based on Open Source Software. 10. 18. 2011. Donghoon Kim ( donghoon.kim@kt.com ) Yoonbum Huh ( huhbum@kt. Building a Cloud Computing Platform based on Open Source Software 10. 18. 2011. Donghoon Kim ( donghoon.kim@kt.com ) Yoonbum Huh ( huhbum@kt.com) Topics I.Open Source SW and Cloud Computing II. About OpenStack

More information

Optimized Multi-tenancy Secure mechanism in SPI Cloud Architecture

Optimized Multi-tenancy Secure mechanism in SPI Cloud Architecture Volume 1, No. 12, February 2013 ISSN 2278-1080 The International Journal of Computer Science & Applications (TIJCSA) RESEARCH PAPER Available Online at http://www.journalofcomputerscience.com/ Optimized

More information

Evaluating Thin-Client Security in a Changing Threat Landscape

Evaluating Thin-Client Security in a Changing Threat Landscape IT@Intel White Paper Intel Information Technology Business Solutions April 2010 Evaluating Thin-Client Security in a Changing Threat Landscape Executive Overview Equivalent security controls can be, and

More information

The True Story of Data-At-Rest Encryption & the Cloud

The True Story of Data-At-Rest Encryption & the Cloud The True Story of Data-At-Rest Encryption & the Cloud by Karen Scarfone Principal Consultant Scarfone Cybersecurity Sponsored by www.firehost.com (US) +1 844 682 2859 (UK) +44 800 500 3167 twitter.com/firehost

More information

Virtual Machines and Security Paola Stone Martinez East Carolina University November, 2013.

Virtual Machines and Security Paola Stone Martinez East Carolina University November, 2013. Virtual Machines and Security Paola Stone Martinez East Carolina University November, 2013. Keywords: virtualization, virtual machine, security. 1. Virtualization The rapid growth of technologies, nowadays,

More information

Cloud Computing Security Master Seminar, Summer 2011

Cloud Computing Security Master Seminar, Summer 2011 Cloud Computing Security Master Seminar, Summer 2011 Maxim Schnjakin, Wesam Dawoud, Christian Willems, Ibrahim Takouna Chair for Internet Technologies and Systems Definition of Cloud Computing 2 Cloud

More information

Cloud Computing Governance & Security. Security Risks in the Cloud

Cloud Computing Governance & Security. Security Risks in the Cloud Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud

More information

Security That Ensures Tenants Do Not Pose a Risk to One Another In Terms of Data Loss, Misuse, or Privacy Violation

Security That Ensures Tenants Do Not Pose a Risk to One Another In Terms of Data Loss, Misuse, or Privacy Violation White Paper Securing Multi-Tenancy and Cloud Computing Security That Ensures Tenants Do Not Pose a Risk to One Another In Terms of Data Loss, Misuse, or Privacy Violation Copyright 2012, Juniper Networks,

More information

Accellion Security FAQ

Accellion Security FAQ A N A C C E L L I O N W H I T E P A P E R Accellion Security FAQ Accellion, Inc. Tel +1 650 739-0095 1900 Embarcadero Road Fax +1 650 739-0561 Suite 207 www.accellion.com Palo Alto, CA 94303 info@accellion.com

More information

NWIMS. Online Backup Security Documentation

NWIMS. Online Backup Security Documentation NWIMS Online Backup Security Documentation January 2010 Contents This product guide is designed to cover Security of NWIMS Online Backup. Secure 128-bit SSL Communication 2 Backup data area securely encrypted

More information

Clodoaldo Barrera Chief Technical Strategist IBM System Storage. Making a successful transition to Software Defined Storage

Clodoaldo Barrera Chief Technical Strategist IBM System Storage. Making a successful transition to Software Defined Storage Clodoaldo Barrera Chief Technical Strategist IBM System Storage Making a successful transition to Software Defined Storage Open Server Summit Santa Clara Nov 2014 Data at the core of everything Data is

More information

Repoman: A Simple RESTful X.509 Virtual Machine Image Repository. Roger Impey

Repoman: A Simple RESTful X.509 Virtual Machine Image Repository. Roger Impey Repoman: A Simple RESTful X.509 Virtual Machine Image Repository Roger Impey Project Term University of Victoria R.J. Sobie, M. Anderson, P. Armstrong, A. Agarwal, Kyle Fransham, D. Harris, I. Gable, C.

More information

John Essner, CISO Office of Information Technology State of New Jersey

John Essner, CISO Office of Information Technology State of New Jersey John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management

More information

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary VISIBILITY DATA GOVERNANCE SYSTEM OS PARTITION UNIFIED MANAGEMENT CENTRAL AUDIT POINT ACCESS MONITORING ENCRYPTION STORAGE VOLUME POLICY ENFORCEMENT ProtectV SECURITY SNAPSHOT (backup) DATA PROTECTION

More information

Virtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies

Virtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies Virtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies Kurt Klemperer, Principal System Performance Engineer kklemperer@blackboard.com Agenda Session Length:

More information

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013 CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control

More information

Security and Privacy in Public Clouds. David Lie Department of Electrical and Computer Engineering University of Toronto

Security and Privacy in Public Clouds. David Lie Department of Electrical and Computer Engineering University of Toronto Security and Privacy in Public Clouds David Lie Department of Electrical and Computer Engineering University of Toronto 1 Cloud Computing Cloud computing can (and is) applied to almost everything today.

More information

1.1.1 Introduction to Cloud Computing

1.1.1 Introduction to Cloud Computing 1 CHAPTER 1 INTRODUCTION 1.1 CLOUD COMPUTING 1.1.1 Introduction to Cloud Computing Computing as a service has seen a phenomenal growth in recent years. The primary motivation for this growth has been the

More information

IoT Security Concerns and Renesas Synergy Solutions

IoT Security Concerns and Renesas Synergy Solutions IoT Security Concerns and Renesas Synergy Solutions Simon Moore CTO - Secure Thingz Ltd Agenda Introduction to Secure.Thingz. The Relentless Attack on the Internet of Things Building protection with Renesas

More information

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption THE DATA PROTECTIO TIO N COMPANY Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption whitepaper Executive Summary Long an important security measure, encryption has

More information

From Zero to Secure in 1 Minute

From Zero to Secure in 1 Minute From Zero to Secure in 1 Minute Securing IaaS Nir Valtman & Moshe Ferber Black Hat Asia 2015 About us Moshe Ferber Nir Valtman Passionate about information security. Involved in numerous startups and initiatives

More information

Kerberos-Based Authentication for OpenStack Cloud Infrastructure as a Service

Kerberos-Based Authentication for OpenStack Cloud Infrastructure as a Service Kerberos-Based Authentication for OpenStack Cloud Infrastructure as a Service Sazzad Masud and Ram Krishnan University of Texas at San Antonio Sazzad.Masud@gmail.com, Ram.Krishnan@utsa.edu Abstract Cloud

More information

How To Image A Single Vm For Forensic Analysis On Vmwarehouse.Com

How To Image A Single Vm For Forensic Analysis On Vmwarehouse.Com MCP+I, MCSE, CCSA, CCSE, CISSP-ISSAP, CISM, CISA, CIFI, CCE, ACE, GCFE, GCFA, GSEC, VCP4/5, vexpert Senior SANS Instructor - phenry@sans.org 1 A Lot To Cover In ½ An Hour We simply can not cover all cloud

More information

Cloud Computing #8 - Datacenter OS. Johan Eker

Cloud Computing #8 - Datacenter OS. Johan Eker Cloud Computing #8 - Datacenter OS Johan Eker Outline What is a Datacenter OS? OpenStack Kubernetes Resource Management What is an OS? What is an OS? Manage hardware resources such as CPU, RAM, disk, I/O,

More information

PCI Compliance Considerations

PCI Compliance Considerations PCI Compliance Considerations This article outlines implementation considerations when deploying the Barracuda Load Balancer ADC in an environment subject to PCI Data Security Standard (PCI DSS) compliance.

More information

Lecture 2 Cloud Computing & Virtualization. Cloud Application Development (SE808, School of Software, Sun Yat-Sen University) Yabo (Arber) Xu

Lecture 2 Cloud Computing & Virtualization. Cloud Application Development (SE808, School of Software, Sun Yat-Sen University) Yabo (Arber) Xu Lecture 2 Cloud Computing & Virtualization Cloud Application Development (SE808, School of Software, Sun Yat-Sen University) Yabo (Arber) Xu Outline Introduction to Virtualization The Major Approaches

More information

DISTRIBUTED SYSTEMS [COMP9243] Lecture 9a: Cloud Computing WHAT IS CLOUD COMPUTING? 2

DISTRIBUTED SYSTEMS [COMP9243] Lecture 9a: Cloud Computing WHAT IS CLOUD COMPUTING? 2 DISTRIBUTED SYSTEMS [COMP9243] Lecture 9a: Cloud Computing Slide 1 Slide 3 A style of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet.

More information

How To Protect Your Cloud From Attack

How To Protect Your Cloud From Attack A Trend Micro White Paper August 2015 Trend Micro Cloud Protection Security for Your Unique Cloud Infrastructure Contents Introduction...3 Private Cloud...4 VM-Level Security...4 Agentless Security to

More information

Cloud Computing using

Cloud Computing using Cloud Computing using Summary of Content Introduction of Cloud Computing Cloud Computing vs. Server Virtualization Cloud Computing Components Stack Public vs. Private Clouds Open Source Software for Private

More information

Studying and Analyzing Virtualization While Transition from Classical to Virtualized Data Center

Studying and Analyzing Virtualization While Transition from Classical to Virtualized Data Center Studying and Analyzing Virtualization While Transition from Classical to Virtualized Data Center Amit Wadhwa Assistant Professor Amity University Haryana Ankit Garg Assistant Professor Amity University

More information

LESSON 13 VIRTUALIZATION AND CLOUD COMPUTING

LESSON 13 VIRTUALIZATION AND CLOUD COMPUTING LESSON 13 VIRTUALIZATION AND CLOUD COMPUTING 2 WARNING The Hacker High School Project is a learning tool and as with any learning tool there are dangers. Some lessons, if abused, may result in physical

More information

Mobile Cloud Computing T-110.5121 Open Source IaaS

Mobile Cloud Computing T-110.5121 Open Source IaaS Mobile Cloud Computing T-110.5121 Open Source IaaS Tommi Mäkelä, Otaniemi Evolution Mainframe Centralized computation and storage, thin clients Dedicated hardware, software, experienced staff High capital

More information

Cloud Security Who do you trust?

Cloud Security Who do you trust? Thought Leadership White Paper Cloud Computing Cloud Security Who do you trust? Nick Coleman, IBM Cloud Security Leader Martin Borrett, IBM Lead Security Architect 2 Cloud Security Who do you trust? Cloud

More information

Nessus or Metasploit: Security Assessment of OpenStack Cloud

Nessus or Metasploit: Security Assessment of OpenStack Cloud Nessus or Metasploit: Security Assessment of OpenStack Cloud Aleksandar Donevski, Sasko Ristov and Marjan Gusev Ss. Cyril and Methodius University, Faculty of Information Sciences and Computer Engineering,

More information

AWS Security. Security is Job Zero! CJ Moses Deputy Chief Information Security Officer. AWS Gov Cloud Summit II

AWS Security. Security is Job Zero! CJ Moses Deputy Chief Information Security Officer. AWS Gov Cloud Summit II AWS Security CJ Moses Deputy Chief Information Security Officer Security is Job Zero! Overview Security Resources Certifications Physical Security Network security Geo-diversity and Fault Tolerance GovCloud

More information

Cyber Security Symposium 2015 September 29,2015

Cyber Security Symposium 2015 September 29,2015 Cyber Security Symposium 2015 September 29,2015 Introducing David Langston Branch Manager Security Management Department of Technology 2 About CalCloud Mission Offer cost-effective cloud solutions that

More information

Implementing Security on virtualized network storage environment

Implementing Security on virtualized network storage environment International Journal of Education and Research Vol. 2 No. 4 April 2014 Implementing Security on virtualized network storage environment Benard O. Osero, David G. Mwathi Chuka University bosero@chuka.ac.ke

More information

CONTENTS. Abstract... 2. Need for Desktop Management... 2. What should typical Desktop Management Software do?... 2. Securing Desktops...

CONTENTS. Abstract... 2. Need for Desktop Management... 2. What should typical Desktop Management Software do?... 2. Securing Desktops... CONTENTS Abstract... 2 Need for Desktop Management... 2 What should typical Desktop Management Software do?... 2 Securing Desktops... 3 Standardization... 4 Troubleshooting... 4 Auditing IT Assets... 5

More information

Alliance Key Manager Cloud HSM Frequently Asked Questions

Alliance Key Manager Cloud HSM Frequently Asked Questions Key Management Alliance Key Manager Cloud HSM Frequently Asked Questions FAQ INDEX This document contains a collection of the answers to the most common questions people ask about Alliance Key Manager

More information

Security Model for VM in Cloud

Security Model for VM in Cloud Security Model for VM in Cloud 1 Venkataramana.Kanaparti, 2 Naveen Kumar R, 3 Rajani.S, 4 Padmavathamma M, 5 Anitha.C 1,2,3,5 Research Scholars, 4Research Supervisor 1,2,3,4,5 Dept. of Computer Science,

More information

Introduction to OpenStack

Introduction to OpenStack Introduction to OpenStack Carlo Vallati PostDoc Reseracher Dpt. Information Engineering University of Pisa carlo.vallati@iet.unipi.it Cloud Computing - Definition Cloud Computing is a term coined to refer

More information

RED HAT INFRASTRUCTURE AS A SERVICE OVERVIEW AND ROADMAP. Andrew Cathrow Red Hat, Inc. Wednesday, June 12, 2013

RED HAT INFRASTRUCTURE AS A SERVICE OVERVIEW AND ROADMAP. Andrew Cathrow Red Hat, Inc. Wednesday, June 12, 2013 RED HAT INFRASTRUCTURE AS A SERVICE OVERVIEW AND ROADMAP Andrew Cathrow Red Hat, Inc. Wednesday, June 12, 2013 SERVICE MODELS / WORKLOADS TRADITIONAL WORKLOADS Stateful VMs: Application defined in VM Application

More information

Parallels Mac Management v4.0

Parallels Mac Management v4.0 Parallels Mac Management v4.0 Deployment Guide July 18, 2015 Copyright 1999 2015 Parallels IP Holdings GmbH and its affiliates. All rights reserved. All other marks and names mentioned herein may be trademarks

More information

How To Compare Cloud Computing To Cloud Platforms And Cloud Computing

How To Compare Cloud Computing To Cloud Platforms And Cloud Computing Volume 3, Issue 11, November 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Cloud Platforms

More information

Mutual Authentication Cloud Computing Platform based on TPM

Mutual Authentication Cloud Computing Platform based on TPM Mutual Authentication Cloud Computing Platform based on TPM Lei Peng 1, Yanli Xiao 2 1 College of Information Engineering, Taishan Medical University, Taian Shandong, China 2 Department of Graduate, Taishan

More information

Only 8% of corporate laptop data is actually backed up to corporate servers. Pixius Advantage Outsourcing Managed Services

Only 8% of corporate laptop data is actually backed up to corporate servers. Pixius Advantage Outsourcing Managed Services Pixius Advantage Outsourcing Managed Services Move forward with endpoint protection by understanding its unique requirements. As the number of information workers rises, so does the growth and importance

More information

Securing the Microsoft Cloud

Securing the Microsoft Cloud Securing the Microsoft Cloud Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and consumers to fully embrace and benefit from

More information

FLOSSK: FLOSSTalk OpenStack 22 nd February, 2012. Arturo Suarez: Founder, COO&BizDev StackOps 21/02/12 1

FLOSSK: FLOSSTalk OpenStack 22 nd February, 2012. Arturo Suarez: Founder, COO&BizDev StackOps 21/02/12 1 FLOSSK: FLOSSTalk OpenStack 22 nd February, 2012 Arturo Suarez: Founder, COO&BizDev StackOps 21/02/12 1 l l Introductions OpenStack l l l l l Identifying the gap A little bit of history The Projects The

More information

GeoCloud Project Report GEOSS Clearinghouse

GeoCloud Project Report GEOSS Clearinghouse GeoCloud Project Report GEOSS Clearinghouse Qunying Huang, Doug Nebert, Chaowei Yang, Kai Liu 2011.12.06 Description of Application GEOSS clearinghouse is a FGDC, GEO, and NASA project that connects directly

More information

Security in Data Storage and Transmission in Cloud Computing

Security in Data Storage and Transmission in Cloud Computing Security in Data Storage and Transmission in Cloud Computing Ramawat Lokesh Kumar B. Tech 3 rd year, Alliance College of Engineering and Design Alliance University, Bengaluru, India P Dhananjay B. Tech

More information

ESPRESSO: An Encryption as a Service for Cloud Storage Systems

ESPRESSO: An Encryption as a Service for Cloud Storage Systems ESPRESSO: An Encryption as a Service for Cloud Storage Systems Seungmin Kang 1, Bharadwaj Veeravalli 1, and Khin Mi Mi Aung 2 1 Department of Electrical & Computer Engineering National University of Singapore,

More information

10215: Implementing and Managing Microsoft Server Virtualization

10215: Implementing and Managing Microsoft Server Virtualization 10215: Implementing and Managing Microsoft Server Virtualization Microsoft - Virtualização Nível: Avançado Duração: 30h Sobre o curso This five-day, instructor-led course will provide you with the knowledge

More information

Security Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM)

Security Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM) Security Management of Cloud-Native Applications Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM) 1 Outline Context State-of-the-Art Design Patterns Threats to cloud systems Security

More information

SHIV SHAKTI International Journal of in Multidisciplinary and Academic Research (SSIJMAR) Vol. 4, No. 5, October 2015 (ISSN 2278 5973)

SHIV SHAKTI International Journal of in Multidisciplinary and Academic Research (SSIJMAR) Vol. 4, No. 5, October 2015 (ISSN 2278 5973) SHIV SHAKTI International Journal of in Multidisciplinary and Academic Research (SSIJMAR) Vol. 4, No. 5, October 2015 (ISSN 2278 5973) Cloud Computing: Security Issues In Infrastructure-As-A-Service Model

More information

SECURE CLOUD COMPUTING

SECURE CLOUD COMPUTING Outline SECURE CLOUD COMPUTING Introduction (of many buzz words) References What is Cloud Computing Cloud Computing Infrastructure Security Cloud Storage and Data Security Identity Management in the Cloud

More information

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility. FME Cloud Security Table of Contents FME Cloud Architecture Overview Secure Operations I. Backup II. Data Governance and Privacy III. Destruction of Data IV. Incident Reporting V. Development VI. Customer

More information

SUSE Cloud Installation: Best Practices Using a SMT, Xen and Ceph Storage Environment

SUSE Cloud Installation: Best Practices Using a SMT, Xen and Ceph Storage Environment Best Practices Guide www.suse.com SUSE Cloud Installation: Best Practices Using a SMT, Xen and Ceph Storage Environment Written by B1 Systems GmbH Table of Contents Introduction...3 Use Case Overview...3

More information

Application Performance in the Cloud, and its Relationship to QoS

Application Performance in the Cloud, and its Relationship to QoS Application Performance in the Cloud, and its Relationship to QoS Fall 2010 First, Last Someone@my.csun.edu Student ID: xxxxxxxxx September 22, 2010 Committee Chair: Dr. Shan Barkataki Approved by: Committee

More information

OpenNebula Open Souce Solution for DC Virtualization

OpenNebula Open Souce Solution for DC Virtualization OSDC 2012 25 th April, Nürnberg OpenNebula Open Souce Solution for DC Virtualization Constantino Vázquez Blanco OpenNebula.org What is OpenNebula? Multi-tenancy, Elasticity and Automatic Provision on Virtualized

More information

Secure Cloud Computing

Secure Cloud Computing Secure Cloud Computing Agenda Current Security Threat Landscape Over View: Cloud Security Overall Objective of Cloud Security Cloud Security Challenges/Concerns Cloud Security Requirements Strategy for

More information

OpenNebula Open Souce Solution for DC Virtualization. C12G Labs. Online Webinar

OpenNebula Open Souce Solution for DC Virtualization. C12G Labs. Online Webinar OpenNebula Open Souce Solution for DC Virtualization C12G Labs Online Webinar What is OpenNebula? Multi-tenancy, Elasticity and Automatic Provision on Virtualized Environments I m using virtualization/cloud,

More information

SSL VPN Technology White Paper

SSL VPN Technology White Paper SSL VPN Technology White Paper Keywords: SSL VPN, HTTPS, Web access, TCP access, IP access Abstract: SSL VPN is an emerging VPN technology based on HTTPS. This document describes its implementation and

More information

Software and Cloud Security

Software and Cloud Security 1 Lecture 12: Software and Cloud Security 2 Lecture 12 : Software and Cloud Security Subjects / Topics : 1. Standard ISO/OSI security services 2. Special problems, specific for software components and

More information

Effective End-to-End Cloud Security

Effective End-to-End Cloud Security Effective End-to-End Cloud Security Securing Your Journey to the Cloud Trend Micro SecureCloud A Trend Micro & VMware White Paper August 2011 I. EXECUTIVE SUMMARY This is the first paper of a series of

More information

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training McAfee Web Gateway Administration Intel Security Education Services Administration Course Training The McAfee Web Gateway Administration course from Education Services provides an in-depth introduction

More information

Research of Enterprise Private Cloud Computing Platform Based on OpenStack. Abstract

Research of Enterprise Private Cloud Computing Platform Based on OpenStack. Abstract , pp.171-180 http://dx.doi.org/10.14257/ijgdc.2014.7.5.16 Research of Enterprise Private Cloud Computing Platform Based on OpenStack Jiang Yunxia, Zhao Bowen, Wang Shuqi and Sun Dongnan School of Automation,

More information

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter Cloud Security considerations for business adoption Ricci IEONG CSA-HK&M Chapter What is Cloud Computing? Slide 2 What is Cloud Computing? My Cloud @ Internet Pogoplug What is Cloud Computing? Compute

More information

Leveraging OpenStack Private Clouds

Leveraging OpenStack Private Clouds Leveraging OpenStack Private Clouds Robert Ronan Sr. Cloud Solutions Architect! Robert.Ronan@rackspace.com! LEVERAGING OPENSTACK - AGENDA OpenStack What is it? Benefits Leveraging OpenStack University

More information

Secure information storage

Secure information storage Secure information storage in a private cloud built upon local network resources Student Project for Large Installation Administration Master of Science in System and Network Engineering Universiteit van

More information

Cloud Computing. Chapter 1 Introducing Cloud Computing

Cloud Computing. Chapter 1 Introducing Cloud Computing Cloud Computing Chapter 1 Introducing Cloud Computing Learning Objectives Understand the abstract nature of cloud computing. Describe evolutionary factors of computing that led to the cloud. Describe virtualization

More information