Cloud Storage Security
|
|
- Edwina Elliott
- 8 years ago
- Views:
Transcription
1 IBM Research Zurich Christian Cachin Nov Cloud Storage Security 2009 IBM Corporation
2 Overview Cloud computing security Storage security concepts Data encryption Key management Key-management standard (OASIS KMIP) Multi-client integrity protection Fork-linearizable protocols Data replication Replicated storage on the Intercloud Secure deletion Conclusion IBM Corporation
3 Cloud computing and security Cloud services are convenient No investment cost Pay only for consumption Scalable No skills needed Access from everywhere Standardized services IBM Corporation Clouds pose threats Unknown exposure Inherent risk of outsourcing No established contracts Loss of control Fast and reliable network needed Customization not possible
4 Cloud storage - secure? Kernel.org Linux repository was compromised in Aug Linux kernel sources exposed, but it is public anyway Thanks to cryptographic integrity protection in revision control system (git), kernel code modifications could be detected Was other content modified? What if other storage and services in the cloud are modified? 2012 IBM Corporation
5 Cloud computing - dependable? A problem in Amazon's cloud services disabled computing and storage services for about one day Clients were affected, including websites that use Amazon's resources Problem affected multiple, supposedly independent "zones" in Amazon's infrastructure 2012 IBM Corporation
6 Cloud-computing security concerns Customer's interests Protect outsourced programs and data Prevent attacks by provider (?) More importantly, protect Against attacks on provider by other tenants Against provider's jurisdiction Provider's interests Protect infrastructure Against abuse by tenants, like botnets and spammers that pay for service Against tenant-to-tenant attacks Maintain service quality for others IBM Corporation
7 Storage security and clouds IBM Corporation
8 Basic security mechanisms Mechanism Data-at-rest encryption Data authentication / integrity protection Applied by user (client) Applied by provider (server) ( ) ( ) Data replication Access control to data IBM Corporation
9 Encryption and access control Client Access control Why encrypt stored data when there is access control? Many attackers bypass access control Storage systems have many layers Deleting data no longer possible Encryption shifts access control to key-access Easier to guard keys Client Access control Encryption Storage Storage IBM Corporation
10 Data encryption IBM Corporation
11 Data encryption for cloud storage Client application Transparent encryption Cloud storage interface Specific clientside encryption Internet Server-side encryption Cloud storage service Cloud storage has many variations "Simple" object storage Key-value stores: S3... NFS/CIFS file system Archiving / backup interfaces Encryption possible On client By service At any layer Cloud storage pool IBM Corporation
12 Data encryption for cloud computing Client VM Virtual machines (VM) use virtual disks Virtual device When turned off, VM is simply a virtual-machine image (VMI) Bootable virtual disk Cryptographic virtual device Virtual disk storage service Cloud storage pool Encrypt virtual disks as usual VMI encryption problematic Automated boot process Where are the master keys? SSH host key of VM Storage encryption keys For best client protection, VMI would not contain cleartext keys Provide keys at boot time Alternatively,... a root-less VM? IBM Corporation
13 Key management IBM Corporation
14 Key management? Key-management in enterprises Key management moves to the cloud (Keys-as-a-service) IBM Corporation
15 Key management as a service Key management becomes a (cloud) service Centralized control Lifecycle management Automated and policy driven [BCHHKPV10] Focus on data-storage keys Tape, disks, filesystems Cloud storage Key Management Interoperability Protocol OASIS Key Management Interoperability Protocol (KMIP) Vendor-neutral format for accessing key server in enterprise KMIP V1.0 (Oct. 2010), in multiple products (IBM Tivoli Key Lifecycle Manager V2) Contributions from IBM Research - Zurich Tivoli Key Lifecycle Manager IBM Corporation
16 Integrity protection IBM Corporation
17 Integrity protection for one client Storage contains n data items x 1,..., x n Client accesses storage via integrityprotection layer Uses small trusted memory (for keys or reference values) Integrity layer operations Read item and verify Write item and update trusted memory Two common implementations Data authentication with MAC (allows replay attacks) Store short reference value v computed with Merkle hash tree, read/verify and write/update of data item with O(log n) work Integrity Client IBM Corporation v
18 Multi-client integrity protection Single-client solution Relies on hash/reference value v Stored locally in trusted memory Changes after every update operation Multiple clients Need to synchronize trusted memories Solution with digital signatures Every client has a public/private key pair Write operation produces signature σ on hash v Client stores signature and hash (σ, v) on cloud Approach allows replay attacks Easy to prevent with trusted coordination service Otherwise, resort to ensuring fork-linearizability Integrity C 1 C 2 C IBM Corporation
19 Integrity violation from replay attack C 1 C 3 C 1 write(1,x) write(1,u) write(1,t) C 2 write(2,v) read(1) x write(2,w) C 3 read(1) u read(2) w IBM Corporation
20 Multi-client integrity protection and forking attacks Server may present different views to separated clients E.g., not show the most recent WRITE operation to a reader Creates a "fork" between their histories Clients cannot prevent this without communication Protection with protocols that ensure fork linearizability [MS02]: If malicious server forks the views of two clients once, then their views are forked ever after they never again see each others updates Every inconsistency and integrity violation results in a fork Best achievable guarantee for storage on untrusted server Forks can be detected on a "cheap" low-security external channel Use only a semi-trusted coordinator [C11,CKS11] Prototype implementation in VENUS [SCCKMS10] IBM Corporation
21 Fork-linearizability graphically C 1 write(1,x) write(1,u) write(1,t) C 2 write(2,v) read(1) x write(2,w) C 3 read(1) u read(2) w w(1,x) w(2,v) w(1,u) r(1) u r(1) xw(2,w) w(1,t) View of C 1 r(2) w View of C 3 View of C IBM Corporation
22 Integrity for cloud storage and cloud computing Storage integrity solutions Single-client is easy Multiple clients requires coordination among clients Forking consistency notions provide graceful degradation Verify correct behavior of cloud with one operation Integrity of computation on untrusted clouds comes next Cloud gives new motivation to protocols that verify remote computation IBM Corporation
23 Data replication IBM Corporation
24 Data replication in cloud storage Replication ensures availability Data copies may become unavailable Problem is synchronization of copies Technologies depend on network characteristics Storage controller for local and SAN storage Centralized gateways to cloud storage In future, decentralized access to cloud storage Replication usually combined with erasure coding (generalized RAID) All cloud storage services use replication (or erasure coding) internally Including "geo-replication" to remote sites for disaster recovery IBM Corporation
25 Storage on the Intercloud Metadata Resilience Integrity Encryption Client Keys Cloud storage layer developed at IBM Zurich [BCEHSVZ11] Storage on the Intercloud Limits trust in single provider Properties Confidentiality Integrity Resilience through replication Implemented as client-side library Modular, layered structure Transparent to client Transparent to remote clouds Used by multiple clients No client-to-client communication Clients may fail (crash) Clients store only credentials locally IBM Corporation
26 Replication Alice Bob Charlie Clients read and write object values Do not communicate No synchronized clocks Storage nodes replicate data Faulty nodes may erase or modify data Do not communicate with each other IBM Corporation
27 Replication algorithm Clients read and write objects (values) Client operations take time and may execute concurrently No locks No single point of failure Clients may fail Algorithm ensures a "consistent" view of single storage object If no operation is concurrent, then every read returns the most recently written value Otherwise, read may return old value (written before) or new value (written concurrently) Emulates a shared memory Semantics of operations under concurrent access? (here: regular) Linearizability ensures that all operations appear atomic Implementation based on logical timestamps (sequence numbers) 2012 IBM Corporation
28 Data replication using key-value stores (KVS) KVS operations PUT(k,x), GET(k) x, LIST() {k}, REMOVE(k) How to achieve multi-writer storage with KVS replicas and wait-free semantics? Theorem [BCEHSVZ11]: Need to store at least two copies of every value Store value at a temporary and an eternal key 2012 IBM Corporation
29 Secure deletion IBM Corporation
30 Secure deletion via encryption Erasing stored data (= sanitizing storage media) is almost impossible Layered storage systems Every layer may cache data and leave traces Magnetic disks must be specially wiped SSDs cannot be sanitized with current methods Use encryption and securely delete the key Key must be stored in memory that can be erased securely In practice Some SSDs already provide FDE (internal encryption) that helps sanitization Encryption-based sanitization will appear on all storage layers in future IBM Corporation
31 Logical secure deletion Alice Encryption Bob Encryption Charlie Encryption Provider stores data of multiple tenants Provider must erase tenant data when service ends Data encrypted, e.g., with one separate key per tenant When tenant moves out, provider destroys tenant's key (Same goal achieved when tenant encrypts and manages key; this is transparent to provider.) Disk drive Policy-based key management allows fast deletion by attributes: Expiration date Tenant Project Etc IBM Corporation
32 Conclusion Cloud storage security is addressed by Provider-side measures Methods implemented by users Cryptography is effective Encryption Integrity protection Data replication ubiquitous Crypotgraphic protection becomes common IBM Corporation
33 Thank you Christian Cachin Security research IBM Research - Zurich Trustworthy Clouds - Privacy and Resilience for Internet-scale Critical Infrastructure, EU FP7 No IBM Corporation
34 Literature (1) [BCEHSVZ11] C. Basescu, C. Cachin, I. Eyal, R. Haas, A. Sorniotti, M. Vukolic, and I. Zachevsky, "Robust data sharing with key-value stores," in Proc. Intl. Conference on Dependable Systems and Networks (DSN), June [BCHHKPV10] M. Björkqvist, C. Cachin, R. Haas, X.-Y. Hu, A. Kurmus, R. Pawlitzek,and M. Vukolic, "Design and implementation of a key-lifecycle management system," in Proc. Financial Cryptography and Data Security (FC 2010), LNCS 6052, [C11] C. Cachin, "Integrity and consistency for untrusted services," in Proc. Current Trends in Theory and Practice of Computer Science (SOFSEM 2011) (I. Cerna et al., eds.), LNCS 6543, [CJS12] C. Cachin, B. Junker, and A. Sorniotti, "On limitations of using cloud storage for data replication," in Proc. 6th Workshop on Recent Advances in Intrusion Tolerance and resilience (WRAITS 2012), June [CKS11] C. Cachin, I. Keidar, and A. Shraer, "Fail-aware untrusted storage," SIAM Journal on Computing, vol. 40, Apr IBM Corporation
35 Literature (2) [KGPCH11] A. Kurmus, M. Gupta, R. Pletka, C. Cachin, and R. Haas, "A comparison of secure multi-tenancy architectures for filesystem storage clouds," in Proc. Middleware, LNCS 7049, [OASIS KMIP] OASIS Key Management Interoperability Protocol (KMIP) standard, [SCCKMS10] A. Shraer, C. Cachin, A. Cidon, I. Keidar, Y. Michalevsky, and D. Shaket, "Venus: Verification for untrusted cloud storage," in Proc. ACM Workshop on Cloud Computing Security (CCSW 2010), IBM Corporation
Protocols for Secure Cloud Computing
IBM Research Zurich Christian Cachin April 2011 Protocols for Secure Cloud Computing 2009 IBM Corporation Where is my data? 1986 2011 Who runs my computation? 1986 2011 Overview 1.Cloud computing and its
More informationProtocols for Secure Cloud Computing
IBM Research Zurich Christian Cachin 28 September 2010 Protocols for Secure Cloud Computing 2009 IBM Corporation Where is my data? 1985 2010 Who runs my computation? 1985 2010 IBM Research - Zurich Overview
More informationCryptographic Security Mechanisms for Cloud Computing
IBM Research Zurich Christian Cachin June 2014 Cryptographic Security Mechanisms for Cloud Computing 2009 IBM Corporation Cloud computing Compute Network Storage 2 Cloud computing 3 Cloud computing = IT
More informationTowards Trustworthy Clouds
IBM Research Zurich Christian Cachin 12 September 2013 Towards Trustworthy Clouds 2009 IBM Corporation Cloud computing? 2 Cloud services are convenient No investment cost Pay only for consumption Scalable
More informationSecure Framework for Data Storage from Single to Multi clouds in Cloud Networking
Secure Framework for Data Storage from Single to Multi clouds in Cloud Networking B.Sujana 1, P.Tejaswini 2, G.Srinivasulu 3, Sk.Karimulla 4 1,2,3,4 QUBA COLLEGE OF ENGINEERING & TECH, NELLORE Abstract:
More informationSecuring Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption
THE DATA PROTECTIO TIO N COMPANY Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption whitepaper Executive Summary Long an important security measure, encryption has
More informationApplying Cryptography as a Service to Mobile Applications
Applying Cryptography as a Service to Mobile Applications SESSION ID: CSV-F02 Peter Robinson Senior Engineering Manager RSA, The Security Division of EMC Introduction This presentation proposes a Cryptography
More informationSecure Cloud Transactions by Performance, Accuracy, and Precision
Secure Cloud Transactions by Performance, Accuracy, and Precision Patil Vaibhav Nivrutti M.Tech Student, ABSTRACT: In distributed transactional database systems deployed over cloud servers, entities cooperate
More informationSolaris For The Modern Data Center. Taking Advantage of Solaris 11 Features
Solaris For The Modern Data Center Taking Advantage of Solaris 11 Features JANUARY 2013 Contents Introduction... 2 Patching and Maintenance... 2 IPS Packages... 2 Boot Environments... 2 Fast Reboot...
More informationProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary
VISIBILITY DATA GOVERNANCE SYSTEM OS PARTITION UNIFIED MANAGEMENT CENTRAL AUDIT POINT ACCESS MONITORING ENCRYPTION STORAGE VOLUME POLICY ENFORCEMENT ProtectV SECURITY SNAPSHOT (backup) DATA PROTECTION
More informationOn Limitations of Using Cloud Storage for Data Replication
On Limitations of Using Cloud Storage for Data Replication Christian Cachin IBM Research - Zurich Säumerstr. 4 CH-8803 Rüschlikon, Switzerland cca@zurich.ibm.com Birgit Junker 1 Open Systems AG Räffelstrasse
More informationRecent Advances in Cloud
Recent Advances in Cloud Computing Dependability pjv@di.fc.ul.pt Paulo Veríssimo http://www.di.fc.ul.pt/~pjv joint work with: Alysson Bessani, Miguel Correia, Pedro Costa, Bernhard Kauer, Marcelo Pasin,
More informationSecurity Threat Solution over Single Cloud To Multi-Cloud Using DepSky Model
IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661, p- ISSN: 2278-8727Volume 14, Issue 1 (Sep. - Oct. 2013), PP 71-76 Security Threat Solution over Single Cloud To Multi-Cloud Using DepSky
More informationSecure cloud access system using JAR ABSTRACT:
Secure cloud access system using JAR ABSTRACT: Cloud computing enables highly scalable services to be easily consumed over the Internet on an as-needed basis. A major feature of the cloud services is that
More informationWHITE PAPER www.tresorit.com
WHITE PAPER tresor [tʀeˈzoːɐ ] noun (German) 1. lockable, armoured cabinet THE CLOUD IS UNTRUSTED The cloud has huge potential when it comes to storing, sharing and exchanging files, but the security provided
More informationComparative study of security parameters by Cloud Providers
Comparative study of security parameters by Cloud Providers Manish Kumar Aery 1 Faculty of Computer Applications, Global Infotech Institute of IT & Management (LPUDE) aery.manish1@gmail.com, Sumit Gupta
More informationKey Management Interoperability Protocol (KMIP)
(KMIP) Addressing the Need for Standardization in Enterprise Key Management Version 1.0, May 20, 2009 Copyright 2009 by the Organization for the Advancement of Structured Information Standards (OASIS).
More informationKey Management Issues in the Cloud Infrastructure
Key Management Issues in the Cloud Infrastructure Dr. R. Chandramouli (Mouli) mouli@nist.gov Dr. Michaela Iorga michaela.iorga@nist.gov (Information Technology Lab, NIST, USA) ARO Workshop on Cloud Computing
More information16 April 2015. Cloud Security. Dr. Andreas Wespi. 2015 IBM Corporation
16 April 2015 Cloud Security Dr. Andreas Wespi The Roots of Cloud Computing Malcolm McLean, one of the founders of Cloud Computing, back in 1956 Born on Nov. 14, 1913, in Maxton, North Carolina Malcolm
More informationSolid-State Drives with Self-Encryption: Solidly Secure
Solid-State Drives with Self-Encryption: Solidly Secure 09/22/2011 Michael Willett Storage Security Strategist SAMSUNG SOLID STATE DRIVES Solid-State Drives SSD ADVANTAGES SOLID STATE DRIVES Save $$ on
More informationAlliance Key Manager Solution Brief
Alliance Key Manager Solution Brief KEY MANAGEMENT Enterprise Encryption Key Management On the road to protecting sensitive data assets, data encryption remains one of the most difficult goals. A major
More informationIBM Tivoli Storage Manager Version 7.1.4. Introduction to Data Protection Solutions IBM
IBM Tivoli Storage Manager Version 7.1.4 Introduction to Data Protection Solutions IBM IBM Tivoli Storage Manager Version 7.1.4 Introduction to Data Protection Solutions IBM Note: Before you use this
More informationAN APPROACH TOWARDS REDUCING SECURITY CONCERNS IN CLOUD ENVIRONMENT
INTERNATIONAL JOURNAL OF REVIEWS ON RECENT ELECTRONICS AND COMPUTER SCIENCE AN APPROACH TOWARDS REDUCING SECURITY CONCERNS IN CLOUD ENVIRONMENT Farhan Mohiuddin 1, Akheel Mohammed 2, Ayesha 3 1 M.Tech
More informationSecurity Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM)
Security Management of Cloud-Native Applications Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM) 1 Outline Context State-of-the-Art Design Patterns Threats to cloud systems Security
More informationData Storage Security in Cloud Computing for Ensuring Effective and Flexible Distributed System
Data Storage Security in Cloud Computing for Ensuring Effective and Flexible Distributed System 1 K.Valli Madhavi A.P vallimb@yahoo.com Mobile: 9866034900 2 R.Tamilkodi A.P tamil_kodiin@yahoo.co.in Mobile:
More informationNetwork Attached Storage. Jinfeng Yang Oct/19/2015
Network Attached Storage Jinfeng Yang Oct/19/2015 Outline Part A 1. What is the Network Attached Storage (NAS)? 2. What are the applications of NAS? 3. The benefits of NAS. 4. NAS s performance (Reliability
More informationSecurity in Storage Networks A Current Perspective
Security in Storage Networks A Current Perspective Christian Cachin ZISC Colloquium www.zurich.ibm.com Overview Networked storage systems NAS, SAN, OBS Design options for security
More informationSync Security and Privacy Brief
Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical
More informationEMC Symmetrix Data at Rest Encryption
Detailed Review Abstract This white paper provides a detailed description of EMC Symmetrix Data at Rest Encryption features and operations. March 2011 Copyright 2010, 2011 EMC Corporation. All rights reserved.
More informationETERNUS CS High End Unified Data Protection
ETERNUS CS High End Unified Data Protection Optimized Backup and Archiving with ETERNUS CS High End 0 Data Protection Issues addressed by ETERNUS CS HE 60% of data growth p.a. Rising back-up windows Too
More informationCloud Security: Evaluating Risks within IAAS/PAAS/SAAS
Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS Char Sample Security Engineer, Carnegie Mellon University CERT Information Security Decisions TechTarget Disclaimer Standard Disclaimer - This talk
More informationTufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao Guocui.gao@tufts.
Tufts University Department of Computer Science COMP 116 Introduction to Computer Security Fall 2014 Final Project Investigating Security Issues in Cloud Computing Guocui Gao Guocui.gao@tufts.edu Mentor:
More informationSECURE AND TRUSTY STORAGE SERVICES IN CLOUD COMPUTING
SECURE AND TRUSTY STORAGE SERVICES IN CLOUD COMPUTING Saranya.V 1, Suganthi.J 2, R.G. Suresh Kumar 3 1,2 Master of Technology, Department of Computer Science and Engineering, Rajiv Gandhi College of Engineering
More informationSecure Way of Storing Data in Cloud Using Third Party Auditor
IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661, p- ISSN: 2278-8727Volume 12, Issue 4 (Jul. - Aug. 2013), PP 69-74 Secure Way of Storing Data in Cloud Using Third Party Auditor 1 Miss.
More informationA Virtual Filer for VMware s Virtual SAN A Maginatics and VMware Joint Partner Brief
A Virtual Filer for VMware s Virtual SAN A Maginatics and VMware Joint Partner Brief With the massive growth of unstructured data in today s enterprise environments, storage IT administrators are constantly
More informationCloud Data Protection for the Masses
Cloud Data Protection for the Masses N.Janardhan 1, Y.Raja Sree 2, R.Himaja 3, 1,2,3 {Department of Computer Science and Engineering, K L University, Guntur, Andhra Pradesh, India} Abstract Cloud computing
More informationEnterprise Backup and Restore technology and solutions
Enterprise Backup and Restore technology and solutions LESSON VII Veselin Petrunov Backup and Restore team / Deep Technical Support HP Bulgaria Global Delivery Hub Global Operations Center November, 2013
More informationMIGRATION FROM SINGLE TO MULTI-CLOUDS TO SHRIVEL SECURITY RISKS IN CLOUD COMPUTING. K.Sireesha 1 and S. Suresh 2
IJCITP Volume.8* Number 2* December 2013, pp. 53-58 Serials Publications MIGRATION FROM SINGLE TO MULTI-CLOUDS TO SHRIVEL SECURITY RISKS IN CLOUD COMPUTING K.Sireesha 1 and S. Suresh 2 1 M.Tech. Student,
More informationCLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM
CLOUD STORAGE SECURITY INTRODUCTION Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members may use this material
More informationEnsuring Data Storage Security in Cloud Crop
ISSN : 2347-8446 (Online) International Journal of Advanced Research in Ensuring Data Storage Security in Cloud Crop Rakesh Kumar ER Asst. Prof. & Head (CSE), SAMS College of Engineering and Technology,
More informationThe Design and Implementation of the Zetta Storage Service. October 27, 2009
The Design and Implementation of the Zetta Storage Service October 27, 2009 Zetta s Mission Simplify Enterprise Storage Zetta delivers enterprise-grade storage as a service for IT professionals needing
More informationAmerican International Group, Inc. DNS Practice Statement for the AIG Zone. Version 0.2
American International Group, Inc. DNS Practice Statement for the AIG Zone Version 0.2 1 Table of contents 1 INTRODUCTION... 6 1.1 Overview...6 1.2 Document Name and Identification...6 1.3 Community and
More informationArchive Data Retention & Compliance. Solutions Integrated Storage Appliances. Management Optimized Storage & Migration
Solutions Integrated Storage Appliances Management Optimized Storage & Migration Archive Data Retention & Compliance Services Global Installation & Support SECURING THE FUTURE OF YOUR DATA w w w.q sta
More informationA Secure Strategy using Weighted Active Monitoring Load Balancing Algorithm for Maintaining Privacy in Multi-Cloud Environments
IJSTE - International Journal of Science Technology & Engineering Volume 1 Issue 10 April 2015 ISSN (online): 2349-784X A Secure Strategy using Weighted Active Monitoring Load Balancing Algorithm for Maintaining
More informationPeer-to-peer Cooperative Backup System
Peer-to-peer Cooperative Backup System Sameh Elnikety Mark Lillibridge Mike Burrows Rice University Compaq SRC Microsoft Research Abstract This paper presents the design and implementation of a novel backup
More informationGPFS Cloud ILM. IBM Research - Zurich. Storage Research Technology Outlook
IBM Research - Zurich GPFS Cloud ILM Storage Research Technology Outlook Dr. Thomas Weigold (twe@zurich.ibm.com) Manager Cloud Storage & Security IBM Research Zurich Why Cloud Storage? Economics! Lower
More informationEnsuring Data Storage Security in Cloud Computing By IP Address Restriction & Key Authentication
Ensuring Data Storage Security in Cloud Computing By IP Address Restriction & Key Authentication Sanjay Kumar Baghel Mtech Scholar, CSE, CSIT DURG Sanju5878@gmail.com Bhupesh Kumar Dewangan Assistant Professor,CSE,
More informationIBM Spectrum Protect in the Cloud
IBM Spectrum Protect in the Cloud. Disclaimer IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole discretion. Information regarding
More informationComputer Science. About PaaS Security. Donghoon Kim Henry E. Schaffer Mladen A. Vouk
About PaaS Security Donghoon Kim Henry E. Schaffer Mladen A. Vouk North Carolina State University, USA May 21, 2015 @ ICACON 2015 Outline Introduction Background Contribution PaaS Vulnerabilities and Countermeasures
More informationCollaborate on your projects in a secure environment. Physical security. World-class datacenters. Uptime over 99%
Security overview Collaborate on your projects in a secure environment Thousands of businesses, including Fortune 500 corporations, trust Wrike for managing their projects through collaboration in the
More informationData Storage Security in Cloud Computing
Data Storage Security in Cloud Computing Prashant M. Patil Asst. Professor. ASM s, Institute of Management & Computer Studies (IMCOST), Thane (w), India E_mail: prashantpatil11@rediffmail.com ABSTRACT
More informationA Secure Decentralized Access Control Scheme for Data stored in Clouds
A Secure Decentralized Access Control Scheme for Data stored in Clouds Priyanka Palekar 1, Abhijeet Bharate 2, Nisar Anjum 3 1 SKNSITS, University of Pune 2 SKNSITS, University of Pune 3 SKNSITS, University
More informationDATA SECURITY MODEL FOR CLOUD COMPUTING
DATA SECURITY MODEL FOR CLOUD COMPUTING POOJA DHAWAN Assistant Professor, Deptt of Computer Application and Science Hindu Girls College, Jagadhri 135 001 poojadhawan786@gmail.com ABSTRACT Cloud Computing
More informationSelf-Encrypting Hard Disk Drives in the Data Center
Technology Paper Self-Encrypting Hard Disk Introduction At least 35 U.S. states now have data privacy laws that state if you encrypt data-at-rest, you don t have to report breaches of that data. U.S. Congressional
More informationSAN Conceptual and Design Basics
TECHNICAL NOTE VMware Infrastructure 3 SAN Conceptual and Design Basics VMware ESX Server can be used in conjunction with a SAN (storage area network), a specialized high speed network that connects computer
More informationClodoaldo Barrera Chief Technical Strategist IBM System Storage. Making a successful transition to Software Defined Storage
Clodoaldo Barrera Chief Technical Strategist IBM System Storage Making a successful transition to Software Defined Storage Open Server Summit Santa Clara Nov 2014 Data at the core of everything Data is
More informationMeeting Technology Risk Management (TRM) Guidelines from the Monetary Authority of Singapore (MAS)
Meeting Technology Risk Management (TRM) Guidelines from the Monetary Authority of Singapore (MAS) How Financial Institutions Can Comply to Data Security Best Practices Vormetric, Inc. 2545 N. 1st Street,
More informationLecture 02a Cloud Computing I
Mobile Cloud Computing Lecture 02a Cloud Computing I 吳 秀 陽 Shiow-yang Wu What is Cloud Computing? Computing with cloud? Mobile Cloud Computing Cloud Computing I 2 Note 1 What is Cloud Computing? Walking
More informationefolder BDR for Veeam Cloud Connection Guide
efolder BDR for Veeam Cloud Connection Guide Setup Connect Preload Data uh6 efolder BDR Guide for Veeam Page 1 of 36 INTRODUCTION Thank you for choosing the efolder Cloud for Veeam. Using the efolder Cloud
More informationMiddleware and Distributed Systems. System Models. Dr. Martin v. Löwis. Freitag, 14. Oktober 11
Middleware and Distributed Systems System Models Dr. Martin v. Löwis System Models (Coulouris et al.) Architectural models of distributed systems placement of parts and relationships between them e.g.
More informationnwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.
CONTENTS 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. Conclusion 1. EXECUTIVE SUMMARY The advantages of networked data storage technologies such
More informationComparing Microsoft SQL Server 2005 Replication and DataXtend Remote Edition for Mobile and Distributed Applications
Comparing Microsoft SQL Server 2005 Replication and DataXtend Remote Edition for Mobile and Distributed Applications White Paper Table of Contents Overview...3 Replication Types Supported...3 Set-up &
More informationINTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY
INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY A PATH FOR HORIZING YOUR INNOVATIVE WORK REVIEW ON MOBILE APPLICATION IN A CLOUD COMPUTING SECURE AND SCALABLE USING CLOUD
More informationProtocols for Secure Cloud Computing (Parts 3 and 4)
School on Applied Cryptographic Protocols 2010 Christian Cachin, IBM Research - Zurich CASED & ECRYPT II www.zurich.ibm.com/ cca/ Protocols for Secure Cloud Computing (Parts 3 and 4) 3 Proofs of storage
More informationMaking Data Security The Foundation Of Your Virtualization Infrastructure
Making Data Security The Foundation Of Your Virtualization Infrastructure by Dave Shackleford hytrust.com Cloud Under Control P: P: 650.681.8100 Securing data has never been an easy task. Its challenges
More informationCloud Data Storage Services Considering Public Audit for Security
Global Journal of Computer Science and Technology Cloud and Distributed Volume 13 Issue 1 Version 1.0 Year 2013 Type: Double Blind Peer Reviewed International Research Journal Publisher: Global Journals
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationDevelopment of enhanced Third party Auditing Scheme for Secure Cloud Storage
Development of enhanced Third party Auditing Scheme for Secure Cloud Storage Bhanu Prakash Chamakuri*1, D. Srikar*2, Dr. M.Suresh Babu*3 M.Tech Scholar, Dept of CSE, Grandhi Varalakshmi Institute Of Technology,
More informationData Security Using TCG Self-Encrypting Drive Technology
Data Security Using TCG Self-Encrypting Drive Technology June 11, 2013 2:00PM EDT Copyright 2013 Trusted Computing Group 1 Copyright 2013 Trusted Computing Group 2 Tom Coughlin, Founder, Coughlin Associates.
More informationEnterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February 2010 www.alvandsolutions.
Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH White Paper February 2010 www.alvandsolutions.com Overview Today s increasing security threats and regulatory
More informationSecuring Data at Rest ViSolve IT Security Team
Securing Data at Rest ViSolve IT Security Team 1 Table of Contents 1 Introduction... 3 2 Why Data at Rest needs to be secure?... 4 3 Securing Data... 4 3.1 Encryption - Access Control Approach... 5 3.1.1
More informationKey Management Interoperability Protocol (KMIP)
www.oasis-open.org Management Interoperability Protocol (KMIP) Storage Developer s Introduction SNIA Fall 2009 Gordon Arnold, garnold@us.ibm.com Chair, Storage Security Industry Forum 1 2009 Insert Copyright
More informationSecurity in the Sauce Labs Cloud. Practices and protocols used in Sauce s infrastructure and Sauce Connect
Security in the Sauce Labs Cloud Practices and protocols used in Sauce s infrastructure and Sauce Connect Table of Contents page 2 page 4 page 6 page 8 page 9 page 10 page 11 Overview I. Sauce Labs Data
More informationImproving data integrity on cloud storage services
International Journal of Engineering Science Invention ISSN (Online): 2319 6734, ISSN (Print): 2319 6726 Volume 2 Issue 2 ǁ February. 2013 ǁ PP.49-55 Improving data integrity on cloud storage services
More informationKerberos-Based Authentication for OpenStack Cloud Infrastructure as a Service
Kerberos-Based Authentication for OpenStack Cloud Infrastructure as a Service Sazzad Masud and Ram Krishnan University of Texas at San Antonio Sazzad.Masud@gmail.com, Ram.Krishnan@utsa.edu Abstract Cloud
More informationIBM Cognos TM1 on Cloud Solution scalability with rapid time to value
IBM Solution scalability with rapid time to value Cloud-based deployment for full performance management functionality Highlights Reduced IT overhead and increased utilization rates with less hardware.
More informationRobust Data Sharing with Key-Value Stores
Robust Data Sharing with Key-Value Stores Cristina Băsescu, Christian Cachin, Ittay Eyal, Robert Haas, Alessandro Sorniotti, Marko Vukolić, and Ido Zachevsky Vrije Universiteit Amsterdam, Amsterdam, The
More informationHigh Availability Databases based on Oracle 10g RAC on Linux
High Availability Databases based on Oracle 10g RAC on Linux WLCG Tier2 Tutorials, CERN, June 2006 Luca Canali, CERN IT Outline Goals Architecture of an HA DB Service Deployment at the CERN Physics Database
More informationMASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY
MASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY HTTP://SCIENCE.HAMPTONU.EDU/COMPSCI/ The Master of Science in Information Assurance focuses on providing
More informationProviding Access Permissions to Legitimate Users by Using Attribute Based Encryption Techniques In Cloud
Providing Access Permissions to Legitimate Users by Using Attribute Based Encryption Techniques In Cloud R.Udhayakumar 1, M. Jawahar 2, I.Ramasamy 3 PG Student, Dept. Of CSE,KSR Institute For Engineering
More informationAmazon Cloud Storage Options
Amazon Cloud Storage Options Table of Contents 1. Overview of AWS Storage Options 02 2. Why you should use the AWS Storage 02 3. How to get Data into the AWS.03 4. Types of AWS Storage Options.03 5. Object
More informationInternational Journal of Advanced Research in Computer Science and Software Engineering
Volume 3, Issue 2, February 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com A Review on
More informationIntroduction to Security
2 Introduction to Security : IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 25 October 2013 its335y13s2l01, Steve/Courses/2013/s2/its335/lectures/intro.tex,
More informationA Multi-Cloud based Approach to Enhance Data Security and Availability in Cloud Storage
A Multi-Cloud based Approach to Enhance Data Security and Availability in Cloud Storage Siva Rama Krishna T. a, * Dr. A. S. N. Chakravarthy a, Naveen Kumar G. b a Department of Computer Science and Engineering,
More informationEnterprise SSO Manager (E-SSO-M)
Enterprise SSO Manager (E-SSO-M) Many resources, such as internet applications, internal network applications and Operating Systems, require the end user to log in several times before they are empowered
More informationManaging Cloud Computing Risk
Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify
More informationArchitectural Principles for Secure Multi-Tenancy
Architectural Principles for Secure Multi-Tenancy John Linn, Office of the CTO, RSA, The Security Division of EMC John Field, Office of the CTO, EMC Also adapting prior content by Burt Kaliski DIMACS Workshop
More informationEucalyptus: An Open-source Infrastructure for Cloud Computing. Rich Wolski Eucalyptus Systems Inc. www.eucalyptus.com
Eucalyptus: An Open-source Infrastructure for Cloud Computing Rich Wolski Eucalyptus Systems Inc. www.eucalyptus.com Exciting Weather Forecasts Commercial Cloud Formation Eucalyptus - Confidential What
More informationDISTRIBUTED SYSTEMS [COMP9243] Lecture 9a: Cloud Computing WHAT IS CLOUD COMPUTING? 2
DISTRIBUTED SYSTEMS [COMP9243] Lecture 9a: Cloud Computing Slide 1 Slide 3 A style of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet.
More informationWhitepaper. What You Need to Know About Infrastructure as a Service (IaaS) Encryption
Whitepaper What You Need to Know About Infrastructure as a Service (IaaS) Encryption What You Need to Know about IaaS Encryption What You Need to Know About IaaS Encryption Executive Summary In this paper,
More informationData Integrity and Dynamic Storage Way in Cloud Computing
1 Data Integrity and Dynamic Storage Way in Cloud Computing Dinesh.C, P.G Scholar, Computer Science and Engineering, Mailam Engineering College, Mailam, Tamilnadu. Abstract It is not an easy task to securely
More informationEnterprise Data Protection
PGP White Paper June 2007 Enterprise Data Protection Version 1.0 PGP White Paper Enterprise Data Protection 2 Table of Contents EXECUTIVE SUMMARY...3 PROTECTING DATA EVERYWHERE IT GOES...4 THE EVOLUTION
More informationWHITE PAPER Overview of Data Replication
Overview of Data Replication 1 Abstract Replication is the process of making a copy of something, or of creating a replica. In different contexts, such as art (copies of a painting), bioscience (cloning),
More informationCloud security architecture
ericsson White paper Uen 284 23-3244 January 2015 Cloud security architecture from process to deployment The Trust Engine concept and logical cloud security architecture presented in this paper provide
More informationImplementing Disk Encryption on System x Servers with IBM Security Key Lifecycle Manager Solution Guide
Implementing Disk Encryption on System x Servers with IBM Security Key Lifecycle Manager Solution Guide Securing sensitive client and company data is becoming an IT task of paramount importance. Often
More informationEventually Consistent
Historical Perspective In an ideal world there would be only one consistency model: when an update is made all observers would see that update. The first time this surfaced as difficult to achieve was
More informationOn the Ubiquity of Logging in Distributed File Systems
On the Ubiquity of Logging in Distributed File Systems M. Satyanarayanan James J. Kistler Puneet Kumar Hank Mashburn School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213 Logging is
More informationBANKING SECURITY and COMPLIANCE
BANKING SECURITY and COMPLIANCE Cashing In On Banking Security and Compliance With awareness of data breaches at an all-time high, banking institutions are working hard to implement policies and solutions
More information