FPGAs for Trusted Cloud Computing
|
|
|
- Suzan Moore
- 8 years ago
- Views:
Transcription
1 FPGAs for Trusted Cloud Computing
2 Traditional Servers Datacenter Cloud Servers Datacenter Cloud Manager Client Client Control Client Client Control 2
3 Existing cloud systems cannot offer strong security guarantees Cloud administrator access liability Availability & co-tenancy malware & sidechannel attacks Cloud administrators have full access! 3
4 Existing cloud systems cannot offer strong security guarantees Cloud administrator access liability Availability & co-tenancy malware & sidechannel attacks Cloud is open to everyone! 4
5 Network bandwidth/ latency CPU time Storage allotment/ latency Minimum uptime Security 5
6 1% to 10% of information/transactions deal with sensitive data Isolate only sensitive computations on trusted compute nodes Client Application Unsecured Part Secured Part 6
7 Independent administration Management!= full access Cloud operator is not part of root of trust Physically secure High performance Generality Flexibility 7
8 Independent administration Physically secure Store keys Decrypt & authenticate binaries and data Execute application exactly as prescribed High performance Generality Flexibility 8
9 Independent administration Physically secure High performance Generality Flexibility 9
10 Requirements Independent administration Physically secure High performance Generality Flexibility X Platform Options Commodity servers Local/cloud hybrids High security commodity servers Secure co-processors Homomorphic crypto Dedicated hardware HSMs FPGAs 10
11 Requirements Independent administration Physically secure High performance Generality Flexibility X X X Platform Options Commodity servers Local/cloud hybrids High security commodity servers Secure co-processors Homomorphic crypto Dedicated hardware HSMs FPGAs 11
12 Requirements Independent administration Physically secure High performance Generality Flexibility X X Platform Options Commodity servers Local/cloud hybrids High security commodity servers Secure co-processors Homomorphic crypto Dedicated hardware HSMs FPGAs 12
13 Requirements Independent administration Physically secure High performance Generality Flexibility X X Platform Options Commodity servers Local/cloud hybrids High security commodity servers Secure co-processors Homomorphic crypto Dedicated hardware HSMs FPGAs 13
14 Requirements Independent administration Physically secure High performance Generality Flexibility Platform Options Commodity servers Local/cloud hybrids High security commodity servers Secure co-processors Homomorphic crypto Dedicated hardware HSMs FPGAs 14
15 FPGA Platform Board Dedicated FPGA Resources Key Mem. Boot. Logic Programmable Logic Region 15
16 Trusted Authority Bitstream Key FPGA Platform Board FPGA Key Mem. Boot. Logic 16
17 Untrusted Cloud Machine FPGA Platform Board FPGA Key Mem. 8x PCIe Boot. Logic 17
18 Trusted Authority Bitstream Key Untrusted Cloud Machine Platform Memory FPGA Platform Board FPGA Key Mem. Boot. Logic Customer Application Customer 18
19 Untrusted Cloud Machine FPGA Platform Board FPGA Key Mem. Encrypted & Signed Bitstream Boot. Logic 19
20 Untrusted Cloud Machine FPGA Platform Board FPGA Key Mem. Encrypted & Signed Bitstream Boot. Logic Client Application Client Application Request Loaded Application 20
21 Remove TA involvement? Trusted Authority Bitstream Key Customer Application Customer Remove per FPGA bitstream? Untrusted Cloud Machine Platform Memory FPGA Platform Board FPGA Key Mem. Boot. Logic 21
22 Sensitive vs. non-sensitive data Client App Data Stream Sensitive Data? Results Data Mining 22
23 Sensitive vs. non-sensitive data Separate, tokenize & encrypt sensitive fields Trusted Computing Node Client App Results Data Stream Bulk Cloud Servers Data Mining Non-Sensitive Plaintext Identify sensitive fields Tokenized Data Anonymization 23
24 PCI-Express Controller Prototype cloud server & FPGA architecture Untrusted Cloud Servers Session Key Exch. Infrastructure RSA & SHA FPGA privatek fb Client App Data Transfer Data Mining sessionk fb User Application Sensitive Plaintext AES & AES SHA Non-Sensitive Plaintext Encrypted & Tokenized Data 24
25 On an ML605 (V6 LX 240T) LUTs FF BRAM DSP Full system 18.1% 9% 6.9% 0.5% Infrastructure (RSA, SHA, PCIe, DDR3) Tokenization (AES, AES + SHA) 14.8% 8.6% 5.2% 0.5% 3.3% 0.3% 0.7% 0.0% 25
26 On an ML605 (V6 LX 240T) 200MHz clock Initiate 13+ RSA secure session key exchanges per second Decrypt AES at 572MB/s Tokenize with SHA-256 at 12MB/s Gb Ethernet is 125MB/s 1-10% of the incoming data was sensitive 26
27 Security is paramount to the cloud Existing server are insufficient FPGAs provide native support for secure boot and secure operation This represents a brand new market for FPGAs 27
Secure Cloud Storage and Computing Using Reconfigurable Hardware
Secure Cloud Storage and Computing Using Reconfigurable Hardware Victor Costan, Brandon Cho, Srini Devadas Motivation Computing is more cost-efficient in public clouds but what about security? Cloud Applications
FPGA Accelerator Virtualization in an OpenPOWER cloud. Fei Chen, Yonghua Lin IBM China Research Lab
FPGA Accelerator Virtualization in an OpenPOWER cloud Fei Chen, Yonghua Lin IBM China Research Lab Trend of Acceleration Technology Acceleration in Cloud is Taking Off Used FPGA to accelerate Bing search
Seeking Opportunities for Hardware Acceleration in Big Data Analytics
Seeking Opportunities for Hardware Acceleration in Big Data Analytics Paul Chow High-Performance Reconfigurable Computing Group Department of Electrical and Computer Engineering University of Toronto Who
High-Density Network Flow Monitoring
Petr Velan petr.velan@cesnet.cz High-Density Network Flow Monitoring IM2015 12 May 2015, Ottawa Motivation What is high-density flow monitoring? Monitor high traffic in as little rack units as possible
FPGA Acceleration using OpenCL & PCIe Accelerators MEW 25
FPGA Acceleration using OpenCL & PCIe Accelerators MEW 25 December 2014 FPGAs in the news» Catapult» Accelerate BING» 2x search acceleration:» ½ the number of servers»
CFD Implementation with In-Socket FPGA Accelerators
CFD Implementation with In-Socket FPGA Accelerators Ivan Gonzalez UAM Team at DOVRES FuSim-E Programme Symposium: CFD on Future Architectures C 2 A 2 S 2 E DLR Braunschweig 14 th -15 th October 2009 Outline
Hardware Security Modules for Protecting Embedded Systems
Hardware Security Modules for Protecting Embedded Systems Marko Wolf, ESCRYPT GmbH Embedded Security, Munich, Germany André Weimerskirch, ESCRYPT Inc. Embedded Security, Ann Arbor, USA 1 Introduction &
Technical Challenges for Big Health Care Data. Donald Kossmann Systems Group Department of Computer Science ETH Zurich
Technical Challenges for Big Health Care Data Donald Kossmann Systems Group Department of Computer Science ETH Zurich What is Big Data? technologies to automate experience Purpose answer difficult questions
Cryptography & Network Security. Introduction. Chester Rebeiro IIT Madras
Cryptography & Network Security Introduction Chester Rebeiro IIT Madras The Connected World 2 Information Storage 3 Increased Security Breaches 81% more in 2015 http://www.pwc.co.uk/assets/pdf/2015-isbs-executive-summary-02.pdf
Keywords Cloud Computing, CRC, RC4, RSA, Windows Microsoft Azure
Volume 3, Issue 11, November 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Cloud Computing
Intel Identity Protection Technology Enabling improved user-friendly strong authentication in VASCO's latest generation solutions
Intel Identity Protection Technology Enabling improved user-friendly strong authentication in VASCO's latest generation solutions June 2013 Dirk Roziers Market Manager PC Client Services Intel Corporation
Cloud: Where are we now? Gerald Gerry Seaman Cloud Marketing Manager Intel - Data Center Group Enterprise High Performance Group
Cloud: Where are we now? Gerald Gerry Seaman Cloud Marketing Manager Intel - Data Center Group Enterprise High Performance Group Why is Intel Talking Cloud? Service and Policy Management Analytics Cloud
Networking Virtualization Using FPGAs
Networking Virtualization Using FPGAs Russell Tessier, Deepak Unnikrishnan, Dong Yin, and Lixin Gao Reconfigurable Computing Group Department of Electrical and Computer Engineering University of Massachusetts,
Xeon+FPGA Platform for the Data Center
Xeon+FPGA Platform for the Data Center ISCA/CARL 2015 PK Gupta, Director of Cloud Platform Technology, DCG/CPG Overview Data Center and Workloads Xeon+FPGA Accelerator Platform Applications and Eco-system
Data Center and Cloud Computing Market Landscape and Challenges
Data Center and Cloud Computing Market Landscape and Challenges Manoj Roge, Director Wired & Data Center Solutions Xilinx Inc. #OpenPOWERSummit 1 Outline Data Center Trends Technology Challenges Solution
Cloud Terminal: Secure Access to Sensitive Applications from Untrusted Systems
Cloud Terminal: Secure Access to Sensitive Applications from Untrusted Systems Lorenzo Martignoni, Pongsin Poosankam, y Matei Zaharia, Jun Han, y Stephen McCamant, Dawn Song, Vern Paxson, Adrian Perrig,
IoT Security Concerns and Renesas Synergy Solutions
IoT Security Concerns and Renesas Synergy Solutions Simon Moore CTO - Secure Thingz Ltd Agenda Introduction to Secure.Thingz. The Relentless Attack on the Internet of Things Building protection with Renesas
Confidentio. Integrated security processing unit. Including key management module, encryption engine and random number generator
Confidentio Integrated security processing unit Including key management module, encryption engine and random number generator Secure your digital life Confidentio : An integrated security processing unit
Horst Görtz Institute for IT-Security
Horst Görtz Institute for IT-Security On the Vulnerability of FPGA Bitstream Encryption against Power Analysis Attacks Extracting Keys from Xilinx Virtex-II FPGAs Amir Moradi, Alessandro Barenghi, Timo
CRYPTOGRAPHY AS A SERVICE
CRYPTOGRAPHY AS A SERVICE Peter Robinson RSA, The Security Division of EMC Session ID: ADS R01 Session Classification: Advanced Introduction Deploying cryptographic keys to end points such as smart phones,
TrustNet CryptoFlow. Group Encryption WHITE PAPER. Executive Summary. Table of Contents
WHITE PAPER TrustNet CryptoFlow Group Encryption Table of Contents Executive Summary...1 The Challenges of Securing Any-to- Any Networks with a Point-to-Point Solution...2 A Smarter Approach to Network
Verfahren zur Absicherung von Apps. Dr. Ullrich Martini IHK, 4-12-2014
Verfahren zur Absicherung von Apps Dr. Ullrich Martini IHK, 4-12-2014 Agenda Introducing G&D Problem Statement Available Security Technologies Smartcard Embedded Secure Element Virtualization Trusted Execution
Cloud Data Center Acceleration 2015
Cloud Data Center Acceleration 2015 Agenda! Computer & Storage Trends! Server and Storage System - Memory and Homogenous Architecture - Direct Attachment! Memory Trends! Acceleration Introduction! FPGA
SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES
SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES Contents Introduction... 3 DRM Threat Model... 3 DRM Flow... 4 DRM Assets... 5 Threat Model... 5 Protection of
Cloud Computing through Virtualization and HPC technologies
Cloud Computing through Virtualization and HPC technologies William Lu, Ph.D. 1 Agenda Cloud Computing & HPC A Case of HPC Implementation Application Performance in VM Summary 2 Cloud Computing & HPC HPC
Cut Network Security Cost in Half Using the Intel EP80579 Integrated Processor for entry-to mid-level VPN
Cut Network Security Cost in Half Using the Intel EP80579 Integrated Processor for entry-to mid-level VPN By Paul Stevens, Advantech Network security has become a concern not only for large businesses,
CoProcessor Design for Crypto- Applications using Hyperelliptic Curve Cryptography
CoProcessor Design for Crypto- Applications using Hyperelliptic Curve Cryptography 28. Februar 2008 Alexander Klimm, Oliver Sander, Jürgen Becker Institut für Technik der Informationsverarbeitung Sylvain
How to Drop your Anchor
How to Drop your Anchor Enabling Trust in Cloud-Based Services Andreas Curiger CTO Securosys SA DIGS DC Day, Sep 16, 2015 10:30-10:55 The Promising World of Cloud Computing Cloud computing offers network
Property Based TPM Virtualization
Property Based Virtualization Marcel Winandy Joint work with: Ahmad Reza Sadeghi, Christian Stüble Horst Görtz Institute for IT Security Chair for System Security Ruhr University Bochum, Germany Sirrix
Copyright 2013, Oracle and/or its affiliates. All rights reserved.
1 Oracle SPARC Server for Enterprise Computing Dr. Heiner Bauch Senior Account Architect 19. April 2013 2 The following is intended to outline our general product direction. It is intended for information
SALSA Flash-Optimized Software-Defined Storage
Flash-Optimized Software-Defined Storage Nikolas Ioannou, Ioannis Koltsidas, Roman Pletka, Sasa Tomic,Thomas Weigold IBM Research Zurich 1 New Market Category of Big Data Flash Multiple workloads don t
Akuda Labs. Leverages Peak Hosting s Operations-as-a-Service Managed Hosting Solution to Process Big Data Analytics 500 Faster without Big Costs
Akuda Labs Leverages Peak Hosting s Operations-as-a-Service Managed Hosting Solution to Process Big Data Analytics 500 Faster without Big Costs INDUSTRY: BIG DATA ANALYTICS This case study provides a high-level
PLATFORM ENCRYPTlON ARCHlTECTURE. How to protect sensitive data without locking up business functionality.
PLATFORM ENCRYPTlON ARCHlTECTURE How to protect sensitive data without locking up business functionality. 1 Contents 03 The need for encryption Balancing data security with business needs Principles and
IMPROVED SECURITY MEASURES FOR DATA IN KEY EXCHANGES IN CLOUD ENVIRONMENT
INTERNATIONAL JOURNAL OF RESEARCH IN COMPUTER APPLICATIONS AND ROBOTICS ISSN 2320-7345 IMPROVED SECURITY MEASURES FOR DATA IN KEY EXCHANGES IN CLOUD ENVIRONMENT Merlin Shirly T 1, Margret Johnson 2 1 PG
Zadara Storage Cloud A whitepaper. @ZadaraStorage
Zadara Storage Cloud A whitepaper @ZadaraStorage Zadara delivers two solutions to its customers: On- premises storage arrays Storage as a service from 31 locations globally (and counting) Some Zadara customers
Alliance Key Manager Solution Brief
Alliance Key Manager Solution Brief KEY MANAGEMENT Enterprise Encryption Key Management On the road to protecting sensitive data assets, data encryption remains one of the most difficult goals. A major
Dell Cloud Services. Services
Dell Cloud Services Services The Cloud is Key Foundation of ITaaS Traditional Virtualized Private Cloud Distribution Today Public Cloud Distribution in 3 5 Years A mix of architectures can be employed
Capstone Overview Architecture for Big Data & Machine Learning. Debbie Marr ICRI-CI 2015 Retreat, May 5, 2015
Capstone Overview Architecture for Big Data & Machine Learning Debbie Marr ICRI-CI 2015 Retreat, May 5, 2015 Accelerators Memory Traffic Reduction Memory Intensive Arch. Context-based Prefetching Deep
Accelerate Cloud Computing with the Xilinx Zynq SoC
X C E L L E N C E I N N E W A P P L I C AT I O N S Accelerate Cloud Computing with the Xilinx Zynq SoC A novel reconfigurable hardware accelerator speeds the processing of applications based on the MapReduce
Enabling Security in ProASIC 3 FPGAs with Hardware and Software Features
Enabling Security in ProASIC 3 FPGAs with Hardware and Software Features Hans Schmitz Area Technical Manager / Field Applications Engineer September 2, 2009 Abstract Two types of security features available
NEW HORIZON COLLEGE OF ENGINEERING, BANGALORE CLOUD COMPUTING ASSIGNMENT-1. 1. Explain any six benefits of Software as Service in Cloud computing?
NEW HORIZON COLLEGE OF ENGINEERING, BANGALORE CLOUD COMPUTING ASSIGNMENT-1 1. Explain any six benefits of Software as Service in Cloud computing? 2. List the different cloud applications available in the
Management by Network Search
Management by Network Search Misbah Uddin, Prof. Rolf Stadler KTH Royal Institute of Technology, Sweden Dr. Alex Clemm Cisco Systems, CA, USA November 11, 2014 ANRP Award Talks Session IETF 91 Honolulu,
Secure Network Communications FIPS 140 2 Non Proprietary Security Policy
Secure Network Communications FIPS 140 2 Non Proprietary Security Policy 21 June 2010 Table of Contents Introduction Module Specification Ports and Interfaces Approved Algorithms Test Environment Roles
CSE543 Computer and Network Security Module: Cloud Computing
CSE543 Computer and Network Security Module: Computing Professor Trent Jaeger 1 Computing Is Here Systems and Internet Infrastructure Security (SIIS) Laboratory 2 Computing Is Here Systems and Internet
Efficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms
Efficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms Radhika G #1, K.V.V. Satyanarayana *2, Tejaswi A #3 1,2,3 Dept of CSE, K L University, Vaddeswaram-522502,
EDA385 Embedded Systems Design. Advanced Course
EDA385 Embedded Systems Design. Advanced Course Encryption for Embedded Systems Supervised by Flavius Gruian Submitted by Ahmed Mohammed Youssef (aso10ayo) Mohammed Shaaban Ibraheem Ali (aso10mib) Orges
Lightweight Cryptography. Lappeenranta University of Technology
Lightweight Cryptography Dr Pekka Jäppinen Lappeenranta University of Technology Outline Background What is lightweight Metrics Chip area Performance Implementation tradeoffs Current situation Conclusions
RAID. RAID 0 No redundancy ( AID?) Just stripe data over multiple disks But it does improve performance. Chapter 6 Storage and Other I/O Topics 29
RAID Redundant Array of Inexpensive (Independent) Disks Use multiple smaller disks (c.f. one large disk) Parallelism improves performance Plus extra disk(s) for redundant data storage Provides fault tolerant
NCTA Cloud Architecture
NCTA Cloud Architecture Course Specifications Course Number: 093019 Course Length: 5 days Course Description Target Student: This course is designed for system administrators who wish to plan, design,
Security Protocols/Standards
Security Protocols/Standards Security Protocols/Standards Security Protocols/Standards How do we actually communicate securely across a hostile network? Provide integrity, confidentiality, authenticity
Windows Server 2008 R2 Boot Manager Security Policy For FIPS 140-2 Validation
Boot Manager Security Policy Windows Server 2008 R2 Boot Manager Security Policy For FIPS 140-2 Validation v 1.3 6/8/11 1 INTRODUCTION... 1 1.1 Cryptographic Boundary for BOOTMGR... 1 2 SECURITY POLICY...
Best Practises for LabVIEW FPGA Design Flow. uk.ni.com ireland.ni.com
Best Practises for LabVIEW FPGA Design Flow 1 Agenda Overall Application Design Flow Host, Real-Time and FPGA LabVIEW FPGA Architecture Development FPGA Design Flow Common FPGA Architectures Testing and
Key & Data Storage on Mobile Devices
Key & Data Storage on Mobile Devices Advanced Computer Networks 2015/2016 Johannes Feichtner johannes.feichtner@iaik.tugraz.at Outline Why is this topic so delicate? Keys & Key Management High-Level Cryptography
Before we can talk about virtualization security, we need to delineate the differences between the
1 Before we can talk about virtualization security, we need to delineate the differences between the terms virtualization and cloud. Virtualization, at its core, is the ability to emulate hardware via
Secure Hardware PV018 Masaryk University Faculty of Informatics
Secure Hardware PV018 Masaryk University Faculty of Informatics Jan Krhovják Vašek Matyáš Roadmap Introduction The need of secure HW Basic terminology Architecture Cryptographic coprocessors/accelerators
Intel Ethernet Switch Load Balancing System Design Using Advanced Features in Intel Ethernet Switch Family
Intel Ethernet Switch Load Balancing System Design Using Advanced Features in Intel Ethernet Switch Family White Paper June, 2008 Legal INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL
Application Security: Threats and Architecture
Application Security: Threats and Architecture Steven M. Bellovin smb@cs.columbia.edu http://www.cs.columbia.edu/ smb Steven M. Bellovin August 4, 2005 1 We re from the Security Area, and We re Here to
Flash Use Cases Traditional Infrastructure vs Hyperscale
Flash Use Cases Traditional Infrastructure vs Hyperscale Steve Knipple, CTO / VP Engineering Atmosera : Global Hybrid Managed Services Provider Agenda Speaker Perspective The Infrastructure Market Traditional
SOFTWARE-DEFINED: MAKING CLOUDS MORE EFFICIENT. Julian Chesterfield, Director of Emerging Technologies
SOFTWARE-DEFINED: MAKING CLOUDS MORE EFFICIENT Julian Chesterfield, Director of Emerging Technologies DEFINING SOFTWARE DEFINED! FLEXIBILITY IN SOFTWARE Leveraging commodity CPU cycles to provide traditional
HANIC 100G: Hardware accelerator for 100 Gbps network traffic monitoring
CESNET Technical Report 2/2014 HANIC 100G: Hardware accelerator for 100 Gbps network traffic monitoring VIKTOR PUš, LUKÁš KEKELY, MARTIN ŠPINLER, VÁCLAV HUMMEL, JAN PALIČKA Received 3. 10. 2014 Abstract
Oracle Database Reliability, Performance and scalability on Intel Xeon platforms Mitch Shults, Intel Corporation October 2011
Oracle Database Reliability, Performance and scalability on Intel platforms Mitch Shults, Intel Corporation October 2011 1 Intel Processor E7-8800/4800/2800 Product Families Up to 10 s and 20 Threads 30MB
Secure Cloud Computing with FlexCloud
Department of Computer Science Institute of Systems Architecture Chair of Computer Networks Secure Cloud Computing with FlexCloud Dr.-Ing. Anja Strunk DAAD Summer School CTDS 2012 Sousse, Tunisia 07.09.2012
Cloud Security Case Study Amazon Web Services. Ugo Piazzalunga Technical Manager, IT Security ugo.piazzalunga@safenet-inc.com
Cloud Security Case Study Amazon Web Services Ugo Piazzalunga Technical Manager, IT Security ugo.piazzalunga@safenet-inc.com Agenda 1. Amazon Web Services challenge 2. Virtual Instances and Virtual Storage
AppliedMicro Trusted Management Module
AppliedMicro Trusted Management Module Majid Bemanian, Sr. Director of Marketing, Applied Micro Processor Business Unit July 12, 2011 Celebrating 20 th Anniversary of Power Architecture 1 AppliedMicro
IBM Platform Computing Cloud Service Ready to use Platform LSF & Symphony clusters in the SoftLayer cloud
IBM Platform Computing Cloud Service Ready to use Platform LSF & Symphony clusters in the SoftLayer cloud February 25, 2014 1 Agenda v Mapping clients needs to cloud technologies v Addressing your pain
Security Design. thm@informatik.uni-rostock.de http://wwwiuk.informatik.uni-rostock.de/
Security Design thm@informatik.uni-rostock.de http://wwwiuk.informatik.uni-rostock.de/ Content Security Design Analysing Design Requirements Resource Separation a Security Zones VLANs Tuning Load Balancing
Public Cloud Security: Surviving in a Hostile Multitenant Environment
Public Cloud Security: Surviving in a Hostile Multitenant Environment SESSION ID: EXP-R01 Mark Russinovich Technical Fellow Windows Azure, Microsoft @markrussinovich The Third Computing Era Security Could
Embedded Virtualization & Cyber Security for Industrial Automation HyperSecured PC-based Control and Operation
Embedded Virtualization & Cyber Security for Industrial Automation HyperSecured PC-based Control and Operation Industrial controllers and HMIs today mostly lack protective functions for their IT and network
Using Data Encryption to Achieve HIPAA Safe Harbor in the Cloud
Using Data Encryption to Achieve HIPAA Safe Harbor in the Cloud 1 Contents The Obligation to Protect Patient Data in the Cloud................................................... Complying with the HIPAA
Network Security. Chapter 9 Integrating Security Services into Communication Architectures
Network Security Chapter 9 Integrating Security Services into Communication Architectures Network Security (WS 00): 09 Integration of Security Services Motivation: What to do where?! Analogous to the methodology
Secure Services and Quality Testing SST. Security Engineering Privacy by Design Trusted Solutions. Mario Hoffmann. for Service Ecosystems
Secure Services and Quality Testing SST Security Engineering Privacy by Design Trusted Solutions for Service Ecosystems Mario Hoffmann Head of Department Fraunhofer AISEC in a nutshell Fraunhofer Profile
Technical Brief Distributed Trusted Computing
Technical Brief Distributed Trusted Computing Josh Wood Look inside to learn about Distributed Trusted Computing in Tectonic Enterprise, an industry-first set of technologies that cryptographically verify,
How To Teach A Cyber Security Course
AN OFFLINE CAPTURE THE FLAG-STYLE VIRTUAL MACHINE FOR CYBER SECURITY EDUCATION Tom Chothia Chris Novakovic University of Birmingham Introduction A VM to support cyber security education. The VM creates
SimpliVity OmniStack with Vormetric Transparent Encryption
SimpliVity OmniStack with Vormetric Transparent Encryption Page 1 of 12 Table of Contents Executive Summary... 3 Audience... 3 Solution Overview... 3 Simplivity Introduction... 3 Why Simplivity For Virtualized
AN OFFLINE CAPTURE THE FLAG-STYLE VIRTUAL MACHINE FOR CYBER SECURITY EDUCATION
AN OFFLINE CAPTURE THE FLAG-STYLE VIRTUAL MACHINE FOR CYBER SECURITY EDUCATION Tom Chothia Chris Novakovic University of Birmingham Introduction A VM to support cyber security education. The VM creates
Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)
Security Protocols Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic
The Engine for Digital Transformation in the Data Center
product brief The Engine for Digital Transformation in the Data Center Intel Xeon Processor E5-2600 v4 Product Family From individual servers and workstations to clusters, data centers, and clouds, IT
Driving Datacenter Change
Driving Datacenter Change Storage Opportunities in the Cloud Mike Cordano President, HGST, a Western Digital company September 13, 2012 SAFE HARBOR Forward Looking Statements These presentations contain
Intel Ethernet and Configuring Single Root I/O Virtualization (SR-IOV) on Microsoft* Windows* Server 2012 Hyper-V. Technical Brief v1.
Intel Ethernet and Configuring Single Root I/O Virtualization (SR-IOV) on Microsoft* Windows* Server 2012 Hyper-V Technical Brief v1.0 September 2012 2 Intel Ethernet and Configuring SR-IOV on Windows*
Performance Oriented Management System for Reconfigurable Network Appliances
Performance Oriented Management System for Reconfigurable Network Appliances Hiroki Matsutani, Ryuji Wakikawa, Koshiro Mitsuya and Jun Murai Faculty of Environmental Information, Keio University Graduate
Computer Science. About PaaS Security. Donghoon Kim Henry E. Schaffer Mladen A. Vouk
About PaaS Security Donghoon Kim Henry E. Schaffer Mladen A. Vouk North Carolina State University, USA May 21, 2015 @ ICACON 2015 Outline Introduction Background Contribution PaaS Vulnerabilities and Countermeasures
Secure web transactions system
Secure web transactions system TRUSTED WEB SECURITY MODEL Recently, as the generally accepted model in Internet application development, three-tier or multi-tier applications are used. Moreover, new trends
Architekturen und Einsatz von FPGAs mit integrierten Prozessor Kernen. Hans-Joachim Gelke Institute of Embedded Systems Professur für Mikroelektronik
Architekturen und Einsatz von FPGAs mit integrierten Prozessor Kernen Hans-Joachim Gelke Institute of Embedded Systems Professur für Mikroelektronik Contents Überblick: Aufbau moderner FPGA Einblick: Eigenschaften
Distributed and Cloud Computing
Distributed and Cloud Computing K. Hwang, G. Fox and J. Dongarra Chapter 3: Virtual Machines and Virtualization of Clusters and datacenters Adapted from Kai Hwang University of Southern California March
Certifying Program Execution with Secure Processors
Certifying Program Execution with Secure Processors Benjie Chen Robert Morris MIT Laboratory for Computer Science {benjie,rtm}@lcs.mit.edu Abstract Cerium is a trusted computing architecture that protects
Daniel Meier, May 2011
Daniel Meier, May 2011 1. Introduction 2. Hardware Consolidation 3. Legacy Migration 4. Mobile Enterprises 5. Conclusion & Status Quo 6. Questions & Discussion Hardware and platform virtualization in desktop
Proposal for Virtual Private Server Provisioning
Interpole Solutions 1050, Sadguru Darshan, New Prabhadevi Road, Mumbai - 400 025 Tel: 91-22-24364111, 24364112 Email : response@interpole.net Website: www.interpole.net Proposal for Virtual Private Server
Infrastructure Matters: POWER8 vs. Xeon x86
Advisory Infrastructure Matters: POWER8 vs. Xeon x86 Executive Summary This report compares IBM s new POWER8-based scale-out Power System to Intel E5 v2 x86- based scale-out systems. A follow-on report
ESPRESSO: An Encryption as a Service for Cloud Storage Systems
8th International Conference on Autonomous Infrastructure, Management and Security ESPRESSO: An Encryption as a Service for Cloud Storage Systems Kang Seungmin 30 th Jun., 2014 Outline Introduction and
Michael Kagan. michael@mellanox.com
Virtualization in Data Center The Network Perspective Michael Kagan CTO, Mellanox Technologies michael@mellanox.com Outline Data Center Transition Servers S as a Service Network as a Service IO as a Service
Intel Identity Protection Technology (IPT)
Intel Identity Protection Technology (IPT) Enabling improved user-friendly strong authentication in VASCO's latest generation solutions June 2013 Steve Davies Solution Architect Intel Corporation 1 Copyright
Department of Computer Science Better than Native: Using Virtualization to Improve Compute Node Performance
Better than Native: Using Virtualization to Improve Compute Node Performance Brian Kocoloski Jack Lange Department of Computer Science University of Pittsburgh 6/29/2012 1 Linux is becoming the dominant
IoT Security Platform
IoT Security Platform 2 Introduction Wars begin when the costs of attack are low, the benefits for a victor are high, and there is an inability to enforce law. The same is true in cyberwars. Today there
Entrust Smartcard & USB Authentication
Entrust Smartcard & USB Authentication Technical Specifications Entrust IdentityGuard smartcard- and USB-based devices allow organizations to leverage strong certificate-based authentication of user identities
Storage XenMotion: Live Storage Migration with Citrix XenServer
Storage XenMotion: Live Storage Migration with Citrix XenServer Enabling cost effective storage migration and management strategies for enterprise and cloud datacenters www.citrix.com Table of Contents
FIPS 140-2 Security Policy. for Motorola, Inc. Motorola Wireless Fusion on Windows CE Cryptographic Module
FIPS 140-2 Security Policy for Motorola, Inc Motorola Wireless Fusion on Windows CE Cryptographic Module Hybrid Module Software Component Version: 3.00.0 Hardware Component Version: CX 55222 Document Version
USB Portable Storage Device: Security Problem Definition Summary
USB Portable Storage Device: Security Problem Definition Summary Introduction The USB Portable Storage Device (hereafter referred to as the device or the TOE ) is a portable storage device that provides
Harvesting Developer Credentials in Android Apps
8 th ACM Conference on Security and Privacy in Wireless and Mobile Networks, New York City, Jun 24-26 Harvesting Developer Credentials in Android Apps Yajin Zhou, Lei Wu, Zhi Wang, Xuxian Jiang Florida
Control your corner of the cloud.
Chapter 1 of 5 Control your corner of the cloud. From the halls of government to the high-rise towers of the corporate world, forward-looking organizations are recognizing the potential of cloud computing