Clouds-of-Clouds: Segurança e Confiança no

Size: px
Start display at page:

Download "Clouds-of-Clouds: Segurança e Confiança no"

Transcription

1 Clous-of-Clous: Segurança e Confiança no Funcionamento nas Nuvens Miguel P. Correia Trabalho conjunto com A. Bessani, F. Rocha, B. Quaresma, F. Anré, P. Sousa (Universiae e Lisboa, Fac. Ciências) UNICAMP, 3 e Maio e 2011 Clou computing (public clou) Clou provier vs clou users Funamental ieas Computing as a utility Pay-as-you-go Resource pooling Elasticity Large-scale atacenters 2 1

2 Clou computing moels Service moels: Infrastructure as a Service (IaaS): virtual machines, storage (e.g., Amazon EC2, Amazon S3) Platform as a Service (PaaS): programming an execution (e.g., Google AppEngine, Force.com, Winows Azure) Software as a Service (SaaS): mostly web applications (e.g., Yahoo! Mail, Google ocs, Facebook, ) 3 Security in the clou (from the user viewpoint) Security is a key aspect of clou computing Reason in favor an against aoption Recall the three attributes all important in the clou Confientiality no isclosure of ata to unauthorize entities Integrity no unauthorize moifications of the system or ata Availability reainess of the system to provie its service Challenges The system is no longer in the organization premises The system is share with other users The access is mae through the internet 4 2

3 Outline Security threats in the clou Stealing confiential ata in the clou epsky: epenable an Secure Storage in a Clou-of-Clous epsky Evaluation Conclusions 5 Security threats in the clou 6 3

4 Unavailability Problems in the Internet relatively frequent Congestion Problems in the equipment of client or ISP (routers, etc.) More global problems (Cisco bug + RIPE NCC test Aug. 2010) Problems at the clou (e.g., Google AppEngine, Apr. 2011) enial of service attacks (e.g., Amazon EC2 2009) 7 Loss an corruption of ata Can happen in the clou as anywhere else anger Inc. / Sieckick lost contacts, notes, photos etc. of its clients; took ays to recover them (Oct. 2009) Ma.gnolia lost all ata from all clients, half TB (Feb.2009) 8 4

5 Attacks through management interface In the clou the attack surface is expane with the clou management interface Control/monitoring of virtual machines, users, etc. Web console, web services, REST Attacks through the interface Vulnerabilities that allow personification of legitimate user: CSRF, SQL injection, etc. Microsoft, Secure Use of Clou Storage, July 2010 Phishing / social engineering to obtain authentication creentials 9 Attacks against the billing scheme Billing is a function of the usage of Virtual machines/hour, traffic receive/sent, CPU time consume Certain attacks can cost irectly money: High number of accesses/requests/ Some clou services use automatically more resources if the usage increases (elasticity) Relate to os attacks) Also through the management interface Attacker requires allocation of, e.g.,1 million VMs 10 5

6 Attacks between VMs In IaaS, VMs of several users can share the same physical machine Innocent Attacker s (co-resience) Only recently Amazon starte allowing a VM VM user to ask for no co-resience Server Attack in two steps The attacker instantiates several VMs until co-resience with the victim is achieve The attacker s VM attacks the victim e.g., using a vulnerability in the hypervisor or using share resources to obtain confiential information 11 Confientiality/privacy violation ata is in the clou provier s machines The provier may be truste; there are legal efenses; but There can be a malicious insier Can capture passwors, private keys, software, etc. Not specific in the clou, but the clou operators are unknown/ ata can t be encrypte (or it can t be processe) 12 6

7 Stealing confiential ata in the clou Lucy in the Sky without iamons: Stealing Confiential ata in the Clou, F. Rocha, M. Correia, CV 2011 (with SN 11) 13 Motivation Many people on t unerstan/believe attacks can happen Same as years ago with critical infrastructure protection: Researchers launche an experimental cyber attack that cause a generator to self-estruct sponsore by the US HS 14 6/3/2011 7

8 Infrastructure as a Service an Virtualization Servers run an Hypervisor (or VMM) that supports the execution of several Virtual Machines (VMs) VMs have the illusion of running on top of the harware so they have their own OS om Xen 15 6/3/2011 What can the aministrators o in commercial IaaS? We have to guess from info available Amazon EC2, open source implementations (Open Stack, Open Nebula, Eucalyptus ) Some aministration operations: Instantiate VM, elete VM Login in the management VM of the servers Migrate VMs to other servers Take memory snapshots (neee for migration) Mount file systems (neee for backups) This is what can be available to a malicious insier! 16 6/3/2011 8

9 What we i We run several attacks to emonstrate that it is possible to access the clou user s ata That was the initial objective; we ve shown that it s easy! In the attacks, the clou was a single machine Xen, om 0 was Linux (Ubuntu) Only 1 VM (victim) with Linux an the Apache web server Attack moel Malicious insier with access to the management VM (om 0) Attacker has no login in the victim VM 17 6/3/2011 Attack 1: Cleartext passwors in memory snapshots Trivial: just take a snapshot (umpcore) an look for passwors! $ xm ump-core 2 -L luciomu.ump umping core of omain: 2... $ cat luciomu.ump strings grep loginpw loginpw loginpw $ cat luciomu.ump strings grep apachersapw apachersapw apachersapw apachersapw 18 9

10 Attack 2: Obtaining private keys using memory snapshots (1) isclosing such keys has a high security impact e.g., they re use the authenticate a Apache web server Private keys are numbers; looking for a number in memory shoul be like looking for a neele in a haystack But keys are usually store in a stanar format, e.g., PKCS#1 In PKCS#1 a key is an ASN.1 object Inclues 0x30 an the sequence ; can be foun! We use rsakeyfin that comes in package with the same name (available for several Linux istributions) There can be false positives but we foun none 19 Attack 2: Obtaining private keys using memory snapshots (2) $ xm ump-core 2 -L luciomu.ump umping core of omain: 2... $ rsakeyfin luciomu.ump foun private key at 1b061e8 version = 00 moulus = f8 9 e2 be 4a 2b 6 be 9f e 46 b 5a... publicexponent = privateexponent =... prime1 =... prime2 =

11 Attack 3: Extracting confiential ata from the har isk Assumes Logical Volume Manager (LVM) is use Manages logical volumes on top of physical vols. Attack is similar to making a backup: $ lvcreate -L 2G -s -n lv_st /ev/main_vol/omu Logical volume lv_st create $ kpartx -av /ev/main_vol/lv_st... $ vgscan Search for LVM volumes Foun volume group LuciomU $ vgchange -ay LuciomU A ti t th h t l $ mount /ev/luciomu/root /mnt/ Now, copy files, Create snapshot of the victim VM rive as a new volume As partition map to the new vol. Activate the snapshot volume 21 6/3/2011 A futuristic IaaS clou (1) Uses an truste hypervisor an a Truste Platform Moule (TPM) in each server TPM: a tamperproof chip now available in many PCs Provies a set of simple security functions Assume a configuration known goo by the clou user Configuration = {hypervisor, om 0} Known goo because oes not support mem/isk shapshots uring the boot process, each component stores in the TPM a hash of the next one to be loae In some of the Platform Configuration Registers (PCR) e.g., PCR-01 hash(hypervisor) an PCR-02 hash(om 0) TPM is tamperproof, PCRs can t be moifie (only extene ) 22 6/3/

12 A futuristic IaaS clou (2) What s that goo for? For remote attestation: the user can obtain a proof that the configuration is the known goo Get the PCRs signe by the TPM 23 Attack 4: Virtual machine migration in the futuristic clou Attestation can show that the hypervisor/om 0 have a set of angerous functionality isable; however, migration can t be isable Attack: 1- Attacker lets the victim VM be installe in a server with a truste hypervisor 2- Attacker waits until attestation finishe, then migrates the VM into a server with an hypervisor that it controls 3- Attacker runs any of the previous attacks 24 6/3/

13 More attacks These attacks are against confientiality Attacks against availability are even simpler, e.g., elete VM(s) Attacks against ata an coe integrity are also possible 25 6/3/2011 Solutions from the clou proviers Taken from Clou Computing Rountable IEEE Security & Privacy Nov/ec irectors/senior people from: Google, Microsoft, Cisco, Amazon, Clou Security Alliance No physical access But all attacks we saw can be one remotely Logging all accesses to the servers with users ata Takes place after the attack has happene What if the attacker that was fire or left voluntarily? Zero tolerance policy for insiers that access ata Same as the previous there re some things that will never go into Azure, for example, our SAP back en 26 6/3/

14 epsky: epenable an Secure Storage in a Clou-of-Clous EPSKY: epenable an Secure Storage in a Clou-of-Clous, A. Bessani, M. Correia, B. Quaresma, F. Anré, P. Sousa, EuroSys Securing the clou Two options: 1) Improve the clou infrastructure 2) Use several clou proviers (clou-of-clous) 28 14

15 Benefits of replication in several clous atacenter an clou outages Venor lock-in ata corruption Bugs Malicious insiers Attacks an intrusions Better rea performance Amazon S3 Critical System Rackspace Winows Azure 29 Clou-of-Clous object storage Clou-of-Clous provies same service as single clou Amazon S3 Nirvanix Rackspace Winows Azure 30 15

16 epsky esign principles 1. No trust on iniviual clou proviers istribute trust is built by using multiple clous 2. Use storage clous as they are No server-sie coe on the replication protocols 3. ata is upatable Quorum replication protocols for consistency 31 Key challenges How to implement an efficient replication protocol using only passive storage noes? rea How to make it afforable? write 32 16

17 epsky interface write(ata_unit, ata) rea(ata_unit) Object Storage create(ata_unit) estroy(ata_unit) lock(ata_unit, ) unlock(ata_unit) unit) etails in the paper garbagecollect(ata_unit, ) reconfigure(ata_unit, ) 33 System moel Asynchronous istribute system Faults Clous can be unavailable, corrupt or estroy ata Reaers can o whatever they want Writers can crash an recover n = 3f +1 clous to tolerate f faults In practice: f = 1 Symmetric an asymmetric cryptography Byzantine faults 34 17

18 ata moel Multiple Reaers Pub Single Writer Priv U Sign (Version+ata) Version Verification ata Pub Pub single-writer multi-reaer regular register (but multiple writers are supporte through a locking algorithm) 35 ata moel implementation 36 18

19 Rea/Write protocols an quorums f-issemination Byzantine quorum systems [Malkhi & Reiter 1998] quorums of 2f+1 servers out-of 3f+1 servers ata is self-verifiable (signe) f+1 servers in the intersection write quorum rea quorum Clou A Clou B Clou C Clou 37 6/3/2011 Write protocol ahs WRITE ATA ACK WRITE METAATA ACK Clou A ahs ahs Clou B ahs ahs Clou C ahs ahs Clou ahs ahs 38 19

20 Rea protocol Clou A Clou B Clou C Clou REA METAATA ahs ahs ahs ahs ahs METAATA highest version number REA ATA ATA ata will be fetche from other clous if neee 39 Why oes it work? WRITE METAATA ahs ATA REA Key property: if metaata pointing to is rea, can be rea 40 20

21 Problems of the solution so far Limitations: ata 1. ata is accessible by clou proviers 2. Requires n ata storage space Clou A Clou B Clou C Clou ata ata ata ata 41 Combining erasure coes an secret sharing ata encrypt generate K key isperse share F 1 F 2 F 3 F 4 S 1 S 2 S 3 S 4 Clou A Clou B Clou C Clou F 1 S 1 F 2 S 2 F 3 S 3 F 4 S 4 Inverse process for reaing from f+1 shares/fragments Secret sharing not neee if key istribution is available 42 21

22 Consistency proportionality The consistency provie by epsky is the same as the base storage clous If the weakest consistency clou provies eventual consistency, epsky provies eventual consistency If the weakest consistency clou provies rea your writes, epsky provies rea your writes If the weakest consistency clou provies regular storage, epsky provies regular storage This notion may be useful for other systems 43 epsky Evaluation 44 6/3/

23 epsky performance Prototype: 3K locs (Java), REST/HTTPS Experimental Setup Two epsky versions: A (epsky) an CA (epsky with confientiality) Four commercial storage Clous: S3 (Amazon S3), WA (Winows Azure), NX (Nirvanix SN) an RS (Rackspace) Clients sprea through 8 PlanetLab sites aroun the worl Three clients on each site, reaing/writing ata units of three sizes (100kb, 1Mb an 10Mb) reas/writes between Sep. 10 th an Oct. 7 th 2010 Experiments cost: ~ epsky operation costs ($) Operation epsky- Amazon Rackspace Win. Azure Nirvanixi CA S3 10K Reas K Writes Monetary costs (in US) for 1Mb ata unity an four clous Rea cost is the same of reaing from the less expensive clou Write cost is the cost of writing 50% of the U size on each clou These costs on t inclue ata storage 46 23

24 epsky storage costs ($) Plain replication Erasure coes epsky-ca storage cost (1M ata unit) = 2 (Avg. iniviual clou cost per GB/month) 47 epsky latency (100kb U) epsky rea latency is close to the clou with the best latency epsky write latency is close to the clou with the worst latency 48 24

25 epsky performance: other aspects Secret sharing latency overhea < 0.1% Effectiveness of rea optimization Fetch ata first from the clous that returne metaata faster Effective in 83% (A) an 68% (CA) of reas Throughput per client: kb/s (rea) an kb/s (write) Orers of magnitue smaller than LAN BFT storage systems [Henricks et al 2007] Clou aggregate throughput may be infinite 49 epsky perceive availability Apparently, some clous on t provie the promise 5 or 6 9 s of availability Internet availability plays an important role 50 25

26 Conclusions 51 Conclusions Clou security is a problem, especially vis-à-vis a malicious insier He/she can run several simple but harsh attacks epsky: Clou-of-clous storage with untruste clous Techniques: Byzantine quorum systems (integrity an availability), erasure coes (storage efficiency) an secret sharing (confientiality) Can be use on storage clous as they are Can be basis for more complex storage systems (e.g., file system) A use case for Byzantine fault tolerance iversity alreay there 52 26

27 Conclusions Costs Benefits Four clous are neee to tolerate a single faulty clou Reas are faster than single clou reas Writes are slower than single clou writes Monetary costs roughly twice the average costs of iniviual clous It can be improve: ata oesn t nee to be in all 3f+1 clous 53 Publiciae: sanuíche/pós-oc no Instituto Superior Técnico IST a principal escola e engenharia portuguesa 100+ anos Na capital, Lisboa, perto e toas as capitais europeias Equipe e topo na Europa, participação em projectos europeus foi tão bom... que eu não queria sair mais e Lisboa :-) esse é o perigo e fazer outorao aí... :

28 55 Título a apresentação 28

DepSky Dependable and Secure Storage in a Cloud-of-Clouds Alysson Bessani, Miguel Correia, Bruno Quaresma, Fernando André, Paulo Sousa

DepSky Dependable and Secure Storage in a Cloud-of-Clouds Alysson Bessani, Miguel Correia, Bruno Quaresma, Fernando André, Paulo Sousa epsky ependable and Secure Storage in a Cloud-of-Clouds Alysson Bessani, Miguel Correia, Bruno Quaresma, Fernando André, Paulo Sousa University of Lisbon, Faculty of Sciences 1 Moving to Clouds ata is

More information

Cloud computing in a nutshell

Cloud computing in a nutshell Segurança na Nuvem da Confidencialidade à isponibilidade dos ados Miguel Correia Trabalho conjunto com Alysson Bessani, Francisco Rocha, P. Sousa, B. Quaresma, F. André, S. Abreu Jornadas Técnicas de Computação

More information

Recent Advances in Cloud

Recent Advances in Cloud Recent Advances in Cloud Computing Dependability pjv@di.fc.ul.pt Paulo Veríssimo http://www.di.fc.ul.pt/~pjv joint work with: Alysson Bessani, Miguel Correia, Pedro Costa, Bernhard Kauer, Marcelo Pasin,

More information

Software Execution Protection in the Cloud

Software Execution Protection in the Cloud Software Execution Protection in the Cloud Miguel Correia 1st European Workshop on Dependable Cloud Computing Sibiu, Romania, May 8 th 2012 Motivation clouds fail 2 1 Motivation accidental arbitrary faults

More information

Secure Framework for Data Storage from Single to Multi clouds in Cloud Networking

Secure Framework for Data Storage from Single to Multi clouds in Cloud Networking Secure Framework for Data Storage from Single to Multi clouds in Cloud Networking B.Sujana 1, P.Tejaswini 2, G.Srinivasulu 3, Sk.Karimulla 4 1,2,3,4 QUBA COLLEGE OF ENGINEERING & TECH, NELLORE Abstract:

More information

Outline. Clouds of Clouds lessons learned from n years of research Miguel Correia

Outline. Clouds of Clouds lessons learned from n years of research Miguel Correia Dependability and Security with Clouds of Clouds lessons learned from n years of research Miguel Correia WORKSHOP ON DEPENDABILITY AND INTEROPERABILITY IN HETEROGENEOUS CLOUDS (DIHC13) August 27 th 2013,

More information

CSE543 Computer and Network Security Module: Cloud Computing

CSE543 Computer and Network Security Module: Cloud Computing CSE543 Computer and Network Security Module: Computing Professor Trent Jaeger 1 Computing Is Here Systems and Internet Infrastructure Security (SIIS) Laboratory 2 Computing Is Here Systems and Internet

More information

DISTRIBUTED SYSTEMS [COMP9243] Lecture 9a: Cloud Computing WHAT IS CLOUD COMPUTING? 2

DISTRIBUTED SYSTEMS [COMP9243] Lecture 9a: Cloud Computing WHAT IS CLOUD COMPUTING? 2 DISTRIBUTED SYSTEMS [COMP9243] Lecture 9a: Cloud Computing Slide 1 Slide 3 A style of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet.

More information

Cloud Computing Trends

Cloud Computing Trends UT DALLAS Erik Jonsson School of Engineering & Computer Science Cloud Computing Trends What is cloud computing? Cloud computing refers to the apps and services delivered over the internet. Software delivered

More information

Iaas for Private and Public Cloud using Openstack

Iaas for Private and Public Cloud using Openstack Iaas for Private and Public Cloud using Openstack J. Beschi Raja, Assistant Professor, Department of CSE, Kalasalingam Institute of Technology, TamilNadu, India, K.Vivek Rabinson, PG Student, Department

More information

What Is It? Business Architecture Research Challenges Bibliography. Cloud Computing. Research Challenges Overview. Carlos Eduardo Moreira dos Santos

What Is It? Business Architecture Research Challenges Bibliography. Cloud Computing. Research Challenges Overview. Carlos Eduardo Moreira dos Santos Research Challenges Overview May 3, 2010 Table of Contents I 1 What Is It? Related Technologies Grid Computing Virtualization Utility Computing Autonomic Computing Is It New? Definition 2 Business Business

More information

How to Secure Infrastructure Clouds with Trusted Computing Technologies

How to Secure Infrastructure Clouds with Trusted Computing Technologies How to Secure Infrastructure Clouds with Trusted Computing Technologies Nicolae Paladi Swedish Institute of Computer Science 2 Contents 1. Infrastructure-as-a-Service 2. Security challenges of IaaS 3.

More information

Last time. Today. IaaS Providers. Amazon Web Services, overview

Last time. Today. IaaS Providers. Amazon Web Services, overview Last time General overview, motivation, expected outcomes, other formalities, etc. Please register for course Online (if possible), or talk to Yvonne@CS Course evaluation forgotten Please assign one volunteer

More information

Cloud Courses Description

Cloud Courses Description Courses Description 101: Fundamental Computing and Architecture Computing Concepts and Models. Data center architecture. Fundamental Architecture. Virtualization Basics. platforms: IaaS, PaaS, SaaS. deployment

More information

MIGRATION FROM SINGLE TO MULTI-CLOUDS TO SHRIVEL SECURITY RISKS IN CLOUD COMPUTING. K.Sireesha 1 and S. Suresh 2

MIGRATION FROM SINGLE TO MULTI-CLOUDS TO SHRIVEL SECURITY RISKS IN CLOUD COMPUTING. K.Sireesha 1 and S. Suresh 2 IJCITP Volume.8* Number 2* December 2013, pp. 53-58 Serials Publications MIGRATION FROM SINGLE TO MULTI-CLOUDS TO SHRIVEL SECURITY RISKS IN CLOUD COMPUTING K.Sireesha 1 and S. Suresh 2 1 M.Tech. Student,

More information

Introduction to Cloud Computing

Introduction to Cloud Computing Introduction to Cloud Computing Cloud Computing I (intro) 15 319, spring 2010 2 nd Lecture, Jan 14 th Majd F. Sakr Lecture Motivation General overview on cloud computing What is cloud computing Services

More information

IJREAT International Journal of Research in Engineering & Advanced Technology, Volume 1, Issue 1, March, 2013 ISSN: 2320-8791 www.ijreat.

IJREAT International Journal of Research in Engineering & Advanced Technology, Volume 1, Issue 1, March, 2013 ISSN: 2320-8791 www.ijreat. Intrusion Detection in Cloud for Smart Phones Namitha Jacob Department of Information Technology, SRM University, Chennai, India Abstract The popularity of smart phone is increasing day to day and the

More information

Private Cloud in Educational Institutions: An Implementation using UEC

Private Cloud in Educational Institutions: An Implementation using UEC Private Cloud in Educational Institutions: An Implementation using UEC D. Sudha Devi L.Yamuna Devi K.Thilagavathy,Ph.D P.Aruna N.Priya S. Vasantha,Ph.D ABSTRACT Cloud Computing, the emerging technology,

More information

Cloud Computing 101 Dissipating the Fog 2012/Dec/xx Grid-Interop 2012

Cloud Computing 101 Dissipating the Fog 2012/Dec/xx Grid-Interop 2012 Cloud Computing 101 Dissipating the Fog 2012/Dec/xx Why the interest in Clouds? A method to avoid/defer CAPEX/OPEX and possibly accelerating implementation 2 It all started here - Timeshare Computers and

More information

Lecture 02a Cloud Computing I

Lecture 02a Cloud Computing I Mobile Cloud Computing Lecture 02a Cloud Computing I 吳 秀 陽 Shiow-yang Wu What is Cloud Computing? Computing with cloud? Mobile Cloud Computing Cloud Computing I 2 Note 1 What is Cloud Computing? Walking

More information

Cluster Computing. ! Fault tolerance. ! Stateless. ! Throughput. ! Stateful. ! Response time. Architectures. Stateless vs. Stateful.

Cluster Computing. ! Fault tolerance. ! Stateless. ! Throughput. ! Stateful. ! Response time. Architectures. Stateless vs. Stateful. Architectures Cluster Computing Job Parallelism Request Parallelism 2 2010 VMware Inc. All rights reserved Replication Stateless vs. Stateful! Fault tolerance High availability despite failures If one

More information

Security Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM)

Security Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM) Security Management of Cloud-Native Applications Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM) 1 Outline Context State-of-the-Art Design Patterns Threats to cloud systems Security

More information

Cloud Courses Description

Cloud Courses Description Cloud Courses Description Cloud 101: Fundamental Cloud Computing and Architecture Cloud Computing Concepts and Models. Fundamental Cloud Architecture. Virtualization Basics. Cloud platforms: IaaS, PaaS,

More information

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com Introduction to Cloud Computing Srinath Beldona srinath_beldona@yahoo.com Agenda Pre-requisites Course objectives What you will learn in this tutorial? Brief history Is cloud computing new? Why cloud computing?

More information

Part V Applications. What is cloud computing? SaaS has been around for awhile. Cloud Computing: General concepts

Part V Applications. What is cloud computing? SaaS has been around for awhile. Cloud Computing: General concepts Part V Applications Cloud Computing: General concepts Copyright K.Goseva 2010 CS 736 Software Performance Engineering Slide 1 What is cloud computing? SaaS: Software as a Service Cloud: Datacenters hardware

More information

Intro to Virtualization

Intro to Virtualization Cloud@Ceid Seminars Intro to Virtualization Christos Alexakos Computer Engineer, MSc, PhD C. Sysadmin at Pattern Recognition Lab 1 st Seminar 19/3/2014 Contents What is virtualization How it works Hypervisor

More information

IaaS Cloud Architectures: Virtualized Data Centers to Federated Cloud Infrastructures

IaaS Cloud Architectures: Virtualized Data Centers to Federated Cloud Infrastructures IaaS Cloud Architectures: Virtualized Data Centers to Federated Cloud Infrastructures Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF Introduction

More information

Cloud and Security (Cloud hacked via Cloud) Lukas Grunwald

Cloud and Security (Cloud hacked via Cloud) Lukas Grunwald Cloud and Security (Cloud hacked via Cloud) Lukas Grunwald About DN-Systems Global Consulting and Technology Services Planning Evaluation Auditing Operates own Security Lab Project Management Integral

More information

CHAPTER 2 THEORETICAL FOUNDATION

CHAPTER 2 THEORETICAL FOUNDATION CHAPTER 2 THEORETICAL FOUNDATION 2.1 Theoretical Foundation Cloud computing has become the recent trends in nowadays computing technology world. In order to understand the concept of cloud, people should

More information

Open Cloud System. (Integration of Eucalyptus, Hadoop and AppScale into deployment of University Private Cloud)

Open Cloud System. (Integration of Eucalyptus, Hadoop and AppScale into deployment of University Private Cloud) Open Cloud System (Integration of Eucalyptus, Hadoop and into deployment of University Private Cloud) Thinn Thu Naing University of Computer Studies, Yangon 25 th October 2011 Open Cloud System University

More information

Cloud Computing. Chapter 1 Introducing Cloud Computing

Cloud Computing. Chapter 1 Introducing Cloud Computing Cloud Computing Chapter 1 Introducing Cloud Computing Learning Objectives Understand the abstract nature of cloud computing. Describe evolutionary factors of computing that led to the cloud. Describe virtualization

More information

Security Issues In Cloud Computing and Countermeasures

Security Issues In Cloud Computing and Countermeasures Security Issues In Cloud Computing and Countermeasures Shipra Dubey 1, Suman Bhajia 2 and Deepika Trivedi 3 1 Department of Computer Science, Banasthali University, Jaipur, Rajasthan / India 2 Department

More information

The Cloud, Virtualization, and Security

The Cloud, Virtualization, and Security A Cloud: Large groups of remote servers that are networked to allow centralized, shared data storage and online access to computer services or resources A Cloud: Large groups of remote servers that are

More information

Data Centers and Cloud Computing. Data Centers

Data Centers and Cloud Computing. Data Centers Data Centers and Cloud Computing Intro. to Data centers Virtualization Basics Intro. to Cloud Computing 1 Data Centers Large server and storage farms 1000s of servers Many TBs or PBs of data Used by Enterprises

More information

Mobile Cloud Computing T-110.5121 Open Source IaaS

Mobile Cloud Computing T-110.5121 Open Source IaaS Mobile Cloud Computing T-110.5121 Open Source IaaS Tommi Mäkelä, Otaniemi Evolution Mainframe Centralized computation and storage, thin clients Dedicated hardware, software, experienced staff High capital

More information

Cloud Computing and Amazon Web Services

Cloud Computing and Amazon Web Services Cloud Computing and Amazon Web Services Gary A. McGilvary edinburgh data.intensive research 1 OUTLINE 1. An Overview of Cloud Computing 2. Amazon Web Services 3. Amazon EC2 Tutorial 4. Conclusions 2 CLOUD

More information

2) Xen Hypervisor 3) UEC

2) Xen Hypervisor 3) UEC 5. Implementation Implementation of the trust model requires first preparing a test bed. It is a cloud computing environment that is required as the first step towards the implementation. Various tools

More information

Data Centers and Cloud Computing. Data Centers. MGHPCC Data Center. Inside a Data Center

Data Centers and Cloud Computing. Data Centers. MGHPCC Data Center. Inside a Data Center Data Centers and Cloud Computing Intro. to Data centers Virtualization Basics Intro. to Cloud Computing Data Centers Large server and storage farms 1000s of servers Many TBs or PBs of data Used by Enterprises

More information

Cloud Computing. Chapter 1 Introducing Cloud Computing

Cloud Computing. Chapter 1 Introducing Cloud Computing Cloud Computing Chapter 1 Introducing Cloud Computing Learning Objectives Understand the abstract nature of cloud computing. Describe evolutionary factors of computing that led to the cloud. Describe virtualization

More information

A Multi-Cloud based Approach to Enhance Data Security and Availability in Cloud Storage

A Multi-Cloud based Approach to Enhance Data Security and Availability in Cloud Storage A Multi-Cloud based Approach to Enhance Data Security and Availability in Cloud Storage Siva Rama Krishna T. a, * Dr. A. S. N. Chakravarthy a, Naveen Kumar G. b a Department of Computer Science and Engineering,

More information

Index. BIOS rootkit, 119 Broad network access, 107

Index. BIOS rootkit, 119 Broad network access, 107 Index A Administrative components, 81, 83 Anti-malware, 125 ANY policy, 47 Asset tag, 114 Asymmetric encryption, 24 Attestation commercial market, 85 facts, 79 Intel TXT conceptual architecture, 85 models,

More information

CERTIFICATE PROGRAMME ON CLOUD SPECIALISTS DEVELOPMENT

CERTIFICATE PROGRAMME ON CLOUD SPECIALISTS DEVELOPMENT CERTIFICATE PROGRAMME ON CLOUD SPECIALISTS DEVELOPMENT Present awareness and demands of cloud computing calls for increasing needs of cloud specialists development noticeably worldwide. VMware's Singapore

More information

Private Distributed Cloud Deployment in a Limited Networking Environment

Private Distributed Cloud Deployment in a Limited Networking Environment Private Distributed Cloud Deployment in a Limited Networking Environment Jeffrey Galloway, Susan Vrbsky, and Karl Smith The University of Alabama jmgalloway@crimson.ua.edu, vrbsky@cs.ua.edu, smith102@crimson.ua.edu

More information

Cloud Computing Is In Your Future

Cloud Computing Is In Your Future Cloud Computing Is In Your Future Michael Stiefel www.reliablesoftware.com development@reliablesoftware.com http://www.reliablesoftware.com/dasblog/default.aspx Cloud Computing is Utility Computing Illusion

More information

Secure Way of Storing Data in Cloud Using Third Party Auditor

Secure Way of Storing Data in Cloud Using Third Party Auditor IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661, p- ISSN: 2278-8727Volume 12, Issue 4 (Jul. - Aug. 2013), PP 69-74 Secure Way of Storing Data in Cloud Using Third Party Auditor 1 Miss.

More information

Risks and Challenges

Risks and Challenges Cloud and Mobile Security: Risks and Challenges Chong Sau Wei (CISM) chong@scan associates.net General Manager Managed Security Services SCAN Associates Berhad Seminar e Kerajaan Negeri Pulau Pinang 14

More information

VMware VDR and Cloud Storage: A Winning Backup/DR Combination

VMware VDR and Cloud Storage: A Winning Backup/DR Combination VMware VDR and Cloud Storage: A Winning Backup/DR Combination 7/29/2010 CloudArray, from TwinStrata, and VMware Data Recovery combine to provide simple, fast and secure backup: On-site and Off-site The

More information

Virtualization System Security

Virtualization System Security Virtualization System Security Bryan Williams, IBM X-Force Advanced Research Tom Cross, Manager, IBM X-Force Security Strategy 2009 IBM Corporation Overview Vulnerability disclosure analysis Vulnerability

More information

A Survey on Cloud Security Issues and Techniques

A Survey on Cloud Security Issues and Techniques A Survey on Cloud Security Issues and Techniques Garima Gupta 1, P.R.Laxmi 2 and Shubhanjali Sharma 3 1 Department of Computer Engineering, Government Engineering College, Ajmer Guptagarima09@gmail.com

More information

Cloud Computing an introduction

Cloud Computing an introduction Prof. Dr. Claudia Müller-Birn Institute for Computer Science, Networked Information Systems Cloud Computing an introduction January 30, 2012 Netzprogrammierung (Algorithmen und Programmierung V) Our topics

More information

Data Protection: From PKI to Virtualization & Cloud

Data Protection: From PKI to Virtualization & Cloud Data Protection: From PKI to Virtualization & Cloud Raymond Yeung CISSP, CISA Senior Regional Director, HK/TW, ASEAN & A/NZ SafeNet Inc. Agenda What is PKI? And Value? Traditional PKI Usage Cloud Security

More information

A Review on Cloud Computing Vulnerabilities

A Review on Cloud Computing Vulnerabilities A Review on Cloud Computing Vulnerabilities Ms. Sugandha Nandedkar, Ms.Sangeeta Kakarwal Asst.Prof., Department of Computer Science and Engineering, DIEMS /Dr. BAMU, Aurangabad, MH, India. Prof. and HOD,

More information

Computer Science. About PaaS Security. Donghoon Kim Henry E. Schaffer Mladen A. Vouk

Computer Science. About PaaS Security. Donghoon Kim Henry E. Schaffer Mladen A. Vouk About PaaS Security Donghoon Kim Henry E. Schaffer Mladen A. Vouk North Carolina State University, USA May 21, 2015 @ ICACON 2015 Outline Introduction Background Contribution PaaS Vulnerabilities and Countermeasures

More information

Technische Herausforderungen der Cloud-Forensik

Technische Herausforderungen der Cloud-Forensik Technische Herausforderungen der Cloud-Forensik Dominik Birk Horst Görtz Institute for IT Security Bochum (Germany) Anwendertag IT-Forensik 2011 April 12 th, 2011, Darmstadt The Speaker Dominik Birk Ph.D.

More information

Architectural Implications of Cloud Computing

Architectural Implications of Cloud Computing Architectural Implications of Cloud Computing Grace Lewis Research, Technology and Systems Solutions (RTSS) Program Lewis is a senior member of the technical staff at the SEI in the Research, Technology,

More information

Chapter 14 Virtual Machines

Chapter 14 Virtual Machines Operating Systems: Internals and Design Principles Chapter 14 Virtual Machines Eighth Edition By William Stallings Virtual Machines (VM) Virtualization technology enables a single PC or server to simultaneously

More information

Sharing Files Using Cloud Storage Services

Sharing Files Using Cloud Storage Services Sharing Files Using Cloud Storage Services Tiago Oliveira, Ricardo Mendes, and Alysson Bessani {toliveira,rmendes}@lasige.di.fc.ul.pt, bessani@di.fc.ul.pt Universidade de Lisboa, Faculdade de Ciências,

More information

Cloud Panel Service Evaluation Scenarios

Cloud Panel Service Evaluation Scenarios Cloud Panel Service Evaluation Scenarios August 2014 Service Evaluation Scenarios The scenarios below are provided as a sample of how Finance may approach the evaluation of a particular service offered

More information

Cloud Database Storage Model by Using Key-as-a-Service (KaaS)

Cloud Database Storage Model by Using Key-as-a-Service (KaaS) www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume 4 Issue 7 July 2015, Page No. 13284-13288 Cloud Database Storage Model by Using Key-as-a-Service (KaaS) J.Sivaiah

More information

Keyword: Cloud computing, service model, deployment model, network layer security.

Keyword: Cloud computing, service model, deployment model, network layer security. Volume 4, Issue 2, February 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com An Emerging

More information

Cloud Computing Security Master Seminar, Summer 2011

Cloud Computing Security Master Seminar, Summer 2011 Cloud Computing Security Master Seminar, Summer 2011 Maxim Schnjakin, Wesam Dawoud, Christian Willems, Ibrahim Takouna Chair for Internet Technologies and Systems Definition of Cloud Computing 2 Cloud

More information

International Journal of Advance Research in Computer Science and Management Studies

International Journal of Advance Research in Computer Science and Management Studies Volume 2, Issue 11, November 2014 ISSN: 2321 7782 (Online) International Journal of Advance Research in Computer Science and Management Studies Research Article / Survey Paper / Case Study Available online

More information

Data Centers and Cloud Computing. Data Centers

Data Centers and Cloud Computing. Data Centers Data Centers and Cloud Computing Slides courtesy of Tim Wood 1 Data Centers Large server and storage farms 1000s of servers Many TBs or PBs of data Used by Enterprises for server applications Internet

More information

Multilevel Communication Aware Approach for Load Balancing

Multilevel Communication Aware Approach for Load Balancing Multilevel Communication Aware Approach for Load Balancing 1 Dipti Patel, 2 Ashil Patel Department of Information Technology, L.D. College of Engineering, Gujarat Technological University, Ahmedabad 1

More information

Eucalyptus: An Open-source Infrastructure for Cloud Computing. Rich Wolski Eucalyptus Systems Inc. www.eucalyptus.com

Eucalyptus: An Open-source Infrastructure for Cloud Computing. Rich Wolski Eucalyptus Systems Inc. www.eucalyptus.com Eucalyptus: An Open-source Infrastructure for Cloud Computing Rich Wolski Eucalyptus Systems Inc. www.eucalyptus.com Exciting Weather Forecasts Commercial Cloud Formation Eucalyptus - Confidential What

More information

Virtualization & Cloud Computing (2W-VnCC)

Virtualization & Cloud Computing (2W-VnCC) Virtualization & Cloud Computing (2W-VnCC) DETAILS OF THE SYLLABUS: Basics of Networking Types of Networking Networking Tools Basics of IP Addressing Subnet Mask & Subnetting MAC Address Ports : Physical

More information

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption THE DATA PROTECTIO TIO N COMPANY Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption whitepaper Executive Summary Long an important security measure, encryption has

More information

AVLOR SERVER CLOUD RECOVERY

AVLOR SERVER CLOUD RECOVERY AVLOR SERVER CLOUD RECOVERY WHITE PAPER 1 Table of Contents Abstract... 2 1. Introduction... 3 2. Server Cloud Recovery... 3 3. Amazon AWS Cloud... 4 a. What it is... 4 b. Why Use AWS?... 5 4. Difficulties

More information

Analysis and Research of Cloud Computing System to Comparison of Several Cloud Computing Platforms

Analysis and Research of Cloud Computing System to Comparison of Several Cloud Computing Platforms Volume 1, Issue 1 ISSN: 2320-5288 International Journal of Engineering Technology & Management Research Journal homepage: www.ijetmr.org Analysis and Research of Cloud Computing System to Comparison of

More information

Data-intensive computing systems

Data-intensive computing systems Data-intensive computing systems Cloud Computing University of Verona Computer Science Department Damiano Carra Acknowledgements! Credits Part of the course material is based on slides provided by the

More information

How cloud computing can transform your business landscape

How cloud computing can transform your business landscape How cloud computing can transform your business landscape Introduction It seems like everyone is talking about the cloud. Cloud computing and cloud services are the new buzz words for what s really a not

More information

Data Centers and Cloud Computing

Data Centers and Cloud Computing Data Centers and Cloud Computing CS377 Guest Lecture Tian Guo 1 Data Centers and Cloud Computing Intro. to Data centers Virtualization Basics Intro. to Cloud Computing Case Study: Amazon EC2 2 Data Centers

More information

Cloud-Security: Show-Stopper or Enabling Technology?

Cloud-Security: Show-Stopper or Enabling Technology? Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics

More information

Cloud Models and Platforms

Cloud Models and Platforms Cloud Models and Platforms Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF A Working Definition of Cloud Computing Cloud computing is a model

More information

Cloud Computing. Adam Barker

Cloud Computing. Adam Barker Cloud Computing Adam Barker 1 Overview Introduction to Cloud computing Enabling technologies Different types of cloud: IaaS, PaaS and SaaS Cloud terminology Interacting with a cloud: management consoles

More information

Lecture 02b Cloud Computing II

Lecture 02b Cloud Computing II Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,

More information

Cloud computing an insight

Cloud computing an insight Cloud computing an insight Overview IT infrastructure is changing according the fast-paced world s needs. People in the world want to stay connected with Work / Family-Friends. The data needs to be available

More information

White Paper How Noah Mobile uses Microsoft Azure Core Services

White Paper How Noah Mobile uses Microsoft Azure Core Services NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah

More information

A Gentle Introduction to Cloud Computing

A Gentle Introduction to Cloud Computing A Gentle Introduction to Cloud Computing Source: Wikipedia Platform Computing, Inc. Platform Clusters, Grids, Clouds, Whatever Computing The leader in managing large scale shared environments o 18 years

More information

IMPLEMENTING DATA SECURITY IN MULTI CLOUD

IMPLEMENTING DATA SECURITY IN MULTI CLOUD IMPLEMENTING DATA SECURITY IN MULTI CLOUD Ms. Renu Nagendra Shinde Information Technology SKNCOE Pune 41,India renunikhilp@gmail.com Prof. Mrs. Varsha Khandekar Information Technology SKNCOE Pune 41, India

More information

Basics of Cloud Computing

Basics of Cloud Computing Basics of Cloud Computing MTAT.08.027 Basics of Cloud Computing (3 ECTS) MTAT.08.011 Basics of Grid and Cloud Computing Satish Srirama satish.srirama@ut.ee Course Purpose Introduce cloud computing concepts

More information

INTERNATIONAL JOURNAL OF ELECTRONICS AND COMMUNICATION ENGINEERING & TECHNOLOGY (IJECET) Introduction to Cloud Security. Taniya

INTERNATIONAL JOURNAL OF ELECTRONICS AND COMMUNICATION ENGINEERING & TECHNOLOGY (IJECET) Introduction to Cloud Security. Taniya INTERNATIONAL JOURNAL OF ELECTRONICS AND COMMUNICATION ENGINEERING & TECHNOLOGY (IJECET) International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN 0976 6464(Print)

More information

Top 10 Cloud Risks That Will Keep You Awake at Night

Top 10 Cloud Risks That Will Keep You Awake at Night Top 10 Cloud Risks That Will Keep You Awake at Night Shankar Babu Chebrolu Ph.D., Vinay Bansal, Pankaj Telang Photo Source flickr.com .. Amazon EC2 (Cloud) to host Eng. Lab testing. We want to use SalesForce.com

More information

Security and Privacy in Cloud Computing

Security and Privacy in Cloud Computing Security and Privacy in Cloud Computing Ragib Hasan Johns Hopkins University en.600.412 Spring 2010 Lecture 2 02/01/2010 Threats, vulnerabilities, and enemies Goal Learn the cloud computing threat model

More information

T-110.5121 Mobile Cloud Computing Private Cloud & Assignment 2 19.10.2011

T-110.5121 Mobile Cloud Computing Private Cloud & Assignment 2 19.10.2011 T-110.5121 Mobile Cloud Computing Private Cloud & Assignment 2 19.10.2011 Yrjö Raivio, Koushik Annapureddy, Ramasivakarthik Mallavarapu Aalto University, School of Science Department of Computer Science

More information

Workflow Templates Library

Workflow Templates Library Workflow s Library Table of Contents Intro... 2 Active Directory... 3 Application... 5 Cisco... 7 Database... 8 Excel Automation... 9 Files and Folders... 10 FTP Tasks... 13 Incident Management... 14 Security

More information

Introduction to Cloud Computing

Introduction to Cloud Computing Introduction to Cloud Computing Rohit Thakral rohit@targetintegration.com +353 1 886 5684 About Rohit Expertise Sales/Business Management Helpdesk Management Open Source Software & Cloud Expertise Running

More information

ANDREW HERTENSTEIN Manager Microsoft Modern Datacenter and Azure Solutions En Pointe Technologies Phone 317-362-1213

ANDREW HERTENSTEIN Manager Microsoft Modern Datacenter and Azure Solutions En Pointe Technologies Phone 317-362-1213 ANDREW HERTENSTEIN Manager Microsoft Modern Datacenter and Azure Solutions En Pointe Technologies Phone 317-362-1213 Application Compatibility Many organizations have business critical or internally

More information

Which is Better: Virtualization or Cloud IaaS?

Which is Better: Virtualization or Cloud IaaS? A White Paper Which is Better: Virtualization or Cloud IaaS? Which is Better: Virtualization or Cloud IaaS? Why should I consider Virtualization or Cloud IaaS at all? Simply put, they can save you money.

More information

A survey on cost effective multi-cloud storage in cloud computing

A survey on cost effective multi-cloud storage in cloud computing A survey on cost effective multi-cloud storage in cloud computing Nitesh Shrivastava, Ganesh Kumar Abstract As novel storage model, cloud storage has gain attentions from both the academics and industrial

More information

Cloud Web-Based Operating System (Cloud Web Os)

Cloud Web-Based Operating System (Cloud Web Os) Cloud Web-Based Operating System (Cloud Web Os) Hesham Abusaimeh Department of Computer Science, Faculty of Information Technology, Applied Science University, Amman, 11931 Jordan. ABSTRACT The cloud computing

More information

A Web Base Information System Using Cloud Computing

A Web Base Information System Using Cloud Computing A Web Base Information System Using Cloud Computing Zainab Murtadha, Mohammad Amin Roshanasan Abstract: Cloud Computing is the new field that was invented and developed during a period not so long ago.

More information

What Cloud computing means in real life

What Cloud computing means in real life ITU TRCSL Symposium on Cloud Computing Session 2: Cloud Computing Foundation and Requirements What Cloud computing means in real life Saman Perera Senior General Manager Information Systems Mobitel (Pvt)

More information

Mutual Authentication Cloud Computing Platform based on TPM

Mutual Authentication Cloud Computing Platform based on TPM Mutual Authentication Cloud Computing Platform based on TPM Lei Peng 1, Yanli Xiao 2 1 College of Information Engineering, Taishan Medical University, Taian Shandong, China 2 Department of Graduate, Taishan

More information

A Distributed Storage Architecture based on a Hybrid Cloud Deployment Model

A Distributed Storage Architecture based on a Hybrid Cloud Deployment Model A Distributed Storage Architecture based on a Hybrid Cloud Deployment Model Emigdio M. Hernandez-Ramirez, Victor J. Sosa-Sosa, Ivan Lopez-Arevalo Information Technology Laboratory Center of Research and

More information

Companies are moving more and more IT services and

Companies are moving more and more IT services and Adding High Availability to the Cloud Paul J. Holenstein Executive Vice President Gravic, Inc. Companies are moving more and more IT services and utility applications to public clouds to take advantage

More information

CUMULUX WHICH CLOUD PLATFORM IS RIGHT FOR YOU? COMPARING CLOUD PLATFORMS. Review Business and Technology Series www.cumulux.com

CUMULUX WHICH CLOUD PLATFORM IS RIGHT FOR YOU? COMPARING CLOUD PLATFORMS. Review Business and Technology Series www.cumulux.com ` CUMULUX WHICH CLOUD PLATFORM IS RIGHT FOR YOU? COMPARING CLOUD PLATFORMS Review Business and Technology Series www.cumulux.com Table of Contents Cloud Computing Model...2 Impact on IT Management and

More information

Cloud computing - Architecting in the cloud

Cloud computing - Architecting in the cloud Cloud computing - Architecting in the cloud anna.ruokonen@tut.fi 1 Outline Cloud computing What is? Levels of cloud computing: IaaS, PaaS, SaaS Moving to the cloud? Architecting in the cloud Best practices

More information

Virtualization and Cloud Computing

Virtualization and Cloud Computing Written by Zakir Hossain, CS Graduate (OSU) CEO, Data Group Fed Certifications: PFA (Programming Foreign Assistance), COR (Contracting Officer), AOR (Assistance Officer) Oracle Certifications: OCP (Oracle

More information

Chapter 1: Introduction

Chapter 1: Introduction Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure

More information