From Trusted Cloud Infrastructures to Trustworthy Cloud Services

Size: px
Start display at page:

Download "From Trusted Cloud Infrastructures to Trustworthy Cloud Services"

Transcription

1 From Trusted Cloud Infrastructures to Trustworthy Cloud Services Michael Gröne. Norbert Schirmer Sirrix AG security technologies Im Stadtwald, Geb. D3.2, Saarbrücken, Germany {m.groene Abstract Trustworthy Cloud services may only be built upon a strong basis of a Trusted Cloud. Such trusted infrastructures are also needed to reach IT security compliance in enterprises. The cloud model of Infrastructure as a Service (IaaS), combined with the trusted components proposed in this paper and researched in actual EU and Germany-wide cloud computing projects is a big chance for higher security in enterprises, especially for SMEs. We describe two current projects that reflect these topics and the associated security work packages to develop mechanisms and technologies for future-oriented isolation of security domains and information flow control. These are Trustworthy Clouds (TClouds) at EU level and Emergent in Germany as part of the Software-Cluster project. The overall solution resulting from research and development done in both projects is one that establishes security guarantees on the data stored by enterprise platforms on infrastructure clouds and cloud services without affecting the enterprise workflows. An innovative use case in the home healthcare sector demonstrates how future cloud infrastructures and services may look like. 1 Cloud Computing, Security and Trust Over the past years there has been much written and told about Cloud Computing, a applicable definition was given by NIST in 2011 [DrMe11]. Cloud services promise the needs-based distribution of IT infrastructures, platforms and services through standardized interfaces on the web. A pay-per-use model is given and the resources scale to the needs of their users, both to save IT costs. Fixed investments for an in-house IT are replaced by variable costs, a rigid in-house IT infrastructure gives way to flexible and dynamic services. Even if these characteristics fit perfectly into today s fast moving and flexible business processes, there are a number of problems that hinder wide adoption of public Cloud Computing in enterprise environments, in particular that are IT security concerns. On the other side requirements for cost savings and flexibility, especially in small and mediumsized enterprises (SMEs), are the factors driving forward the overall use of public cloud services. From an IT security perspective the main requirement is to reach at least the same security level as it should be in a local infrastructure combined with new security requirements resulting from the new risks of outsourcing the infrastructure to cloud providers.

2 2 From Trusted Cloud Infrastructures to Trustworthy Cloud Services 1.1 Cloud as a Chance for Higher Security in SMEs Our thesis is that Cloud Computing is a distinctive chance for improving IT security in SMEs. When looking at today s SMEs with 200-1,000 employees, IT security is in fact an infrastructure topic, not a business driven one. For this reason, compliance is nearly absent. In today s IT infrastructures there are strong needs for information flow control rather than traditional access control policies. Current examples of hacking attacks on the NATO or the German federal police and reports of massive attacks worldwide such as Operation Shady RAT [Alpe11] show that. If infrastructure security is part of the cloud service an SME definitely may reach higher security and reach compliance with existing enterprise security policies. Moreover, this helps SME with collaboration with partners, e.g. when working together on confidential data. A significant increase of IT security compliance, driven by Cloud Computing, is foreseeable, especially in SMEs. There are projects which contribute to reach that goal. 1.2 New technology; new risks Privacy and security concerns pose a significant risk towards the new technology used for Cloud Computing. The attacker model of public cloud computing has significantly changed compared to the one in an enterprise domain (usually protected by firewalls, gateways, etc.). Cloud administrators may access customer data; everyone may access services available to the public Internet. Therefore, confidential information must be protected against cloud insiders as well as other customers. Simple authentication mechanisms of cloud users only by username and password are too weak to protect against brute force attacks, which could be issued by literally anybody, and attacks as mentioned above, such as stealing of password-databases. One essential type of service supported by public clouds is Infrastructure as a Service (IaaS), which allows providing virtual infrastructures, such as virtual machines, network, or storage. However, holistic security policies and the enforcement of those policies on these resources are often unclear. In the Software as a Service (SaaS) model of cloud computing, due to the functionality and characteristics of the applications used, data is processed in plain text (regardless if it is stored encrypted or not). Without further means cloud service providers or their subcontractors may easily use customer information for their own purposes. Security guarantees expected by business-critical and privacy-sensitive applications and infrastructures are often missing, leaving IT security experts and lawyers to advice that confidential information or critical data should not be stored on a public cloud. In particular, initially the users have to gain trust in an equally secure and legally compliant processing of sensitive user data by the cloud vendors. Several security-related reports such as ENISA s Cloud Computing - Benefits, risks and recommendations for information security [CaHo09] were published to address those concerns. At the same time Cloud Computing services offer tremendous opportunities for progress in IT security towards trustworthy IT and compliance. Now, Cloud Computing is reality and first experiences from the currently largest EU and Germany-wide Cloud Computing projects with major activities focussing on security and trust are introduced in this paper.

3 From Trusted Cloud Infrastructures to Trustworthy Cloud Services The Projects TClouds and Emergent The project Trustworthy Clouds (TClouds) - Privacy and Resilience for Internet-scale Critical Infrastructure [TClo11] started in October 2010 and has a running time of over three years. It is funded by the European Commission. With 7.5 million euros in funding, TClouds is targeting the development of a secure, highly reliable and privacy-compliant cloud infrastructure. The well-balanced Consortium consists of 14 partners from seven different countries, including IBM, Philips, EDP and Sirrix AG. Launched in July 2010, Emergent, a sub-project of the Software-Cluster [Soft11], is funded by the German Federal Ministry of Education and Research, with 39 companies, including SAP, Software AG, Sirrix AG, John Deere, academic institutions and other actors in a region, a running time of over five years and up to 40 million euros in funding. The participants are targeting research and development of fundamentals for emergent software to build up future business software by using trustworthy cloud services and secure information flows between federated domains. We share our experiences in trustworthy Cloud Computing and innovative research results out of both projects focused on our topics and the components we are involved in as part of the projects security work packages. Below we illustrate an example cloud scenario and identify the requirements of Trusted Cloud Computing, show integration of internal IT infrastructures into a trusted cloud infrastructure and our topics in the projects, present an example use case out of the TClouds project, give an outlook onto future work and a conclusion which completes our paper. 2 Cloud Scenario, Requirements and Mechanisms The common Cloud Computing scenario means outsourcing of IT infrastructures, such as servers and storage. Those systems are running in datacenters off-premise. Due to outsourcing the risk of a malicious insider at the cloud provider, e.g. a cloud admin, is a core threat to be tackled. In Cloud Computing the basic model is IaaS, which involves virtual infrastructures that are owned by cloud providers. Virtual infrastructures consist of virtual machines (VMs), virtual networks and virtual storage. Users of the IaaS cloud type could benefit in the way of scalability, availability and resilience, increased connectivity and pervasive reachability and cost reduction. Customers require isolation from other customers, which may be competitors. They need strict isolation of servers and data. This is traditionally ensured by physical isolation of virtual infrastructures. Datacenter providers, such as IBM, HP and other providers encapsulate every virtual infrastructure on physical isolated server clusters, storage and network infrastructures (cf. Fig. 1).

4 4 From Trusted Cloud Infrastructures to Trustworthy Cloud Services Fig. 1: Physically isolated virtual environments in a datacenter Today, such usage of datacenters is also referred to as private Cloud Computing. Since resources are dedicated to customers and cannot be transparently scaled on users demands private Cloud Computing is not as far as effective and scalable as public Cloud Computing is. As a matter of fact physical isolated virtual infrastructures are often too expensive for SME customers. Public cloud IaaS is used as a more efficient and therefore much cheaper solution to fulfil customer needs for outsourcing of IT infrastructures. Here all customers share the same resources. Fig. 2: Classical public cloud provider Infrastructure as a Service (IaaS)

5 From Trusted Cloud Infrastructures to Trustworthy Cloud Services 5 This scenario and its challenges result in an increasing need to devise effective approaches taking advantage of cloud infrastructures to reach effectiveness and scalability of a public cloud without compromising security requirements (especially isolation) and trust assumptions like in a private cloud. The central security requirements for security are: 1. Segregation of duties: the Cloud administrator is only responsible to manage the cloud resources whereas the organization administrator (of the customer) is responsible for the organisations security policy 2. Isolation: strong isolation between customers as well as the cloud administrators is needed to ensure confidentiality of the customer s data. 3. Verifiability of the platform: as the cloud platform is off-premise of the customer we demand technical means to ensure its integrity beyond audits, certification or SLAs. We address those requirements by explaining how current research and development on a trusted infrastructure solution, including server, network and management, can provide interfaces to the cloud, such that data processed and stored on the cloud and flowing between cloud services in different security domains is seamlessly encrypted as it leaves a security domain defined by the enterprise. We start by building the foundation of a Trusted Cloud right into the servers by employing a trusted hardware anchor which is capable of integrity checking and remote attestation. We build on it as a piece of hardware which measures the other hardware and software of the server during booting to ensure the integrity of the server. Moreover, via remote attestation the hardware anchor can be used to verify the integrity of the server towards a remote party (the customer or a management service). The core piece of software the hardware anchor has to check is the security kernel [HASK08] and the hypervisor as a part of it. The security kernel is used to enforce our isolation requirements. It is responsible to encrypt the data of the customers as it is stored. During computation the data in the VMs is processed in plain text. The hypervisor isolates the VMs from each other but can itself access all the memory within the VMs. To secure the hypervisor being abused by a cloud administrator to peek into the VMs of customers we propose that the API of the hypervisor has to be tamed by the security kernel. The kernel should only offer a limited API (e.g. to start, stop and migrate VMs) but not to dump the memory of VMs. With such a management API in place there is no need for an almighty root account for administrators. The management can be done remotely via a trusted cloud management component using this API. The hardware anchor of the servers and the management component can be employed to build a trusted channel (encrypted, mutually authenticated and mutually integrity checked) between the management component and the servers. This scenario is depicted in Fig. 3.

6 6 From Trusted Cloud Infrastructures to Trustworthy Cloud Services Fig. 3: Example of a Trusted Cloud Provider As the hardware anchor Trusted Computing technology as proposed by the Trusted Computing Group [TCG11] could be used, e.g., the Trusted Platform Module (TPM) [TPM11]. 3 Integration of Internal IT Infrastructure Once such a trusted cloud infrastructure is available, one can go one step forward and not only isolate different customers but also push isolation principles into the organizations of the customers. Within an organization, there are typically different departments, like human resources, accounting, development and customer relations. These have different security requirements on the data they process, reaching from personal data to company secrets. These security domains should be kept separate and information flows between them should be strictly controlled. This concept is known as Trusted Virtual Domains (TVDs) [GJP+05]. Trusted Virtual Domains build an isolated virtual infrastructure on shared resources and thus fit into the cloud computing paradigm. Among the strengths of TVDs is the transparent data protection and enforcement of information flow policies - platforms and users logically assigned to the same TVD can access distributed data storage, network services, and remote servers without executing any additional security protocols, while resources belonging to different TVDs are strictly separated. Those resources remain inaccessible for unauthorized participants. Information flows between TVDs are only allowed if they confirm to the security policy of the organisation. TVDs are realized by the same means as described above for the trusted cloud

7 From Trusted Cloud Infrastructures to Trustworthy Cloud Services 7 infrastructure: TPMs as a hardware anchor and for remote attestation, a secure hypervisor and a security kernel to govern isolation and information flows between TVDs and a central management component to manage the security policies. The only difference is, that the management component for the organisation s internal TVDs should be controlled by the customer himself and not by the cloud provider. This management component acts as an interface between the organization s internal IT infrastructure and the cloud services. All devices from mobile phones to laptop and desktop computers as well as on-premise serves which access the TVDs in the cloud also have to be part of the same TVD security mechanisms and management. Only then a coherent end-to-end security can be guaranteed. As mentioned in Section 1, current examples of hacker attacks [Alpe11] show that infecting and remote controlling end users desktops is an important goal for attackers. So, being able to use full functional and still usable TVDs on a desktop-level is another building block in enabling SMEs to reach compliance with IT security policies. Since resources always remain inaccessible for unauthorized participants, even data that is stored on mobile storage devices is automatically protected by encryption. Those data can only be decrypted within the same TVD the device has been assigned to. Hence, users cannot forget to employ encryption, and data on flash drive cannot be used outside the TVD. A Trusted Desktop solution as depicted in Fig. 4 supporting a Trusted Cloud, centrally managed by a trusted management component should complete the whole picture of a continuous secure and trustworthy cloud infrastructure. This is a first step towards continuous trustworthy infrastructures and services. Fig. 4: Trusted Platforms at the Endpoints TrustedDesktop

8 8 From Trusted Cloud Infrastructures to Trustworthy Cloud Services In Fig. 5 such an integrated infrastructure is depicted. The Trusted Organization Manager is in charge to manage the internal infrastructure as well as to push the security policy to the Trusted Cloud Management Component which itself pushes the information to the Trusted Servers. The chain of trust is maintained by mutually ensuring the integrity of all trusted components via remote attestation and communicating via trusted channels. On the organisations side we exemplified the devices by a Trusted Desktop. As desktop virtualization is already commonly used today (e.g. to simultaneous use Windows and Linux programs on the same desktop or even laptop), the same architecture as described for the Trusted Server can be used. As [FGSS11] shows this also extends to mobile devices. Fig. 5: Internal Infrastructure, Trusted Virtual Domains and Central Management 4 Example Project Use Case In this section, a home healthcare use case motivate how future cloud services may look like and why innovative security, trust mechanisms and functionality of a Trusted Cloud as shown before are needed. 4.1 Home healthcare Healthcare services are used in the cloud for several years now (e.g. several examples could be found in the U.S.) but many security and privacy related requirements such as privacy management, where the patient will be able to configure his privacy settings for deciding who can access his data, are not in place by now. Empowering patients, allowing a continuous home-monitoring and improving links between health professional and patients will have a significant impact in patient management. In a home healthcare system IaaS is used rather than having dedicated IT infrastructure within the hospital. Most of the entities involved in such a system are relatively static. Flows of informa-

9 From Trusted Cloud Infrastructures to Trustworthy Cloud Services 9 tion do not change dynamically. The hospital can define interfaces accessible to different entities within its operations. For example, they can host a drug inventory system and configure it to be accessible to its pharmacy department or a patient registry system that is accessible to the registry staff. The cloud provider specifies well defined interfaces into the virtual infrastructure. One example of a home healthcare application using such interfaces may be a drug therapies management service, used for drug prescription and anonymous drug delivery, improving compliance with doctors recommendations. Other involved services could be a patient management portal and a personal diary. All those services need information flows between different organizational and security domains with different security and privacy related requirements. Therefore isolation mechanism and information flow control through policies and enforcement in a trusted security service are designed. Here we show that in the scenario were depressed patients need home healthcare services, able to early identify, counter fight and prevent potentially dangerous situations. The current treatment model, consisting in monthly periodic visits, is not sufficient to cope with these needs. Innovative personal wearable and non-wearable devices, such as from TClouds partner Philips, may be used to help patients and doctors to monitor and identify predefined situations through a health management application of an health and wellness service which has special interfaces for those new devices. A physical activity monitoring service provides a monitoring system that collects and analyse data from those devices. Data can be inserted directly by patient s device, the patients, or by a Physical Activity Service Provider (cf. [DPNB11], Fig. 6). So, two use cases of this scenario may be: Patient uploads her activity data from activity monitoring devices to the Physical Activity Service Provider. Physical Activity Service Provider receives data from the patient monitoring devices, analyse it and provide relevant advice to the patient. TVDs may be used here as the preferred isolation mechanism as described in Sections 2 and 3. This result in a TVD-based Trusted Cloud Infrastructure, servers and data are always isolated.

10 10 From Trusted Cloud Infrastructures to Trustworthy Cloud Services Fig. 6: Architecture of a home healthcare system (ongoing work of the TClouds project partners)

11 From Trusted Cloud Infrastructures to Trustworthy Cloud Services 11 5 Outlook / Future Work In this paper we focused on how to build trusted cloud infrastructures by employing trusted computing technologies. Both projects shown above and its activities consist of much more mechanisms, techniques, components and use cases as presented here. In TClouds a Clouds-of-Clouds middleware is developed to further improve the resilience by replicating data and computation among several clouds provided by different vendors.with Dep- Sky [BCQ+11] the TClouds Project has developed a first prototype for resilient storage building on the Cloud-of-Clouds paradigm. In the TClouds use cases of home health care and Smart Lighting the stakeholders and services are statically known. The information flows do not change in a dynamic way. In the Emergent project however, the use case of an urban management scenario exemplifies a fast and dynamically changing system and aims at coherent ad hoc service composition. Such a scenario is in need of many different security policies covering different aspects of the compound service. One major goal of the security activity in Emergent is to build a Policy Language Toolkit. TVD-based security policies and information flow policies will be part of this. 6 Conclusion Trusted Cloud Computing aims at a Future Internet where federations of standardized resilient and privacy-protecting infrastructure clouds offer virtualized computing, communication, and storage resources that allow hosting of critical and non-critical systems worldwide. Realizing this vision focuses on technological aspects, such as open standards and privacy frameworks. Security and privacy concerns pose a significant risk towards todays IT infrastructures and services, and also to Cloud Computing, but at the same time they offer tremendous opportunities for businesses to provide solutions and services in order to make Cloud Computing and thereby enterprises secure and to protect the privacy of users. For instance, Forrester Research expects cloud security to grow into a $1.5 billion market and to approach 5 % of the overall IT security spending by 2015 [Penn10]. While today encryption and identity management represent the largest segment of this market, particular growth can be expected in three directions: securing commercial clouds to meet the requirements of specific market segments highly customized secure private clouds a new range of providers offering cloud security services to add external security to public clouds. Critical infrastructures of the future, such as Smart Grids, intelligent power distribution and management, or Smart Lighting are use cases Trusted Cloud Computing is aiming at. Consisting of a multitude of distributed nodes, networked based on the IP protocol, Smart Grids will benefit from existing, mature technology and proven mechanisms. Cloud Computing technology is seen as an enabler for Smart Grids or at least dramatically improves its usability and performance. Using Cloud Computing is a requirement to be met to reach new business models, flexibility and cost-savings in Smart Grids. However, such an undertaking should not be adopted blindly without thinking about consistently implemented IT security.

12 12 From Trusted Cloud Infrastructures to Trustworthy Cloud Services In the future, even more and more mobile and autonomous entities are accessing the cloud, so the concept of TVDs should be used on mobile user devices, such as smartphones and tablets as well as the cloud services. Then a coherent level of security can be guaranteed. The overall solution resulting of research and development done in both projects introduced in this paper is one that establishes security guarantees on the data stored by enterprise platforms on infrastructure clouds and cloud services. This is designed and realized without affecting the enterprise workflows and builds up trust in public cloud services. From our point of view the main goals for success of Cloud Computing related to IT security are: 1. Strong authentication (of each entity) 2. Secure virtualization (strong isolation) 3. Trusted platforms (reliable integrity verification) Most of today s so called hacker attacks have shown that authentication by username and password is unsecure, especially in the Internet where public cloud services are within reach of everyone. So strong authentication, which means multi-factor, cryptographic authentication, is a requirement to be reached when using cloud computing. A trustworthy virtualization allows strong isolation of IT-systems, data and information which are belonging to different stakeholders/organizations. Trusted platforms allow companies a reliable integrity verification of cloud platforms. Trust in possibly false pretences of cloud providers or certificates gets a minor matter. Acknowledgements We thank all TClouds partners for substantial and very helpful input to our section, especially the authors of [DPNB11] for input and the picture of the home healthcare architecture. This research has been partially supported by the TClouds project (http://www.tclouds-project. eu) funded by the European Union s Seventh Framework Programme (FP7/ ) under grant agreement number ICT The work presented in this paper was partially performed in the context of the Software-Cluster project EMERGENT (www.software-cluster.org). It was partially funded by the German Federal Ministry of Education and Research (BMBF) under grant no. 01IC10S01. The authors assume responsibility for the content. References [Alpe11] Alperovitch, Dmitri: Revealed: Operation Shady RAT, McAfee Labs, Available online at: [BCQ+11] Bessani, Alysson; Correia, Miguel; Quaresma, Bruno; André, Fernando; and Sousa, Paulo: Dep- Sky: dependable and secure storage in a cloud-of-clouds. In Proceedings of the sixth conference on Computer systems (EuroSys 11). ACM, New York, NY, USA, 2011, p [CaHo09] Catteddu, Daniele; Hogben, Giles: Cloud Computing - Benefits, risks and recommendations for information security, European Network and Information Security Agency (ENISA), Available online at:

13 From Trusted Cloud Infrastructures to Trustworthy Cloud Services 13 [DPNB11] Deng, Mina; Petkovic, Milan; Nalin, Marco; Baroni, Ilaria (Philips Research Europe, The Netherlands; Scientific Institute Hospital San Raffaele, Italy), 2011 IEEE CLOUD international conference, 2011 [FGSS11] Feldmann, Florian; Gnaida, Utz; Stüble, Christian; Selhorst, Marcel: Towards A Trusted Mobile Desktop. Proceedings of the 3rd International Conference on Trust and Trustworthy Computing (TRUST 10), 2010 [GJP+05] Griffin, John Linwood; Jaeger, Trent; Perez, Ronald; Sailer, Reiner; van Doorn, Leendert; and Caceres, Ramon: Trusted Virtual Domains: Toward secure distributed services. In Proceedings of the 1st IEEE Workshop on Hot Topics in System Dependability (Hot- Dep 05), June [HASK08] Sirrix AG: High-Assurance Security Kernel Protection Profile (EAL5), according to the Common Criteria v3.1 R2, 2007, certified by German Federal Office for Information Security (BSI), [Penn10] Penn, Jonathan: Security and the cloud: Looking at the opportunity beyond the obstacle, Forrester Research, October [Soft11] Software-Cluster, Software-Cluster Koordinierungsstelle, c/o CASED - TU Darmstadt, 2011, [TCG11] Trusted Computing Group, [TClo11] Trustworthy Clouds (TClouds) - Privacy and Resilience for Internet-scale Critical Infrastructure, coordinated by Technikon Forschungs- und Planungsgesellschaft mbh, 2011, tclouds-project.eu/ [TPM11] Trusted Computing Group (TCG), TPM Main Specification, Version 1.2, Revision 116, March 2011.

Towards Trustworthy Clouds

Towards Trustworthy Clouds IBM Research Zurich Christian Cachin 12 September 2013 Towards Trustworthy Clouds 2009 IBM Corporation Cloud computing? 2 Cloud services are convenient No investment cost Pay only for consumption Scalable

More information

Brainloop Cloud Security

Brainloop Cloud Security Whitepaper Brainloop Cloud Security Guide to secure collaboration in the cloud www.brainloop.com Sharing information over the internet The internet is the ideal platform for sharing data globally and communicating

More information

Trustworthy Clouds. Underpinning the Future Internet. Cloudscape III, Brussels, March 2011 Elmar Husmann, Corinna Schulze IBM.

Trustworthy Clouds. Underpinning the Future Internet. Cloudscape III, Brussels, March 2011 Elmar Husmann, Corinna Schulze IBM. Trustworthy Clouds Underpinning the Future Internet Cloudscape III, Brussels, March 2011 Elmar Husmann, Corinna Schulze IBM 1 of 12 80% Of enterprises consider security the #1 inhibitor to cloud adoptions

More information

Chapter 1: Introduction

Chapter 1: Introduction Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure

More information

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao Guocui.gao@tufts.

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao Guocui.gao@tufts. Tufts University Department of Computer Science COMP 116 Introduction to Computer Security Fall 2014 Final Project Investigating Security Issues in Cloud Computing Guocui Gao Guocui.gao@tufts.edu Mentor:

More information

Patterns for Secure Boot and Secure Storage in Computer Systems

Patterns for Secure Boot and Secure Storage in Computer Systems Patterns for Secure Boot and Secure Storage in Computer Systems Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany {hans.loehr,ahmad.sadeghi,marcel.winandy}@trust.rub.de

More information

Securing Virtual Applications and Servers

Securing Virtual Applications and Servers White Paper Securing Virtual Applications and Servers Overview Security concerns are the most often cited obstacle to application virtualization and adoption of cloud-computing models. Merely replicating

More information

Seed4C: A Cloud Security Infrastructure validated on Grid 5000

Seed4C: A Cloud Security Infrastructure validated on Grid 5000 Seed4C: A Cloud Security Infrastructure validated on Grid 5000 E. Caron 1, A. Lefray 1, B. Marquet 2, and J. Rouzaud-Cornabas 1 1 Université de Lyon. LIP Laboratory. UMR CNRS - ENS Lyon - INRIA - UCBL

More information

How to Secure Infrastructure Clouds with Trusted Computing Technologies

How to Secure Infrastructure Clouds with Trusted Computing Technologies How to Secure Infrastructure Clouds with Trusted Computing Technologies Nicolae Paladi Swedish Institute of Computer Science 2 Contents 1. Infrastructure-as-a-Service 2. Security challenges of IaaS 3.

More information

Cloud computing: benefits, risks and recommendations for information security

Cloud computing: benefits, risks and recommendations for information security Cloud computing: benefits, risks and recommendations for information security Dr Giles Hogben Secure Services Programme Manager European Network and Information Security Agency (ENISA) Goals of my presentation

More information

Cloud Security Introduction and Overview

Cloud Security Introduction and Overview Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious

More information

Data Protection: From PKI to Virtualization & Cloud

Data Protection: From PKI to Virtualization & Cloud Data Protection: From PKI to Virtualization & Cloud Raymond Yeung CISSP, CISA Senior Regional Director, HK/TW, ASEAN & A/NZ SafeNet Inc. Agenda What is PKI? And Value? Traditional PKI Usage Cloud Security

More information

Securing the E-Health Cloud

Securing the E-Health Cloud Securing the E-Health Cloud Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy 1st ACM International Health Informatics Symposium (IHI 2010) Arlington, Virginia, USA, 11-12 November 2010 Introduction Buzzwords

More information

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS CLOUD COMPUTING Cloud computing is a model for enabling convenient, ondemand network access to a shared pool of configurable computing

More information

Cloud-Security: Show-Stopper or Enabling Technology?

Cloud-Security: Show-Stopper or Enabling Technology? Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics

More information

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui School of Engineering and Computer Science Te Kura Mātai Pūkaha, Pūrorohiko PO Box 600 Wellington New Zealand Tel: +64 4 463

More information

T-SYSTEMS Cloud STORY

T-SYSTEMS Cloud STORY Michael Moritz Lead Enterprise Architect Cloud Computing Cloud & Partner Sales - CTO Office T-Systems International GmbH Agenda Cloud Challenges T-Systems Cloud Strategy 2 Agenda Cloud Challenges T-Systems

More information

SECURITY IN SERVICE LEVEL AGREEMENTS FOR CLOUD COMPUTING

SECURITY IN SERVICE LEVEL AGREEMENTS FOR CLOUD COMPUTING SECURITY IN SERVICE LEVEL AGREEMENTS FOR CLOUD COMPUTING Karin Bernsmed, Martin Gilje Jaatun SINTEF Information and Communication Technology, Trondheim, Norway Karin.Bernsmed@sintef.no, Martin.G.Jaatun@sintef.no

More information

Hybrid Cloud Computing

Hybrid Cloud Computing Dr. Marcel Schlatter, IBM Distinguished Engineer, Delivery Technology & Engineering, GTS 10 November 2010 Hybrid Computing Why is it becoming popular, Patterns, Trends, Impact Hybrid Definition and Scope

More information

Cloud security architecture

Cloud security architecture ericsson White paper Uen 284 23-3244 January 2015 Cloud security architecture from process to deployment The Trust Engine concept and logical cloud security architecture presented in this paper provide

More information

Security Considerations for Public Mobile Cloud Computing

Security Considerations for Public Mobile Cloud Computing Security Considerations for Public Mobile Cloud Computing Ronnie D. Caytiles 1 and Sunguk Lee 2* 1 Society of Science and Engineering Research Support, Korea rdcaytiles@gmail.com 2 Research Institute of

More information

WHITEPAPER. Data Security for Office 365 Balancing control & usability

WHITEPAPER. Data Security for Office 365 Balancing control & usability WHITEPAPER Data Security for Office 365 Balancing control & usability Contents Executive Summary... 2 Top Security Issues for Office 365... 4 Compelled Disclosures... 4 Unauthorized Sharing... 4 External

More information

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com Introduction to Cloud Computing Srinath Beldona srinath_beldona@yahoo.com Agenda Pre-requisites Course objectives What you will learn in this tutorial? Brief history Is cloud computing new? Why cloud computing?

More information

Fujitsu Dynamic Cloud Bridging today and tomorrow

Fujitsu Dynamic Cloud Bridging today and tomorrow Fujitsu Dynamic Cloud Bridging today and tomorrow Contents Cloud Computing with Fujitsu 3 Fujitsu Dynamic Cloud: Higher Dynamics for Enterprises 4 Fujitsu Dynamic Cloud: Our Offering 6 High Security Standards

More information

Implementing Microsoft Azure Infrastructure Solutions

Implementing Microsoft Azure Infrastructure Solutions Course Code: M20533 Vendor: Microsoft Course Overview Duration: 5 RRP: 2,025 Implementing Microsoft Azure Infrastructure Solutions Overview This course is aimed at experienced IT Professionals who currently

More information

Course 20533: Implementing Microsoft Azure Infrastructure Solutions

Course 20533: Implementing Microsoft Azure Infrastructure Solutions Course 20533: Implementing Microsoft Azure Infrastructure Solutions Overview About this course This course is aimed at experienced IT Professionals who currently administer their on-premises infrastructure.

More information

Open Data Center Alliance Usage: Provider Assurance Rev. 1.1

Open Data Center Alliance Usage: Provider Assurance Rev. 1.1 sm Open Data Center Alliance Usage: Provider Assurance Rev. 1.1 Legal Notice This Open Data Center Alliance SM Usage:Provider Assurance is proprietary to the Open Data Center Alliance, Inc. NOTICE TO USERS

More information

Hardware Security Modules for Protecting Embedded Systems

Hardware Security Modules for Protecting Embedded Systems Hardware Security Modules for Protecting Embedded Systems Marko Wolf, ESCRYPT GmbH Embedded Security, Munich, Germany André Weimerskirch, ESCRYPT Inc. Embedded Security, Ann Arbor, USA 1 Introduction &

More information

Cloud Security - Risiken und Chancen

Cloud Security - Risiken und Chancen Dr. Matthias Schunter, MBA IBM Research Zürich, mts@zurich.ibm.com, http://www.schunter.org Simple Questions Today s Data Center Tomorrow s Public Cloud We Have Control It s located at X. It s stored in

More information

Securing the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation

Securing the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation Securing the Cloud with IBM Security Systems 1 2012 2012 IBM IBM Corporation Corporation IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns

More information

Trend Micro Cloud Protection

Trend Micro Cloud Protection A Trend Micro White Paper August 2015 Trend Micro Cloud Protection Security for Your Unique Cloud Infrastructure Contents Introduction...3 Private Cloud...4 VM-Level Security...4 Agentless Security to

More information

Intelligent Solutions for the Highest IT Security Requirements

Intelligent Solutions for the Highest IT Security Requirements Intelligent Solutions for the Highest IT Security Requirements 3 Information security from the architects of modern cryptographic systems SINA (Secure Inter-Network Architecture) enables the protected

More information

SECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING

SECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING SECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING 1. K.SURIYA Assistant professor Department of Computer Applications Dhanalakshmi Srinivasan College of Arts and Science for Womren Perambalur Mail: Surik.mca@gmail.com

More information

PRISMACLOUD. Privacy and Security Maintaining Services in the Cloud Thomas Loruenser AIT Austrian Institute of Technology GmbH

PRISMACLOUD. Privacy and Security Maintaining Services in the Cloud Thomas Loruenser AIT Austrian Institute of Technology GmbH PRISMACLOUD Privacy and Security Maintaining Services in the Cloud Thomas Loruenser AIT Austrian Institute of Technology GmbH FOC2015 Vienna / 17.06.2015 Challenges for Future ICT Systems Cloud computing

More information

International Journal of Innovative Technology & Adaptive Management (IJITAM) ISSN: 2347-3622, Volume-1, Issue-5, February 2014

International Journal of Innovative Technology & Adaptive Management (IJITAM) ISSN: 2347-3622, Volume-1, Issue-5, February 2014 An Overview on Cloud Computing Services And Related Threats Bipasha Mallick Assistant Professor, Haldia Institute Of Technology bipasm@gmail.com Abstract. Cloud computing promises to increase the velocity

More information

FileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution.

FileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution. FileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution. In today s world the potential for ready access to data from virtually any device over any type of network connection creates

More information

Trust and Dependability in Cloud Computing

Trust and Dependability in Cloud Computing Trust and Dependability in Cloud Computing Claus Pahl IC4 Principal Investigator November 7 th, 2013 Research Philosophy design for growth design for best service provision design for widest acceptance

More information

Cloud security and OpenStack Primož Cigoj Laboratorij za odprte sisteme in mreže IJS-E5. www.kc-class.eu

Cloud security and OpenStack Primož Cigoj Laboratorij za odprte sisteme in mreže IJS-E5. www.kc-class.eu Cloud security and OpenStack Primož Cigoj Laboratorij za odprte sisteme in mreže IJS-E5 www.kc-class.eu 1 1 Outline Cloud computing General overview Deployment and service models Security issues Threats

More information

A Secure Strategy using Weighted Active Monitoring Load Balancing Algorithm for Maintaining Privacy in Multi-Cloud Environments

A Secure Strategy using Weighted Active Monitoring Load Balancing Algorithm for Maintaining Privacy in Multi-Cloud Environments IJSTE - International Journal of Science Technology & Engineering Volume 1 Issue 10 April 2015 ISSN (online): 2349-784X A Secure Strategy using Weighted Active Monitoring Load Balancing Algorithm for Maintaining

More information

A Study on Analysis and Implementation of a Cloud Computing Framework for Multimedia Convergence Services

A Study on Analysis and Implementation of a Cloud Computing Framework for Multimedia Convergence Services A Study on Analysis and Implementation of a Cloud Computing Framework for Multimedia Convergence Services Ronnie D. Caytiles and Byungjoo Park * Department of Multimedia Engineering, Hannam University

More information

WWRF Cloud Implications to Security, Privacy, and Trust

WWRF Cloud Implications to Security, Privacy, and Trust ITU-T Workshop on Addressing security challenges on a global scale 06.+07.12.2010, Geneva WWRF Cloud Implications to Security, Privacy, and Trust Mario Hoffmann Chair WWRF Working Group 7 Security & Trust

More information

Cloud Computing Governance & Security. Security Risks in the Cloud

Cloud Computing Governance & Security. Security Risks in the Cloud Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud

More information

Digital Pathways. Harlow Enterprise Hub, Edinburgh Way, Harlow CM20 2NQ. 0844 586 0040 intouch@digitalpathways.co.uk www.digpath.co.

Digital Pathways. Harlow Enterprise Hub, Edinburgh Way, Harlow CM20 2NQ. 0844 586 0040 intouch@digitalpathways.co.uk www.digpath.co. Harlow Enterprise Hub, Edinburgh Way, Harlow CM20 2NQ 0844 586 0040 intouch@digitalpathways.co.uk Security Services Menu has a full range of Security Services, some of which are also offered as a fully

More information

Data Storage Security in Cloud Computing

Data Storage Security in Cloud Computing Data Storage Security in Cloud Computing Prashant M. Patil Asst. Professor. ASM s, Institute of Management & Computer Studies (IMCOST), Thane (w), India E_mail: prashantpatil11@rediffmail.com ABSTRACT

More information

How to ensure control and security when moving to SaaS/cloud applications

How to ensure control and security when moving to SaaS/cloud applications How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk

More information

SRG Security Services Technology Report Cloud Computing and Drop Box April 2013

SRG Security Services Technology Report Cloud Computing and Drop Box April 2013 SRG Security Services Technology Report Cloud Computing and Drop Box April 2013 1 Cloud Computing In the Industry Introduction to Cloud Computing The term cloud computing is simply the use of computing

More information

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC RE Think Invent IT & Business IBM SmartCloud Security Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC 2014 IBM Corporation Some Business Questions Is Your Company is Secure

More information

IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011

IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011 IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011 Cloud Basics Cloud Basics The interesting thing about cloud computing is that we've redefined cloud computing to include everything

More information

ENISA Cloud Computing Security Strategy

ENISA Cloud Computing Security Strategy ENISA Cloud Computing Security Strategy Dr Giles Hogben European Network and Information Security Agency (ENISA) What is Cloud Computing? Isn t it just old hat? What is cloud computing ENISA s understanding

More information

Software Execution Protection in the Cloud

Software Execution Protection in the Cloud Software Execution Protection in the Cloud Miguel Correia 1st European Workshop on Dependable Cloud Computing Sibiu, Romania, May 8 th 2012 Motivation clouds fail 2 1 Motivation accidental arbitrary faults

More information

Flexible Identity Federation

Flexible Identity Federation Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services

More information

A hole in the cloud: Is cloud secure?

A hole in the cloud: Is cloud secure? A hole in the cloud: Is cloud secure? N. Vijaykumar Infosys Technologies Limited, Bangalore presented at Security in cloud is a key challenge! 70% 60% 50% 40% 30% 20% 10% 0% Data integrity tampering Hacker

More information

Property Based TPM Virtualization

Property Based TPM Virtualization Property Based Virtualization Marcel Winandy Joint work with: Ahmad Reza Sadeghi, Christian Stüble Horst Görtz Institute for IT Security Chair for System Security Ruhr University Bochum, Germany Sirrix

More information

Cloud Computing Security: Public vs. Private Cloud Computing

Cloud Computing Security: Public vs. Private Cloud Computing Cloud Computing Security: Public vs. Private Cloud Computing White paper Parallels Cloud Computing Security Overview Over the last few years, cloud computing has become a buzzword on the Internet. In simple

More information

How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1

How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1 How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1 2 How does IBM deliver cloud security? Contents 2 Introduction 3 Cloud governance 3 Security governance, risk management

More information

Cloud Data Security. Sol Cates CSO @solcates scates@vormetric.com

Cloud Data Security. Sol Cates CSO @solcates scates@vormetric.com Cloud Data Security Sol Cates CSO @solcates scates@vormetric.com Agenda The Cloud Securing your data, in someone else s house Explore IT s Dirty Little Secret Why is Data so Vulnerable? A bit about Vormetric

More information

Cloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation

Cloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation Cloud Security Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs peterjopling 2011 IBM Corporation Cloud computing impacts the implementation of security in fundamentally new ways

More information

Implementing Microsoft Azure Infrastructure Solutions 20533B; 5 Days, Instructor-led

Implementing Microsoft Azure Infrastructure Solutions 20533B; 5 Days, Instructor-led Implementing Microsoft Azure Infrastructure Solutions 20533B; 5 Days, Instructor-led Course Description This course is aimed at experienced IT Professionals who currently administer their on-premises infrastructure.

More information

Security and Cloud Computing

Security and Cloud Computing Martin Borrett, Lead Security Architect, Europe, IBM 9 th December 2010 Outline Brief Introduction to Cloud Computing Security: Grand Challenge for the Adoption of Cloud Computing IBM and Cloud Security

More information

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015 NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X

More information

Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS

Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS Char Sample Security Engineer, Carnegie Mellon University CERT Information Security Decisions TechTarget Disclaimer Standard Disclaimer - This talk

More information

Course 20533B: Implementing Microsoft Azure Infrastructure Solutions

Course 20533B: Implementing Microsoft Azure Infrastructure Solutions Course 20533B: Implementing Microsoft Azure Infrastructure Solutions Sales 406/256-5700 Support 406/252-4959 Fax 406/256-0201 Evergreen Center North 1501 14 th St West, Suite 201 Billings, MT 59102 Course

More information

Enhancing Organizational Security Through the Use of Virtual Smart Cards

Enhancing Organizational Security Through the Use of Virtual Smart Cards Enhancing Organizational Security Through the Use of Virtual Smart Cards Today s organizations, both large and small, are faced with the challenging task of securing a seemingly borderless domain of company

More information

A survey on cost effective multi-cloud storage in cloud computing

A survey on cost effective multi-cloud storage in cloud computing A survey on cost effective multi-cloud storage in cloud computing Nitesh Shrivastava, Ganesh Kumar Abstract As novel storage model, cloud storage has gain attentions from both the academics and industrial

More information

EAaaS Cloud Security Best Practices

EAaaS Cloud Security Best Practices EAaaS Cloud Security Best Practices A Technical White Paper by Sennovate Inc Jan 2013 EAaaS Cloud Security Best Practices Page 1 Introduction: Cloud security is an ever evolving subject that is difficult

More information

Cloud, Trust, Privacy. Trustworthy cloud computing whitepaper. Roland A. Burger, christian cachin, Elmar Husmann (eds.)

Cloud, Trust, Privacy. Trustworthy cloud computing whitepaper. Roland A. Burger, christian cachin, Elmar Husmann (eds.) Cloud, Trust, Privacy Trustworthy cloud computing whitepaper Roland A. Burger, christian cachin, Elmar Husmann (eds.) imprint 2013 Roland Burger, Elmar Husmann, Christian Cachin. All rights reserved. To

More information

Building More Reliable Cloud Services The CUMULUS Project

Building More Reliable Cloud Services The CUMULUS Project Building More Reliable Cloud Services The CUMULUS Project Antonio Álvarez Romero aalvarez@wtelecom.es London, 17 th June 2014 1 Table of contents Motivations Goals to be achieved What is CUMULUS? Application

More information

FTP-Stream Data Sheet

FTP-Stream Data Sheet FTP-Stream Data Sheet Problem FTP-Stream solves four demanding business challenges: Global distribution of files any size. File transfer to / from China which is notoriously challenging. Document control

More information

How Microsoft is taking Privacy by Design to Work. Alan Chan National Technology Officer Microsoft Hong Kong 7 May 2015

How Microsoft is taking Privacy by Design to Work. Alan Chan National Technology Officer Microsoft Hong Kong 7 May 2015 How Microsoft is taking Privacy by Design to Work Alan Chan National Technology Officer Microsoft Hong Kong 7 May 2015 Agenda Introducing the New Microsoft Microsoft privacy principle Protecting privacy

More information

SECURITY AND PRIVACY ISSUES IN A KNOWLEDGE MANAGEMENT SYSTEM

SECURITY AND PRIVACY ISSUES IN A KNOWLEDGE MANAGEMENT SYSTEM SECURITY AND PRIVACY ISSUES IN A KNOWLEDGE MANAGEMENT SYSTEM Chandramohan Muniraman, Meledath Damodaran, Amanda Ryan University of Houston-Victoria Abstract As in any information management system security

More information

Testing Network Virtualization For Data Center and Cloud VERYX TECHNOLOGIES

Testing Network Virtualization For Data Center and Cloud VERYX TECHNOLOGIES Testing Network Virtualization For Data Center and Cloud VERYX TECHNOLOGIES Table of Contents Introduction... 1 Network Virtualization Overview... 1 Network Virtualization Key Requirements to be validated...

More information

The governance IT needs Easy user adoption Trusted Managed File Transfer solutions

The governance IT needs Easy user adoption Trusted Managed File Transfer solutions Product Datasheet The governance IT needs Easy user adoption Trusted Managed File Transfer solutions Full-featured Enterprise-class IT Solution for Managed File Transfer Organizations today must effectively

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information

AN INVESTIGATION OF SECURITY THEME FOR CLOUD COMPUTING

AN INVESTIGATION OF SECURITY THEME FOR CLOUD COMPUTING AN INVESTIGATION OF SECURITY THEME FOR CLOUD COMPUTING Mrs. J. Pavithra 1 Mr. A. Naveen 2 1 (MRIT, Hyderabad, India, jpav23@gmail.com) 2 (Asst. Professor, MRIT, Hyderabad, India, a.naveen21@gmail.com)

More information

An Integrated CyberSecurity Approach for HEP Grids. Workshop Report. http://hpcrd.lbl.gov/hepcybersecurity/

An Integrated CyberSecurity Approach for HEP Grids. Workshop Report. http://hpcrd.lbl.gov/hepcybersecurity/ An Integrated CyberSecurity Approach for HEP Grids Workshop Report http://hpcrd.lbl.gov/hepcybersecurity/ 1. Introduction The CMS and ATLAS experiments at the Large Hadron Collider (LHC) being built at

More information

CONTROLLING DATA IN THE CLOUD: OUTSOURCING COMPUTATION WITHOUT OUTSOURCING CONTROL

CONTROLLING DATA IN THE CLOUD: OUTSOURCING COMPUTATION WITHOUT OUTSOURCING CONTROL CONTROLLING DATA IN THE CLOUD: OUTSOURCING COMPUTATION WITHOUT OUTSOURCING CONTROL Paper By: Chow, R; Golle, P; Jakobsson, M; Shai, E; Staddon, J From PARC & Masuoka, R And Mollina From Fujitsu Laboratories

More information

Outlook. Corporate Research and Technologies, Munich, Germany. 20 th May 2010

Outlook. Corporate Research and Technologies, Munich, Germany. 20 th May 2010 Computing Architecture Computing Introduction Computing Architecture Software Architecture for Outlook Corporate Research and Technologies, Munich, Germany Gerald Kaefer * 4 th Generation Datacenter IEEE

More information

ARCHITECT S GUIDE: Mobile Security Using TNC Technology

ARCHITECT S GUIDE: Mobile Security Using TNC Technology ARCHITECT S GUIDE: Mobile Security Using TNC Technology December 0 Trusted Computing Group 855 SW 5rd Drive Beaverton, OR 97006 Tel (50) 69-056 Fax (50) 644-6708 admin@trustedcomputinggroup.org www.trustedcomputinggroup.org

More information

CLOUD COMPUTING. DAV University, Jalandhar, Punjab, India. DAV University, Jalandhar, Punjab, India

CLOUD COMPUTING. DAV University, Jalandhar, Punjab, India. DAV University, Jalandhar, Punjab, India CLOUD COMPUTING 1 Er. Simar Preet Singh, 2 Er. Anshu Joshi 1 Assistant Professor, Computer Science & Engineering, DAV University, Jalandhar, Punjab, India 2 Research Scholar, Computer Science & Engineering,

More information

1.1.1 Introduction to Cloud Computing

1.1.1 Introduction to Cloud Computing 1 CHAPTER 1 INTRODUCTION 1.1 CLOUD COMPUTING 1.1.1 Introduction to Cloud Computing Computing as a service has seen a phenomenal growth in recent years. The primary motivation for this growth has been the

More information

Data Integrity Check using Hash Functions in Cloud environment

Data Integrity Check using Hash Functions in Cloud environment Data Integrity Check using Hash Functions in Cloud environment Selman Haxhijaha 1, Gazmend Bajrami 1, Fisnik Prekazi 1 1 Faculty of Computer Science and Engineering, University for Business and Tecnology

More information

Network Security in Building Networks

Network Security in Building Networks Network Security in Building Networks Prof. Dr. (TU NN) Norbert Pohlmann Institute for Internet Security - if(is) Westphalian University of Applied Sciences Gelsenkirchen, Germany www.if-is.net Content

More information

PART I: The Pros and Cons of Public Cloud Computing

PART I: The Pros and Cons of Public Cloud Computing PART I: The Pros and Cons of Public Cloud Computing Pros 1. Efficiently use the resource through sharing Users from companies or enterprises can access to the centralized servers where data are stored

More information

Cloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive

Cloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 Key Points Introduction Threat Model Primer Assessing Threats Mitigating Threats Sample Threat Model Exercise

More information

Intrusion Detection from Simple to Cloud

Intrusion Detection from Simple to Cloud Intrusion Detection from Simple to Cloud ICTN 6865 601 December 7, 2015 Abstract Intrusion detection was used to detect security vulnerabilities for a long time. The methods used in intrusion detection

More information

Ensuring the security of your mobile business intelligence

Ensuring the security of your mobile business intelligence IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive

More information

CLOUD COMPUTING IN HIGHER EDUCATION

CLOUD COMPUTING IN HIGHER EDUCATION Mr Dinesh G Umale Saraswati College,Shegaon (Department of MCA) CLOUD COMPUTING IN HIGHER EDUCATION Abstract Technology has grown rapidly with scientific advancement over the world in recent decades. Therefore,

More information

SecureAge SecureDs Data Breach Prevention Solution

SecureAge SecureDs Data Breach Prevention Solution SecureAge SecureDs Data Breach Prevention Solution In recent years, major cases of data loss and data leaks are reported almost every week. These include high profile cases like US government losing personal

More information

Securing sensitive data at Rest ProtectFile, ProtectDb and ProtectV. Nadav Elkabets Presale Consultant

Securing sensitive data at Rest ProtectFile, ProtectDb and ProtectV. Nadav Elkabets Presale Consultant Securing sensitive data at Rest ProtectFile, ProtectDb and ProtectV Nadav Elkabets Presale Consultant Protecting Your Data Encrypt Your Data 1 ProtectFile StorageSecure ProtectDB ProtectV Databases File

More information

Healthcare: La sicurezza nel Cloud October 18, 2011. 2011 IBM Corporation

Healthcare: La sicurezza nel Cloud October 18, 2011. 2011 IBM Corporation Healthcare: La sicurezza nel Cloud October 18, 2011 Cloud Computing Tests The Limits Of Security Operations And Infrastructure Security and Privacy Domains People and Identity Data and Information Application

More information

The Benefits of SSL Content Inspection ABSTRACT

The Benefits of SSL Content Inspection ABSTRACT The Benefits of SSL Content Inspection ABSTRACT SSL encryption is the de-facto encryption technology for delivering secure Web browsing and the benefits it provides is driving the levels of SSL traffic

More information

Six Challenges for the Privacy and Security of Health Information. Carl A. Gunter University of Illinois

Six Challenges for the Privacy and Security of Health Information. Carl A. Gunter University of Illinois Six Challenges for the Privacy and Security of Health Information Carl A. Gunter University of Illinois The Six Challenges 1. Access controls and audit 2. Encryption and trusted base 3. Automated policy

More information

CLOUD COMPUTING SECURITY ISSUES

CLOUD COMPUTING SECURITY ISSUES CLOUD COMPUTING SECURITY ISSUES Florin OGIGAU-NEAMTIU IT Specialist The Regional Department of Defense Resources Management Studies, Brasov, Romania The term cloud computing has been in the spotlights

More information

Chapter 6: Fundamental Cloud Security

Chapter 6: Fundamental Cloud Security Chapter 6: Fundamental Cloud Security Nora Almezeini MIS Department, CBA, KSU From Cloud Computing by Thomas Erl, Zaigham Mahmood, and Ricardo Puttini(ISBN: 0133387526) Copyright 2013 Arcitura Education,

More information

A PRACTICAL APPROACH TO INCLUDE SECURITY IN SOFTWARE DEVELOPMENT

A PRACTICAL APPROACH TO INCLUDE SECURITY IN SOFTWARE DEVELOPMENT A PRACTICAL APPROACH TO INCLUDE SECURITY IN SOFTWARE DEVELOPMENT Chandramohan Muniraman, University of Houston-Victoria, chandram@houston.rr.com Meledath Damodaran, University of Houston-Victoria, damodaranm@uhv.edu

More information

Appendix to; Assessing Systemic Risk to Cloud Computing Technology as Complex Interconnected Systems of Systems

Appendix to; Assessing Systemic Risk to Cloud Computing Technology as Complex Interconnected Systems of Systems Appendix to; Assessing Systemic Risk to Cloud Computing Technology as Complex Interconnected Systems of Systems Yacov Y. Haimes and Barry M. Horowitz Zhenyu Guo, Eva Andrijcic, and Joshua Bogdanor Center

More information

Capturing the New Frontier:

Capturing the New Frontier: Capturing the New Frontier: How Software Security Unlocks the Power of Cloud Computing Executive Summary Cloud computing is garnering a vast share of IT interest. Its promise of revolutionary cost savings

More information

Azure Security Services, Features and Options. Ioannis Stavrinides Technical Evangelist, CEE MC

Azure Security Services, Features and Options. Ioannis Stavrinides Technical Evangelist, CEE MC Azure Security Services, Features and Options Ioannis Stavrinides Technical Evangelist, CEE MC Agenda for today General security features Encryption Other security mechanisms Azure Active Directory security

More information

Index. BIOS rootkit, 119 Broad network access, 107

Index. BIOS rootkit, 119 Broad network access, 107 Index A Administrative components, 81, 83 Anti-malware, 125 ANY policy, 47 Asset tag, 114 Asymmetric encryption, 24 Attestation commercial market, 85 facts, 79 Intel TXT conceptual architecture, 85 models,

More information

BENEFITS OF MOBILE DEVICE MANAGEMENT

BENEFITS OF MOBILE DEVICE MANAGEMENT BENEFITS OF MOBILE DEVICE MANAGEMENT White Paper 2013 SUMMARY OVERVIEW This white paper outlines the benefits of Mobile Device Management in different use cases. SyncShield is a Mobile Device Management

More information