Towards Trusted Environment in Cloud Monitoring

Size: px
Start display at page:

Download "Towards Trusted Environment in Cloud Monitoring"

Transcription

1 Towards Trusted Environment in Cloud Monitoring Tuomas Kekkonen, Teemu Kanstrén VTT Technical Research Centre of Finland Oulu, Finland Kimmo Hätönen Nokia Solutions and Networks Espoo, Finland Abstract This paper investigates the problem of providing trusted monitoring information on a cloud environment to the cloud customers. The general trust between customer and provider is taken as a starting point. The paper discusses possible methods to strengthen this trust. It focuses on establishing a chain of trust inside the provider infrastructure to supply monitoring data for the customer. The goal is to enable delivery of state and event information to parties outside the cloud infrastructure. The current technologies and research are reviewed for the solution and the usage scenario is presented. Based on such technology, higher assurance of the cloud can be presented to the customer. This allows customers with high security requirements and responsibilities to have more confidence in accepting the cloud as their platform of choice. Keywords-cloud; TPM; integrity measurement; remote attestation; security measurement, security concerns I. INTRODUCTION Cloud platforms are used to host increasing number of services and data. The capability to provide resources flexibly with usage based pricing eases the launch of new services and relieves companies from the duty of running data centers while focusing more on their core knowledge. The extremely low investment in starting of operations has started a new generation of startup businesses. Still, giving data to cloud service provider raises concern in many users. This is sometimes considered a generation change in the information technology. Some administrators still have the need to manage their whole infrastructure from the underlying layers of hardware to applications. Convincing this group of administrators with new mechanisms, while at the same time running a highly dynamic and distributed platform, is a challenge. Also, news about leaks in provider infrastructures and cooperation with security agencies prove that it is not only paranoia of some administrators but a genuine concern. The task of convincing the cloud customers about the cloud infrastructure security lies on the shoulders of the cloud infrastructure providers. We assume an infrastructure provider to have a suitable level of security built in, and the availability of audit results to show this. In this paper we focus on the problem of providing reliable continuous operational assurance to the cloud customer that can show that the security is of acceptable or agreed level. We present a high-level approach for providing this assurance information and investigate its usability and security enhancements. More specifically this paper investigates the possibility to have a reliable high-assurance component in the cloud infrastructure. Specific means are taken to provide a chain of trust and the ability to communicate information from both the infrastructure services and the customer services to an external (outside the cloud) customer monitoring point. The customer needs to be able to have high assurance on the integrity of the received data. The component provides the customer with agreed but limited access to monitor the cloud infrastructure. As the infrastructure provider has full access to all hardware and the customer does not, providing such components with high assurance of no tampering from the cloud provider has proven difficult. The work presented in this paper aims to address 1) providing shared access to relevant cloud infrastructure information, and 2) high assurance means to provide confidence on the integrity of this information. The paper continues by describing the problem area in Section II. Section III lists existing work in the area. Section IV describes our approach to this problem by adapting existing technologies and making use of their advantages. Lastly Section V discusses the approach and its potential weaknesses to be addressed in a wider context. Section VI concludes of the paper. II. CLOUD SECURITY CONCERNS Research has listed security concerns and challenges in cloud computing vastly [1] [2] [3] [4]. Often the technological research has quite different view of cloud security than surveys based on companies perception of cloud vulnerabilities. More focus is put on the implementation of security rather than how this security is seen by the potential customer. Cloud security alliance has a working group titled Top Threats which conducts surveys to understand the perceived risks in cloud computing [5]. The latest publication lists the top threats in descending order to be data breaches, data loss, account hijacking, insecure APIs, denial of service, malicious insiders, abuse of cloud resources, insufficient due diligence and shared technology issues. Most of these threats are present in any type of hosting infrastructure but have a higher probability and impact in case of cloud. This is due to multi tenancy and centralized hosting. Some, such as insecure APIs and abuse of cloud resources, are somewhat specific or unique to cloud platforms.

2 A. Trust One key issue in adopting cloud platforms mentioned by the report is the bypassing of information technology departments and information officers. The possibility to outsource data centers should not mean to outsource all IT expertise as not all the responsibility can be handed over to the cloud providers. As the responsibility still stays with the customer of the cloud, the customer should have necessary capability to address these responsibilities. This psychological mind-troubling issue in cloud platforms is the lack of awareness or contact into the infrastructure. The implementation of security in a cloud provider s infrastructure might be paramount and all the certificates can show that. Despite of all this, for a traditional administrator, all this is irrelevant and it all comes down to trusting the provider. For a novice user with even less knowledge of security or computing, the list of certificates and security policies is even less convincing. The goal of the work presented in this paper is providing means to increase this trust. In a typical scenario of data center outsourcing, a company transfers its server to an Infrastructure as a Service (IAAS) cloud provider. To drastically simplify this scenario, nothing changes with regard to local deployment, but the previously local hardware servers are replaced with virtual machines running on an external hardware. So the new concerns stem from this set up. Newly introduced worries are the visibility of data from outside the virtual machine because now the data is in some other location and someone else s hard drive. It might need to be encrypted. These types of new mechanisms to compensate the lost confidence increase the complexity. One option to increase trust is enabling of customers own mechanism in security monitoring and control without compromising the multi-tenant infrastructure. This would require it to be implemented in a way that it does not interfere with the cloud infrastructure operation. Otherwise it would impact the performance and flexibility benefits gained from cloud based architecture. The approach of increasing the customer trust with inclusion of trusted execution components is investigated in this paper. This path is investigated by introducing a scenario where a cloud customer can retrieve information from the infrastructure any time in any data center of the cloud provider. The technical details of this scenario are described in Section IV. B. Virtualization Virtualization is the main enabler of cloud technologies. It is also the cause of many security concerns. Because of virtualization it is possible to share and use resources dynamically and more efficiently. This brings up one of the main causes of security concerns, the multi tenancy aspect. The privacy of data and communication inside a virtual machine and between the virtual machine and its owner is not absolute [6]. During the development of hypervisors some vulnerabilities have been discovered which enable the visibility of data between virtual machines and from virtual machines to the host system [7]. In another viewpoint the virtualization is often seen as limitation to the cloud provider in terms of security. It is difficult to provide security services when the customer has its own container for its operations. In such scenarios the provider offers security as a service functionalities which are delivered as additions to the virtual machines. Also the security monitoring of customers virtual machines is often in focus. The operations of customer inside its own environent are however difficult to monitor from the host perspective. Currently the research focuses in memory and network activity tracing. [8] [9] C. Platforms There are varying technologies for providing cloud services. Depending on whether service, infrastructure or platform is provided the simplicity of interfaces and amount of choises for technology can be immense. Our focus is on infrastructure as a service (IAAS) and the tools in question are for provisioning and managing virtual machines. Managing virtual machines consists of tasks like monitoring their state, migrating to other locations, configuring their virtual system resources or externally configuring the virtual machine settings through an additional interface. Currently well-defined architectural models for the IAAS provisioning and management do not exist. [10] Therefore it is also difficult to design security infrastructures that take into account different provisioning and management approaches. III. EXISTING APPROACHES TO THE PROBLEM Approaches that can be described as to provide more information about the cloud deployed services and its surroundings are mostly relying on providing monitoring or separate authentication or key management solutions. The monitoring solutions often focus on resource monitoring and more general monitoring [11]. Security event monitoring is less commonly provided by the cloud providers and is considered to be handled by the customer. In IAAS type of service this arrangement makes sense because of the limitations and nature of virtualization technologies. This all relates back to the multi-tenant usage mentioned earlier. Most common way of polishing the appearance of trustworthiness is displaying certificates. Certificates are a proof that system or process follows certain guidelines. Certificate authority performs audits to the system and grants those systems a certificate. IT security field has masses of certificates that can show the state of implemented security in a system. Amazon web services advertise a list of more than 10 certificates received. However a major security hole unblockable by certificate proven security is the insider who changes something in the system. After this the security of the system does not match the one at the time of the certificate given. The frequency of the audits plays important role in the certificate process and no human performed audit can reach adequate frequency affordably. A technology to automatically measure and show the integrity of the system would play a major role. The audit schemes of security measures were recently reviewed by the European Union Agency for Network and Information Security (ENISA) [12]. They also came into conclusion that most auditing schemes are point-in-time assessments and that this

3 approach without capability to adapt to changes is not adequate. A. Monitoring Cloud monitoring is based on the data given to customers by the provider. In commercial systems it focuses on resource monitoring. However, research that focuses on security measurement delivery also exists. The common approach in operational monitoring is in gathering and delivery of information. Savola and Ahola in [13] depict an approach which focus on delivery and usability while leaving the reliability to less focus. In [11] the reliability aspect is covered in terms of communication reliability and information availability. The distributed nature of cloud infrastructures causes the problem of linking the context and the information. Resources in cloud can migrate between data centers and hosts. Also the information for monitoring can be provided from many sources. Especially when investigating causes of events the investigator has to rely on logs provided by possibly hundreds of applications and network components. Finding the correlation of entries becomes difficult. Monitoring for cloud infrastructures has some suggestions that formalize data provided from different sources and attach context information. With proper tools the analysis of such data is much more convenient. However such standards are still in drafting stage [14]. B. Trusted execution The trusted cloud concept is mentioned in research. [15] [16] [17] This introduces the usage of secure elements as tools in security mechanisms. In this context this means Hardware Security Modules (HSM) in key management, Trusted Platform Module (TPM) in attestation or additional hardware tokens for authentication. TPM offers variety of additional functions. Its main features simply put are the capability to store secrets securely and perform integrity measurements. It is also attached to the hardware by the manufacturer and considered tamper free. This is defined by the trusted computing group (TCG) and it has become the industry standard of trusted environment implementation. These features are listed by TCG as protected capabilities, integrity measurement and integrity reporting. [18] [19] Taking advantage of the TPM features in cloud infrastructure, management can have many approaches. Some scenarios of TPM usage in cloud security management are listed in the following. Integrity measurement features of TPM enable the secure measurement function and storage of the signature. It can be used by boot procedures and applications. Storing of keys for communication and encryption securely on TPM. Root of trust in integrity measurement. Chain of trust until operating system and applications can be established by measuring each component in chain of trust by a component that has already been measured. Cryptography features enable sending of information sealed so the target hardware is in assumed state when receiving. Remote attestation provides the capability of system integrity evaluation by a remote party. This is based on sharing the PCR values remotely. The integrity measurement of TPM relies on BIOS and operating system providing information to the TPMs platform configuration registers (PCR). The hardware configuration of the system results in a certain PCR content. Operating system is responsible for changing register values based on its configuration and running processes. Taking advantage of those features depends on the operating system and its configuration. This information can be used in cloud monitoring to reliably assess the system state. Part of the trusted environment concept is the operating system. Operating system is trusted to perform certain integrity measurements. IBM has developed Linux integrity measurement architecture (IMA) that performs measurements for accessed files. This measurement is stored and extended to TPM PCR registers. This way each time a file is accessed it leaves a trail. This is however not usable of approving a certain state in the system. An approved state could not be limited in such a way where file access would have to follow a specific order until a certain state where it would remain. However this also includes the measurement of Linux boot components and modules that include applications into the chain of trust. IMA is developed as a Linux security module (LSM). It extends the root of trust from TPM hardware to the booted kernel. Other approaches using LSM to extend the trust into kernel and applications exist. For example [20] and [21] exhibit applications of this trust into integrity measurements of applications and web services. This approach is also applied in the work presented in this paper. A commercially deployed solution specifically applicable for cloud platforms is a trusted execution technology based Intel TXT (Trusted execution technology). It uses TPM hardware and integrity measurements to assure that the data center server hardware and the hypervisor remain in the agreed state. It is available on servers using the Intel TXT technology with appropriate tools. It can also limit the migration map of virtual machines to servers which carry this trusted execution technology addition [22]. Ultimately the problem is quite difficult. The administrator of the system hosting the cloud infrastructure has total control of everything. That enables it to alter any file, reset certain TPM PCRs, or even all PCRs by tampering with hardware [23], which however is hard to exploit and noticeable, reboot the machine, capture traffic or run false applications. It might be unfeasible to make a trust scenario where the customer does not need to trust the provider at all. The technical solution of the problem comes down to extending the root of trust from the TPM hardware into the applications.

4 IV. OUR APPROACH The approach taken here aims to have some new certainty in the integrity of information provided by the cloud provider about its infrastructure. It attempts to give broader understanding of the surroundings of the purchased resource as a service. It focuses on the case of IAAS provider but its concept is applicable throughout the cloud deployment layers. The philosophy is to have some shared reliable event and state data available from the cloud infrastructure. Based on customers desires they could subscribe to data delivered by the cloud infrastructure. The structure of this data has to follow a principle that enables it to be made anonymous to achieve privacy in multi tenancy when needed. Investigated scenario is a typical IAAS provider one where the customer wants to be certain of the integrity of the agreed environment. This integrity is assured with the integrity measurement capabilities of the TPM. This integrity attestation provides the customer a way to perform queries or requests to receive more detailed and reliable information about the infrastructure state. The main goal is to identify the capabilities of such setup and the usability of it in cloud management tasks. The information provided in the inspected scenario is delivered with a tool designed for operational security assurance called Le-mon [24]. It includes probes, messaging protocol and measurement hierarchy for security measurement retrieval and delivery. This framework is used as basis for the cloud provider to share information. Its components, especially the probe at the host system, are measured for integrity by the customers. The motives of the approach presented in this paper are also based on the need of operational security assurance we have researched before and introducing its functionalities reliably in cloud infrastructures. The architecture of the monitoring approach motivating this paper is shown in Figure 1. The picture also shows another tool developed for measurement and metric visualization called MVS. A. Features of the approach Monitoring system offers few key features. The applications built on top of these can vary depending on the requirements. The system would provide necessary APIs to build applications with features such as cloud management, migration tracking, safe authentication, event tracing, provisioning and more. The three core features can be listed as following: The provider has a monitoring probe that provides certain set of measurements of a host system in its infrastructure. Customer can subscribe to these measurements according to its interest and level of service purchased from the provider. Any customer can at any time perform a measurement to attest the state of the host system and the monitoring application. The main focus of this investigation is on the last feature. B. Scenario details The scenario in focus is simply a delivery of operating system information from the host machine running the hypervisor and the virtual machines. This is challenging because of the multi tenancy and the virtual machine host communication and security. A simple delivery of system authentication log from a Linux operating system is used as an example. This is provided by the cloud provider and subscribed to by the customer. In a broader scenario the information provided by the cloud provider can be more extensive. For making the scenario more usable it is run with changing host system configurations which should be noticed by the integrity measurement function of the TPM. The key security goals are following: The integrity of the infrastructure and integrity of the information delivered. Figure 1 Attestation of the monitoring application integrity

5 In more detailed way the integrity of the infrastructure is assured by remotely attesting the TPM PCR registers. Those are written by the BIOS of the host system and they represent the state of the hardware configuration of the system. For simplicity only a few registers are chosen (PCR0 and PCR1). The integrity of the infrastructure includes that the probe software remains the same. PCR1 is extended with the probe application measurement when any customer wants to measure it. From the PCR register values the customer can be sure that the VM is running in an expected environment and the request is processed appropriately. Integrity of the information delivered deals with the information sent from the infrastructure to the customer. The reliability of this information is the key feature of gaining new trust in the awareness of the cloud infrastructure. It can be assured by using the signature created by the securely stored information within the TPM. The privacy of the information delivered in such multitenant scenario would require management of separate encryption keys. Another key point in virtual machine environment and multi tenancy is the point that no data contained in the host operating system is usually visible to the virtual machine unless it is made visible as some type of shared resource. In this scenario the shared resource would be the system log of the host operating system which would be delivered to the customers. This log can contain private data relevant to specific guest operating system and this privacy concern is ignored here. The system log is considered safe to deliver to all guests. In other scenarios, specific preprocessing could be performed to remove confidential customer specific information. The operation of these security features requires a previously completed approval of the system state and TPM PCR values. This can be done as a third party certification process or audit. In the following, we focus on proving assurance of the integrity of system state. The principle of assuring the integrity of the application providing the log is based on the chain of trust established by implementing an LSM based attestation component in the host system. In every boot this attestation component is checked for integrity and this can be verified by the customer by remote attestation. This attestation component can be called any time the integrity of the measurement probe has to be checked. The need for two separate components is required because the measurement probe can change but the attestation component does not need to. The attestation procedure is shown in Figure 2. C. The sequence of operations As a precondition the cloud customer has a virtual machine hosted by the cloud provider. The cloud provider has delivered the probe software and necessary attestation information about the software to the client. The probe software runs on each machine in the cloud provider infrastructure. Customers are subscribed to the measurement. This is the certified starting point. Customer uses a measurement API to generate a request for integrity measurement. API call generates a nonce parameter for the remote attestation. Request is sent to the measurement delivery system. Nonce is a freshness parameter included in the generation. The probe at the virtual machine receives the message and delivers to its host machine through the virtual network provided by the XEN hypervisor. Another probe component at the host system receives the request. It calculates new integrity metric of the measurement probe and extends the PCR register with the value. Key is to use a PCR register that cannot be reset. Remote attestation value of PCR registers is created. Values are relayed back to the origin through the virtual machine probe and the measurement delivery system. Integrity metric is compared with the certified one. Other customers are notified that the measurement was done. They can reflect this to their comparison hash. Figure 2 Attestation within cloud infrastructure component V. APPROACH EVALUATION The approach described in previous chapter provides trust that the system has remained in agreed state. This relies on the fact that PCR register in TPM cannot be reset and its values can only be changed by extending its registers with data that generates new value in it by adding new data to old value. If at any time the register is extended with other data the chain is broken and any customer will notice this. When applying this methodology to serve as a usable platform for cloud management, many other features need to be implemented and security concerns covered. As mentioned, to achieve privacy between tenants in the cloud, key management solutions need to be employed. The inclusion of more hosts and data centers requires management of integrity metrics comparison databases for the customer. Another thing to consider is the fact that the measured binary of measurement application might not be the one actually running on the system. This is a concern and needs to be taken care of by either measuring the operating system

6 processes more extensively or using authentication mechanism in the measurement application. Additional advantage of the approach is the capability to detect migration within the cloud infrastructure. This is established by the PCR attestation and the connection to the host being established by its own guest virtual machine. This however relies on the assumption that the host of the virtual machine is available and genuine in the virtual network and traffic is not routed to somewhere else. The actual usability of the information relies on creating metrics based on the available measurements. The way of using the information can vary and automatic monitoring might not be the goal for every customer. Some might need the measurement for later investigation in cases of data breaches. In such cases the data has to be stored and structured. It might also need to go through some filtration process to save only the relevant information. All the management tasks and providing of knowledge to the customer has to be implemented in a way that it allows the same functionality of cloud services. Limitation of accepted cloud infrastructure components can limit the capability of the provider and therefore the cloud philosophy. Because of this the extension of the new trusted technology capabilities to new cloud resources has to be fluent VI. CONCLUSION Establishing the chain of trust inside the cloud provider infrastructure to reach a monitoring probe was the main goal of this paper. This has been investigated and its capabilities and flaws listed by going through technologies and research relevant to this topic. The validity of the approach relies on the validity of the TPM implementation and its usage to validate the integrity of Linux kernel components. The approach will be further investigated with broad implementation and testing. ACKNOWLEDGMENT The research was carried out as part of Security Embedded Element and Data privacy for the Cloud (SEED4C) Celtic-Plus Eureka project. Multiple project partners have influenced the work. REFERENCES [1] Kresimir Popovic and Zeljko Hocenski, "Cloud computing security issues and challenges," in MIPRO, 2010 proceedings of the 33rd international convention, 2010, pp [2] Sara Bouchenak et al., "Verifying Cloud Services: Present and Future," Operating Systems Review, vol. 48, [3] Akhil Behl, "Emerging security challenges in cloud computing: An insight to cloud security challenges and their mitigation," in Information and Communication Technologies (WICT), 2011 World Congress on, 2011, pp [4] Balachandra Reddy Kandukuri, V Ramakrishna Paturi, and Atanu Rakshit, "Cloud security issues," in Services Computing, SCC'09. IEEE International Conference on, 2009, pp [5] Top Threats Working Group, "The notorious nine: cloud computing top threats in 2013," Cloud Security Alliance, Tech. rep [6] Mihai Christodorescu, Reiner Sailer, Douglas Lee Schales, Daniele Sgandurra, and Diego Zamboni, "Cloud security is not (just) virtualization security: a short paper," in Proceedings of the 2009 ACM workshop on Cloud computing security, 2009, pp [7] Louis Turnbull and Jordan Shropshire, "Breakpoints: An analysis of potential hypervisor attack vectors," in Southeastcon, 2013 Proceedings of IEEE, 2013, pp [8] Seungwon Shin and Guofei Gu, "CloudWatcher: Network security monitoring using OpenFlow in dynamic cloud networks (or: How to provide security monitoring as a service in clouds?)," in Network Protocols (ICNP), th IEEE International Conference on, 2012, pp [9] Amani S Ibrahim, James Hamlyn-Harris, John Grundy, and Mohamed Almorsy, "Cloudsec: a security monitoring appliance for virtual machines in the iaas cloud model," in Network and System Security (NSS), th International Conference on, 2011, pp [10] Yuri Demchenko et al., "Security infrastructure for on-demand provisioned cloud infrastructure services," in Cloud Computing Technology and Science (CloudCom), 2011 IEEE Third International Conference on, 2011, pp [11] Shicong Meng et al., "Reliable state monitoring in cloud datacenters," in Cloud Computing (CLOUD), 2012 IEEE 5th International Conference on, 2012, pp [12] European Union Agency for Network and Information Security, "Schemes for Auditing Security Measures," European Union Agency for Network and Information Security, Tech. rep [13] Reijo M Savola and Jukka Ahola, "Towards remote security monitoring in cloud services utilizing security metrics," in Application of Information and Communication Technologies (AICT), th International Conference on, 2012, pp [14] The Distributed Management Task Force, Inc, Cloud Auditing Data Federation, Data Format and Interface Definitions Specification, [15] Hiroyuki Sato, Atsushi Kanai, and Shigeaki Tanimoto, "A cloud trust model in a security aware cloud," in Applications and the Internet (SAINT), th IEEE/IPSJ International Symposium on, 2010, pp [16] Derek Gordon Murray, Grzegorz Milos, and Steven Hand, "Improving Xen security through disaggregation," in Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments, 2008, pp [17] Ronald Perez, Reiner Sailer, and Leendert van Doorn, "vtpm: virtualizing the trusted platform module," in Proceedings of the 15th conference on USENIX Security Symposium, 2006, pp [18] Allan Tomlinson, "Introduction to the TPM," in Smart Cards, Tokens, Security and Applications.: Springer, 2008, pp [19] Trusted Computing Group, "TPM Main Specification Version 1.2, Revision 94," Trusted Computing Group, Tech. rep.. [20] Liang Gu, Xuhua Ding, Robert Huijie Deng, Bing Xie, and Hong Mei, "Remote attestation on program execution," in Proceedings of the 3rd ACM workshop on Scalable trusted computing, 2008, pp [21] Sachiko Yoshihama, Tim Ebringer, Megumi Nakamura, Seiji Munetoh, and Hiroshi Maruyama, "WS-Attestation: Efficient and fine-grained remote attestation on web services," in Web Services, ICWS Proceedings IEEE International Conference on, [22] James Greene, "Intel Trusted Execution Technology," Intel Corporation, White paper [23] ER Sparks and others, "TPM reset attack," Web page, URL: cs. dartmouth. edu/~ pkilab/sparks. [24] Sammy Haddad et al., "Operational security assurance evaluation in open infrastructures," in Risk and Security of Internet and Systems (CRiSIS), th International Conference on, 2011, pp. 1-6.

Seed4C: A Cloud Security Infrastructure validated on Grid 5000

Seed4C: A Cloud Security Infrastructure validated on Grid 5000 Seed4C: A Cloud Security Infrastructure validated on Grid 5000 E. Caron 1, A. Lefray 1, B. Marquet 2, and J. Rouzaud-Cornabas 1 1 Université de Lyon. LIP Laboratory. UMR CNRS - ENS Lyon - INRIA - UCBL

More information

Index. BIOS rootkit, 119 Broad network access, 107

Index. BIOS rootkit, 119 Broad network access, 107 Index A Administrative components, 81, 83 Anti-malware, 125 ANY policy, 47 Asset tag, 114 Asymmetric encryption, 24 Attestation commercial market, 85 facts, 79 Intel TXT conceptual architecture, 85 models,

More information

Patterns for Secure Boot and Secure Storage in Computer Systems

Patterns for Secure Boot and Secure Storage in Computer Systems Patterns for Secure Boot and Secure Storage in Computer Systems Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany {hans.loehr,ahmad.sadeghi,marcel.winandy}@trust.rub.de

More information

Control your corner of the cloud.

Control your corner of the cloud. Chapter 1 of 5 Control your corner of the cloud. From the halls of government to the high-rise towers of the corporate world, forward-looking organizations are recognizing the potential of cloud computing

More information

The Analysis of Cloud Computing Major Security Concerns & Their Solutions

The Analysis of Cloud Computing Major Security Concerns & Their Solutions Journal of Information & Communication Technology Vol. 6, No. 2, (Fall 2012) 48-53 The Analysis of Cloud Computing Major Security Concerns & Their Solutions Farhat Sharif * Institute of Business and Technology

More information

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao Guocui.gao@tufts.

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao Guocui.gao@tufts. Tufts University Department of Computer Science COMP 116 Introduction to Computer Security Fall 2014 Final Project Investigating Security Issues in Cloud Computing Guocui Gao Guocui.gao@tufts.edu Mentor:

More information

Security and Privacy in Public Clouds. David Lie Department of Electrical and Computer Engineering University of Toronto

Security and Privacy in Public Clouds. David Lie Department of Electrical and Computer Engineering University of Toronto Security and Privacy in Public Clouds David Lie Department of Electrical and Computer Engineering University of Toronto 1 Cloud Computing Cloud computing can (and is) applied to almost everything today.

More information

The Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall.

The Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall. The Magical Cloud Lennart Franked Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall. 2014-10-20 Lennart Franked (MIUN IKS) The Magical Cloud 2014-10-20 1 / 35

More information

Safeguarding the cloud with IBM Dynamic Cloud Security

Safeguarding the cloud with IBM Dynamic Cloud Security Safeguarding the cloud with IBM Dynamic Cloud Security Maintain visibility and control with proven security solutions for public, private and hybrid clouds Highlights Extend enterprise-class security from

More information

Cloud Data Protection for the Masses

Cloud Data Protection for the Masses Cloud Data Protection for the Masses N.Janardhan 1, Y.Raja Sree 2, R.Himaja 3, 1,2,3 {Department of Computer Science and Engineering, K L University, Guntur, Andhra Pradesh, India} Abstract Cloud computing

More information

UNCLASSIFIED Version 1.0 May 2012

UNCLASSIFIED Version 1.0 May 2012 Secure By Default: Platforms Computing platforms contain vulnerabilities that can be exploited for malicious purposes. Often exploitation does not require a high degree of expertise, as tools and advice

More information

How to Secure Infrastructure Clouds with Trusted Computing Technologies

How to Secure Infrastructure Clouds with Trusted Computing Technologies How to Secure Infrastructure Clouds with Trusted Computing Technologies Nicolae Paladi Swedish Institute of Computer Science 2 Contents 1. Infrastructure-as-a-Service 2. Security challenges of IaaS 3.

More information

Position Paper: Can the Web Really Use Secure Hardware?

Position Paper: Can the Web Really Use Secure Hardware? Position Paper: Can the Web Really Use Secure Hardware? Justin King-Lacroix 1 Department of Computer Science, University of Oxford justin.king-lacroix@cs.ox.ac.uk Abstract. The Web has become the platform

More information

Attestation and Authentication Protocols Using the TPM

Attestation and Authentication Protocols Using the TPM Attestation and Authentication Protocols Using the TPM Ariel Segall June 21, 2011 Approved for Public Release: 11-2876. Distribution Unlimited. c 2011. All Rights Reserved. (1/28) Motivation Almost all

More information

SECURITY THREATS TO CLOUD COMPUTING

SECURITY THREATS TO CLOUD COMPUTING IMPACT: International Journal of Research in Engineering & Technology (IMPACT: IJRET) ISSN(E): 2321-8843; ISSN(P): 2347-4599 Vol. 2, Issue 3, Mar 2014, 101-106 Impact Journals SECURITY THREATS TO CLOUD

More information

A Virtualized Linux Integrity Subsystem for Trusted Cloud Computing

A Virtualized Linux Integrity Subsystem for Trusted Cloud Computing A Virtualized Linux Integrity Subsystem for Trusted Cloud Computing Stefan Berger Joint work with: Kenneth Goldman, Dimitrios Pendarakis, David Safford, Mimi Zohar IBM T.J. Watson Research Center 09/21/2011

More information

TPM Key Backup and Recovery. For Trusted Platforms

TPM Key Backup and Recovery. For Trusted Platforms TPM Key Backup and Recovery For Trusted Platforms White paper for understanding and support proper use of backup and recovery procedures for Trusted Computing Platforms. 2006-09-21 V0.95 Page 1 / 17 Contents

More information

Cloud Computing Governance & Security. Security Risks in the Cloud

Cloud Computing Governance & Security. Security Risks in the Cloud Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud

More information

Property Based TPM Virtualization

Property Based TPM Virtualization Property Based Virtualization Marcel Winandy Joint work with: Ahmad Reza Sadeghi, Christian Stüble Horst Görtz Institute for IT Security Chair for System Security Ruhr University Bochum, Germany Sirrix

More information

Secure Data Management in Trusted Computing

Secure Data Management in Trusted Computing 1 Secure Data Management in Trusted Computing Ulrich Kühn Deutsche Telekom Laboratories, TU Berlin Klaus Kursawe (KU Leuven) Stefan Lucks (U Mannheim) Ahmad-Reza Sadeghi (RU Bochum) Christian Stüble (RU

More information

A Proxy-Based Data Security Solution in Mobile Cloud

A Proxy-Based Data Security Solution in Mobile Cloud , pp. 77-84 http://dx.doi.org/10.14257/ijsia.2015.9.5.08 A Proxy-Based Data Security Solution in Mobile Cloud Xiaojun Yu 1,2 and Qiaoyan Wen 1 1 State Key Laboratory of Networking and Switching Technology,

More information

Security Considerations in Cloud Deployments Matthew Garrett

Security Considerations in Cloud Deployments Matthew Garrett <matthew.garrett@nebula.com> Security Considerations in Cloud Deployments Matthew Garrett (cloud) Computing for the Enterprise Security concerns in traditional hosting Someone hacks your system Your hosting

More information

Technical Brief Distributed Trusted Computing

Technical Brief Distributed Trusted Computing Technical Brief Distributed Trusted Computing Josh Wood Look inside to learn about Distributed Trusted Computing in Tectonic Enterprise, an industry-first set of technologies that cryptographically verify,

More information

Cloud-Security: Show-Stopper or Enabling Technology?

Cloud-Security: Show-Stopper or Enabling Technology? Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics

More information

International Journal of Scientific & Engineering Research, Volume 5, Issue 1, January-2014 ISSN 2229-5518 1299

International Journal of Scientific & Engineering Research, Volume 5, Issue 1, January-2014 ISSN 2229-5518 1299 1299 TITLE Virtualization security in Data Centres & cloud Prof Sarita Dhawale. Ashoka Center for Business & Computer Studies,Nashik Head of Department of Computer Science University of Pune, Maharashtra.

More information

Ensuring Security in Cloud with Multi-Level IDS and Log Management System

Ensuring Security in Cloud with Multi-Level IDS and Log Management System Ensuring Security in Cloud with Multi-Level IDS and Log Management System 1 Prema Jain, 2 Ashwin Kumar PG Scholar, Mangalore Institute of Technology & Engineering, Moodbidri, Karnataka1, Assistant Professor,

More information

Cloud computing: benefits, risks and recommendations for information security

Cloud computing: benefits, risks and recommendations for information security Cloud computing: benefits, risks and recommendations for information security Dr Giles Hogben Secure Services Programme Manager European Network and Information Security Agency (ENISA) Goals of my presentation

More information

Keyword: Cloud computing, service model, deployment model, network layer security.

Keyword: Cloud computing, service model, deployment model, network layer security. Volume 4, Issue 2, February 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com An Emerging

More information

Private Virtual Infrastructure: A Model for Trustworthy Utility Cloud Computing UMBC Computer Science Technical Report Number TR-CS-10-04

Private Virtual Infrastructure: A Model for Trustworthy Utility Cloud Computing UMBC Computer Science Technical Report Number TR-CS-10-04 Private Virtual Infrastructure: A Model for Trustworthy Utility Cloud Computing UMBC Computer Science Technical Report Number TR-CS-10-04 F. John Krautheim 1 Dhananjay S. Phatak Alan T. Sherman 1 Cyber

More information

What Cloud computing means in real life

What Cloud computing means in real life ITU TRCSL Symposium on Cloud Computing Session 2: Cloud Computing Foundation and Requirements What Cloud computing means in real life Saman Perera Senior General Manager Information Systems Mobitel (Pvt)

More information

Chapter 1: Introduction

Chapter 1: Introduction Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure

More information

SECURITY IN SERVICE LEVEL AGREEMENTS FOR CLOUD COMPUTING

SECURITY IN SERVICE LEVEL AGREEMENTS FOR CLOUD COMPUTING SECURITY IN SERVICE LEVEL AGREEMENTS FOR CLOUD COMPUTING Karin Bernsmed, Martin Gilje Jaatun SINTEF Information and Communication Technology, Trondheim, Norway Karin.Bernsmed@sintef.no, Martin.G.Jaatun@sintef.no

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

Understanding and evaluating risk to information assets in your software projects

Understanding and evaluating risk to information assets in your software projects Understanding and evaluating risk to information assets in your software projects ugh.. what a mouthful Dana Epp Windows Security MVP Who am I? Microsoft Windows Security MVP Information Security Professional

More information

CS 695 Topics in Virtualization and Cloud Computing and Storage Systems. Introduction

CS 695 Topics in Virtualization and Cloud Computing and Storage Systems. Introduction CS 695 Topics in Virtualization and Cloud Computing and Storage Systems Introduction Hot or not? source: Gartner Hype Cycle for Emerging Technologies, 2014 2 Source: http://geekandpoke.typepad.com/ 3 Cloud

More information

Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS

Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS Char Sample Security Engineer, Carnegie Mellon University CERT Information Security Decisions TechTarget Disclaimer Standard Disclaimer - This talk

More information

CLOUD COMPUTING. DAV University, Jalandhar, Punjab, India. DAV University, Jalandhar, Punjab, India

CLOUD COMPUTING. DAV University, Jalandhar, Punjab, India. DAV University, Jalandhar, Punjab, India CLOUD COMPUTING 1 Er. Simar Preet Singh, 2 Er. Anshu Joshi 1 Assistant Professor, Computer Science & Engineering, DAV University, Jalandhar, Punjab, India 2 Research Scholar, Computer Science & Engineering,

More information

Public Cloud Security: Surviving in a Hostile Multitenant Environment

Public Cloud Security: Surviving in a Hostile Multitenant Environment Public Cloud Security: Surviving in a Hostile Multitenant Environment SESSION ID: EXP-R01 Mark Russinovich Technical Fellow Windows Azure, Microsoft @markrussinovich The Third Computing Era Security Could

More information

Chapter 6: Fundamental Cloud Security

Chapter 6: Fundamental Cloud Security Chapter 6: Fundamental Cloud Security Nora Almezeini MIS Department, CBA, KSU From Cloud Computing by Thomas Erl, Zaigham Mahmood, and Ricardo Puttini(ISBN: 0133387526) Copyright 2013 Arcitura Education,

More information

Trusted Platforms for Homeland Security

Trusted Platforms for Homeland Security Trusted Platforms for Homeland Security By Kevin Schutz, Product Manager Secure Products Summary Ongoing threats from hackers, viruses, and worms continue to make security a top priority for IT and business

More information

FACING SECURITY CHALLENGES

FACING SECURITY CHALLENGES 24 July 2013 TimeTec Cloud Security FACING SECURITY CHALLENGES HEAD-ON - by Mr. Daryl Choo, Chief Information Officer, FingerTec HQ Cloud usage and trend Cloud Computing is getting more common nowadays

More information

SECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING

SECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING SECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING 1. K.SURIYA Assistant professor Department of Computer Applications Dhanalakshmi Srinivasan College of Arts and Science for Womren Perambalur Mail: Surik.mca@gmail.com

More information

Study of Security Issues in Cloud Computing

Study of Security Issues in Cloud Computing Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 4, Issue. 6, June 2015, pg.230

More information

Cloud Security Introduction and Overview

Cloud Security Introduction and Overview Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious

More information

IBM PowerSC. Security and compliance solution designed to protect virtualized datacenters. Highlights. IBM Systems and Technology Data Sheet

IBM PowerSC. Security and compliance solution designed to protect virtualized datacenters. Highlights. IBM Systems and Technology Data Sheet IBM PowerSC Security and compliance solution designed to protect virtualized datacenters Highlights Simplify security management and compliance measurement Reduce administration costs of meeting compliance

More information

ABSTRACT: [Type text] Page 2109

ABSTRACT: [Type text] Page 2109 International Journal Of Scientific Research And Education Volume 2 Issue 10 Pages-2109-2115 October-2014 ISSN (e): 2321-7545 Website: http://ijsae.in ABSTRACT: Database Management System as a Cloud Computing

More information

Cloud Security is a First Principle:

Cloud Security is a First Principle: Cloud Security is a First Principle: Elements of Private Cloud Security Table of Contents Why the Security Minded are Drawn to Private Cloud Deployments....2 Security is the Driver Behind Private Clouds...3

More information

A PRACTICAL APPROACH TO INCLUDE SECURITY IN SOFTWARE DEVELOPMENT

A PRACTICAL APPROACH TO INCLUDE SECURITY IN SOFTWARE DEVELOPMENT A PRACTICAL APPROACH TO INCLUDE SECURITY IN SOFTWARE DEVELOPMENT Chandramohan Muniraman, University of Houston-Victoria, chandram@houston.rr.com Meledath Damodaran, University of Houston-Victoria, damodaranm@uhv.edu

More information

Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation

Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation Securing your Virtual Datacenter Part 1: Preventing, Mitigating Privilege Escalation Before We Start... Today's discussion is by no means an exhaustive discussion of the security implications of virtualization

More information

Appendix to; Assessing Systemic Risk to Cloud Computing Technology as Complex Interconnected Systems of Systems

Appendix to; Assessing Systemic Risk to Cloud Computing Technology as Complex Interconnected Systems of Systems Appendix to; Assessing Systemic Risk to Cloud Computing Technology as Complex Interconnected Systems of Systems Yacov Y. Haimes and Barry M. Horowitz Zhenyu Guo, Eva Andrijcic, and Joshua Bogdanor Center

More information

Private Virtual Infrastructure: A Model for Trustworthy Utility Cloud Computing UMBC Computer Science Technical Report Number TR-CS-10-04

Private Virtual Infrastructure: A Model for Trustworthy Utility Cloud Computing UMBC Computer Science Technical Report Number TR-CS-10-04 Private Virtual Infrastructure: A Model for Trustworthy Utility Cloud Computing UMBC Computer Science Technical Report Number TR-CS-10-04 F. John Krautheim 1 Dhananjay S. Phatak Alan T. Sherman 1 Cyber

More information

Stephen Coty Director, Threat Research

Stephen Coty Director, Threat Research Emerging threats facing Cloud Computing Stephen Coty Director, Threat Research Cloud Environments 101 Cloud Adoption is Gaining Momentum Cloud market revenue will increase at a 36% annual rate Analyst

More information

Cloud security architecture

Cloud security architecture ericsson White paper Uen 284 23-3244 January 2015 Cloud security architecture from process to deployment The Trust Engine concept and logical cloud security architecture presented in this paper provide

More information

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

REGULATIONS FOR THE SECURITY OF INTERNET BANKING REGULATIONS FOR THE SECURITY OF INTERNET BANKING PAYMENT SYSTEMS DEPARTMENT STATE BANK OF PAKISTAN Table of Contents PREFACE... 3 DEFINITIONS... 4 1. SCOPE OF THE REGULATIONS... 6 2. INTERNET BANKING SECURITY

More information

Data Storage Security in Cloud Computing

Data Storage Security in Cloud Computing Data Storage Security in Cloud Computing Prashant M. Patil Asst. Professor. ASM s, Institute of Management & Computer Studies (IMCOST), Thane (w), India E_mail: prashantpatil11@rediffmail.com ABSTRACT

More information

Index Terms: Cloud Computing, Third Party Auditor, Threats In Cloud Computing, Dynamic Encryption.

Index Terms: Cloud Computing, Third Party Auditor, Threats In Cloud Computing, Dynamic Encryption. Secure Privacy-Preserving Cloud Services. Abhaya Ghatkar, Reena Jadhav, Renju Georgekutty, Avriel William, Amita Jajoo DYPCOE, Akurdi, Pune ghatkar.abhaya@gmail.com, jadhavreena70@yahoo.com, renjug03@gmail.com,

More information

Mutual Authentication Cloud Computing Platform based on TPM

Mutual Authentication Cloud Computing Platform based on TPM Mutual Authentication Cloud Computing Platform based on TPM Lei Peng 1, Yanli Xiao 2 1 College of Information Engineering, Taishan Medical University, Taian Shandong, China 2 Department of Graduate, Taishan

More information

CLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM

CLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM CLOUD STORAGE SECURITY INTRODUCTION Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members may use this material

More information

vtpm: Virtualizing the Trusted Platform Module

vtpm: Virtualizing the Trusted Platform Module vtpm: Virtualizing the Trusted Platform Module Stefan Berger Ramón Cáceres Kenneth A. Goldman Ronald Perez Reiner Sailer Leendert van Doorn {stefanb, caceres, kgoldman, ronpz, sailer, leendert}@us.ibm.com

More information

Embedded Trusted Computing on ARM-based systems

Embedded Trusted Computing on ARM-based systems 1 / 26 Embedded Trusted Computing on ARM-based systems Martin Schramm, M.Eng. 10.04.2014 Agenda 2 of 26 martin.schramm@th-deg.de Embedded computing platforms have become omnipresent intend to alleviate

More information

Security in Data Storage and Transmission in Cloud Computing

Security in Data Storage and Transmission in Cloud Computing Security in Data Storage and Transmission in Cloud Computing Ramawat Lokesh Kumar B. Tech 3 rd year, Alliance College of Engineering and Design Alliance University, Bengaluru, India P Dhananjay B. Tech

More information

Software Execution Protection in the Cloud

Software Execution Protection in the Cloud Software Execution Protection in the Cloud Miguel Correia 1st European Workshop on Dependable Cloud Computing Sibiu, Romania, May 8 th 2012 Motivation clouds fail 2 1 Motivation accidental arbitrary faults

More information

International Journal of Scientific & Engineering Research, Volume 6, Issue 5, May-2015 1681 ISSN 2229-5518

International Journal of Scientific & Engineering Research, Volume 6, Issue 5, May-2015 1681 ISSN 2229-5518 International Journal of Scientific & Engineering Research, Volume 6, Issue 5, May-2015 1681 Software as a Model for Security in Cloud over Virtual Environments S.Vengadesan, B.Muthulakshmi PG Student,

More information

Top 10 Risks in the Cloud

Top 10 Risks in the Cloud A COALFIRE PERSPECTIVE Top 10 Risks in the Cloud by Balaji Palanisamy, VCP, QSA, Coalfire March 2012 DALLAS DENVER LOS ANGELES NEW YORK SEATTLE Introduction Business leaders today face a complex risk question

More information

Next Generation Cloud Computing Issues and Solutions

Next Generation Cloud Computing Issues and Solutions Next Generation Cloud Computing Issues and Solutions Jeon SeungHwan 1, Yvette E. Gelogo 1 and Byungjoo Park 1 * 1 Department of Multimedia Engineering, Hannam University 133 Ojeong-dong, Daeduk-gu, Daejeon,

More information

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui School of Engineering and Computer Science Te Kura Mātai Pūkaha, Pūrorohiko PO Box 600 Wellington New Zealand Tel: +64 4 463

More information

Securing the Intelligent Network

Securing the Intelligent Network WHITE PAPER Securing the Intelligent Network Securing the Intelligent Network New Threats Demand New Strategies The network is the door to your organization for both legitimate users and would-be attackers.

More information

A Survey on Cloud Security Issues and Techniques

A Survey on Cloud Security Issues and Techniques A Survey on Cloud Security Issues and Techniques Garima Gupta 1, P.R.Laxmi 2 and Shubhanjali Sharma 3 1 Department of Computer Engineering, Government Engineering College, Ajmer Guptagarima09@gmail.com

More information

Issues in Cloud Security

Issues in Cloud Security Issues in Cloud Security Private, Public, Hybrid Abstract This white paper discusses the major computer security issues confronting an organization when moving to the cloud. Even for small companies, migrating

More information

Cloud Security Is Not (Just) Virtualization Security

Cloud Security Is Not (Just) Virtualization Security Mihai Christodorescu, Reiner Sailer, Douglas Lee Schales, Daniele Sgandurra, Diego Zamboni IBM Research Cloud Security Is Not (Just) Virtualization Security Virtualization Enables Many Security Applications

More information

Managing Privileged Identities in the Cloud. How Privileged Identity Management Evolved to a Service Platform

Managing Privileged Identities in the Cloud. How Privileged Identity Management Evolved to a Service Platform Managing Privileged Identities in the Cloud How Privileged Identity Management Evolved to a Service Platform Managing Privileged Identities in the Cloud Contents Overview...3 Management Issues...3 Real-World

More information

Security Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM)

Security Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM) Security Management of Cloud-Native Applications Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM) 1 Outline Context State-of-the-Art Design Patterns Threats to cloud systems Security

More information

Intro to NSX. Network Virtualization. 2014 VMware Inc. All rights reserved.

Intro to NSX. Network Virtualization. 2014 VMware Inc. All rights reserved. Intro to NSX Network Virtualization 2014 VMware Inc. All rights reserved. Agenda Introduction NSX Overview Details: Microsegmentation NSX Operations More Information SDDC/Network Virtualization Security

More information

Bypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken

Bypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken Bypassing Local Windows Authentication to Defeat Full Disk Encryption Ian Haken Who Am I? Currently a security researcher at Synopsys, working on application security tools and Coverity s static analysis

More information

Strategies for assessing cloud security

Strategies for assessing cloud security IBM Global Technology Services Thought Leadership White Paper November 2010 Strategies for assessing cloud security 2 Securing the cloud: from strategy development to ongoing assessment Executive summary

More information

CLOUD COMPUTING SECURITY CONCERNS

CLOUD COMPUTING SECURITY CONCERNS CLOUD COMPUTING SECURITY CONCERNS ABSTRACT ASMA GULAM MOHAMED Saveetha School of Engineering Cloud computing is set of resources including data storage, programs and hardware offered through the Internet.

More information

That Point of Sale is a PoS

That Point of Sale is a PoS SESSION ID: HTA-W02 That Point of Sale is a PoS Charles Henderson Vice President Managed Security Testing Trustwave @angus_tx David Byrne Senior Security Associate Bishop Fox Agenda POS Architecture Breach

More information

A Secure System Development Framework for SaaS Applications in Cloud Computing

A Secure System Development Framework for SaaS Applications in Cloud Computing A Secure System Development Framework for SaaS Applications in Cloud Computing Eren TATAR, Emrah TOMUR AbstractThe adoption of cloud computing is ever increasing through its economical and operational

More information

Building Blocks Towards a Trustworthy NFV Infrastructure

Building Blocks Towards a Trustworthy NFV Infrastructure Building Blocks Towards a Trustworthy NFV Infrastructure IRTF NFVRG Adrian L. Shaw Hewlett-Packard Laboratories / July 22 nd, 2015 1 Why security and trust? Big requirement for critical

More information

International Research Journal of Engineering and Technology (IRJET) e-issn: 2395-0056. Volume: 02 Issue: 05 Aug-2015 www.irjet.net p-issn: 2395-0072

International Research Journal of Engineering and Technology (IRJET) e-issn: 2395-0056. Volume: 02 Issue: 05 Aug-2015 www.irjet.net p-issn: 2395-0072 Fear of Cloud Vinnakota Saran Chaitanya 1, G. Harshavardhan Reddy 2 1 UG Final year student, Department of Computer Science and Engineering, G. Pulla Reddy Engineering College, Andhra Pradesh, India 2

More information

IBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation

IBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing

More information

A survey on cost effective multi-cloud storage in cloud computing

A survey on cost effective multi-cloud storage in cloud computing A survey on cost effective multi-cloud storage in cloud computing Nitesh Shrivastava, Ganesh Kumar Abstract As novel storage model, cloud storage has gain attentions from both the academics and industrial

More information

Data Protection: From PKI to Virtualization & Cloud

Data Protection: From PKI to Virtualization & Cloud Data Protection: From PKI to Virtualization & Cloud Raymond Yeung CISSP, CISA Senior Regional Director, HK/TW, ASEAN & A/NZ SafeNet Inc. Agenda What is PKI? And Value? Traditional PKI Usage Cloud Security

More information

Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security

Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security Presented 2009-05-29 by David Strauss Thinking Securely Security is a process, not

More information

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility

More information

Secrecy Maintaining Public Inspecting For Secure Cloud Storage

Secrecy Maintaining Public Inspecting For Secure Cloud Storage Secrecy Maintaining Public Inspecting For Secure Cloud Storage K.Sangamithra 1, S.Tamilselvan 2 M.E, M.P.Nachimuthu.M.Jaganathan Engineering College, Tamilnadu, India 1 Asst. Professor, M.P.Nachimuthu.M.Jaganathan

More information

The Threat of Coexisting With an Unknown Tenant in a Public Cloud

The Threat of Coexisting With an Unknown Tenant in a Public Cloud royal holloway The Threat of Coexisting With an Unknown Tenant in a Public Cloud An examination of the vulnerabilities of the cloud, with a focus on the issues of attackers ability to load malicious programs

More information

Introduction to Security

Introduction to Security 2 Introduction to Security : IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 25 October 2013 its335y13s2l01, Steve/Courses/2013/s2/its335/lectures/intro.tex,

More information

ADVANCE SECURITY TO CLOUD DATA STORAGE

ADVANCE SECURITY TO CLOUD DATA STORAGE Journal homepage: www.mjret.in ADVANCE SECURITY TO CLOUD DATA STORAGE ISSN:2348-6953 Yogesh Bhapkar, Mitali Patil, Kishor Kale,Rakesh Gaikwad ISB&M, SOT, Pune, India Abstract: Cloud Computing is the next

More information

Aircloak Analytics: Anonymized User Data without Data Loss

Aircloak Analytics: Anonymized User Data without Data Loss Aircloak Analytics: Anonymized User Data without Data Loss An Aircloak White Paper Companies need to protect the user data they store for business analytics. Traditional data protection, however, is costly

More information

Cloud Security Who do you trust?

Cloud Security Who do you trust? Thought Leadership White Paper Cloud Computing Cloud Security Who do you trust? Nick Coleman, IBM Cloud Security Leader Martin Borrett, IBM Lead Security Architect 2 Cloud Security Who do you trust? Cloud

More information

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary VISIBILITY DATA GOVERNANCE SYSTEM OS PARTITION UNIFIED MANAGEMENT CENTRAL AUDIT POINT ACCESS MONITORING ENCRYPTION STORAGE VOLUME POLICY ENFORCEMENT ProtectV SECURITY SNAPSHOT (backup) DATA PROTECTION

More information

05.0 Application Development

05.0 Application Development Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development

More information

Digital signature in insecure environments

Digital signature in insecure environments Digital signature in insecure environments Janne Varjus Helsinki University of Technology jvarjus@cc.hut.fi Abstract Due to current legislation the digital signatures can be as valid as the hand written

More information

IS TEST 3 - TIPS FOUR (4) levels of detective controls offered by intrusion detection system (IDS) methodologies. First layer is typically responsible for monitoring the network and network devices. NIDS

More information

The Trivial Cisco IP Phones Compromise

The Trivial Cisco IP Phones Compromise Security analysis of the implications of deploying Cisco Systems SIP-based IP Phones model 7960 Ofir Arkin Founder The Sys-Security Group ofir@sys-security.com http://www.sys-security.com September 2002

More information

CS 695 Topics in Virtualization and Cloud Computing. Introduction

CS 695 Topics in Virtualization and Cloud Computing. Introduction CS 695 Topics in Virtualization and Cloud Computing Introduction This class What does virtualization and cloud computing mean? 2 Cloud Computing The in-vogue term Everyone including his/her dog want something

More information

Secure Attack Measure Selection and Intrusion Detection in Virtual Cloud Networks. Karnataka. www.ijreat.org

Secure Attack Measure Selection and Intrusion Detection in Virtual Cloud Networks. Karnataka. www.ijreat.org Secure Attack Measure Selection and Intrusion Detection in Virtual Cloud Networks Kruthika S G 1, VenkataRavana Nayak 2, Sunanda Allur 3 1, 2, 3 Department of Computer Science, Visvesvaraya Technological

More information

A Secure & Efficient Data Integrity Model to establish trust in cloud computing using TPA

A Secure & Efficient Data Integrity Model to establish trust in cloud computing using TPA A Secure & Efficient Data Integrity Model to establish trust in cloud computing using TPA Mr.Mahesh S.Giri Department of Computer Science & Engineering Technocrats Institute of Technology Bhopal, India

More information