Securing End-to-End Provenance: A Systems and Storage Perspective
|
|
- Natalie Brown
- 8 years ago
- Views:
Transcription
1 Securing End-to-End Provenance: A Systems and Storage Perspective Kevin Butler, University of Oregon Patrick McDaniel, Stephen McLaughlin, and Devin Pohly, Pennsylvania State University Radu Sion and Erez Zadok, Stony Brook University Marianne Winslett, University of Illinois HEC FSIO 2010 Workshop, Washington DC Systems and Internet Infrastructure Security Laboratory (SIIS) 1
2 Provenance Shuttle launch relies on thousands of systems and millions of parts all working together correctly: enormously complex File systems for HEC are similarly complex - originates from many sources and synthesized by complex and sometimes hidden processes What does the data mean and how can we interpret and analyze it? Systems and Internet Infrastructure Security Laboratory (SIIS) 2
3 3 Data Provenance Data provenance allows us to answer the following questions about the origin of data:! Who or what contributed to the generation of this data?! What is the data based upon?! When was the data generated?! Why was it generated?! How was it generated? A history of the object from origin through subsequent modifications is evidenced by a provenance chain (DAG)
4 4 End to End Provenance System Why another provenance collection system?! Strong security guarantees! Distributed provenance collection! EEPS will achieve the above two goals efficiently in high end computing systems
5 5 Secure Provenance Collection Provenance monitor () analogous to reference monitor concept Three guarantees! Complete mediation! Tamperproofness! Verifiability Beyond authentication of records! Integrity/Trustworthiness of recording instrument and provenance-enhanced applications
6 6 Project Initiatives Provenance monitor system and application Instrumentation for measuring development (McDaniel) performance and energy (Zadok) Provenance chain constructions and query management (Sion, Winslett)
7 Provenance Monitor Implementing LSM-based provenance monitor! LSM for complete mediation, tamperproofing Tracking provenance of entire VM runs! Created graph of entire process ancestry! Investigated visualizations which included file reads/writes Exploring potential for secure multi-host and interdomain provenance Systems and Internet Infrastructure Security Laboratory (SIIS) 7
8 Autonomously Secure Disks Enforce security perimeter at external I/O interface! How? Store all security metadata including provenance information within the drive itself drive enclosure policy engine non-volatile memory RAM policy cache crypto processor bus I/O firmware disk platters SATA/ SCSI/ ATA interface New Security Architectures Based on Emerging Disk Functionality, IEEE Security and Privacy, Sept/Oct 2010 Systems and Internet Infrastructure Security Laboratory (SIIS) 8
9 Host Validation Portable storage holds more and is more ubiquitous than every before (256 GB flash drives)! Public/private data on devices, want to share some info but protect other data How can we solve these issues?! Only allow registered devices on system! Virus scanning on flash drive! General problem: How do we know if the system we share data with is in a good (valid) state? Can we collect a provenance record relating to this data? Systems and Internet Infrastructure Security Laboratory (SIIS) 9
10 10 Kells USB storage device performs attestations with host in order to determine its integrity state Periodically repeat attestation to get continuous guarantee of host integrity Allow access to trusted partition only if system is in a good state Host verification process Revalidation Timeout Yes Pass USB drive plugged in Host request for trusted partition? Fail Mount trusted partition (if needed) No Mount public partition
11 11 Continuous Attestation Support framework for runtime monitoring on system! Patagonix, Pioneer, BIND, LKIM, etc. Continuous attestation gives assurance that the system is in a good state! Length of time between attestations can be parameterized by an attestation period "t! Acts as security heartbeat Quarantine buffer on storage device holds writes until system state is attested
12 Kells Security Properties SEC: Any read request completed by Kells was made while the host was in a good state. KRead: att att = = read D.RAM.att-loc 2. (t, req) = receive! 2. (t, req) = attestation 3. received within 3. n n = = sread req,att "t of the send request n n and the system was not rebooted Figure 6: 6: The encoding of ofthe thekells read operation INT: Any write request completed by Kells was made while the host was in a good KWrite: state (t, req-pair) = receive enqueue (t, req-pair) KCommit: 1. att = read D.RAM.att-loc! same 2. dependency (t, req) = peek on 3. swrite req,att 4. dequeue attestation received within "t as with SEC Figure 7: 7: The encoding of the Kells write operation (SEC) (t (t req req, (l,, (l, n)), (t (t att att,, sig),t s.t. (INT) (t, t req, (l, n)), (t att, sig) s.t. (t (t req req, (l,, (l, n)) = Recv(D)@t (t, t req, (l, n)) = Peek(D) (t (t att att, sig), =Recv(D) (t att, sig) =Recv(D) e e = SRead(D, (t, (t, t req,,(l, (l, n)), (t (t att,, sig)) SWrite(D, (t, t req, (l, n)), (t att, sig)) GoodState(H, (t, (t, t req,,(l, n)), (t att,, sig)) GoodState(H, (t, t req, (l, n)), (t att, sig)) Bottom Line: Provides formal proof that data is protected. Systems and Internet Infrastructure Security Laboratory (SIIS) Figure 8: 8: The formal definition of the two Kells security properties. 12
13 Future Project Goals Revealing file access patterns! What is least privilege?! Forensic details of file and block access: Which host accessed this particular data and where may that information have been disseminated? Information flow systems! Provenance as enriched information flows Provenance calculus! Formalism for expressing and querying provenance data! Working toward more rigorous definitions of provenance! Potential for machine learning applications Systems and Internet Infrastructure Security Laboratory (SIIS) 13
14 14 Performance Enhancements Provenance monitor profiling! Enhanced profiling tools! Profiling provenance collection for workloads from scientific domains! EEPS calibration for a particular environment! LSM instrumentation Cost models for provenance collection! Hardware and storage requirements ($/GB)! New cost models based on types of provenance data collected and system architectures
15 Securing End-to- End Provenance Kevin Butler Computer and Information Science
16 Systems Problems! Reliable high-volume data transmission from kernel to userspace! Currently using Linux relay mechanism! Investigating other means to increase reliability! Inclusion of filenames in inode tracking! LSM provides little context here! Would provide additional information during analysis
17 18 Distributed Challenges in distributed provenance Domain specific policies for:! Auditors - confidentiality considerations Cryptographic commitments [Hasan 09]! Divergent modification histories Plausible version history If necessary, plausible history may be checked against previous subjects in the ownership chain
18 19 Distributed Environments Host Org A Org B secure coprocessor Host kernel Provenance Authority Provenance Authority intelligent storage Host Provenance Authority Org C
19 20 Distributed Example! " # Kernel FS SaF!! $ % Kernel FS SaF Doc P 1 Disk Flash Hybrid Drive Host A Disk Flash Hybrid Drive Host B Example: File transfer between hosts with untrusted OSes and trusted storage
20 21 Distributed Example scp sshd Kernel Kernel FS FS SaF SaF Doc P 1 Disk Flash Hybrid Drive Host A Disk Flash Hybrid Drive Host B A program initiates a request for the file.
21 22 Distributed Example scp sshd Kernel Kernel FS FS SaF P 1 SaF Doc P 1 Disk Flash Hybrid Drive Host A Disk Flash Hybrid Drive Host B A secure tunnel is established between disks through the untrusted OS.
22 23 Distributed Example scp Doc sshd Kernel Kernel FS FS SaF P 1 SaF Doc P 1 Doc Disk Flash Hybrid Drive Host A Disk Flash Hybrid Drive Host B The document is transferred as normal.
23 24 Distributed Example scp Doc sshd Kernel Kernel FS FS SaF P 1 SaF Doc P 1 Doc P 1 P 2 Disk Flash Hybrid Drive Host A Disk Flash Hybrid Drive Host B The destination disk checks the integrity once the writethrough is completed and appends a new provenance entry.
24 25 Distributed Provenance Overheads Overhead increases monotonically as data is shared. Two implications:! Storage costs within a single domain High sharing factor: redundant provenance data Long per-host modification histories: higher redundancy factor Even though document size may remain constant!! Audit costs between domains As sharing of a document increases, the computational cost of sharing increases
Towards a Secure and Efficient System for End-to-End Provenance
Towards a Secure and Efficient System for End-to-End Provenance Patrick McDaniel, Kevin Butler, Stephen McLaughlin Penn State University Erez Zadok, Radu Sion, Stony Brook University Marianne Winslett,
More informationRequirements of Secure Storage Systems for Healthcare Records
Requirements of Secure Storage Systems for Healthcare Records Ragib Hasan 1, Marianne Winslett 1, and Radu Sion 2 1 University of Illinois at Urbana-Champaign Urbana, IL 61801, USA (rhasan, winslett)@cs.uiuc.edu
More informationMicrokernels, virtualization, exokernels. Tutorial 1 CSC469
Microkernels, virtualization, exokernels Tutorial 1 CSC469 Monolithic kernel vs Microkernel Monolithic OS kernel Application VFS System call User mode What was the main idea? What were the problems? IPC,
More informationCSE543 Computer and Network Security Module: Cloud Computing
CSE543 Computer and Network Security Module: Computing Professor Trent Jaeger 1 Computing Is Here Systems and Internet Infrastructure Security (SIIS) Laboratory 2 Computing Is Here Systems and Internet
More informationAbstract. 1 Introduction
Towards a Secure and Efficient System for End-to-End Patrick McDaniel, Kevin Butler, Steve McLaughlin Computer Science and Engin. Department Pennsylvania State University Radu Sion, Erez Zadok Computer
More informationInternational Journal of Advanced Research in Computer Science and Software Engineering
Volume 3, Issue 2, February 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com A Review on
More informationIntel s Virtualization Extensions (VT-x) So you want to build a hypervisor?
Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor? Mr. Jacob Torrey February 26, 2014 Dartmouth College 153 Brooks Road, Rome, NY 315.336.3306 http://ainfosec.com @JacobTorrey
More informationData Centers and Cloud Computing
Data Centers and Cloud Computing CS377 Guest Lecture Tian Guo 1 Data Centers and Cloud Computing Intro. to Data centers Virtualization Basics Intro. to Cloud Computing Case Study: Amazon EC2 2 Data Centers
More informationGeospatial Server Performance Colin Bertram UK User Group Meeting 23-Sep-2014
Geospatial Server Performance Colin Bertram UK User Group Meeting 23-Sep-2014 Topics Auditing a Geospatial Server Solution Web Server Strategies and Configuration Database Server Strategy and Configuration
More informationFull and Para Virtualization
Full and Para Virtualization Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF x86 Hardware Virtualization The x86 architecture offers four levels
More informationRepublic Polytechnic School of Information and Communications Technology C226 Operating System Concepts. Module Curriculum
Republic Polytechnic School of Information and Communications Technology C6 Operating System Concepts Module Curriculum Module Description: This module examines the fundamental components of single computer
More informationSecurity Architecture and Design
IT Networks and Security & CERIAS CISSP Luncheon Series Security Architecture and Design Presented by Rob Stanfield Domain Overview Identify key principles and concepts critical to securing the infrastructure
More informationData Collection Agent for Active Directory
Data Collection Agent for Active Directory Installation Guide Version 7.5 - September 2015 This guide provides quick instructions for the installation of Data Collection Agent Active Directory, from an
More informationOracle Cluster File System on Linux Version 2. Kurt Hackel Señor Software Developer Oracle Corporation
Oracle Cluster File System on Linux Version 2 Kurt Hackel Señor Software Developer Oracle Corporation What is OCFS? GPL'd Extent Based Cluster File System Is a shared disk clustered file system Allows
More informationTrusted Platforms for Homeland Security
Trusted Platforms for Homeland Security By Kevin Schutz, Product Manager Secure Products Summary Ongoing threats from hackers, viruses, and worms continue to make security a top priority for IT and business
More informationDatabase Hardware Selection Guidelines
Database Hardware Selection Guidelines BRUCE MOMJIAN Database servers have hardware requirements different from other infrastructure software, specifically unique demands on I/O and memory. This presentation
More informationPrice/performance Modern Memory Hierarchy
Lecture 21: Storage Administration Take QUIZ 15 over P&H 6.1-4, 6.8-9 before 11:59pm today Project: Cache Simulator, Due April 29, 2010 NEW OFFICE HOUR TIME: Tuesday 1-2, McKinley Last Time Exam discussion
More informationMemory Channel Storage ( M C S ) Demystified. Jerome McFarland
ory nel Storage ( M C S ) Demystified Jerome McFarland Principal Product Marketer AGENDA + INTRO AND ARCHITECTURE + PRODUCT DETAILS + APPLICATIONS THE COMPUTE-STORAGE DISCONNECT + Compute And Data Have
More informationImplementing Network Attached Storage. Ken Fallon Bill Bullers Impactdata
Implementing Network Attached Storage Ken Fallon Bill Bullers Impactdata Abstract The Network Peripheral Adapter (NPA) is an intelligent controller and optimized file server that enables network-attached
More informationChapter 6. 6.1 Introduction. Storage and Other I/O Topics. p. 570( 頁 585) Fig. 6.1. I/O devices can be characterized by. I/O bus connections
Chapter 6 Storage and Other I/O Topics 6.1 Introduction I/O devices can be characterized by Behavior: input, output, storage Partner: human or machine Data rate: bytes/sec, transfers/sec I/O bus connections
More informationEmbedding Trust into Cars Secure Software Delivery and Installation
Embedding Trust into Cars Secure Software Delivery and Installation André Adelsbach, Ulrich Huber, Ahmad-Reza Sadeghi, Christian Stüble Horst Görtz Institute for IT Security, Bochum, Germany Third Workshop
More informationTechnical Brief Distributed Trusted Computing
Technical Brief Distributed Trusted Computing Josh Wood Look inside to learn about Distributed Trusted Computing in Tectonic Enterprise, an industry-first set of technologies that cryptographically verify,
More informationStorage and File Systems. Chester Rebeiro IIT Madras
Storage and File Systems Chester Rebeiro IIT Madras 1 Two views of a file system system calls protection rwx attributes Application View Look & Feel File system Hardware view 2 Magnetic Disks Chester Rebeiro
More informationChapter 5 Cloud Resource Virtualization
Chapter 5 Cloud Resource Virtualization Contents Virtualization. Layering and virtualization. Virtual machine monitor. Virtual machine. Performance and security isolation. Architectural support for virtualization.
More informationNetwork Attached Storage. Jinfeng Yang Oct/19/2015
Network Attached Storage Jinfeng Yang Oct/19/2015 Outline Part A 1. What is the Network Attached Storage (NAS)? 2. What are the applications of NAS? 3. The benefits of NAS. 4. NAS s performance (Reliability
More informationGeoGrid Project and Experiences with Hadoop
GeoGrid Project and Experiences with Hadoop Gong Zhang and Ling Liu Distributed Data Intensive Systems Lab (DiSL) Center for Experimental Computer Systems Research (CERCS) Georgia Institute of Technology
More informationIncreasing Flash Throughput for Big Data Applications (Data Management Track)
Scale Simplify Optimize Evolve Increasing Flash Throughput for Big Data Applications (Data Management Track) Flash Memory 1 Industry Context Addressing the challenge A proposed solution Review of the Benefits
More informationFile System & Device Drive. Overview of Mass Storage Structure. Moving head Disk Mechanism. HDD Pictures 11/13/2014. CS341: Operating System
CS341: Operating System Lect 36: 1 st Nov 2014 Dr. A. Sahu Dept of Comp. Sc. & Engg. Indian Institute of Technology Guwahati File System & Device Drive Mass Storage Disk Structure Disk Arm Scheduling RAID
More informationSurvey of Filesystems for Embedded Linux. Presented by Gene Sally CELF
Survey of Filesystems for Embedded Linux Presented by Gene Sally CELF Presentation Filesystems In Summary What is a filesystem Kernel and User space filesystems Picking a root filesystem Filesystem Round-up
More informationPatch and Vulnerability Management Program
Patch and Vulnerability Management Program What is it? A security practice designed to proactively prevent the exploitation of IT vulnerabilities within an organization To reduce the time and money spent
More informationUpdating Your Firmware
Updating Your Firmware WARNING: This firmware update is only valid for OCZ VERTEX Solid State Drives Flashing your Vertex will result in complete data loss. Please back up your drive before proceeding
More informationSGFS: Secure, Flexible, and Policy-based Global File Sharing
SGFS: Secure, Flexible, and Policy-based Global File Sharing Vishal Kher Eric Seppanen Cory Leach Yongdae Kim {vkher,seppanen,leach,kyd}@cs.umn.edu University of Minnesota Motivation for Network attached
More information760 Veterans Circle, Warminster, PA 18974 215-956-1200. Technical Proposal. Submitted by: ACT/Technico 760 Veterans Circle Warminster, PA 18974.
760 Veterans Circle, Warminster, PA 18974 215-956-1200 Technical Proposal Submitted by: ACT/Technico 760 Veterans Circle Warminster, PA 18974 for Conduction Cooled NAS Revision 4/3/07 CC/RAIDStor: Conduction
More informationMicrosoft Cloud Computing Research Centre
Microsoft Cloud Computing Research Centre 1 st Annual Symposium, Cambridge 2014 Regional clouds: technical considerations Jon Crowcroft jon.crowcroft@cl.cam.ac.uk Jat Singh jatinder.singh@cl.cam.ac.uk
More informationCommon Criteria Evaluation Challenges for SELinux. Doc Shankar IBM Linux Technology Center dshankar@us.ibm.com
Common Criteria Evaluation Challenges for SELinux Doc Shankar IBM Linux Technology Center dshankar@us.ibm.com Agenda Common Criteria Roadmap/Achievements CAPP/LSPP Overview EAL4 Overview Open Sourcing
More informationOperating Systems. Design and Implementation. Andrew S. Tanenbaum Melanie Rieback Arno Bakker. Vrije Universiteit Amsterdam
Operating Systems Design and Implementation Andrew S. Tanenbaum Melanie Rieback Arno Bakker Vrije Universiteit Amsterdam Operating Systems - Winter 2012 Outline Introduction What is an OS? Concepts Processes
More informationOutline. Operating Systems Design and Implementation. Chap 1 - Overview. What is an OS? 28/10/2014. Introduction
Operating Systems Design and Implementation Andrew S. Tanenbaum Melanie Rieback Arno Bakker Outline Introduction What is an OS? Concepts Processes and Threads Memory Management File Systems Vrije Universiteit
More informationPatterns for Secure Boot and Secure Storage in Computer Systems
Patterns for Secure Boot and Secure Storage in Computer Systems Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany {hans.loehr,ahmad.sadeghi,marcel.winandy}@trust.rub.de
More informationThe Fallacy of Software Write Protection in Computer Forensics Mark Menz & Steve Bress Version 2.4 May 2, 2004
The Fallacy of Software Write Protection in Computer Forensics Mark Menz & Steve Bress Version 2.4 May 2, 2004 1.0 Table of Contents 1. Table of Contents 2. Abstract 3. Introduction 4. Problems a. Controlled
More informationProTrack: A Simple Provenance-tracking Filesystem
ProTrack: A Simple Provenance-tracking Filesystem Somak Das Department of Electrical Engineering and Computer Science Massachusetts Institute of Technology das@mit.edu Abstract Provenance describes a file
More informationDevices and Device Controllers
I/O 1 Devices and Device Controllers network interface graphics adapter secondary storage (disks, tape) and storage controllers serial (e.g., mouse, keyboard) sound co-processors... I/O 2 Bus Architecture
More informationHands-On How-To Computer Forensics Training
j8fm6pmlnqq3ghdgoucsm/ach5zvkzett7guroaqtgzbz8+t+8d2w538ke3c7t 02jjdklhaMFCQHihQAECwMCAQIZAQAKCRDafWsAOnHzRmAeAJ9yABw8v2fGxaq skeu29sdxrpb25zidxpbmznogtheories...ofhilz9e1xthvqxbb0gknrc1ng OKLbRXF/j5jJQPxXaNUu/It1TQHSiyEumrHNsnn65aUMPnrbVOVJ8hV8NQvsUE
More informationSolid State Drive Architecture
Solid State Drive Architecture A comparison and evaluation of data storage mediums Tyler Thierolf Justin Uriarte Outline Introduction Storage Device as Limiting Factor Terminology Internals Interface Architecture
More informationAudit & Tune Deliverables
Audit & Tune Deliverables The Initial Audit is a way for CMD to become familiar with a Client's environment. It provides a thorough overview of the environment and documents best practices for the PostgreSQL
More informationCertifying Program Execution with Secure Processors
Certifying Program Execution with Secure Processors Benjie Chen Robert Morris MIT Laboratory for Computer Science {benjie,rtm}@lcs.mit.edu Abstract Cerium is a trusted computing architecture that protects
More informationData Collection Agent for NAS EMC Isilon Edition
Data Collection Agent for NAS EMC Isilon Edition Installation Guide Version 7.5 - September 2015 This guide provides quick instructions for the installation of Data Collection Agent for NAS, EMC Isilon
More informationViolin: A Framework for Extensible Block-level Storage
Violin: A Framework for Extensible Block-level Storage Michail Flouris Dept. of Computer Science, University of Toronto, Canada flouris@cs.toronto.edu Angelos Bilas ICS-FORTH & University of Crete, Greece
More informationCS 153 Design of Operating Systems Spring 2015
CS 153 Design of Operating Systems Spring 2015 Lecture 22: File system optimizations Physical Disk Structure Disk components Platters Surfaces Tracks Arm Track Sector Surface Sectors Cylinders Arm Heads
More informationStephen E. McLaughlin
Education Stephen E. McLaughlin Computer Science and Engineering Pennsylvania State University Office : 344 IST Building University Park, PA 16802 (814) 867-1773 email: smclaugh@cse.psu.edu The Pennsylvania
More informationOracle Database - Engineered for Innovation. Sedat Zencirci Teknoloji Satış Danışmanlığı Direktörü Türkiye ve Orta Asya
Oracle Database - Engineered for Innovation Sedat Zencirci Teknoloji Satış Danışmanlığı Direktörü Türkiye ve Orta Asya Oracle Database 11g Release 2 Shipping since September 2009 11.2.0.3 Patch Set now
More informationWIND RIVER SECURE ANDROID CAPABILITY
WIND RIVER SECURE ANDROID CAPABILITY Cyber warfare has swiftly migrated from hacking into enterprise networks and the Internet to targeting, and being triggered from, mobile devices. With the recent explosion
More informationComputer Security. Evaluation Methodology CIS 5370. Value of Independent Analysis. Evaluating Systems Chapter 21
Computer Security CIS 5370 Evaluating Systems Chapter 21 1 Evaluation Methodology 1. Set of security functionality requirements 2. Set of assurance a requirements e e 3. Methodology to determine if the
More informationNetwork Faxing and HIPAA: Security and Privacy in the Health Care Industry
Network Faxing and HIPAA: Security and Privacy in the Health Care Industry Summary The Health Insurance Portability and Accountability Act (HIPAA) prescribes new health care industry rules and recommendations
More informationParagon Backup Retention Wizard
Paragon Backup Retention Wizard User Guide Getting Started with the Paragon Backup Retention Wizard In this guide you will find all the information necessary to get the product ready to use. System Requirements
More informationHardware Based Virtualization Technologies. Elsie Wahlig elsie.wahlig@amd.com Platform Software Architect
Hardware Based Virtualization Technologies Elsie Wahlig elsie.wahlig@amd.com Platform Software Architect Outline What is Virtualization? Evolution of Virtualization AMD Virtualization AMD s IO Virtualization
More informationEncrypted File Systems. Don Porter CSE 506
Encrypted File Systems Don Porter CSE 506 Goals Protect confidentiality of data at rest (i.e., on disk) Even if the media is lost or stolen Protecting confidentiality of in-memory data much harder Continue
More informationCSE543 - Introduction to Computer and Network Security. Module: Reference Monitor
CSE543 - Introduction to Computer and Network Security Module: Reference Monitor Professor Trent Jaeger 1 Living with Vulnerabilities So, software is potentially vulnerable In a variety of ways So, how
More informationStorage Class Memory Support in the Windows Operating System Neal Christiansen Principal Development Lead Microsoft nealch@microsoft.
Storage Class Memory Support in the Windows Operating System Neal Christiansen Principal Development Lead Microsoft nealch@microsoft.com What is Storage Class Memory? Paradigm Shift: A non-volatile storage
More informationA+ Guide to Managing and Maintaining Your PC, 7e. Chapter 1 Introducing Hardware
A+ Guide to Managing and Maintaining Your PC, 7e Chapter 1 Introducing Hardware Objectives Learn that a computer requires both hardware and software to work Learn about the many different hardware components
More informationOracle Database Public Cloud Services
Oracle Database Public Cloud Services A Strategy and Technology Overview Bob Zeolla Principal Sales Consultant Oracle Education & Research November 23, 2015 Safe Harbor Statement The following is intended
More informationManagement of Very Large Security Event Logs
Management of Very Large Security Event Logs Balasubramanian Ramaiah Myungsook Klassen Computer Science Department, California Lutheran University 60 West Olsen Rd, Thousand Oaks, CA 91360, USA Abstract
More informationSecurity within a development lifecycle. Enhancing product security through development process improvement
Security within a development lifecycle Enhancing product security through development process improvement Who I am Working within a QA environment, with a focus on security for 10 years Primarily web
More information15-2394-3696 RIGOROUS PUBLIC AUDITING SUPPORT ON SHARED DATA STORED IN THE CLOUD BY PRIVACY-PRESERVING MECHANISM
RIGOROUS PUBLIC AUDITING SUPPORT ON SHARED DATA STORED IN THE CLOUD BY PRIVACY-PRESERVING MECHANISM Dhanashri Bamane Vinayak Pottigar Subhash Pingale Department of Computer Science and Engineering SKN
More informationOctober 2015 Issue No: 1.1. Security Procedures Windows Server 2012 Hyper-V
October 2015 Issue No: 1.1 Security Procedures Windows Server 2012 Hyper-V Security Procedures Windows Server 2012 Hyper-V Issue No: 1.1 October 2015 This document describes the manner in which this product
More informationCOS 318: Operating Systems. Virtual Machine Monitors
COS 318: Operating Systems Virtual Machine Monitors Kai Li and Andy Bavier Computer Science Department Princeton University http://www.cs.princeton.edu/courses/archive/fall13/cos318/ Introduction u Have
More informationOverview: X5 Generation Database Machines
Overview: X5 Generation Database Machines Spend Less by Doing More Spend Less by Paying Less Rob Kolb Exadata X5-2 Exadata X4-8 SuperCluster T5-8 SuperCluster M6-32 Big Memory Machine Oracle Exadata Database
More informationHow to Secure Infrastructure Clouds with Trusted Computing Technologies
How to Secure Infrastructure Clouds with Trusted Computing Technologies Nicolae Paladi Swedish Institute of Computer Science 2 Contents 1. Infrastructure-as-a-Service 2. Security challenges of IaaS 3.
More informationCSE 120 Principles of Operating Systems. Modules, Interfaces, Structure
CSE 120 Principles of Operating Systems Fall 2000 Lecture 3: Operating System Modules, Interfaces, and Structure Geoffrey M. Voelker Modules, Interfaces, Structure We roughly defined an OS as the layer
More informationSecure cloud access system using JAR ABSTRACT:
Secure cloud access system using JAR ABSTRACT: Cloud computing enables highly scalable services to be easily consumed over the Internet on an as-needed basis. A major feature of the cloud services is that
More informationQuantifying Hardware Selection in an EnCase v7 Environment
Quantifying Hardware Selection in an EnCase v7 Environment Introduction and Background The purpose of this analysis is to evaluate the relative effectiveness of individual hardware component selection
More informationBenchmarking Hadoop & HBase on Violin
Technical White Paper Report Technical Report Benchmarking Hadoop & HBase on Violin Harnessing Big Data Analytics at the Speed of Memory Version 1.0 Abstract The purpose of benchmarking is to show advantages
More informationExploring the Remote Access Configuration Utility
Exploring the Remote Access Configuration Utility in Ninth-Generation Dell PowerEdge Servers The Remote Access Configuration Utility supports local and remote server management in ninth-generation Dell
More informationSecureSwitch: BIOS-Assisted Isolation and Switch between Trusted and Untrusted Commodity OSes!
SecureSwitch: BIOS-Assisted Isolation and Switch between Trusted and Untrusted Commodity OSes! Kun Sun, Jiang Wang, Fengwei Zhang, Angelos Stavrou! Center for Secure Information Systems! George Mason University!
More informationFastboot Techniques for x86 Architectures. Marcus Bortel Field Application Engineer QNX Software Systems
Fastboot Techniques for x86 Architectures Marcus Bortel Field Application Engineer QNX Software Systems Agenda Introduction BIOS and BIOS boot time Fastboot versus BIOS? Fastboot time Customizing the boot
More informationHardware RAID vs. Software RAID: Which Implementation is Best for my Application?
STORAGE SOLUTIONS WHITE PAPER Hardware vs. Software : Which Implementation is Best for my Application? Contents Introduction...1 What is?...1 Software...1 Software Implementations...1 Hardware...2 Hardware
More informationios Security Decoded Dave Test Classroom and Lab Computing Penn State ITS Feedback - http://j.mp/psumac33
ios Security Decoded Dave Test Classroom and Lab Computing Penn State ITS Feedback - http://j.mp/psumac33 Why care about ios Security? 800M 800 million ios devices activated 130 million in last year 98%
More informationInge Os Sales Consulting Manager Oracle Norway
Inge Os Sales Consulting Manager Oracle Norway Agenda Oracle Fusion Middelware Oracle Database 11GR2 Oracle Database Machine Oracle & Sun Agenda Oracle Fusion Middelware Oracle Database 11GR2 Oracle Database
More informationSecurity Best Practice
Security Best Practice Presented by Muhibbul Muktadir Tanim mmtanim@gmail.com 1 Hardening Practice for Server Unix / Linux Windows Storage Cyber Awareness & take away Management Checklist 2 Hardening Server
More informationNovell File Reporter 2.5 Who Has What?
Novell File Reporter 2.5 Who Has What? Richard Cabana Senior Systems Engineer File Access & Mgmt Solution Principal Attachmate Novell North America rcabana@novell.com Joe Marton Senior Systems Engineer
More informationEnterprise Erase LAN
Enterprise Erase LAN Network Erasing and Asset Management Server Version 2.0 Users Guide 888.700.8560 toll free www.tabernus.com 11130 Jollyville Rd Suite 301 Austin, TX 78757 Table of Contents 1 Product
More informationAgenda. Enterprise Application Performance Factors. Current form of Enterprise Applications. Factors to Application Performance.
Agenda Enterprise Performance Factors Overall Enterprise Performance Factors Best Practice for generic Enterprise Best Practice for 3-tiers Enterprise Hardware Load Balancer Basic Unix Tuning Performance
More informationA Highly Versatile Virtual Data Center Ressource Pool Benefits of XenServer to virtualize services in a virtual pool
A Highly Versatile Virtual Data Center Ressource Pool Benefits of XenServer to virtualize services in a virtual pool Stefan Bujack A Highly Versatile Virtual Data Center Ressource Pool Umeå, 27.05.09 Overview
More informationInput/output (I/O) I/O devices. Performance aspects. CS/COE1541: Intro. to Computer Architecture. Input/output subsystem.
Input/output (I/O) CS/COE1541: Intro. to Computer Architecture Input/output subsystem Sangyeun Cho Computer Science Department I/O connects User (human) and CPU (or a program running on it) Environment
More informationRELIABLE OPERATING SYSTEMS
RELIABLE OPERATING SYSTEMS Research Summary 1 st EuroSys Doctoral Workshop October 23, 2005 Brighton, UK Jorrit N. Herder Dept. of Computer Science Vrije Universiteit Amsterdam PERCEIVED PROBLEMS Weak
More informationCloud Data Protection for the Masses
Cloud Data Protection for the Masses ABSTRACT: Offering strong data protection to cloud users while enabling rich applications is a challenging task. We explore a new cloud platform architecture called
More informationDifference between Enterprise SATA HDDs and Desktop HDDs. Difference between Enterprise Class HDD & Desktop HDD
In order to fulfil the operational needs, different web hosting providers offer different models of hard drives. While some web hosts provide Enterprise HDDs, which although comparatively expensive, offer
More informationDecentralized Deduplication in SAN Cluster File Systems
Decentralized Deduplication in SAN Cluster File Systems Austin T. Clements Irfan Ahmad Murali Vilayannur Jinyuan Li VMware, Inc. MIT CSAIL Storage Area Networks Storage Area Networks Storage Area Networks
More informationIBM Tivoli Composite Application Manager for Microsoft Applications: Microsoft Hyper-V Server Agent Version 6.3.1 Fix Pack 2.
IBM Tivoli Composite Application Manager for Microsoft Applications: Microsoft Hyper-V Server Agent Version 6.3.1 Fix Pack 2 Reference IBM Tivoli Composite Application Manager for Microsoft Applications:
More informationEC-Council Ethical Hacking and Countermeasures
EC-Council Ethical Hacking and Countermeasures Description This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems.
More informationHPC performance applications on Virtual Clusters
Panagiotis Kritikakos EPCC, School of Physics & Astronomy, University of Edinburgh, Scotland - UK pkritika@epcc.ed.ac.uk 4 th IC-SCCE, Athens 7 th July 2010 This work investigates the performance of (Java)
More informationInternational Journal of Computer & Organization Trends Volume20 Number1 May 2015
Performance Analysis of Various Guest Operating Systems on Ubuntu 14.04 Prof. (Dr.) Viabhakar Pathak 1, Pramod Kumar Ram 2 1 Computer Science and Engineering, Arya College of Engineering, Jaipur, India.
More informationLecture 5: GFS & HDFS! Claudia Hauff (Web Information Systems)! ti2736b-ewi@tudelft.nl
Big Data Processing, 2014/15 Lecture 5: GFS & HDFS!! Claudia Hauff (Web Information Systems)! ti2736b-ewi@tudelft.nl 1 Course content Introduction Data streams 1 & 2 The MapReduce paradigm Looking behind
More informationIn-Memory Databases Algorithms and Data Structures on Modern Hardware. Martin Faust David Schwalb Jens Krüger Jürgen Müller
In-Memory Databases Algorithms and Data Structures on Modern Hardware Martin Faust David Schwalb Jens Krüger Jürgen Müller The Free Lunch Is Over 2 Number of transistors per CPU increases Clock frequency
More informationCSE543 - Introduction to Computer and Network Security. Module: Operating System Security
CSE543 - Introduction to Computer and Network Security Module: Operating System Security Professor Trent Jaeger 1 OS Security So, you have built an operating system that enables user-space processes to
More informationipad in Business Security
ipad in Business Security Device protection Strong passcodes Passcode expiration Passcode reuse history Maximum failed attempts Over-the-air passcode enforcement Progressive passcode timeout Data security
More informationVMware vsphere Replication Administration
VMware vsphere Replication Administration vsphere Replication 6.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new
More informationIntroduction to I/O and Disk Management
Introduction to I/O and Disk Management 1 Secondary Storage Management Disks just like memory, only different Why have disks? Memory is small. Disks are large. Short term storage for memory contents (e.g.,
More informationWebBIOS Configuration Utility Guide
Dell PowerEdge Expandable RAID Controller 3/QC, 3/DC, 3/DCL and 3/SC WebBIOS Configuration Utility Guide www.dell.com support.dell.com Information in this document is subject to change without notice.
More informationADAM 5.5. System Requirements
ADAM 5.5 System Requirements 1 1. Overview The schema below shows an overview of the ADAM components that will be installed and set up. ADAM Server: hosts the ADAM core components. You must install the
More informationCloud Sure - Virtual Machines
Cloud Sure - Virtual Machines Maximize your IT network The use of Virtualization is an area where Cloud Computing really does come into its own and arguably one of the most exciting directions in the IT
More information