Software and Cloud Security

Similar documents

Lecture 12: M.Sc. Project Overview

Page 1. Lecture 1: Introduction to. Introduction to Computer Networks Security. Input file DES DES DES DES. Output file

Lecture 02b Cloud Computing II

Open Data Center Alliance Usage: Identity Management Interoperability Guide rev. 1.0

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

CryptoNET: Security Management Protocols

GENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET

Cloud Security:Threats & Mitgations

2013 AWS Worldwide Public Sector Summit Washington, D.C.

Certified Cloud Computing Professional VS-1067

Addressing Security for Hybrid Cloud

Securing Oracle E-Business Suite in the Cloud

Entrust IdentityGuard Comprehensive

idash Infrastructure to Host Sensitive Data: HIPAA Cloud Storage and Compute

Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access

Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere

White Paper The Identity & Access Management (R)evolution

Prof. Sead Muftic Feng Zhang. Lecture 10: Secure Systems

Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard

Data Protection: From PKI to Virtualization & Cloud

How to Grow and Transform your Security Program into the Cloud

Securing The Cloud. Russ Fellows, Managing Partner - Evaluator Group Inc.

Information Security

SAP Secure Operations Map. SAP Active Global Support Security Services May 2015

Cloud Security. Let s Open the Box. Abu Shohel Ahmed ahmed.shohel@ericsson.com NomadicLab, Ericsson Research

A Survey on Cloud Security Issues and Techniques

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services

Cloud-Security: Show-Stopper or Enabling Technology?

Security aspects of e-tailing. Chapter 7

Secure web transactions system

Access Management Analysis of some available solutions

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

IBM Campaign Version-independent Integration with IBM Engage Version 1 Release 3 April 8, Integration Guide IBM

Arkansas Department of Information Systems Arkansas Department of Finance and Administration

Auditing the Security and Management of Smart Devices. ISACA Dallas Meeting February 13, 2014

PortWise Access Management Suite

CS 356 Lecture 28 Internet Authentication. Spring 2013

Chapter 1: Introduction

goberlin a Trusted Cloud Marketplace for Governmental and Commercial Services

T-SYSTEMS Cloud STORY

Vendor Risk Assessment Questionnaire

Roadmap to Solving Enterprise Mobility

PortWise Access Management Suite

Android Security. Device Management and Security. by Stephan Linzner & Benjamin Reimold

Managed Servers ASA Extract FY14

TrustedX - PKI Authentication. Whitepaper

Commercially Proven Trusted Computing Solutions RSA 2010

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

Guide to Obtaining Your Free WISeKey CertifyID Personal Digital Certificate on Aladdin etoken (Personal eid)

SECURE YOUR DATA EXCHANGE WITH SAFE-T BOX

IONA Security Platform

CISCO IOS NETWORK SECURITY (IINS)

BlackBerry Device Software. Protecting BlackBerry Smartphones Against Malware. Security Note

Secure your Privacy. jrsys, Inc. All rights reserved.

Performance Management for Cloud-based Applications STC 2012

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

Design and Implementation Guide. Apple iphone Compatibility

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

The Weakest Link : Securing large, complex, global Oracle ebusiness Suite solutions

THE BLUENOSE SECURITY FRAMEWORK

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

Using SUSE Cloud to Orchestrate Multiple Hypervisors and Storage at ADP

STRONGER AUTHENTICATION for CA SiteMinder

Cloud Data Security. Sol Cates

Windows 7. Qing Liu Michael Stevens

AppPulse Mobile. Whitepaper: Overhead, Privacy, and Security. March 2016

Angel Dichev RIG, SAP Labs

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Avatier Identity Management Suite

Open Data Center Alliance Usage: Infrastructure as a Service (IaaS) Privileged User Access rev. 1.0

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC

Whitepaper on AuthShield Two Factor Authentication with ERP Applications

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Security Threat Risk Assessment: the final key piece of the PIA puzzle

Executive Summary. Architectural Overview WHITE PAPER

Realizing the Benefits of Hybrid Cloud. Anand MS Cloud Solutions Architect Microsoft Asia Pacific

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0.

White Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution

Data Centers and Cloud Computing

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

CLOUD COMPUTING & WINDOWS AZURE

GUJARAT TECHNOLOGICAL UNIVERSITY

Hosted Microsoft Exchange Client Setup & Guide Book

Network Security Protocols

MANAGE SECURE ACCESS TO APPLICATIONS BASED ON USER IDENTITY. EMEA Webinar July 2013

Hosted Microsoft Exchange Client Setup & Guide Book

FileCloud Security FAQ

Secure Identity in Cloud Computing

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

Security and Privacy in Cloud Computing

Implementing Microsoft Azure Infrastructure Solutions

Xerox Mobile Print Cloud

SAFE SYSTEM: SECURE APPLICATIONS FOR FINANCIAL ENVIRONMENTS USING MOBILE PHONES

Transcription:

1 Lecture 12: Software and Cloud Security 2 Lecture 12 : Software and Cloud Security Subjects / Topics : 1. Standard ISO/OSI security services 2. Special problems, specific for software components and modules 3. Trusted software systems 4. Security of cloud environments Page 1 1

3 Lecture 12 : Software and Cloud Security Subjects / Topics : 1. Standard ISO/OSI security services 2. Special problems, specific for software components and modules 3. Trusted software systems 4. Security of cloud environments 4 ISO/OSI Security Services 1. Authentication 2. Access control 3. Data confidentiality 4. Data integrity 5. Non - repudiation Page 2 2

5 Authentication of SW Components SW user Signature SW vendor SW vendor s key Verification? 6 MS Authenticode System VeriSign SW user Microsoft Signature Page 3 3

7 Java Signed Applets javakey SW user SW vendor Signature 8 ISO/OSI Security Services 1. Authentication 2. Access control 3. Data confidentiality 4. Data integrity 5. Non - repudiation Page 4 4

9 AC in LAN s OS Security??? UserID 1 0 Standard Operating System Applications Programs Kernel Files Network Page 5 5

11 Security Extensions (AC) Applications OS Programs? Kernel Files OK r,w x,d l,c Network 1 2 ISO/OSI Security Services 1. Authentication 2. Access control 3. Data confidentiality 4. Data integrity 5. Non - repudiation Page 6 6

1 3 Encrypted Software Encrypted Applications Encrypted Instructions Encryption Decryption OS Clear Instructions Kernel 1 4 ISO/OSI Security Services 1. Authentication 2. Access control 3. Data confidentiality 4. Data integrity 5. Non - repudiation Page 7 7

1 5 Part of Authentication SW user Signature SW vendor SW vendor s key Verification? 1 6 Signed Software Signed Applications Signed Code Signing Verification OS Verified Code Kernel Page 8 8

1 7 ISO/OSI Security Services 1. Authentication 2. Access control 3. Data confidentiality 4. Data integrity 5. Non - repudiation 1 8 Lecture 12 : Software and Cloud Security Subjects / Topics : 1. Standard ISO/OSI security services 2. Special problems, specific for software components and modules 3. Trusted software systems 4. Security of cloud environments Page 9 9

1 9 Specific Aspects 1. Viruses 2. Worms 3. Trojan Horses 4. Copyrighting 5. Licensing 2 0 Viruses Damages Not harmful Potentially harmful 10110011 Disastrous Page 10 1 0

2 1 Viruses Distribution 10110011 2 2 Viruses Activation 10110011 Page 11 1 1

Subject: Normal letter! Date: 7-July-1993! What are you doing?! Subject: Normal letter! Date: 7-July-1993! What are you doing?! Subject: Normal letter! Date: 7-July-1993! What are you doing?! Subject: Normal letter! Date: 7-July-1993! What are you doing?! Subject: Normal letter! Date: 7-July-1993! What are you doing?! 2 3 E mail Attachments and Port 80 From: sead @ dsv.su.se! To: APATEL @ ccvax.ucd.ie! Dear Ahmed:! How are you today?! From: sead @ dsv.su.se! To: APATEL @ ccvax.ucd.ie! Dear Ahmed:! How are you today?! From: sead @ dsv.su.se! To: APATEL @ ccvax.ucd.ie! Dear Ahmed:! How are you today?! From: sead @ dsv.su.se! To: APATEL @ ccvax.ucd.ie! Dear Ahmed:! How are you today?! From: sead @ dsv.su.se! To: APATEL @ ccvax.ucd.ie! Dear Ahmed:! How are you today?! 2 4 Viruses Effects Page 12 1 2

2 5 Detection and Elimination! Virus characteristics ( Signatures )! Updates from vendor s site! Post factum intervention 2 6 Prevention 1. Authentication 2. Access control 3. Data confidentiality 4. Data integrity 5. Non - repudiation Page 13 1 3

2 7 Worms and Trojan Horses 2 8 Software Copyright C C Page 14 1 4

2 9 Digital Signature Author C 3 0 Activation User Author s Public Key C Page 15 1 5

3 1 Software Licensing TM 3 2 Pay per Use Schemes Apache Software Repository SW module Page 16 1 6

3 3 Pay per Use Schemes Apache Shared Execution Application data 3 4 Digital Envelope Authorization TM Page 17 1 7

3 5 Digital Envelope Authorization TM User s Public Key 3 6 Digital Envelope Activation TM User s Private Key Page 18 1 8

3 7 Lecture 12: Software and Cloud Security Subjects / Topics : 1. Standard ISO/OSI security services 2. Special problems, specific for software components and modules 3. Trusted software systems 4. Security of mobile agents 3 8 Trusted Software Systems Trusted Software : 1. Functional correctness 2. Correctness of programs underneath Properties : 1. Functional correctness 2. Enforcement of integrity 3. Limited privileges 4. Appropriate security level Page 19 1 9

3 9 OS Controls Mutual Suspicion : 1. Bilateral authentication 2. Balanced exchange of proprietary information Confinement : 1. Limitation of accessible system resources 2. Strict (continuous) control of operations Compartmented Environment Access Log 4 0 Administrative Controls Standards for Program Development : 1. Standards for design stage 2. Standards for program/system documentation 3. Standards for programming and source code evaluation (QA) 4. Standards for testing 5. Standards for configuration management Page 20 2 0

4 1 Security in DB Systems All - None Protection of Files/DB Segments Problems: 1. Lack of trust 2. All or nothing not suitable for many situations 3. Rise of timesharing 4. Complexity of access requirements 5. Sensitive file listings 4 2 Alternative Protection Schemes OS Security Extensions Group protection Single permissions 1. Password or other tokens 2. Temporary acquired permissions 3. Per-object and per-user permissions Static vs. dynamic permissions Page 21 2 1

4 3 Lecture 12: Software and Cloud Security Subjects / Topics : 1. Standard ISO/OSI security services 2. Special problems, specific for software components and modules 3. Trusted software systems 4. Security of cloud environment 4 4 Page 22 2 2

4 5 Cloud Access Points User Wi-Fi App-1 Internet User CAP AAP App-2 User 3G/4G Web 4 6 Cloud Security Components IDMS PDP CA User Wi-Fi Internet App-1 User CAP/FW SAP AAP User 3G/4G App-2 CAP/FW Cloud Access Point / Firewall SAP Security Access Point (Portal Security ) AAP Application Access Point (Cloud Portal) IDMS Identity Management PDP Policy Decision Point CA Certification Authority Page 23 2 3

4 7 Architecture of the OpenStack Platform 4 8 OpenStack Components Page 24 2 4

4 9 Cloud Services Models Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS) SalesForce CRM LotusLive Google App Engine 5 0 Security for Cloud Environment Page 25 2 5

5 1 Three Aspects of Security (1) Security services in cloud framework! It deals about all security requirements of cloud framework like auditing, virus scanning and security related to virtualization, security of installed components on virtualized environment, security of hypervisors (2) Security of services! Required to protect sensitive data stored in the cloud environment. it deals normally privacy, confidentiality and integrity of the stored user s data (3) Accessibilities of the data or user s interaction with cloud environment! It deals with availability, authentication, secure communication and authorization issues. In this research activity, we focused to deal issues mentioned in first two areas. 5 2 Open Questions!! How to provide two factor authentication and XACML based access control using smart card and mobile devices in OpenStack?!! How to ensure the protection and integrity of Virtual Machines, its images and live migration to other environment?!! How to ensure the integrity and protection of user-based services which are dynamically loaded in the cloud environment?!! On top of all the above issues the most important is the Key Management and Security of Cryptographic Tokens which should be controlled, only accessible and used by the owner? Page 26 2 6

5 3 Components Certification Authority (CA Service) XACML Authorization Service Application -1 Authentication Service IDMS Policy Enforcement Point Application -2 Cloud Access Point Client Client Client Client 5 4 Cloud Central Security Customer HR DB IDMS CA Smart Cards Card Cards Admin Station Admin SAML / PDP Security Admin Cloud Admin Station Auth Internet Internet Cloud Proxy Security Portal Admin Portal Station Admin Cloud VM Email Internet Web PEP VPN Web User Cloud Station Proxy Cloud VM Docs Page 27 2 7

5 5 Lecture 12: Software and Cloud Security Subjects / Topics : 1. Standard ISO/OSI security services 2. Special problems, specific for software components and modules 3. Trusted software systems 4. Security of cloud environments 5 6 Q u e s t i o n s?? Page 28 2 8