Cloud Inspector A Cooperative Tool to Increase Trust in Cloud Computing



Similar documents
Techno-Legal Motivation

High Assurance in Multi-Layer Cloud Infrastructures

Secure Cloud Computing for Critical Infrastructures

How To Write A Secure Cloud Computing For Critical Infrastructure

How can security requirements of critical Infrastructure IT shape Cloud Computing research?

Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments

Public Cloud Workshop Offerings

Becoming a Cloud Services Broker. Neelam Chakrabarty Sr. Product Marketing Manager, HP SW Cloud Products, HP April 17, 2013

Using SUSE Cloud to Orchestrate Multiple Hypervisors and Storage at ADP

_experience the commitment TM. Seek service, not just servers

Design and Implementation of IaaS platform based on tool migration Wei Ding

Business Intelligence Competency Partners

Dynamic Services from T-Systems: Enterprise Cloud Computing in practice

NSN Liquid Core Management for Telco Cloud: Paving the way for reinventing telcos for the cloud

Implementing Software- Defined Security with CloudPassage Halo

Lecture 02b Cloud Computing II

Roland Bless, Stephan Baucke Ericsson Research

Cloud security architecture

Software-Defined Networks Powered by VellOS

Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September 2014

Planning the Migration of Enterprise Applications to the Cloud

Performance Management for Cloud-based Applications STC 2012

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing

H Y T RUST: S OLUTION B RIEF. Solve the Nosy Neighbor Problem in Multi-Tenant Environments

Performance Management for Cloudbased STC 2012

SEcure Cloud computing for CRitical infrastructure IT

Cisco Intelligent Automation for Cloud

RE Cloud Infrastructure as a Service

ABSTRACT INTRODUCTION SOFTWARE DEPLOYMENT MODEL. Paper

Drawbacks to Traditional Approaches When Securing Cloud Environments

Data Sheet Netrounds Control Center

Always On Infrastructure for Software as a Ser vice

Cloud Security Specialist Certification Self-Study Kit Bundle

CYCLOPS The Ultimate Billing Framework for Cloud Services Dr. Piyush Harsh, ICCLab InIT Zurich University of Applied Sciences Zürcher Fachhochschule

IAAS CLOUD EXCHANGE WHITEPAPER

Cloud.. Migration? Bursting? Orchestration? Vincent Lavergne SED EMEA, South Gary Newe Sr SEM EMEA, UKISA

Building Private & Hybrid Cloud Solutions

The Need for Service Catalog Design in Cloud Services Development

High Availability of VistA EHR in Cloud. ViSolve Inc. White Paper February

Private & Hybrid Cloud: Risk, Security and Audit. Scott Lowry, Hassan Javed VMware, Inc. March 2012

Solution Brief. Deliver Production Grade OpenStack LBaaS with Citrix NetScaler. citrix.com

Solution & Design Architecture

Trust and Dependability in Cloud Computing

International Journal of Engineering Research & Management Technology

Getting Started Hacking on OpenNebula

Cloud Computing. Bringing the Cloud into Focus

ADAPTABLE IDENTITY GOVERNANCE AND MANAGEMENT

MOVING TO THE NEXT-GENERATION MEDICAL INFORMATION CALL CENTER

Cloud Computing Trends, Examples & What s Ahead

What s New in SharePoint 2016 (On- Premise) for IT Pros

Running Mission-Critical Enterprise Applications in Private and Hybrid Cloud Environments

DESIGN OF A PLATFORM OF VIRTUAL SERVICE CONTAINERS FOR SERVICE ORIENTED CLOUD COMPUTING. Carlos de Alfonso Andrés García Vicente Hernández

Introduction to Openstack, an Open Cloud Computing Platform. Libre Software Meeting

HOW SDN AND (NFV) WILL RADICALLY CHANGE DATA CENTRE ARCHITECTURES AND ENABLE NEXT GENERATION CLOUD SERVICES

Cloud Computing. Adam Barker

6 Cloud computing overview

Strategic Briefing Data Center Management & Automation

Cloud Security. Are you on the train or the tracks? ISSA CISO Executive Forum April 18, Brian Grayek CISSP, CCSK, ITILv3

Maindec Computer Solutions Ltd. Service Definition for Infrastructure as a Service. Prepared by Mark Butcher

Security Issues in Cloud Computing

Dimension Data Enabling the Journey to the Cloud

WHITE PAPER: Egenera Cloud Suite for EMC VSPEX. The Proven Solution For Building Cloud Services

EXIN Cloud Computing Foundation

THE FIRST LOCAL ENTERPRISE CLOUD STORAGE FEATURES. Enterprise iscsi (Block) & NFS/ CIFS (File) Storage-as-a-Service

Pharma CloudAdoption. and Qualification Trends

Case Study of A Telecom Infrastructure Management Company

Datasheet FUJITSU Software ServerView Cloud Monitoring Manager V1.0

Cloudified IP Multimedia Subsystem (IMS) for Network Function Virtualization (NFV)-based architectures

Infrastructure as a Service (IaaS)

How Cisco IT Automated End-to-End Infrastructure Provisioning In an Internal Private Cloud

Calendar Synchronization in OpenEMR. Business Need. Solution

Security of Information Systems hosted in Clouds: SLA Definition and Enforcement in a Dynamic Environment

Lecture 02a Cloud Computing I

EWeb: Highly Scalable Client Transparent Fault Tolerant System for Cloud based Web Applications

Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite.

Session Title: Cloud Computing 101 What every z Person must know

SOA and Cloud in practice - An Example Case Study

Cloud Computing: Opportunities, Challenges, and Solutions. Jungwoo Ryoo, Ph.D., CISSP, CISA The Pennsylvania State University

Outlook. Corporate Research and Technologies, Munich, Germany. 20 th May 2010

HP Intelligent Management Center Enterprise Software. Platform. Key features. Data sheet

Hybrid Cloud Mini Roundtable. April 17, Expect Excellence.

Outline. Why Neutron? What is Neutron? API Abstractions Plugin Architecture

2013 AWS Worldwide Public Sector Summit Washington, D.C.

BlackStratus for Managed Service Providers

Cloud Computing Standards: Overview and first achievements in ITU-T SG13.

Transcription:

SEcure computing for CRitical IT Inspector A Cooperative Tool to Increase Trust in Computing Roland Bless, Matthias Flittner, Robert Bauer Karlsruhe Institute of Technology (KIT) {bless, flittner, robert.bauer}@kit.edu AIT Austrian Institute of Technology ETRA Investigación y Desarrollo Fraunhofer Institute for Experimental Software Engineering IESE Karlsruhe Institute of Technology NEC Europe Lancaster University Mirasys Hellenic Telecommunications Organization OTE Ayuntamiento de Valencia Amaris

Lack of Transparency Virtual Tenant IaaS SLAs Tenant Physical Provider IaaS: as a Service SLA: Service Level Agreement Inspector A Cooperative Tool to Increase Trust in Computing 2

Lack of Transparency Undermines Trust Virtual Tenant SLA Fulfilment? Actual Geolocation? Security Posture? Dedicated Hosts? Evidence Gathering? IaaS Tenant? Trust? Physical Provider Sec-Audit A+ Nice, but not sufficient Inspector A Cooperative Tool to Increase Trust in Computing 3

Transparency Enhancement? Virtual Tenant Answer Interface Tenant Operator Inquiry Physical Data Center?? Management System Operator DB Inspector A Cooperative Tool to Increase Trust in Computing 4

Trust Building Tool: Inspector Virtual Tenant Transparency Enhancement Module Physical Independent View Combined View: Virtual + Host Resources Real-time Information Evidence Gathering Data Center Controller Inquiry Answer Interface Management System Tenant Operator Operator Inspector A Cooperative Tool to Increase Trust in Computing 5

Inspector Audit trails Virtual Tenant Logging Data RCA PoWerStore Trusted Third Party Auditor Controller Audit Log Policy Physical Management System Operator Data Center RCA: Root Cause Analysis Inspector A Cooperative Tool to Increase Trust in Computing 6

Example Conventional Tenant View VMware VDirector Tenant sees virtual resources only! Inspector A Cooperative Tool to Increase Trust in Computing 7

Example Tenant View (Web GUI) Inspector Inspector A Cooperative Tool to Increase Trust in Computing 8

Example Tenant View (Web GUI) Inspector A Cooperative Tool to Increase Trust in Computing 9

Example Tenant View (Web GUI) Tenant can now detect migration events! Inspector A Cooperative Tool to Increase Trust in Computing 10

Example Tenant View (Web GUI) Inspector A Cooperative Tool to Increase Trust in Computing 11

Running Code and Deployment Running code for OpenStack + VMware Lightweight o TEM CPU Overhead 1 5% o Latency (on-demand inquiries): 10 20ms Secure o purely detective, not corrective o separate logical network and secured communication o coupling with Trusted Platform Modules under investigation Easy to deploy and operate o scalable: more tenants more controllers o re-use of existing cloud ID management and authentication (e.g., Keystone) o plug and play: automatic integration of newly added TEMs automatic detection/correction of TEM failures Inspector A Cooperative Tool to Increase Trust in Computing 12

Conclusion Distributed monitoring system providing o real-time Transparency-as-a-Service o on-demand and/or permanent auditing Trust building tool providing win-win solution o Tenant more transparency independent + combined view (HW + Virtual resources) evidence gathering o Provider increased trust new customers additional service additional revenue additional monitoring easier root cause analysis evidence gathering More interesting SECCRIT output: https://seccrit.eu/ Inspector A Cooperative Tool to Increase Trust in Computing 13

SEcure computing for CRitical IT Contact: PD Dr.-Ing. Roland Bless Karlsruhe Institute of Technology (KIT) Institute of Telematics Zirkel 2, Building 20.20, Campus South 76131 Karlsruhe Germany T: +49 721 60846413 M: +49 1520 1601400 roland.bless@kit.edu AIT Austrian Institute of Technology ETRA Investigación y Desarrollo Fraunhofer Institute for Experimental Software Engineering IESE Karlsruhe Institute of Technology NEC Europe Lancaster University Mirasys Hellenic Telecommunications Organization OTE Ayuntamiento de Valencia Amaris Inspector A Cooperative Tool to Increase Trust in Computing 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information