Seminar: Security Metrics in Cloud Computing (20-00-0577-se)



Similar documents
A Secure Strategy using Weighted Active Monitoring Load Balancing Algorithm for Maintaining Privacy in Multi-Cloud Environments

PKI: THE SECURITY SOLUTION FOR THE INTERNET OF THINGS

Cloud-Security: Show-Stopper or Enabling Technology?

Security Considerations for Public Mobile Cloud Computing

1. Fault Attacks for Virtual Machines in Embedded Platforms. Supervisor: Dr Konstantinos Markantonakis,

Cloud Computing for SCADA

DESIGN OF A PLATFORM OF VIRTUAL SERVICE CONTAINERS FOR SERVICE ORIENTED CLOUD COMPUTING. Carlos de Alfonso Andrés García Vicente Hernández

Enterprise Application Enablement for the Internet of Things

A SURVEY OF CLOUD COMPUTING: NETWORK BASED ISSUES PERFORMANCE AND ANALYSIS

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

Mobile Cloud Computing: Paradigms and Challenges 移 动 云 计 算 : 模 式 与 挑 战

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst

Chapter 6: Fundamental Cloud Security

Concept and Project Objectives

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

The Benefits of Cloud Computing to the E-Commerce Industry July 2011 A whitepaper on how hosting on a cloud platform can lower costs, improve

Security Threats on National Defense ICT based on IoT

About me & Submission details

Security Issues in Cloud Computing

Data Integrity Check using Hash Functions in Cloud environment

Security Issues In Cloud Computing and Countermeasures

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao

Federation of Cloud Computing Infrastructure

On the Application of Trust and Reputation Management and User-centric Techniques for Identity Management Systems

On the features and challenges of security and privacy in distributed internet of things. C. Anurag Varma CpE /24/2016

WHITE PAPER Security in M2M Communication What is secure enough?

Object Storage: A Growing Opportunity for Service Providers. White Paper. Prepared for: 2012 Neovise, LLC. All Rights Reserved.

CHAPTER 8 CLOUD COMPUTING

IaaS Cloud Architectures: Virtualized Data Centers to Federated Cloud Infrastructures

Cloud Computing: Elastic, Scalable, On-Demand IT Services for Everyone. Table of Contents. Cloud.com White Paper April Executive Summary...

Privacy, Security and Identity in the Cloud. Giles Hogben ENISA

Public Key Applications & Usage A Brief Insight

Cloud Courses Description

Key Research Challenges in Cloud Computing

Cloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive

Mobile Cloud Computing In Business

Security Issues in Cloud Computing

Future of Cloud Computing. Irena Bojanova, Ph.D. UMUC, NIST

IaaS Federation. Contrail project. IaaS Federation! Objectives and Challenges! & SLA management in Federations 5/23/11

Dynamic Query Updation for User Authentication in cloud Environment

REVIEW OF CLOUD TESTING, TYPES, CHALLENGES AND FUTURE SCOPE

10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH Agenda. Security Cases What is Cloud? Road Map Security Concerns

Securing Smart City Platforms IoT, M2M, Cloud and Big Data

Secure Your Mobile Workplace

Chapter 1: Introduction

International Journal of Innovative Technology & Adaptive Management (IJITAM) ISSN: , Volume-1, Issue-5, February 2014

OVERVIEW. Enterprise Security Solutions

IoT Security Platform

Jort Kollerie SonicWALL

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter

Cloud Computing Submitted By : Fahim Ilyas ( ) Submitted To : Martin Johnson Submitted On: 31 st May, 2009

IP Address Management: Smoothing the Way to Cloud-Based Services

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望

Management of Security Information and Events in Future Internet

preliminary experiment conducted on Amazon EC2 instance further demonstrates the fast performance of the design.

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

CLOUD COMPUTING SECURITY CONCERNS

Virginia Government Finance Officers Association Spring Conference May 28, Cloud Security 101

How To Protect Your Cloud Computing Resources From Attack

End-to-end Secure Cloud Services a Pertino whitepaper

Grid Computing Vs. Cloud Computing

End-to-End Secure Cloud Services. Pertino Perspective

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab

Analysis of Cloud Computing Vulnerabilities

OpenNebula Leading Innovation in Cloud Computing Management

Secure Authentication for the Development of Mobile Internet Services Critical Considerations

The Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall.

EFFICIENT AND SECURE DATA PRESERVING IN CLOUD USING ENHANCED SECURITY

CLOUD COMPUTING SECURITY ISSUES

Architectural Implications of Cloud Computing

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Cloud Courses Description

Right-Sizing M2M Security: The Best Security is Security Tailored to Your Application

Security issues and Cryptographic techniques in Cloud Computing

Industrial Communication. Securing Industrial Wireless

A Guide to Common Cloud Security Concerns. Why You Can Stop Worrying and Start Benefiting from SaaS

Moving Beyond User Names & Passwords

CPSC 467: Cryptography and Computer Security

The Ubiquitous Web, UPnP and Smart Homes

Mobile Cloud Computing Security Considerations

Cloud and Security (Cloud hacked via Cloud) Lukas Grunwald

ATTPS Publication: Trustworthy ICT Taxonomy

Cyber Security and Critical Information Infrastructure

Keyword: Cloud computing, service model, deployment model, network layer security.

Participatory Cloud Computing and the Privacy and Security of Medical Information Applied to A Wireless Smart Board Network

Internet threats: steps to security for your small business

Transcription:

Technische Universität Darmstadt Dependable, Embedded Systems and Software Group (DEEDS) Hochschulstr. 10 64289 Darmstadt Seminar: Security Metrics in Cloud Computing (20-00-0577-se) Topics Descriptions OVERVIEW Surveying existing security metrics for the Cloud... 2 Audit-as-a-Service... 2 Adaptive Authentication for the Cloud... 2 Security Level-based scheduling for IaaS Clouds... 3 Coping with Dark Clouds: how to measure a botnet?... 3 Security metrics and the convergence between the Cloud, P2P and, the Internet of Things and Services... 3 Economy and information security risk models... 4 Vulnerability Markets, a Novel Economic Perspective to approach Information Security... 4 Economic-Driven Vulnerability Assessment... 4 Benchmarking security and privacy in Attribute Based Credential s (ABC) systems... 4 Advanced Data Storage Mechanisms in Cloud and P2P Environments... 4 Consistency and Integrity for Cloud Storage... 5 Sensor Cloud: Towards Sensor-Enabled Cloud Services... 5 Machine-to-Machine Networks... 6 1/6

Surveying existing security metrics for the Cloud Security practitioners agree on the overall benefits of using metrics in order to quantify the effectiveness of the security mechanisms being used. Unfortunately, the use of existing security metrics in the Cloud conveys several challenges due the inherent features of these environments: multi-tenancy, geographic distribution, rapid elasticity, etc. Due to these challenges, the Cloud community is arriving to a common consensus on the creation of security metrics specifically tailored for the Cloud. The objective of this seminar topic is to perform a comprehensive research survey (from the academic and industrial perspective) on those security metrics specifically designed for the Cloud, along with its associated protocols (e.g. CloudAudit). The report should include a summary of the different challenges that need to be solved in order to create new security metrics for the Cloud, taking into account its different service and deployment models. Audit-as-a-Service The Cloud is here and has arrived to redefine the on-demand availability of remotely-located computing Infrastructures, Platforms and Software to the user. However, in order to provide trustworthy Cloud services, the users need to be well-informed about the security guarantees that the different providers offer. Nowadays, there are some industrial efforts to create repositories and methods, so Cloud Service Provider s are able to publicly advertise their security assessment reports. Are we approaching to Audit-as-a-Service systems? The goal of this research topic is to survey state of the art notions of such systems, with a particular focus on their security metrics aspects. Adaptive Authentication for the Cloud Security metrics have become an enabler for a new IT paradigm known as Adaptive Security AS-. An AS-enabled mechanism, is able to change its behavior (e.g. secret-key length, encryption algorithm, firewall rules, ) according to the measured security level, therefore allowing the system to protect itself from security attacks. Consequently, authentication systems built under the AS principle (a.k.a. AS-AuthN) are able to change their identification mechanism (e.g. from username/password to X.509 certificates), according to the incoming connection s security- or risk-level. AS-AuthN is a promising approach for Cloudbased Identity Management, which is nowadays a hot topic in academia and industry. 2/6

Within this seminar topic, we aim to survey state of the art works on security metrics that could enable an AS-AuthN service for the Cloud, including concepts like Levels of Authentication. Security Level-based scheduling for IaaS Clouds Infrastructure as a Service IaaS- Clouds are becoming more a more common everyday (e.g. Amazon EC2, OpenNebula, ). A central component of the IaaS architecture is the front-end s scheduler, which is in charge of instantiating new computational or storage resources in the different IaaS nodes according to a predefined policy. In the best of the cases, the scheduling policy will be based on parameters extracted from a Service Level Agreement, but unfortunately most IaaS schedulers do no take into account security parameters. The goal of this research topic is to survey the security metrics, policies (Security Level Agreement SecLA-) and architectures that enable a security-driven IaaS scheduler. Coping with Dark Clouds: how to measure a botnet? A botnet is a network of compromised computers (also known as zombies) remotely controlled and instructed to work in a coordinated fashion by one or more central hosts (known as the command and control nodes or C&Cs). Botnets are responsible for severe Internet threats such as Distributed Denial of Service (DDoS) attacks, spam campaigns and phishing activities. Unfortunately, in the last few months some botnets have found a new attack vector: the Cloud. It is not a surprise to find news related with botnets performing their attacks via these Dark Clouds (e.g. Amazon). This seminar topic aims to survey existing state of the art related with mechanisms to detect and measure botnets, with a particular emphasis in those applicable to Dark Clouds. Security metrics and the convergence between the Cloud, P2P and, the Internet of Things and Services The advent of the Cloud is also promising a technological convergence with other IT ecosystems like the Peer-to-Peer networks (P2P) and the Internet of Things and Services (IoTaS). Let us take as an example the use Cloud-based storage services via smartphones in order to backup agendas, apps, etc. This goal of this seminar topic is to explore how this technological convergence could affect that overall security level of a Cloud provider, and which are the underlying techniques and technologies that might allow us to quantitatively measure the overall security level of these complex systems. 3/6

Economy and information security risk models Review of the most important existing credit risk models such as the Tschebyscheff-inequation, CreditRisk+, credit metrics, etc. An appropriate mapping to information security risks should be done. The objective of that exercise is to figure out how we can elaborate a preliminary information security risk model in analogy to the credit risk models. Vulnerability Markets, a Novel Economic Perspective to approach Information Security Within this seminar, students are asked to review and compare the existing approaches regarding the economic perspective on information security. The focus is on the new concept of vulnerability markets. Advantages and drawbacks of different concepts for vulnerability markets, where security-related information can be traded, should be discussed. Economic-Driven Vulnerability Assessment The existing vulnerability databases such as the National Vulnerability Database (NVD) or the Open Source Vulnerability Database (OSVDB) try to assess the criticality of discovered vulnerabilities. A less explored filed is economic-driven vulnerability assessment. Within this seminar, we adopt an economic perspective to do such an assessment for selected vulnerabilities (from the Top 5 list). Benchmarking security and privacy in Attribute Based Credential s (ABC) systems Traditional identification methods ranging from password to Public Key Infrastructures (PKI)- present several privacy tradeoffs, because in most of the cases users need to disclose more personal information than necessary. In order to cope with this issue, few years ago were proposed new kind of privacypreserving authentication, called Attribute Based Credentials. Due to the practical usefulness of these cryptosystems (e.g. for the Cloud), the goal of this seminar topic is to survey existing methodologies and frameworks aimed to measure the security and privacy being offered by relevant ABC systems (e.g. IBM s IdeMix and Microsoft s u-prove). Advanced Data Storage Mechanisms in Cloud and P2P Environments 4/6

Distributed hash tables are mostly put on a level with structured P2P networks. Yet, new extensions and evaluations to these systems play a key role in distributed environments like P2P networks or Cloud infrastructures. Anonymity, confidentiality, integrity and availability are substantial requirements in these environments. Each of the proposed extensions addresses at least one of these requirements. Students are required to investigate the proposed extensions and relate them to each other in a overall context. Consistency and Integrity for Cloud Storage This topic is about how to ensure Integrity of storage in the Cloud. Moreover, the proposed solution detects whenever consistency is violated and sends a notification to the client. Interestingly, these properties can be guaranteed even if the cloud itself, i.e. the service provider, is untrusted. Sensor Cloud: Towards Sensor-Enabled Cloud Services Wireless Sensor Networks (WSNs) seamlessly couples the physical environment with the digital world. Sensor nodes are small, low power, low cost, and provide multiple functionalities. WSNs have sensing capabilities, processing power, memory, communication bandwidth, battery power. If aggregated, sensor nodes have substantial data acquisition and processing capabilities. On the other hand, Cloud computing refers to both the applications delivered as services over the internet and, the hardware and software in the data centers that provide those services. Cloud computing is a way to increase capacity or add capabilities on the fly without investing in new infrastructure, training new personnel, or licensing new software. The Sensor Cloud is an infrastructure that allows truly pervasive computation using sensors as interfaces between physical and cyber worlds, the datacompute clusters as the cyber backbone and the internet as the communication medium. Sensor Clouds integrate large-scale sensor networks with sensing applications and cloud computing infrastructures. Sensor Clouds collect and process data from various sensor networks and enables large-scale data sharing and collaborations among users and applications on the cloud. The sensor Cloud delivers Cloud services via sensorrich mobile devices. The key challenges are to provide both an overview and the basic concepts of sensor Clouds, along with defining the potential applications and how to integrate WSNs and Clouds. 5/6

Machine-to-Machine Networks In the near future, there will be many more embedded devices than there are mobile phones. When these devices are connected to the Internet, many novel kinds of ubiquitous services will be enabled. It wasestimated that in 2010, the number of communicating devices were a thousand times greater than the number of mobile phones, which is already more than one billion. When connecting devices such as various machines, actuators and sensors to the Internet, novel types of services are enabled. Previously, such devices communicated with services using technology such as SMS. The applications were vendor or domain-specific closed systems, for which achieving interoperability with other vendor/domain systems was challenging. M2M services refer to the services resulting from collection, transmission and processing of information, and establish an interactive system with the remote devices that are ultimately integrated within a managed M2M software system. M2M systems will provide essential business possibilities and advantages for companies, especially when information systems controlling their core processes are utilizing the real-time information produced by an M2M system. In consequence, a company can increase the quality of its services, reduce costs and increase customer satisfaction. Currently, no universally applicable M2M service infrastructure exists that would allow interoperation between devices and their enabled applications in wired and wireless systems, regardless of the supplier. Information technology applications usually operate as separate M2M solutions that are unaware of each other. As a result, a number of business opportunities remain unexploited as the services provided by the devices cannot be placed on the Internet. The primary goals of this topic are: Investigate and explore the M2M area to understand the domain Identify requirements which are important for a general M2M system Explore technologies and protocols relevant for the different parts of an M2M system This topic also seeks to discuss possible approaches to the overall M2M system architecture. 6/6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information