Security, Privacy, and Data

earsplittinggoodbeeInternet and Web Development

Nov 3, 2013 (3 years and 9 months ago)

58 views

Nov.8, 2010

Kai Hwang, USC

1


Security, Privacy, and Data
Protection for Trusted

Cloud Computing



Prof. Kai Hwang,
University of Southern California

Keynote Address, International Conference on

Parallel and Distributed Computing and Systems


(PDCS 2010), Marina Del Rey, CA. Nov. 8, 2010



Cloud Platforms

over Datacenters




Cloud Infrastructure and Services

ƒ

Reputation
-
based Trust Management



Data Coloring and Software Watermarking



Cloud Support of The Internet of Things

Nov.8, 2010

Kai Hwang, USC

2

Handy Tools We Use over the

Evolutional Periods In History


Is it safe to play with your computer,


when you are naked and vulnerable ?

Nov.8, 2010

Kai Hwang, USC

3

Top 10 Technologies for 2010

Nov.8, 2010

Kai Hwang, USC

4

Web 2.0, Clouds, and Internet of Things

HPC:
High
-
Performance
Computing

HTC:
High
-
Throughput
Computing

P2P:

Peer to Peer

MPP:

Massively Parallel
Processors

Source:

K. Hwang, G. Fox, and J. Dongarra,


Distributed Systems and Cloud Computing,


Morgan Kaufmann, 2011 (in press to appear)

Nov.8, 2010

Kai Hwang, USC

5

Public, Private and Hybrid Clouds

Source: Distributed Systems and Cloud Computing, [2]

Nov.8, 2010

Kai Hwang, USC

6

Cloud Computing as A Service

[9]

Nov.8, 2010

Kai Hwang, USC

7

Cloud Providers, Services and Security Measures

Kai Hwang and Deyi Li,


Trusted Cloud Computing with Secure Resources
and Data Coloring
´
,

IEEE Internet Computing,

Sept. 2010

Nov.8, 2010

Kai Hwang, USC

8

Amazon Virtual Private Cloud VPC
(
http://aws.amazon.com/vpc/

)


Nov.8, 2010

Kai Hwang, USC

9

vSphere 4

:
An

OS for Cloud Platform


Nov.8, 2010

Kai Hwang, USC

10

Cloud Services Stack

Network

Cloud Services

Co
-
Location

Cloud Services

Compute & Storage

Cloud Services

Platform

Cloud Services

Application

Cloud Services

Nov.8, 2010

Kai Hwang, USC

11

Top 8 Cloud Computing Companies


Nov.8, 2010

Kai Hwang, USC

12

Marc Benioff, Founder of
Salesforce.com

1986 graduated from USC

1999 started salesforce.com


2003
-
05 appointed chairman of US Presidential


IT Advisory Committee

2009 announced Force.com platform for


cloud business computing

A SaaS and PaaS Cloud Provider

Nov.8, 2010

Kai Hwang, USC

13

13


Protecting datacenters must first secure cloud resources and uphold user
privacy and data integrity.

ƒ
Trust overlay networks could be applied to build reputation systems for
establishing the trust among interactive datacenters.

ƒ
A watermarking technique is suggested to protect shared data objects and
massively distributed software modules.


These techniques safeguard user authentication and tighten the data
access
-
control in public clouds.

ƒ
The new approach could be more cost
-
effective than using the traditional
encryption and firewalls to secure the clouds.

Security and Trust Crisis


in Cloud Computing

Nov.8, 2010

Kai Hwang, USC

14

Physical Infrastructure

Trusted Zones for VM Insulation

Tenant
#2

APP

OS

APP

OS

Virtual Infrastructure

Physical Infrastructure

Cloud Provider

APP

OS

APP

OS

Virtual Infrastructure

Tenant
#1

Insulate
information
from cloud
providers’
employees

Insulate
information

from other
tenants

Insulate
infrastructure from
Malware, Trojans
and cybercriminals

Segregate and
control user
access

Control and
isolate VM in
the virtual
infrastructure

Federate
identities with
public clouds

Identity
federation

Virtual
network
security

Access
Mgmt

Cybercrime
intelligence

Strong
authentication

Data loss
prevention

Encryption &
key mgmt

Tokenization

Enable end to end view of security events and
compliance across infrastructures

Security Info. &
Event Mgmt

GRC

Anti
-
malware

Nov.8, 2010

Kai Hwang, USC

15

March 11, 2009

Prof. Kai Hwang, USC

Data Security and Copyright Protection

in A Trusted Cloud Platform

Source: Reference [3, 4]

Nov.8, 2010

Kai Hwang, USC

16

Security Protection Mechanisms for
Public Clouds

16

Mechanism

Brief Description

Trust delegation
and Negotiation

Cross certificates must be used to delegate trust across different
PKI domains. Trust negotiation among different CSPs demands
resolution of policy conflicts.

Worm
containment and

DDoS Defense

Internet worm containment and distributed defense against
DDoS attacks are necessary to secure all datacenters and cloud
platforms .

Reputation
System Over

Resource Sites

Reputation system could be built with P2P technology. One can
build a hierarchy of reputation systems from datacenters to
distributed file systems .

Fine
-
grain

access control

This refers to fine
-
grain access control at the file or object level.
This adds up the security protection beyond firewalls and
intrusion detection systems .

Collusive Piracy
prevention

Piracy prevention achieved with peer collusion detection and

content poisoning techniques .

Nov.8, 2010

Kai Hwang, USC

17

Cloud Service Models and Their Security Demands

Cloud computing will not be accepted by common users unless

the trust and dependability issues are resolved satisfactorily [1].

Nov.8, 2010

Kai Hwang, USC

18

Trust Management for Protecting Cloud Resources


and Safeguard Datacenter Operations
[3]


Source: [4]

Nov.8, 2010

Kai Hwang, USC

19

PowerTrust

Built over A Trust Overlay Network

R. Zhou and K. Hwang, “PowerTrust : A scalable and robust reputation system for
structured P2P networks”,
IEEE
-
TPDS,

May 2007

Nov.8, 2010

Kai Hwang, USC

20

Distributed
Defense against
DDoS Attacks
over Multiple
Network Domains



(Chen, Hwang,

and Ku,
IEEE

Trans. on Parallel and
Distributed Systems,
Dec. 2007 )

Nov.8, 2010

Kai Hwang, USC

21

Data Coloring via Watermarking

Nov.8, 2010

Kai Hwang, USC

22

Color Matching
To Authenticate Data
Owners and Cloud Service Providers

Nov.8, 2010

Kai Hwang, USC

23

The Internet of Things

Internet of
Things (
IOT)


Smart

Earth

Smart

Earth:


An

IBM

Dream

Nov.8, 2010

Kai Hwang, USC

24

Opportunities of IOT in 3 Dimensions

Nov.8, 2010

Kai Hwang, USC

25


Architecture of The Internet of Things


Merchandise
Tracking

Environment
Protection

Intelligent
Search

Tele
-

medicine

Intelligent
Traffic


Cloud Computing
Platform

Smart
Home


Mobile
Telecom
Network

The

Internet

Information

Network

RFID

RFID Label

Sensor Network

Sensor Nodes

GPS

Road Mapper

Sensing
Layer

Network
Layer

Application
Layer

Nov.8, 2010

Kai Hwang, USC

26

Supply Chain Management

supported by the Internet of Things.

( http://www.igd.com)

Nov.8, 2010

Kai Hwang, USC

27

Smart Power Grid

Nov.8, 2010

Kai Hwang, USC

28

Mobility Support and Security Measures

for Mobile Cloud Computing

Cloud

Service

Models

Mobility Support and
Data Protection Methods

Hardware and Software

Measures for Cloud Security

Infrastructure
Cloud

(The IaaS
Model)


Special air interfaces


Mobile API design


File/Log access control


Data coloring


Hardware/software root of trust,


Provisioning of virtual machines,


Software watermarking


Host
-
based firewalls and IDS

Platform
Cloud


(The PaaS

Model)


Wireless PKI ,


User authentication,


Copyright protection


Disaster recovery



Network
-
based firewalls

and IDS


Trust overlay network


Reputation system


OS patch management

Nov.8, 2010

Kai Hwang, USC

29

Service
-
Oriented Cloud of Clouds
(Intercloud or Mashup)

Cloud of clouds
--

from Raw Data to Wisdom.
SS
= Sensor service,
fs

= filter services

Nov.8, 2010

Kai Hwang, USC

30

Conclusions:



Computing clouds are changing the whole IT , service industry, and global
economy. Clearly, cloud computing demands ubiquity, efficiency, security,
and trustworthiness.




Cloud computing has become a common practice in business,

government, education, and entertainment leveraging 50 millions

of servers
globally

installed at thousands of datacenters today.




Private clouds will become widespread in addition to using a few

public clouds, that are under heavy competition among Google, MS,
Amazon, Intel, EMC, IBM, SGI, VMWare, Saleforce.com, etc.



Effective trust management, guaranteed security, user privacy,

data integrity, mobility support, and copyright protection are crucial
to the universal acceptance of cloud as a ubiquitous service.

Nov.8, 2010

Kai Hwang, USC

31

SGI Cyclone HPC cloud for enabling SaaS and
IaaS applications
(
http://www.sgi.com/cyclone
)

Nov.8, 2010

Kai Hwang, USC

32

Nebula Cloud

Developed by NASA


(http://nebula.nasa.gov)

Nov.8, 2010

Kai Hwang, USC

33

Cloud Computing


Service
Provider Priorities


Ensure confidentiality, integrity, and
availability in a multi
-
tenant
environment.


Effectively meet the advertised SLA,
while optimizing cloud resource
utilization.


Offer tenants capabilities for self
-
service, and achieve scaling through
automation and simplification.

Nov.8, 2010

Kai Hwang, USC

34

Google App Engine Platform

for PaaS Operations


Nov.8, 2010

Kai Hwang, USC

35

Cloud Security Responsibilities

by Providers and Users


Table 1:

Source: Reference [4]

Nov.8, 2010

Kai Hwang, USC

36

Concept of Virtual Clusters

(Source: W. Emeneker, et et al, “Dynamic Virtual Clustering with Xen and Moab,

ISPA 2006, Springer
-
Verlag LNCS 4331, 2006, pp. 440
-
451)