Presentation is loading. Please wait.

Presentation is loading. Please wait.

Self-service Cloud Computing by Jack Luo Shakeel Butt (Rugtgers University) H.Andres Lagar-Cavilla (GridCentric Inc.) Abhinav Srivastava (AT&T Labs-Research)

Published byGillian Wilkerson Modified over 8 years ago

Similar presentations

Presentation on theme: "Self-service Cloud Computing by Jack Luo Shakeel Butt (Rugtgers University) H.Andres Lagar-Cavilla (GridCentric Inc.) Abhinav Srivastava (AT&T Labs-Research)"— Presentation transcript:

1 Self-service Cloud Computing by Jack Luo Shakeel Butt (Rugtgers University) H.Andres Lagar-Cavilla (GridCentric Inc.) Abhinav Srivastava (AT&T Labs-Research) Vinod Ganapathy (Rutgers University)

2 Traditional Cloud Uses virtual machine monitors (VMMs). Implemented in a trusted computing base. Hypervisor – controls physical hardware. Admin domain (Dom0) – control and monitor client VMs. Large and complex admin domain with privileges to access client VMs. Dom0 maybe used by attackers to gain access to client’s CPU registers and memory.

3 Downsides of Traditional Cloud Attacks against admin domain will compromise client security and privacy. Rely on cloud provider to deploy useful services. Deployment and configuration of services are not determined by client. Thus not customized.

4 New self-service cloud (SSC) Splits admin privileges between system-wide domain (Sdom0) and per-client domains (Udom0s). System-wide domain cannot inspect the code, data or computation of client VMs. Each client can perform privileged tasks on its own VMs. Service domains – privileged services that is provided by client themselves. Mutually trusted service domains checks compliancy while respecting client privacy. Flexibility, security and privacy.

5 Good SSC Privilege Model (Section 3.4). Removes unnecessary privileges from the traditional administrative domain. Applied to the principle of least privilege. The administrative domain does not necessarily need to have the privilege of scanning client’s private data.

6 Bad The SSC model is against the purpose of the cloud system. Have to install service domains before we can use the services. We want cloud service not traditional programs that we have to do an installation before we can use it.

7 Question What is the relationship between the SSC Privilege Model (the good) and the inconvenience (the bad) of the SSC Model? In other words, what is the root cause of the inconvenience.

Download ppt "Self-service Cloud Computing by Jack Luo Shakeel Butt (Rugtgers University) H.Andres Lagar-Cavilla (GridCentric Inc.) Abhinav Srivastava (AT&T Labs-Research)"

Similar presentations

Security Update Server Registration, Active scanning and Windows patching.

Security Update Server Registration, Active scanning and Windows patching.
Shakeel Butt H. Andres Lagar-Cavilla Abhinav Srivastava Vinod Ganapathy

Shakeel Butt H. Andres Lagar-Cavilla Abhinav Srivastava Vinod Ganapathy
Virtual Switching Without a Hypervisor for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton)

Virtual Switching Without a Hypervisor for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton)
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
User Documentation.  You cannot build a system for a client and leave them without adequate documentation  Computer systems are complex, require configuration.

User Documentation.  You cannot build a system for a client and leave them without adequate documentation  Computer systems are complex, require configuration.
Information Security and Cloud Computing Naresh K. Sehgal, Sohum Sohoni, Ying Xiong, David Fritz, Wira Mulia, and John M. Acken 1 NKS.

Information Security and Cloud Computing Naresh K. Sehgal, Sohum Sohoni, Ying Xiong, David Fritz, Wira Mulia, and John M. Acken 1 NKS.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.
{ Best Practice Why reinvent the wheel?.   Domain controllers   Member servers   Client computers   User accounts   Group accounts   OUs 

{ Best Practice Why reinvent the wheel?.   Domain controllers   Member servers   Client computers   User accounts   Group accounts   OUs 
An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.

An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.
 Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS.

 Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS.
Securing The Cloud What is the Cloud? How do you lock it down? Kevin King - Senior Technical Instructor ● Infrastructructure/Cloud Consulting | MCT CCSI.

Securing The Cloud What is the Cloud? How do you lock it down? Kevin King - Senior Technical Instructor ● Infrastructructure/Cloud Consulting | MCT CCSI.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.
BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.

BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 6: Configure and Troubleshoot Local User and Group Accounts.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 6: Configure and Troubleshoot Local User and Group Accounts.
outline Purpose Design Implementation Market Conclusion presentation Outline.

outline Purpose Design Implementation Market Conclusion presentation Outline.
1 Janos Patrick Tullmann Flux Research Group University of Utah.

1 Janos Patrick Tullmann Flux Research Group University of Utah.
1 Privacy Enhancing Technologies Elaine Shi Lecture 4 Principles of System Security slides partially borrowed from Jonathan Katz.

1 Privacy Enhancing Technologies Elaine Shi Lecture 4 Principles of System Security slides partially borrowed from Jonathan Katz.
Virtual Machine approach to Security Gautam Prasad and Sudeep Pradhan 10/05/2010 CS 239 UCLA.

Virtual Machine approach to Security Gautam Prasad and Sudeep Pradhan 10/05/2010 CS 239 UCLA.
Authors: Thomas Ristenpart, et at.

Authors: Thomas Ristenpart, et at.
Presented by Sujit Tilak. Evolution of Client/Server Architecture Clients & Server on different computer systems Local Area Network for Server and Client.

Presented by Sujit Tilak. Evolution of Client/Server Architecture Clients & Server on different computer systems Local Area Network for Server and Client.

Similar presentations

Ads by Google