Self-service Cloud Computing by Jack Luo Shakeel Butt (Rugtgers University) H.Andres Lagar-Cavilla (GridCentric Inc.) Abhinav Srivastava (AT&T Labs-Research)

Slides:

Advertisements

Similar presentations

Security Update Server Registration, Active scanning and Windows patching.

Advertisements

Shakeel Butt H. Andres Lagar-Cavilla Abhinav Srivastava Vinod Ganapathy

Virtual Switching Without a Hypervisor for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton)

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

User Documentation.  You cannot build a system for a client and leave them without adequate documentation  Computer systems are complex, require configuration.

Information Security and Cloud Computing Naresh K. Sehgal, Sohum Sohoni, Ying Xiong, David Fritz, Wira Mulia, and John M. Acken 1 NKS.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.

{ Best Practice Why reinvent the wheel?.   Domain controllers   Member servers   Client computers   User accounts   Group accounts   OUs 

An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.

 Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS.

Securing The Cloud What is the Cloud? How do you lock it down? Kevin King - Senior Technical Instructor ● Infrastructructure/Cloud Consulting | MCT CCSI.

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.

BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 6: Configure and Troubleshoot Local User and Group Accounts.

outline Purpose Design Implementation Market Conclusion presentation Outline.

1 Janos Patrick Tullmann Flux Research Group University of Utah.

1 Privacy Enhancing Technologies Elaine Shi Lecture 4 Principles of System Security slides partially borrowed from Jonathan Katz.

Virtual Machine approach to Security Gautam Prasad and Sudeep Pradhan 10/05/2010 CS 239 UCLA.

Authors: Thomas Ristenpart, et at.

Presented by Sujit Tilak. Evolution of Client/Server Architecture Clients & Server on different computer systems Local Area Network for Server and Client.

Automating Datacenter Using System Center 2012 Harpreet Singh Rana Consultant Microsoft Corporation MGT328.

Shakeel Butt-Rutgers University & NVidia Vinod Ganapathy-Rutgers University Abhinav Srivastava-AT&T Labs Research On the Control Plane of a Self-service.

5205 – IT Service Delivery and Support

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

11 World-Leading Research with Real-World Impact! A Formal Model for Isolation Management in Cloud Infrastructure-as-a-Service Khalid Zaman Bijon, Ram.

Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Cliff Evans Management Lead Microsoft UK System Center Overview.

Self-service Cloud Computing Shakeel Butt Department of Computer Science Rutgers University.

System Center 2012 Setup The components of system center App Controller Data Protection Manager Operations Manager Orchestrator Service.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

This courseware is copyrighted © 2011 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

Tim Vander Kooi Systems

Auditing Cloud Administrators Using Information Flow Tracking Afshar David ACM Scalable Trusted Computing.

Microsoft Integration to Automate Deployment DMVMUG Reston, VA

Jan – Apr 2012 Private Cloud Day System Center 2012 announced Microsoft Management Summit System Center 2012 General Availability Windows Server 2012.

System Center 2012 Certification and Training May 2012.

UI and Data Entry UI and Data Entry Front-End Business Logic Mid-Tier Data Store Back-End.

Secure & flexible monitoring of virtual machine University of Mazandran Science & Tecnology By : Esmaill Khanlarpour January.

Presented by: Sanketh Beerabbi University of Central Florida COP Cloud Computing.

Microsoft Virtual Academy.

Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash.

Network Plus Virtualization Concepts. Virtualization Overview Virtualization is the emulation of a computer environment called a Virtual Machine. A Hypervisor.

1 The Fast(est) Path to Building a Private/Hybrid Cloud October 25th, 2011 Paul Mourani RightScale.

From Virtualization Management to Private Cloud with SCVMM 2012 Dan Stolts Sr. IT Pro Evangelist Microsoft Corporation

Session objectives Discuss whether or not virtualization makes sense for Exchange 2013 Describe supportability of virtualization features Explain sizing.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Virtualization 3 Subtitle: “What can we do to a VM?” Learning Objectives: – To understand the VM-handling mechanisms of a hypervisor – To understand how.

Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.

Self-service Cloud Computing Presented by: Yu Bai (ybai181) Butt, S., Lagar-Cavilla, H. A., Srivastava, A., & Ganapathy, V. (2012, October). Self-service.

Virtual Workspaces Kate Keahey Argonne National Laboratory.

Bart Miller – October 22 nd,  TCB & Threat Model  Xen Platform  Xoar Architecture Overview  Xoar Components  Design Goals  Results  Security.

1.1 1 Purpose of firewall : –Control access to or from a protected network; –Implements network access policy connections pass through firewall and are.

Improving Xen Security through Disaggregation Derek MurrayGrzegorz MilosSteven Hand.

Security in Cloud Computing Zac Douglass Chris Kahn.

Security Vulnerabilities in A Virtual Environment

COMP25212: Virtualization 3 Subtitle: “What can we do to a VM?” Learning Objectives: –To understand the VM-handling mechanisms of a hypervisor –To understand.

Module 7: Designing Security for Accounts and Services.

Microsoft Virtual Academy Module 12 Managing Services with VMM and App Controller.

© 2012 Eucalyptus Systems, Inc. Cloud Computing Introduction Eucalyptus Education Services 2.

This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

Chapter 6: Securing the Cloud

Breaking Up is Hard to Do

3.2 Virtualisation.

Security in a Container based World

Towards End-to-End Security Analysis of Networked Systems

Operating System Hardening

Security in Cloud Computing

Virtual machine monitors & Secure operation

Presentation transcript:

Self-service Cloud Computing by Jack Luo Shakeel Butt (Rugtgers University) H.Andres Lagar-Cavilla (GridCentric Inc.) Abhinav Srivastava (AT&T Labs-Research) Vinod Ganapathy (Rutgers University)

Traditional Cloud Uses virtual machine monitors (VMMs). Implemented in a trusted computing base. Hypervisor – controls physical hardware. Admin domain (Dom0) – control and monitor client VMs. Large and complex admin domain with privileges to access client VMs. Dom0 maybe used by attackers to gain access to client’s CPU registers and memory.

Downsides of Traditional Cloud Attacks against admin domain will compromise client security and privacy. Rely on cloud provider to deploy useful services. Deployment and configuration of services are not determined by client. Thus not customized.

New self-service cloud (SSC) Splits admin privileges between system-wide domain (Sdom0) and per-client domains (Udom0s). System-wide domain cannot inspect the code, data or computation of client VMs. Each client can perform privileged tasks on its own VMs. Service domains – privileged services that is provided by client themselves. Mutually trusted service domains checks compliancy while respecting client privacy. Flexibility, security and privacy.

Good SSC Privilege Model (Section 3.4). Removes unnecessary privileges from the traditional administrative domain. Applied to the principle of least privilege. The administrative domain does not necessarily need to have the privilege of scanning client’s private data.

Bad The SSC model is against the purpose of the cloud system. Have to install service domains before we can use the services. We want cloud service not traditional programs that we have to do an installation before we can use it.

Question What is the relationship between the SSC Privilege Model (the good) and the inconvenience (the bad) of the SSC Model? In other words, what is the root cause of the inconvenience.