Presentation is loading. Please wait.

Presentation is loading. Please wait.

Alina Oprea Associate Professor, CCIS Northeastern University

Published byCoral Horn Modified over 6 years ago

Similar presentations

Presentation on theme: "Alina Oprea Associate Professor, CCIS Northeastern University"— Presentation transcript:

1 Alina Oprea Associate Professor, CCIS Northeastern University
MOSAIC: A Platform for Monitoring and Security Analytics in Public Clouds Alina Oprea Associate Professor, CCIS Northeastern University IEEE SecDev, November 3rd, 2016

2 Trustworthy infrastructure
Public clouds Public cloud Management Compute Storage Billing Authentication Compute mgmt Storage mgmt SDN VM Physical Hypervisor Users Networking Trustworthy infrastructure Sharing of resources

3 Top threats according to Cloud Security Alliance (CSA)
What are the threats? Cloud provider Users Co-location with malicious tenants Side-channel attacks (cache, network, storage) Breach of confidential information VMs infected with malware Application exploit Denial of service Server breaches Malicious tenants Credential compromise Cloud abuse Top threats according to Cloud Security Alliance (CSA)

4 Analytics-based defenses
Goals Correlate data sources from multiple cloud layers Analytics techniques to detect wide range of threats Protection of cloud infrastructure Enable cloud users to protect their resources Protect users privacy

5 Data collection Monitoring infrastructure Network traffic collection
Performance metrics from physical layer (CPU, I/O, memory, disk, power) – Sensu VM utilization - Ceilometer Cloud management logs (Nova, Keystone, Horizon) Network traffic collection Currently staging area experiments Plan to deploy in Engage1 environment Configure Brocade fabric to collect sFlow

6 Account profiling for authentication
Detect credential compromise Developers leak their AWS passwords in GitHub Build user profiles based on historical data Login information (IP address, time) VM usage (CPU, memory, disk) Anomaly detection Detect unusual activities

7 Network traffic analysis
sFlow collector sFlow collector MongoDB Use cases Detect suspicious communication with external IP addresses Detect data exfiltration attempts Prevent cloud abuse Malware infection, application exploits , illegal use of cloud

8 Quantify workload privacy
App App App App VM VM VM Hypervisor Performance metrics What can be inferred about workloads? Physical Networking NetFlow/sFlow Strict privacy requirements in public clouds Users should specify their preferences Metrics Quantify privacy experimentally Information theoretical metrics How to monitor user workloads while preserving user privacy? What data should be collected? What level of aggregation?

9 Analytics for cloud security
Provide recommendations to other cloud providers Securing public clouds is shared responsibility between cloud provider and tenants Design data collection and analytics APIs to enable the cloud provider and tenants to use analytics for security Protect workload privacy respecting users’ preferences

10 Northeastern University Cybersecurity & Privacy Institute
 Xinming Ou  Xinming Ou Northeastern University Cybersecurity & Privacy Institute Alina Oprea

Download ppt "Alina Oprea Associate Professor, CCIS Northeastern University"

Similar presentations

Rohit Kugaonkar CMSC 601 Spring 2011 May 9 th 2011

Rohit Kugaonkar CMSC 601 Spring 2011 May 9 th 2011
Lecture 4: Cloud Computing Security: a first look Xiaowei Yang (Duke University)

Lecture 4: Cloud Computing Security: a first look Xiaowei Yang (Duke University)
Ragib Hasan Johns Hopkins University en.600.412 Spring 2010 Lecture 3 02/15/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 3 02/15/2010 Security and Privacy in Cloud Computing.
SCADA Security, DNS Phishing

SCADA Security, DNS Phishing
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Information Security and Cloud Computing Naresh K. Sehgal, Sohum Sohoni, Ying Xiong, David Fritz, Wira Mulia, and John M. Acken 1 NKS.

Information Security and Cloud Computing Naresh K. Sehgal, Sohum Sohoni, Ying Xiong, David Fritz, Wira Mulia, and John M. Acken 1 NKS.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1.

Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1.
1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.

1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.
“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.

“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.
RSA Approach for Securing the Cloud Bernard Montel Directeur Technique RSA France Juillet 2010.

RSA Approach for Securing the Cloud Bernard Montel Directeur Technique RSA France Juillet 2010.
Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.

Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
Authors: Thomas Ristenpart, et at.

Authors: Thomas Ristenpart, et at.
N. GSU Slide 1 Chapter 04 Cloud Computing Systems N. Xiong Georgia State University.

N. GSU Slide 1 Chapter 04 Cloud Computing Systems N. Xiong Georgia State University.
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.

Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.
Security Guidelines and Management

Security Guidelines and Management
Self-service Cloud Computing Shakeel Butt Department of Computer Science Rutgers University.

Self-service Cloud Computing Shakeel Butt Department of Computer Science Rutgers University.
© 2010 IBM Corporation Cloudy with a chance of security Information security in virtual environments Johan Celis Security Solutions Architect EMEA IBM.

© 2010 IBM Corporation Cloudy with a chance of security Information security in virtual environments Johan Celis Security Solutions Architect EMEA IBM.

Similar presentations

Ads by Google