Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Security, Privacy, and Data Protection for Trusted Cloud Computing 

advertisement 
Security, Privacy, and Data
Protection for Trusted
Cloud Computing
Prof. Kai Hwang, University of Southern California
Keynote Address, International Conference
on Cloud Computing (CloudCom2010)
Indianapolis, Indiana Dec.3, 2010
Dec. 3, 2010

Cloud Platforms over Datacenters




Cloud Infrastructure and Services
Reputation-based Trust Management
Data Coloring and Software Watermarking
Cloud Support of The Internet of Things
Kai Hwang, USC
1
Handy Tools We Use over the
Evolutional Periods In History
Is it safe to play with your computer,
when you are naked and vulnerable ?
Dec. 3, 2010
Kai Hwang, USC
2
Top 10 Technologies for 2010
Dec. 3, 2010
Kai Hwang, USC
3
Web 2.0, Clouds, and Internet of Things
HPC: HighPerformance
Computing
HTC: HighThroughput
Computing
P2P:
Peer to Peer
MPP:
Massively Parallel
Source: K. Hwang, G. Fox, and J. Dongarra,
Processors
Distributed Systems and Cloud Computing,
Morgan Kaufmann, 2011 (in press to appear)
Dec. 3, 2010
Kai Hwang, USC
4
Cloud Computing as A Service
[9]
Dec. 3, 2010
Kai Hwang, USC
5
Amazon Virtual Private Cloud VPC
(http://aws.amazon.com/vpc/ )
Dec. 3, 2010
Kai Hwang, USC
6
vSphere 4 : An OS for Cloud Platform
Dec. 3, 2010
Kai Hwang, USC
7
Cloud Services Stack
Application
Cloud Services
Platform
Cloud Services
Compute & Storage
Cloud Services
Co-Location
Cloud Services
Network
Cloud Services
Dec. 3, 2010
Kai Hwang, USC
8
Marc Benioff, Founder of
Salesforce.com
1986
graduated from USC
1999
started salesforce.com
2003-05 appointed chairman of US Presidential
IT Advisory Committee
2009
announced Force.com platform for
cloud business computing
A SaaS and PaaS Cloud Provider
Dec. 3, 2010
Kai Hwang, USC
9
Ex' = X
Security and Trust Crisis
in Cloud Computing

Protecting datacenters must first secure cloud resources and uphold user
privacy and data integrity.

Trust overlay networks could be applied to build reputation systems for
establishing the trust among interactive datacenters.

A watermarking technique is suggested to protect shared data objects and
massively distributed software modules.

These techniques safeguard user authentication and tighten the data
access-control in public clouds.

The new approach could be more cost-effective than using the traditional
encryption and firewalls to secure the clouds.
Dec. 3, 2010
Kai Hwang, USC
10 10
Trusted Zones for VM Insulation
Federate
identities
with
public
clouds
Identity
federatio
n
Virtual
network
security
Access
Mgmt
Control
and isolate
VM in the
virtual
infrastruct
ure
Dec. 3, 2010
APP
OS
Tenan
t #2
Virtual Infrastructure
APP
APP
OS
Tenan
t #1
Virtual Infrastructure
OS
Segregate
and control
user access
Security Info.
& Event Mgmt
APP
OS
Insulate
Anti-malware
infrastructure
from Malware, Cybercrime
intelligence
Trojans and
cybercriminals Strong
Cloud Provider
Physical
Infrastructure
Physical Infrastructure
Enable end to end view of security events
and compliance across infrastructures
Kai Hwang, USC
authentication
Insulate
information
from other
tenants
Insulate
informatio
n from
cloud
providers’
employees
Data loss
prevention
Encryption
& key mgmt
Tokenization
GRC
11
Cloud Service Models and Their Security Demands
Cloud computing will not be accepted by common users unless
the trust and dependability issues are resolved satisfactorily [1].
Dec. 3, 2010
Kai Hwang, USC
12
Data Security and Copyright Protection
in A Trusted Cloud Platform
Source: Reference [3, 4]
Dec.
3, 2010
March
11, 2009
Kai Hwang, USCProf. Kai Hwang, USC
13
Security Protection Mechanisms for
Public Clouds
Mechanism
Brief Description
Trust delegation
and Negotiation
Cross certificates must be used to delegate trust across different
PKI domains. Trust negotiation among different CSPs demands
resolution of policy conflicts.
Worm
containment and
DDoS Defense
Internet worm containment and distributed defense against
DDoS attacks are necessary to secure all datacenters and cloud
platforms .
Reputation
System Over
Resource Sites
Reputation system could be built with P2P technology. One can
build a hierarchy of reputation systems from datacenters to
distributed file systems .
Fine-grain
access control
This refers to fine-grain access control at the file or object level.
This adds up the security protection beyond firewalls and
intrusion detection systems .
Collusive Piracy
prevention
Dec. 3, 2010
Piracy prevention achieved with peer collusion detection and
content poisoning techniques .
Kai Hwang, USC
14 14
Trust Management for Protecting Cloud Resources
and Safeguard Datacenter Operations [3]
Dec. 3, 2010
Kai Hwang, USC
15
Source: [4]
PowerTrust Built over A Trust Overlay Network
Global Reputation Scores V
v1
v2
v3
...
...
...
...
vn
Initial Reputation
Aggregation
Reputation Updating
Regular Random Walk
Look-ahead Random Walk
Power
Nodes
Distributed Ranking Module
Local Trust Scores
Trust Overlay Network
R. Zhou and K. Hwang, “PowerTrust : A scalable and robust reputation system for
structured P2P networks”, IEEE-TPDS, May 2007
Dec. 3, 2010
Kai Hwang, USC
16
Data Coloring via Watermarking
Dec. 3, 2010
Kai Hwang, USC
17
Color Matching To Authenticate Data
Owners and Cloud Service Providers
Dec. 3, 2010
Kai Hwang, USC
18
Architecture of The Internet of Things
Application
Layer
Merchandise
Tracking
Environment
Protection
Intelligent
Search
Telemedicine
Intelligent
Traffic
Smart
Home
Cloud Computing
Platform
Network
Layer
Mobile
Telecom
Network
The
Internet
Information
Network
RFID
Sensor Network
GPS
RFID Label
Sensor Nodes
Road Mapper
Sensing
Layer
Dec. 3, 2010
Kai Hwang, USC
19
24 Satellites of GPS Deployed in Outerspace
Dec. 3, 2010
Kai Hwang, USC
20
Service-Oriented Cloud of Clouds (Intercloud or
Data 
Another
Grid
Information 
S
S
S
S
fs
fs
fs
fs
S
S
S
S
S
S
fs
fs
fs
S
S
S
S
fs
Filter
Service
fs
fs
Filter
Service
fs
SS
SS
Filter
Cloud
fs
fs
Filter
Cloud
Filter
Cloud
fs
SS
Discovery
Cloud
fs
fs
Filter
Service
fs
fs
fs
SS
SS
Filter
Service
fs
Filter
Cloud
Another
Grid
fs
fs
SS
Wisdom  Decisions
Another
Grid
SS
Another
Service
Knowledge 
S
S
Raw Data 
S
S
Mashup)
S
S
fs
Filter
Cloud
S
S
Compute
Cloud
Discovery
Cloud
fs
Traditional Grid
with exposed
services
Filter
Cloud
S
S
S
S
S
S
Storage
Cloud
Database
Sensor or Data
Interchange
Service
Geoffrey Fox: Cloud of clouds -- from Raw Data to Wisdom.
SS = Sensor service, fs = filter services
Dec. 3, 2010
Kai Hwang, USC
21
Supply Chain Management
supported by the Internet of Things.
( http://www.igd.com)
Dec. 3, 2010
Kai Hwang, USC
22
Facebook Applications
(550 Millions users registered today)
Dec. 3, 2010
Kai Hwang, USC
23
Mobility Support and Security Measures
for Mobile Cloud Computing
Cloud
Service
Models
Mobility Support and
Data Protection Methods
Hardware and Software
Measures for Cloud Security
Infrastructure
Cloud
(The IaaS
Model)




Special air interfaces
Mobile API design
File/Log access control
Data coloring
 Hardware/software root of trust,
Platform
Cloud
(The PaaS
Model)




Wireless PKI ,
User authentication,
Copyright protection
Disaster recovery
 Network-based firewalls
and IDS
 Trust overlay network
 Reputation system
 OS patch management
Dec. 3, 2010
 Provisioning of virtual machines,
 Software watermarking
 Host-based firewalls and IDS
Kai Hwang, USC
24
Cloudlets- A trusted, VM-based, and Resource-Rich
Portal for Upgrading Mobile Devices with Cognitive Abilities for Mobile access
of the cloud to explore Location-Aware Cloud Applications such as :
Opportunity Discovery, Fast Information Processing,
and Intelligent Decision Making on The Road, etc.
Source: “The Case of VM-based Cloudlets in Mobile Computing”,
IEEE Pervasive Computing, Vol.8, No. 4, April 2009
Dec. 3, 2010
Kai Hwang, USC
25


Conclusions:
Computing clouds are changing the whole IT , service industry, and global
economy. Clearly, cloud computing demands ubiquity, efficiency, security,
and trustworthiness.
Cloud computing has become a common practice in business,
government, education, and entertainment leveraging 50 millions
of servers globally installed at thousands of datacenters today.
 Private clouds will become widespread in addition to using a few
public clouds, that are under heavy competition among Google, MS,
Amazon, Intel, EMC, IBM, SGI, VMWare, Saleforce.com, etc.
 Effective trust management, guaranteed security, user privacy,
data integrity, mobility support, and copyright protection are crucial
to the universal acceptance of cloud as a ubiquitous service.
Dec. 3, 2010
Kai Hwang, USC
26
Table 1:
Cloud Security Responsibilities
by Providers and Users
Source: Reference [4]
Dec. 3, 2010
Kai Hwang, USC
27
Cloud Computing – Service
Provider Priorities
 Ensure confidentiality, integrity, and
availability in a multi-tenant
environment.
 Effectively meet the advertised SLA,
while optimizing cloud resource
utilization.
 Offer tenants capabilities for selfservice, and achieve scaling through
automation and simplification.
Dec. 3, 2010
Kai Hwang, USC
28
Using Twitter Crowd to Check
Weather Conditions in Remote Cities
Dec. 3, 2010
Kai Hwang, USC
29
IOT Telemedicine Applications:
Measured Patient Data Transferred to Doctor
Using a Wireless Sensor Network.
Dec. 3, 2010
Kai Hwang, USC
30
Opportunities of IOT in 3 Dimensions
Dec. 3, 2010
Kai Hwang, USC
31
Smart Power Grid
Dec. 3, 2010
Kai Hwang, USC
32
Public, Private and Hybrid Clouds
Dec. 3, 2010
Kai Hwang, USC
33
Cloud Providers, Services and Security Measures
Kai Hwang and Deyi Li, “Trusted Cloud Computing with Secure Resources
and Data Coloring”, IEEE Internet Computing, Sept. 2010
Dec. 3, 2010
Kai Hwang, USC
34
The Internet of Things
Smart
Earth:
Internet of
Things (IOT)
Smart Earth
Dec. 3, 2010
Kai Hwang, USC
An
IBM
Dream
35
Enabling and Synergistic Technologies
for Building The Internet of Things
Enabling Technologies
Synergistic Technologies
Machine-to-machine interfaces
Geo-tagging/geo-caching
Cloud Computing Services.
Biometrics
Microcontrollers
Machine vision
Wireless communication
Robotics
Radio frequency iden. (RFID)
Augmented reality
Energy harvesting technologies
Telepresence and autonomy
Sensors and sensor networks
Life recorders and personal assistant
Actuators
Tangible user interfaces
Location technology (GPS)
Clean technologies
Software engineering
Mirror worlds
Table 9.3 Enabling and Synergistic Technologies for The IoT
Dec. 3, 2010
Kai Hwang, USC
36
Related documents
Research Seminar Series - University of Southern California
Research Seminar Series - University of Southern California
One of the lead activities assigned to ITU-T Study Group... presentation gives an overview on the ongoing work of Study... SG13 Activities and Achievements Related to Cloud Computing
One of the lead activities assigned to ITU-T Study Group... presentation gives an overview on the ongoing work of Study... SG13 Activities and Achievements Related to Cloud Computing
Word - University of Southern California
Word - University of Southern California
Cloud Based Business Growth Support Processes
Cloud Based Business Growth Support Processes
Download
advertisement