• No results found

Lecture 12: M.Sc. Project Overview

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Lecture 12: M.Sc. Project Overview"

Copied!
37
0
0

Loading.... (view fulltext now)

Download now ( 37 Page )

Full text

(1)

1

1

Prof. Sead Muftic

Lecture 12:

M.Sc. Project Overview

Security for Cloud and Mobile Environments

(2)

2

App-1 Server App-2 Server User User User Internet 3G/4G Wi-Fi AAP CAP

Cloud Access Points – Communication and Applications

Web Server

(3)

3

Cloud Security Components

User User User Internet 3G/4G Wi-Fi CAP/FW App-1 Server App-2 Server AAP SAP IDMS PDP CA

CAP/FW – Cloud Access Point / Firewall

SAP – Security Access Point (Portal Security Server)

AAP – Application Access Point (Cloud Portal)

IDMS – Identity Management Server

PDP – Policy Decision Point Server

CA – Certification Authority Server

(4)

4

(5)

5

Cloud Station

User

Central Security Server

Portal Security Server

Web Server SAML / PDP Server Auth Server IDMS Server Server CA PACS Server Web / Portal A-3 A-2 A-1 Web / Portal Server

Central and Portal Security Servers

VPN Internet Proxy Server PEP Server Cloud Admin Station Security Admin Internet Smart Cards Server Portal Admin Station Portal Admin Cards Admin Station Card Admin Web Server Internet

(6)

6

Central Security Server

SAML / PDP Server Auth Server IDMS Server Server CA PACS Server Central Admin Station Security Admin Smart Cards

Server Cards Admin

Station

Card Admin

Web Server

Group 1: Cloud Security Management (Chenchen)

Sanjaya:

Security Administration of the OpenStack Security Platform

Arunendra

: Secure IDMS for Financial Transactions in a Cloud Environment

Davit

: Secure Web Services for Administration of Cloud Security Servers

M.Sc. Projects

Central Security Server

(Home Page)

(7)

7

Secure Cloud Applications – Mail, Web, Documents

Portal Station

User

Portal Security Server

Web Server

Mail / Web Portal

Doc Web Mail Web / Portal Server VPN Internet Proxy Server PEP Server

Portal Security Server

(Home Page)

(8)

8

SAFE Web Server

SAFE Communication

Server SAFE Payments Server

SAFE Admin Station Credit Card Server Mobile Accounts DB

SAFE™ System

Credit Card Accounts DB Bank IT Server Bank Accounts DB System Admin SMS Gateway Server

Secure Cloud Applications – SAFE™ System

System Agent Customer Merchant GSM/3G Network

Internet

Network Browser Access Customer SMS GPRS

(9)

9

Portal Station

User

Portal Security Server

Web Server

Mail / Web Portal

Doc Web Mail Web / Portal Server VPN Internet Proxy Server PEP Server

M.Sc. Projects

GSM/CDMA Network

Customer WalletSAFE

Group 2: Secure Cloud Applications (Ghafoor)

Bibesh:

Secure Cloud Client based on Smart Cards

Daniel:

Secure E–mail and Secure Web in a Cloud Environment

Natan

: Secure Files/Documents Sharing System in a Cloud Environment

(

Ikram

: Secure SEPA Web and Smart Card Clients)

(10)

10

Hierarchical SEPA Security System

Bank SEPA Server

Bank Interface

Admin Web Info

DB X-Bank Interface Admin Info BIC DB Nat SEPA Admin Station SEPA Admin Security Card

Bank SEPA Server

Bank Interface

Admin Web Info

DB

Nat X-BIC

X-Bank Transactions

National SEPA Server

X-Bank Transactions

(11)

11

Portal Security Server

Web Server

SEPA Cloud and Portals

VPN Proxy Server PEP Server Portal Admin Station Portal Admin

Bank SEPA Server

Bank Interface

Admin Web Info

DB

Portal Security Server

Web Server VPN Proxy Server PEP Server

Bank SEPA Server

Bank Interface

Admin Web Info

DB

Cloud Admin Station

Cloud Security

Admin Cloud Sec Server

Portal Admin Station

Portal Admin

SEPA Cloud Server

(Home Page)

SEPA Portal Server

(Home Page)

(12)

12

Portal Security Server

Web Server

SEPA Clients – Mobile, Web and Smart Cards

VPN

Proxy Server

PEP Server

Bank SEPA Server

Bank Interface

Admin Web Info

DB

Portal Security Server

Web Server VPN Proxy Server PEP Server

Bank SEPA Server

Bank Interface

Admin Web Info

DB SEPA Web Wallet SEPA Customer Cloud Sec Server SEPA Customer SEPA Mobile Wallet SEPA Merchant SEPA SC Wallet SEPA Mobile Merchant SEPA POS Device SEPA SC Wallet

(13)

13

SEPA Mobile Wallet

(14)

14

SEPA Payment Card

S

(15)

15

SAFE / SEPA / PIV Card and Mobile Phone

S

So

ollees

s M

Mo

ov

viill

(16)

16

M.Sc. Projects

Portal Security Server

Web Server VPN Proxy Server PEP Server

Bank SEPA Server

Bank Interface

Admin Web Info

DB SEPA Web Wallet SEPA Customer Cloud Sec Server SEPA Customer SEPA Mobile Wallet SEPA Merchant SEPA SC Wallet SEPA Mobile Merchant SEPA POS Device SEPA SC Wallet

Group 3: Secure Financial Transactions (Feng)

Salman

: Secure SEPA Financial Servers

Hafiz

:

Secure SEPA Cloud and Portals Web Servers

Ikram

: Secure SEPA Web and Smart Card Clients

Mohammad

: Secure SEPA Mobile Clients

(17)

17

Secure Messages for Mobile Applications

SMS

SAFE Gateway

Server SAFE Bank Server

Bank IT Server

GSM

Network

Clear Clear

Protected (RSA) SAFE Server – to – Bank Protected (RSA)

Thin / USSD Wallet

Protected (AES) Wallet – to – Bank (AES – Shared key) Protected (AES)

Thick Wallet

(18)

18

Trusted Stack

microSD

Card SIM/UICC Chip Secure Mobile Applications Security Middleware

Applets Smart Cards Comm

Switch Service Switch

Service Provider

3G/GPRS

Network

Internet

Network

Cloud

Applets

Chip (SE)

Applets

Middleware

M–Appl

Communications

Switches

Services

Trusted Stack

1 1 2 2 3 2 3 4 4 5 5 6 7 6 7

(19)

19

(20)

20

M.Sc. Projects

!

Protected (RSA) Phone– to – Server (RSA – Certificates) Protected (RSA)

Comm

Switch Service Switch

Service Provider

3G/GPRS

Network

TSM

SEPA POS Device

OTA

NFC

Group 4: Secure Mobile Transactions (Hao)

Dana:

Security OTA Provisioning of Mobile Applications

Girmay

: Security of Mobile Applications based on Smart Cards

Majid

: Security Services for Mobile Applications

Hao

: (Ph.D.) Security Aspects for UICC Modules and Applications

(21)

21

Secure Mobile POS Applications

SAFE Payments Server Mobile Accounts DB Customer Merchant SAFE Communication Server

SAFE™ System

1 PoS Device Payments Server

2 3 4 Receipt NFC Wi-Fi 4 5 5 6 7

(22)

22

(23)

23

Secure Mobile Commerce Applications

Internet

Network GSM/CDMA Network Events DB SAFE Gateway Server SAFE Tickets Server Tickets DB SAFE Payments Server

SAFE System

Accounts DB Ticketing Server Ticketing Station Admin Customer Customer

1 Theater enters ticket into in the system Customer searches for tickets

Customer orders tickets Customer pays tickets 2 3 4

Messages:

1 1 2 3 4 Ticketing Web Server

(24)

24

M.Sc. Projects

Group 5: Secure Mobile Applications (Aron)

Kazi:

Security Mobile POS System

Zepu

: Security Mobile System for Motor Vehicles

Sabina

: Secure Healthcare Applications for Mobile Devices

Aron

: (Ph.D.) Security System for m–Commerce Environments

Ioannis: (Ph.D.)

Privacy and Protection of Citizens in Mobile Environments

(25)

25

Sky and Clouds – Home Pages

Banner

Dimensions and Sizes

218 x 88

560 x 88

218 x 88

Security Administration

(26)

26

Sky and Clouds – Home Pages

Sky / Cloud

Logo

Sky / Clouds Portal Banner

Promotion Area

Information Area

Selection of Applications – Users

Cloud

Providers

SEPA

SAFE

Applications

Healthcare

Web Design Tool

: CMS Made Easy

Security Administration

News, Info, Documents

(27)

27

Portals – Home Pages

Portal

Logo

Provider’s Portal

Forms Area

Display Area

Security Administration – Administrators

Group 1 Group 2 Group 3 Group 4 Function 1.1 Function 1.2 Function 1.3 Function 1.4

Identities

Certificates

Smart Cards

Authentication

Authorization

Security Administration News, Info, Documents

Platforms

(28)

28

Web Services Team

Web Services Group: Secure Web Services

Hafiz

:

Secure SEPA Cloud and Portals Web Services – Template

Sanjaya

: Web services for OpenStack Administrators

Arunendra

: Web services for Security Providers Administrators

Davit

: Web services for Security Providers Administrators

Natan, Daniel:

Web services for Secure Applications Administrators and Users

Salman

: Web services for SEPA Financial Servers Administrators

Ikram

: Web services for SEPA Web Users

(29)

29

SecLab Security Architecture

Central / Shared Security Provider

SAML / PDP Server Auth Server IDMS Server Server CA Admin Station Broker and SSP Admin Web Server

Portal Security Server

PEP Server SSP Admin Cloud Admin Appl’s Admin User SSP Admin

MLA Cloud Platform

Cloud Admin/Users Web Server

MLA Cloud Security Server

PEP Server Cloud Admin/Users

Web Server

HA Cloud Security Server

PEP Server HA Cloud Platform Virtual Servers Enterprise Admin 130.237.20.77 130.237.215.17 130.237.215.16 130.237.215.18 130.237.215.216 130.237.215.216 Virtual Servers Doc Web Mail SAFE SEPA Doc Web Mail SAFE SEPA Cloud Admin

(30)

30

Sec Broker HP: Selection of User Applications and Sec Admin

130.237.215.216 (Portal for Central Security Server)

Cloud Secure E-mail Cloud Secure Web

Cloud Secure Documents Cloud Secure Banking Cloud Secure Mobile

User

Enterprise Admin

Flash Area

Home Architecture Security Applications

Create Cloud Server

List of standard configurations (Configure, calculate, create) Link to Secure or Public Cloud Secure Applications

Appl’s Admin

(31)

31

Sec Broker: Create Cloud Computer

130.237.215.216 (Portal for Central Security Server)

Create Cloud Server

Create Cancel

SERVER TYPE Memory Clock Disk Network OS Price –––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––--––––––– [ ] Small 2GB [ ___] 2MHz [___] 100GB [___] 10Mb/sec [___] Win 2008 [___] $ 100 [ ] Medium 3GB [ ___] 3MHz [___] 200GB [___] 20Mb/sec [___] Win 2008 [___] $ 200 [ ] Large 4GB [ ___] 4MHz [___] 400GB [___] 50Mb/sec [___] Win 2008 [___] $ 300 [ ] Super 16GB [ ___] 8MHz [___] 1TB [___] 100Mb/sec [___] Win 2008 [___] $ 500 [ ] High Assurance Security [ ] Medium Assurance Security [ ] Low Assurance Security (PIV Smart Cards) (Software Certificates) (Password)

Enterprise Admin

(32)

32

Cloud Servers Administration HP

C

Cllo

ou

ud

d S

Seerrv

veerrs

s A

Ad

dm

miin

niis

sttrra

attiio

on

n

Enterprise Admin

Appl’s Admin

Secure Applications

Secure Cloud Servers (List all Virtual Servers created by “Create Cloud Server” and select one to administer it)

130.237.215.216 (Portal for Central Security Server)

(List all Virtual Servers created by

“Create Cloud Server” and select one. Then list all applications on that server. Select one to administer it)

After selecting Virtual Server (by Enterprise Admin) or Secure Application (by Applications Admin)

the system will transfer Ent Admin or Appl Admin to the Servers Admin HP or Application Admin HP located on Portals for HA Cloud (20.77) or for MLA Cloud (16). These HP are missing, must be created by Sanjaya and Appl Developers.

(33)

33

Sec Admin HP: Sec Providers Admin and Selection of Clouds

Identities Provider PKI/Certificates PIV Smart Cards PIV Authentication PIV Authorization

S

Seeccu

urriitty

y P

Prro

ov

viid

deerrs

s A

Ad

dm

miin

niis

sttrra

attiio

on

n

SecLab Cloud

SecLab Cloud

SSP Admin

Secure Cloud Admin Home Page (20.77)

Public Cloud Admin Home Page (16) 130.237.215.216/SecAdmin (Portal for Central Security

Server) Security Providers Secure Clouds Public Clouds Cloud Admin

(34)

34

Secure Cloud Admin HP

End-point Services Images

Tenants and users Monitoring (Log) Networking / Firewall Certificates

S

Seeccu

urree C

Cllo

ou

ud

d A

Ad

dm

miin

niis

sttrra

attiio

on

n

130.237.20.77/SecAdmin (Portal for Secure Cloud)

Cloud Admin

(35)

35

Public Cloud Admin HP

P

Pu

ub

blliicc C

Cllo

ou

ud

d A

Ad

dm

miin

niis

sttrra

attiio

on

n

130.237.215.16/SecAdmin (Portal for Public Cloud)

Cloud Admin

Public Platform End-point Services Images

Tenants and users Monitoring (Log) Networking / Firewall Certificates

Cloud Admin

(36)

36

Cloud Secure E-Mail Application

130.237.215.17/Secure_EMail (Secure Cloud)

Inbox Outbox Drafts Junk Trash User Secure E-mail Admin

(37)

37

37

Prof. Sead Muftic

Lecture 12:

M.Sc. Project Overview

Security for Cloud and Mobile Environments

References

Download now ( PDF - 37 Page - 1.69 MB )

Related documents

Prepared by. Shubhashis Gangopadhyay 1. and. Dale Whittington 2. October 30, 2011

Specific Comments on the Masters Programme in Finance   

Star Wars Longfield

and BANTHA MUSIC This arrangement © 2016 WARNER-TAMERLANE PUBLISHING CORP. and

107073949 NET313 Floorplan Manager for Web Dynpro

The data interface is the context of a special custom controller (configuration controller) that is instantiated even before the component controller of the related Web Dynpro

Load Balancing Oracle Web Applications. An Oracle White Paper November 2004

DIAGRAMS Diagram 1 Architecture Overview https://myappserver.domain.com:443 DATABASE SERVER mydbserver.domain.com Database Node APPLICATION SERVER myappserver.domain.com Admin

Species Richness and Habitat Preferences of Herpetofauna in Gunung Halimun National Park, West Java*[kekayaan Jenis Dan Preferensi Habitat Herpetofauna Di Taman Nasional Gunung Halimun]

The Forest Group clustered as two groups; the first group included the sites that rain forest located at altitude between 1000-1300 meters asl (Citalahab, Cikaniki and Cibunar); and

Comparative Analysis of Sharekhan and Other Stock Broker Companies-project final

This clearly reveals that the growth in the dematerialization process was not keeping pace with the growth in the total turn over of shares in the Indian capital

Windows Server 2008 Windows Server 2008

[r]

CA IDMS Server. User Guide. r17

TCP/IP provides direct connection between a client system using the JDBC type 4 driver and CA IDMS r16 SP2 or later, or using the ODBC wire protocol driver and CA IDMS r17 or