• No results found

Security in Changing IT Ecosystem: Virtualization and Cloud Computing

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Security in Changing IT Ecosystem: Virtualization and Cloud Computing"

Copied!
17
0
0

Loading.... (view fulltext now)

Download now ( 17 Page )

Full text

(1)

Security in Changing IT Ecosystem:

Virtualization and Cloud Computing

Dr. Dhiren Patel

Indian Institute of Technology Gandhinagar, India [email protected]

(2)

Cloud Computing

World is further shrinking!!!

• a large-scale distributed computing

paradigm

• a pool of managed computing power,

storage, and services <abstracted, virtualized, dynamically-scalable>

• provisioning of services - dynamically

configured and delivered on demand

(3)

Services

• purchase services in the form of • Infrastructure-as-a-Service (IaaS), • Platform-as-a-Service (PaaS),

• Software-as-a-Service (SaaS), • IT-as-a-Service (ITaaS),

• and sell value-added services (on "utility" basis) to

other users

• Cloud clients will be able to add more capacity at

(4)

Computational and Sociological

implications

• Delocalizing hardware and software resources • Usage-based pricing model

• Build-Once-Run-Anywhere • e.g. Google Apps

• a developer tool that enables you to run your web

applications on Google's infrastructure

• allow startups to use Google's web servers, APIs, and other

developer tools to build a web app on top of

• the pay-as-you-go pricing allows businesses on both ends of

the spectrum to enjoy the "full service"

• Benefiting - Governments, Institutes, SMB, large Industry - to

(5)

Cloud – from where?….

• The cloud is no longer an ‘if’ but a ‘when’ and the when is

actually now!!!

• Amazon – S3, EC, SimpleDB • Google – GAE

• Microsoft – Azure • IBM – Blue cloud

• VMware vCloud Express • Cisco - WebEx

• Salesforce Force.com platform, Bungee Labs, Keroku,

Rackspace, Kaavo’s IMOD, Go grid Morfik's Ajax platform etc….

(6)
(7)

Challenges

• Network boundaries are disappearing!! There are no

perimeters for defining an insider

• operational stability and security of critical

information infrastructure

• higher level interoperability desires of services, to

security provisions in Cloud

• CC shifts control over data and operations - how to

ensure the confidentiality, integrity, and availability of information?

• Security processes, once visible, are now hidden

(8)

Over lapping - Distributed, Cluster,

Grid and Cloud Computing Scope

(9)

Specific Challenges

• Why would a startup want to hand over that much

control and dependence to a big Internet company?

• Having a web app built and deployed with a specific

provide makes it much easier for that provider to eventually acquire that web app!!!!!!??????

• Paradigm shift - develop business processes in

software, without having a clue about the processes themselves !!!!

• obvious influence of national policies, agencies and

(10)

Provider/Consumer Goals/Challenges

• the unpredictability of • consumer demand,

• software and hardware failures, • heterogeneity of services,

• power management, and

• conflicting signed Service Level Agreements (SLAs)

between consumers and service providers

• Overestimating the provision of resources would lead

(11)

Needs - Challenges

• The desire to continually load balance and optimize

for

• performance, energy, availability,

• and other SLA-level goals that customers pay

attention to,

• the problem becomes further complicated, creating

more opportunities for misconfiguration and malicious conduct.

• This calls for highly automated end-to-end security

with a heavier emphasis on strong isolation, integrity and resiliency

(12)

Solution Directives

• considerable assurances that services are highly

reliable and available, as well as secure and safe, and that privacy is protected

• (i) encryption schema to ensure that the shared

storage environment safeguards all data;

• (ii) stringent access controls to prevent unauthorized

access to the data; and

• (iii) scheduled data backup and safe storage of the

(13)

Trusted Computing Initiative and TPM

adoption

TCI – important five components

the specific chip,

a `curtained memory' feature in the CPU,

a security kernel in the operating system,

a security kernel in each TC application

a back-end infrastructure of online security

(14)

Combined Efforts

• legal issues arise, such as e-discovery, regulatory compliance

(including privacy), and auditing

• commit to storing and processing data in specific jurisdictions • obey local privacy requirements on behalf of the customer • national security concerns

• support to SAML (Security Assertion Markup Language) • single sign-on - access to multiple Grid sites

• Privileged user access

• Authentication <multi factor> and Authorization – RBAC

(15)

Solution Directives

• Novel network addressing to virtual machine mechanics and instances

Data centric security

• instead of protecting the containers [servers] in which the data lie, you

focus on the data itself

Location specific encryption/decryption

Granular control and security ownership

Cooperation between competing service

(16)

Concluding Remarks

• Cloud is very promising phenomenon

• Building implicit level of trust as well as an explicit

level of vigilance to ensure success

• Security in an organization performs the same

function as a brake for the automobile. Though it

acts to stop the car, in reality it enables the car to go much faster!!

• When it comes to security innovation, don’t ask why

(17)

Thank you

For your Time and Attention

Dr. Dhiren Patel

Professor of CSE – IIT GN

[email protected]

References

Download now ( PDF - 17 Page - 432.41 KB )

Related documents

Delayed effects from past high-level exposures in a fishing community: Type 2 diabetes in septuagenarians

Beta-cell stress Insulin insensitivity ↓ Insulin secretion ↑ Insulin demand T2D Obesity Environmental sources?. Complex pathogenesis of type 2

Honor Science and Technical Writing - Online

11-12.RL.1 Cite strong and thorough textual evidence to support analysis of what the text says explicitly as well as inferences drawn from the text, including determining where

Fraud Detection Module Advanced: Checklist

In the risk evaluation details page, you can compare the transaction to transactions that have been registered with the same card number, BIN, IP address, email

Complaints Policy. Version: 1. Approved by group/committee and Date: Quality and Governance Committee September 2014

11.1 The Trust is committed to learning from concerns and complaints in order to improve patient and staff safety and experience and to ensure that patients receive

Missouri. onservationist SERVING NATURE & YOU VOLUME 71, ISSUE 8, AUGUST 2010

The area constitutes the largest continuous stretch of forest north of the Missouri River in the state and is sanctuary to a unique wildlife population that includes deer,

On the Development of Private School, Gaku Juku in Early Edo Period related to China and Korea──Concerning with Seika Fujiwara, Gang Hang, Sekigo Matsunaga, Kyoan Hori, Razan Hayashi, and Gaho Hayashi

その他のタイトル On the Development of Private School, Gaku Juku in Early Edo Period related to China and Korea──Concerning with Seika Fujiwara, Gang Hang, Sekigo Matsunaga,

Semi-automated estimation of the local flood depth on SAR images

The set of genes (blue lines consisting of yellow pixels in Figure 2-a) is generated inside the building footprint (Red rectangle in Figure 2-a) using the DDA (Digital

The role of community leadership in the development of grassroots innovations

While both cases show that networking also built capacity for the projects, as niche literature suggests (e.g. Geels and Deuten, 2006; Hargreaves et al., 2013; Raven et al.,