Hwang Cloud

download Hwang Cloud

If you can't read please download the document

  • date post

    12-Mar-2015
  • Category

    Documents

  • view

    203
  • download

    5

Embed Size (px)

Transcript of Hwang Cloud

Security, Privacy, and Data Protection for Trusted Cloud ComputingProf. Kai Hwang, University of Southern CaliforniaKeynote Address, International Conference on Parallel and Distributed Computing and Systems (PDCS 2010), Marina Del Rey, CA. Nov. 8, 2010

Nov.8, 2010

Cloud Platforms over Datacenters Cloud Infrastructure and Services Reputation-based Trust Management Data Coloring and Software Watermarking Cloud Support of The Internet of Things

Kai Hwang, USC

1

Handy Tools We Use over the Evolutional Periods In History

Is it safe to play with your computer, when you are naked and vulnerable ?Nov.8, 2010Kai Hwang, USC 2

Top 10 Technologies for 2010

Nov.8, 2010

Kai Hwang, USC

3

Web 2.0, Clouds, and Internet of ThingsHPC: HighPerformance Computing

HTC: HighThroughput Computing

P2P:Peer to Peer

MPP:Massively Parallel Source: K. Hwang, G. Fox, and J. Dongarra, Processors

Distributed Systems and Cloud Computing,Morgan Kaufmann, 2011 (in press to appear) Nov.8, 2010Kai Hwang, USC

4

Public, Private and Hybrid Clouds

Source: Distributed Systems and Cloud Computing, [2] Nov.8, 2010Kai Hwang, USC 5

Cloud Computing as A Service[9]

Nov.8, 2010

Kai Hwang, USC

6

Cloud Providers, Services and Security Measures

Kai Hwang and Deyi Li, Trusted Cloud Computing with Secure Resources and Data Coloring, IEEE Internet Computing, Sept. 2010Nov.8, 2010Kai Hwang, USC 7

Amazon Virtual Private Cloud VPC (http://aws.amazon.com/vpc/ )

Nov.8, 2010

Kai Hwang, USC

8

vSphere 4 : An OS for Cloud Platform

Nov.8, 2010

Kai Hwang, USC

9

Cloud Services StackApplication Cloud Services Platform Cloud Services Compute & Storage Cloud Services Co-Location Cloud Services Network Cloud ServicesNov.8, 2010Kai Hwang, USC 10

Top 8 Cloud Computing Companies

Nov.8, 2010

Kai Hwang, USC

11

Marc Benioff, Founder of Salesforce.com1986 graduated from USC 1999 started salesforce.com 2003-05 appointed chairman of US Presidential IT Advisory Committee 2009 announced Force.com platform for cloud business computing

A SaaS and PaaS Cloud ProviderNov.8, 2010Kai Hwang, USC 12

Ex ' ! X

Security and Trust Crisisin Cloud Computing Protecting datacenters must first secure cloud resources and uphold user privacy and data integrity. Trust overlay networks could be applied to build reputation systems for establishing the trust among interactive datacenters. A watermarking technique is suggested to protect shared data objects and massively distributed software modules. These techniques safeguard user authentication and tighten the data access-control in public clouds. The new approach could be more cost-effective than using the traditional encryption and firewalls to secure the clouds.Nov.8, 2010Kai Hwang, USC 13 13

Trusted Zones for VM InsulationIdentity federation

Federate identities with public cloudsAPP OS APP OS

Insulate infrastructure from Malware, Trojans and cybercriminalsTenant #2

Anti-malware Cybercrime intelligence Strong authentication

Virtual network security

Control and isolate VM in the virtual infrastructure

Virtual Infrastructure

APP

APP OS

OS

Tenant #1

Insulate information from other tenants Insulate information from cloud providers employees

Data loss prevention

Virtual Infrastructure

Access Mgmt

Segregate and control user access

Encryption & key mgmt Tokenization

Cloud ProviderPhysical Infrastructure Physical Infrastructure Security Info. & Event Mgmt Nov.8, 2010

Enable end to end view of security events and Kai Hwang, USC compliance across infrastructures

GRC

14

Data Security and Copyright Protection in A Trusted Cloud Platform

Source: Reference [3, 4] Nov.8, 2010 2009 March 11,Kai Hwang, USC Prof. Kai Hwang, USC 15

Security Protection Mechanisms for Public CloudsMechanismTrust delegation and Negotiation Worm containment and DDoS Defense Reputation System Over Resource Sites Fine-grain access control Collusive Piracy preventionNov.8, 2010

Brief DescriptionCross certificates must be used to delegate trust across different PKI domains. Trust negotiation among different CSPs demands resolution of policy conflicts. Internet worm containment and distributed defense against DDoS attacks are necessary to secure all datacenters and cloud platforms . Reputation system could be built with P2P technology. One can build a hierarchy of reputation systems from datacenters to distributed file systems . This refers to fine-grain access control at the file or object level. This adds up the security protection beyond firewalls and intrusion detection systems . Piracy prevention achieved with peer collusion detection and content poisoning techniques .Kai Hwang, USC 16 16

Cloud Service Models and Their Security Demands

Cloud computing will not be accepted by common users unless the trust and dependability issues are resolved satisfactorily [1].Nov.8, 2010Kai Hwang, USC 17

Trust Management for Protecting Cloud Resources and Safeguard Datacenter Operations [3]

Nov.8, 2010

Kai Hwang, USC

Source: [4]

18

PowerTrust Built over A Trust Overlay NetworkGlobal Reputation Scores V v1 Initial Reputation Aggregation Regular Random Walk v2 v3... ... ... ...

vn Power Nodes Distributed Ranking Module

Reputation Updating Look-ahead Random Walk Local Trust Scores

Trust Overlay Network

R. Zhou and K. Hwang, PowerTrust : A scalable and robust reputation system for structured P2P networks, IEEE-TPDS, May 2007Nov.8, 201019

Kai Hwang, USC

Distributed Defense against DDoS Attacks over Multiple Network Domains(Chen, Hwang, and Ku, IEEE Trans. on Parallel and Distributed Systems, Dec. 2007 )Nov.8, 201020

Kai Hwang, USC

Data Coloring via Watermarking

Nov.8, 2010

Kai Hwang, USC

21

Color Matching To Authenticate DataOwners and Cloud Service Providers

Nov.8, 2010

Kai Hwang, USC

22

The Internet of Things Smart Earth:Internet of Things (IOT)

Smart Earth

An IBM Dream

Nov.8, 2010

Kai Hwang, USC

23

Opportunities of IOT in 3 Dimensions

Nov.8, 2010

Kai Hwang, USC

24

Architecture of The Internet of ThingsApplication Layer Merchandise Tracking Environment Protection Intelligent Search Telemedicine Intelligent Traffic Smart Home

Cloud Computing Platform

Network Layer

Mobile Telecom Network

The Internet

Information Network

RFID Sensing Layer RFID Label

Sensor Network

GPS

Sensor Nodes

Road Mapper

Nov.8, 2010

Kai Hwang, USC

25

Supply Chain Managementsupported by the Internet of Things.( http://www.igd.com)

Nov.8, 2010

Kai Hwang, USC

26

Smart Power Grid

Nov.8, 2010

Kai Hwang, USC

27

Mobility Support and Security Measures for Mobile Cloud ComputingCloud Service Models Infrastructure Cloud (The IaaS Model) Platform Cloud (The PaaS Model)

Mobility Support and Data Protection Methods Special air interfaces Mobile API design File/Log access control Data coloring Wireless PKI , User authentication, Copyright protection Disaster recovery

Hardware and Software Measures for Cloud Security Hardware/software root of trust, Provisioning of virtual machines, Software watermarking Host-based firewalls and IDS Network-based firewalls and IDS Trust overlay network Reputation system OS patch management

Nov.8, 2010

Kai Hwang, USC

28

Service-Oriented Cloud of Clouds (Intercloud or Mashup)Raw DataAnother GridSSS S

DataS S

InformationS S fs fsFil er Service

KnowledgeAnother GridS S

Wisdom

Decisions

SS

Filter Cloudfs

fs fs

fs fs

Discovery Cloud Filter Cloud

Another S ervice SSSS SS

fsFil er Service

fs fs

fs fs

Filter loudfs

fsFil er Service

fs fs fs

Discovery Cloud

fsfs fs

fsFil er Service

fs fs

SS

Filter loud

fs

Filter CloudS S

Filter loud

Traditional Grid with exposed services

n o th er rid

SS

S S

S S

S S

S S

S S

S S

S S

S S

S S

a ta a se

Compute Cloud

S torage Cloud

S e n so r o r a ta In te r c h a n g e S e r v ic e

Cloud of clouds -- from Raw Data to Wisdom. SS = Sensor service, fs = filter servicesNov.8, 2010Kai Hwang, USC 29

Conclusions:Computing clouds are changing the whole IT , service industry, and global economy. Clearly, cloud computing demands ubiquity, efficiency, security, and trustworthiness. Cloud computing has become a common practice in business, government, education, and entertainment leveraging 50 millions of servers globally installed at thousands of datacenters today.

Private clouds will become widespread in addition to using a fewpublic clouds, that are under heavy competition among Google, MS, Amazon, Intel, EMC, IBM, SGI, VMWare, Saleforce.com, etc.

Effective trust management, guaranteed security, user privacy,data integrity, mobility support, and copyright protection are crucial to the universal acceptance of cloud as a ubiquitous service.

Nov.8, 2010

Kai Hwang, USC

30

SGI Cyclone HPC