sac pa cloud security balaji palanisamy
play

SAC-PA: Cloud Security Balaji Palanisamy School of Information - PowerPoint PPT Presentation

Jul 01, 2023 •361 likes •677 views

SAC-PA: Cloud Security Balaji Palanisamy School of Information Sciences University of Pittsburgh bpalan@pitt.edu 1 Cloud computing Benefits For clients: No upfront commitment in buying/leasing hardware Can scale usage according to

  1. SAC-PA: Cloud Security Balaji Palanisamy School of Information Sciences University of Pittsburgh bpalan@pitt.edu 1

  2. Cloud computing Benefits For clients: ◦ No upfront commitment in buying/leasing hardware ◦ Can scale usage according to demand ◦ Barriers to entry lowered for startups For providers: ◦ Increased utilization of datacenter resources minimizes cost 2

  3. So, if cloud computing is so great, why aren’t everyone doing it? Clouds are still subject to traditional data confidentiality, integrity, availability, and privacy issues, plus some additional attacks 3

  4. AWS Security Advice 7.2. Security. We strive to keep Your Content secure, but cannot guarantee that we will be successful at doing so, given the nature of the Internet. Accordingly, without limitation to Section 4.3 above and Section 11.5 below, you acknowledge that you bear sole responsibility for adequate security, protection and backup of Your Content. We strongly encourage you, where available and appropriate, to use encryption technology to protect Your Content from unauthorized access and to routinely archive Your Content. We will have no liability to you for any unauthorized access or use, corruption, deletion, destruction or loss of any of Your Content. Source: http://aws-portal.amazon.com/gp/aws/developer/terms-and-conditions.html 4

  5. Example: Online Course Database Stude nt Student Nam GP Addr CreditCard … Id e A Cours e Course Nam InstrId … Id e StudentCo urse Course Student Grad … Id Id e 5

  6. Encryption and DbaaS: Functionality SELECT * FROM courses WHERE StudentId = 1234 Client App 6

  7. Encryption and DbaaS: Functionality Encrypted SELECT * FROM courses WHERE StudentId = 1234 Client App [HIL+02] SIGMOD Test of Time Award 7

  8. Deterministic Encryption Scheme Key: 000102030405060708090a0b0c0d0e0f Plaintext Ciphertext a7be1a6997ad739bd8c9ca451f618b61 The quick brown fox jumps Encr b6ff744ed2c2c9bf6c590cbf0469bf41 over the lazy dog 47f7f7bc95353e03f96c32bcfd8058df Ciphertext Plaintext a7be1a6997ad739bd8c9ca451f618b61 The quick brown fox jumps Decr b6ff744ed2c2c9bf6c590cbf0469bf41 over the lazy dog 47f7f7bc95353e03f96c32bcfd8058df Key: 000102030405060708090a0b0c0d0e0f Crypto Textbook: [KL 07] 8

  9. Nondeterministic Encryption Scheme Key: 000102030405060708090a0b0c0d0e0f a7be1a6997ad739bd8c9ca451f618b61 The quick brown fox jumps Encr b6ff744ed2c2c9bf6c590cbf0469bf41 over the lazy dog 47f7f7bc95353e03f96c32bcfd8058df 000102030405060708090a0b0c0d0e0f fa636a2825b339c940668a3157244d17 The quick brown fox jumps Encr 247240236966b3fa6ed2753288425b6c over the lazy dog 69c4e0d86a7b0430d8cdb78070b4c55a Example: AES + CBC + variable IV 9

  10. Deterministic Encryption select * from assignment where studentid = 1 StudentId St As AssignI Sc Scor d e 1 68 1 2 71 1 4 99 3 … … … 10

  11. Deterministic Encryption select * from assignment where studentid_det = bd6e7c3df2b5779e0b61216e8b10b689 StudentId_D St _DET As AssignId Sc Score 1 68 bd6e7c3df2b5779e0b61216e8b10b 689 2 71 bd6e7c3df2b5779e0b61216e8b10b 689 4 99 7ad5fda789ef4e272bca100b3d9ff 59f … … … 11

  12. Homomorphic Encryption 7ad5fda789ef4e272bca100 b3d9ff59f 7a9f102789d5f50b2beffd9f3dca4ea7 bd6e7c3df2b5779e0b61216 e8b10b689 Encryption key is not an input 12

  13. Order Preserving Encryption Value Enc (Value) 1 0x0001102789d5f50b2beffd9f3dca4 ea7 2 0x0065fda789ef4e272bcf102787a93 903 3 0x009b5708e13665a7de14d3d824ca9 f15 4 0x04e062ff507458f9be50497656ed6 54c 5 0x08db34fb1f807678d3f833c2194a7 59e [BCN11, PLZ13] 13

  14. Order-Preserving Encryption select * from assignment where score >= 90 St Studen As Assig Sc Score tI tId nI nId 1 1 68 2 1 71 4 3 99 … … … 14

  15. Order-Preserving Encryption select * from assignment where score_OPE >= 0x04e062ff507458f9be50497656ed654c Studen St As Assig Sc Score_O _OPE tI tId nI nId 1 1 0x0065fda789ef4e272bcf1027 87a93903 2 1 0x009b5708e13665a7de14d3d8 24ca9f15 4 3 0x08db34fb1f807678d3f833c2 194a759e … … … 15

  16. Homomorphic Encryption Schemes (Any function) Fully Homomorphic Encryption [G09, G10] Order-Preserving Encryption [BCN11, PLZ13] Paillier ElGamal Cryptosystem Cryptosystem [E84] [P99] Deterministic Encryption Non-Deterministic Encryption 16

  17. Homomorphic Encryption Schemes (Any function) Fully Homomorphic Encryption [G09, G10] Partial Homomorphic Encryption Order-Preserving Encryption [BCN11, PLZ13] Paillier ElGamal Cryptosystem Cryptosystem [E84] [P99] Deterministic Encryption Non-Deterministic Encryption 17

  18. Homomorphic Encryption Schemes (Any function) Fully Homomorphic Encryption [G09, G10] Partial Homomorphic Encryption Order-Preserving Encryption [BCN11, PLZ13] Paillier ElGamal Cryptosystem Cryptosystem [E84] [P99] Deterministic Encryption Non-Deterministic Encryption 18

  19. Homomorphic Encryption Schemes: Performance Space for 1 Time for 1 Scheme integer (bits) operation Fully Cosmic time Homomorphic scales Encryption Paillier ms ElGamal Deterministic Order- s preserving 19

  20. Trusted Client Architecture Client Query Server Query Fragment Fragment DBMS Shell DBMS Encrypted Data Key Plaintext Plaintext Results Query Client App — Distributed query processing between untrusted DBMS and client-end DBMS shell

  21. CryptDB Architecture Client App PlainText PlainText Query Results DBMS + Rewritten Web UDFs Query Proxy Key Encrypted Data — Web proxy rewrites queries, decrypts result — Leverage P.H.E techniques [PRZ+11]

  22. Secure In-Cloud Compute Architecture Untrusted Query Fragment Query Translation DBMS Encrypted Data & Splitting Encrypted Data Plaintext Plaintext Results Query Trusted Client Compute App Key Trusted Query Fragment — Distributed query processing between untrusted DBMS and trusted cloud compute — Solutions differ in granularity of integration

  23. Secure Processors — TrustedDB ◦ Trusted compute is a full DBMS IBM Secure Co-processor Key Embedded Linux & SQL Lite Query Client Cloud Stora App DBMS ge Results [BS11]

  24. TrustedDB Hybrid Example [BS11] 24

  25. Partioned Computing — Hybrid Clouds ◦ Public cloud for non-sensitive data ◦ Private cloud for sensitive data ◦ Data and compute shipped between them — Example Hybrid Cloud architectures ◦ SEDIC (CCS 2011) ◦ SEMROD (SIGMOD 2015) ◦ VNCACHE (CCGrid 2014) 25

  26. Loss of Control: Data Lives Forever Sensitive Ann Carla email ISP This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. Sensitive Sensitive Sensitive Sensitive Senstive Senstive Senstive Senstive Sensitive Sensitive Sensitive Sensitive How can Ann delete her sensitive email? — She doesn ’ t know where all the copies are — Services may retain data for long after user tries to delete 26

  27. Archived Copies Can Resurface Years Later Ann Carla ISP Sensitive Sensitive Sensitive Sensitive Senstive Senstive Senstive Senstive This is sensitive stuff. Sensitive Sensitive Sensitive Sensitive This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. Some time later… Retroactive attack This is sensitive stuff. This is sensitive stuff. on archived data This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. This is sensitive stuff. 27

  28. Vanish Peer-T o-Peer Protocol (OSDI’06) n A system composed of individually-owned computers that make a portion of their resources available directly to their peers without intermediary managed hosts or servers. [~wikipedia] Important P2P properties (for Vanish): n Huge scale – millions of nodes n Geographic distribution – hundreds of countries n Decentralization – individually-owned, no single point of trust n Constant evolution – nodes constantly join and leave 28

  29. Timed-release of Self-emerging Data (ICDCS’17, CLOUD’17) Timed release of self emerging data: • securely hide the protected data from being accessed prior to the release time. • automatic appearance of the stored data at the predetermined release timer time. generated released Available Securely for receivers protected Use cases: non-releasable private data may become releasable due to the degradation of • time-varying data privacy. time-sensitive online events: secure voting mechanism, online examination. •

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security risks. Attacks in a cloud environment, top threats. Security, a major concern for cloud users. Privacy. Trust. Operating systems

661 views • 38 slides
CloudEx:)A)Financial)Application)in)the)Cloud Balaji)Prabhakar CS)349F)Lec 6@II

CloudEx:)A)Financial)Application)in)the)Cloud Balaji)Prabhakar CS)349F)Lec 6@II

CloudEx:)A)Financial)Application)in)the)Cloud Balaji)Prabhakar CS)349F)Lec 6@II Accurate(Timing(is(Foundational(for(the(Financial(Industry Exchanges)and) Trading)Platforms Ensure(fairness:(in;order(execution(of(transactions (

364 views • 11 slides
Balaji Telefilms September 2018 Private and Confidential Balaji Telefilms: Delightful and

Balaji Telefilms September 2018 Private and Confidential Balaji Telefilms: Delightful and

Balaji Telefilms September 2018 Private and Confidential Balaji Telefilms: Delightful and innovative entertainment Balaji Telefilms was founded by Ekta Kapoor in 1994, who has triggered and influenced social change via her cult-like style of

263 views • 15 slides
Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the

Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the

Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the Cloud? How the Cloud is delivered: Iaas, PaaS and SaaS Cloud security challenges and risk Current Cloud security report Cloud security technology

302 views • 27 slides
Beyond ILP Hemanth M Bharathan Balaji Hemanth M & Bharathan Balaji Multiscalar Processors

Beyond ILP Hemanth M Bharathan Balaji Hemanth M & Bharathan Balaji Multiscalar Processors

Beyond ILP Hemanth M Bharathan Balaji Hemanth M & Bharathan Balaji Multiscalar Processors Gurindar S Sohi Scott E Breach T N Vijaykumar Hemanth M & Bharathan Balaji Control Flow Graph (CFG) Each node is a basic block in graph

997 views • 58 slides
Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined)

Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined)

Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined) Administrative discussions Stephen McCamant University of Minnesota Multi-Cloud Oblivious Storage Old and new topics in security Cloud threats, old and new

645 views • 8 slides
1 1.2. Guidelines for Information Security of Cloud Computing Category Main contents of measure

1 1.2. Guidelines for Information Security of Cloud Computing Category Main contents of measure

Agenda Related Polices to Cloud Computing I. Guidelines for Information Security of Cloud II. Computing Cloud Security Certification Scheme in KOREA Cloud Security Certification Program in Korea III. April. 11, 2017 Jungduk (JD) KIM, Ph.

403 views • 5 slides
Counter Braids: A novel counter architecture Balaji Prabhakar Balaji Prabhakar Stanford

Counter Braids: A novel counter architecture Balaji Prabhakar Balaji Prabhakar Stanford

Counter Braids: A novel counter architecture Balaji Prabhakar Balaji Prabhakar Stanford University Joint work with: Yi Lu, Andrea Montanari , Sarang Dharmapurikar and Abdul Kabbani Overview Counter Braids Background: current

601 views • 30 slides
Balaji Telefilms Limited Investor Presentation Balaji Telefilms Limited 1 Disclaimer Certain

Balaji Telefilms Limited Investor Presentation Balaji Telefilms Limited 1 Disclaimer Certain

Balaji Telefilms Limited Investor Presentation Balaji Telefilms Limited 1 Disclaimer Certain words and statements in this communication concerning Balaji Telefilms Limited (the Company) and its prospects, and other statements relating to

618 views • 16 slides
Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing

Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing

Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing Storage Computation High availability No maintenance Decreased Costs Elasticity & Flexibility Security and Privacy for Cloud

529 views • 36 slides
Privacy-Preserving Indexing for eHealth Information Networks Yuzhe Tang, Ting Wang, Ling Liu,

Privacy-Preserving Indexing for eHealth Information Networks Yuzhe Tang, Ting Wang, Ling Liu,

Privacy-Preserving Indexing for eHealth Information Networks Yuzhe Tang, Ting Wang, Ling Liu, Shicong Meng, and Balaji Palanisamy College of Computing, Georgia Institute of Technology Talk Overview Motivation Content Privacy issues in

963 views • 33 slides
The Cloud-y Future of Security Technologies Adam J. ODonnell, Ph.D. Director, Cloud

The Cloud-y Future of Security Technologies Adam J. ODonnell, Ph.D. Director, Cloud

The Cloud-y Future of Security Technologies Adam J. ODonnell, Ph.D. Director, Cloud Engineering Immunet, Inc. Monday, August 22, 2011 The Cloud-y Future of Security Technologies Adam J. ODonnell, Ph.D. Chief Architect, Cloud

848 views • 68 slides
Security in Cloud Computing A survey of the unique challenges and risks inherent to the Cloud

Security in Cloud Computing A survey of the unique challenges and risks inherent to the Cloud

Security in Cloud Computing A survey of the unique challenges and risks inherent to the Cloud Computing model. Presented By: Marissa Hollingsworth Overview What is Cloud Computing? Unique Security Concerns in the Cloud

556 views • 34 slides
Cloud Native Visibility and Security Chris Kranz Sysdig Secure DevOps for Cloud Native Open by

Cloud Native Visibility and Security Chris Kranz Sysdig Secure DevOps for Cloud Native Open by

Cloud Native Visibility and Security Chris Kranz Sysdig Secure DevOps for Cloud Native Open by design Ecosystem integration Strong momentum Founded by Wireshark Cloud-native security Customer expansion mirrors co-creator and

247 views • 22 slides
Migration To Cloud Why Cloud Advantages of Cloud Managed Rapid Rapid Increased Security

Migration To Cloud Why Cloud Advantages of Cloud Managed Rapid Rapid Increased Security

Migration To Cloud Why Cloud Advantages of Cloud Managed Rapid Rapid Increased Security Cap-ex Free Resilience Infrastructure Elasticity Infrastructure Flexibility Sevices 5% of organizations have migrated at least 30% 41% 52%

540 views • 11 slides
Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds Marc Lacoste

Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds Marc Lacoste

Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds Marc Lacoste Orange Labs SEC2 ComPAS15 Workshop on Cloud Security Lille, June 30, 2015 Cloud Security Today Security = key concern in cloud adoption for the

2.73k views • 33 slides
Encryption Seny Kamara Microsoft Research Mariana Raykova IBM Research Big Data The scale

Encryption Seny Kamara Microsoft Research Mariana Raykova IBM Research Big Data The scale

Parallel Homomorphic Encryption Seny Kamara Microsoft Research Mariana Raykova IBM Research Big Data The scale of data we create is growing rapidly Walmart: 2.5 petabytes of transaction data per day Jets: 10 terabytes of sensor data per

558 views • 23 slides
Results on dark matter annual modulation from ANAIS-112 experiment J. Amar, S. Cebrin, D.

Results on dark matter annual modulation from ANAIS-112 experiment J. Amar, S. Cebrin, D.

Results on dark matter annual modulation from ANAIS-112 experiment J. Amar, S. Cebrin, D. Cintas, I. Coarasa, E. Garca, M. Martnez, M.A. Olivn, Y. Ortigoza, A. Ortiz de Solrzano, J. Puimedn, A. Salinas, M.L. Sarsa , P . Villar

653 views • 40 slides
Machine Learning & Data confidentiality Melek nen Joint work with Alberto Ibarrondo, Beyza

Machine Learning & Data confidentiality Melek nen Joint work with Alberto Ibarrondo, Beyza

Machine Learning & Data confidentiality Melek nen Joint work with Alberto Ibarrondo, Beyza Bozdemir, Mohamad Mansouri, Gamze Tillem, Orhan Ermis Machine Learning as a Service Client Server Performance No need for ML knowledge Cost

748 views • 20 slides
From random Poincar e maps to stochastic mixed-mode-oscillation patterns Nils Berglund MAPMO,

From random Poincar e maps to stochastic mixed-mode-oscillation patterns Nils Berglund MAPMO,

From random Poincar e maps to stochastic mixed-mode-oscillation patterns Nils Berglund MAPMO, Universit e dOrl eans CNRS, UMR 7349 & F ed eration Denis Poisson www.univ-orleans.fr/mapmo/membres/berglund

746 views • 46 slides
Citizen Participation: Requirements and Best Practices for CDBG-MIT 1 2019 CDBG-MIT PROGRAM

Citizen Participation: Requirements and Best Practices for CDBG-MIT 1 2019 CDBG-MIT PROGRAM

Citizen Participation: Requirements and Best Practices for CDBG-MIT 1 2019 CDBG-MIT PROGRAM Presenters From HUD: Jen Carpenter, Assistant Director of Policy, DRSI Mikayla Catani, CPD Specialist, DRSI From Enterprise Community

743 views • 49 slides
CSCI 420: Computer Graphics Fall 2018 Hao Li http://cs420.hao-li.com 1 http://hao.li/ Vision

CSCI 420: Computer Graphics Fall 2018 Hao Li http://cs420.hao-li.com 1 http://hao.li/ Vision

CSCI 420: Computer Graphics Fall 2018 Hao Li http://cs420.hao-li.com 1 http://hao.li/ Vision & Graphics [Lab] 2 About Me Industrial Light & Magic Weta Digital USC Graphics http://gfx.usc.edu 6 Science, Engineering, & Art

1.19k views • 83 slides
2.1 Explicit & Implicit Surfaces Hao Li http://cs621.hao-li.com 1 Administrative

2.1 Explicit & Implicit Surfaces Hao Li http://cs621.hao-li.com 1 Administrative

Spring 2019 CSCI 621: Digital Geometry Processing 2.1 Explicit & Implicit Surfaces Hao Li http://cs621.hao-li.com 1 Administrative Exercise 1 discussion: Next Time! Hao Li (Instructor) Office Hour: Tue 12:30 PM - 1:30 PM, SAL

818 views • 68 slides
Integrated Development Laura Ghiron , MPH ExpandNet Secretariat and the Evidence to Action

Integrated Development Laura Ghiron , MPH ExpandNet Secretariat and the Evidence to Action

A Three-Stage Approach to Scaling Integrated Development Laura Ghiron , MPH ExpandNet Secretariat and the Evidence to Action Project ExpandNet Definition of Scaling Up Deliberate efforts to increase the impact of innovations successfully

359 views • 15 slides

More recommend