towards supercloud computing
play

Towards Supercloud Computing: User-Centric Security Management for - PowerPoint PPT Presentation

Apr 19, 2023 •2.36k likes •2.73k views

Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds Marc Lacoste Orange Labs SEC2 ComPAS15 Workshop on Cloud Security Lille, June 30, 2015 Cloud Security Today Security = key concern in cloud adoption for the

  1. Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds Marc Lacoste Orange Labs SEC2 ComPAS’15 Workshop on Cloud Security Lille, June 30, 2015

  2. Cloud Security Today Security = key concern in cloud adoption for the enterprise market  Threats are on the rise Source: Cloud Security Alliance, 2013.  Attacks are costly Source: Ponemon, 2013.  Awareness is growing, but is not enough

  3. The Cloud everywhere, increasingly complex …

  4. …and so are security breaches! Classical cloud threats… Secure, Robust SDN NFV Security …  Root causes: commodity hardware,  Challenges: central PoF, trust and cloud isolation technology  Mitigation:  Issues:  Replication, diversity, authentication  Topology validation new threats  Policy consistency, secure SDN toolkits  Availability of management network  Intrusion prevention?  Secure boot ...  Fault tolerance?  I/O partitioning  Performance isolation

  5. Hasn’t someone been forgotten? The User? The Customer?  Are they going to use those infrastructures?  Are they going to pay for them?

  6. Provider-centric clouds prevent interoperability and unified control The Cloud as utility Multi-provider clouds Promise: high availability & security , NOT ACHIEVED energy efficiency, scalability , … Feature-rich services: intrusion NOT DEPLOYED monitoring, elastic load balancing, … INTEROPERABILITY S  Vendor lock-in E  Different SLAs C Provider-centric U cloud UNIFIED CONTROL R deficiencies  Heterogeneous I infrastructure services T  Monolithic infrastructure  Technological choices Y

  7. Outline  Moving to User-Centric Cloud Security  Secure Supercloud Computing  11 Key Enabling Technologies  The H2020 SUPERCLOUD Project  Next Steps

  8. User-centric clouds require a resource distribution layer

  9. Customer Security Expectations

  10. Taking Into Account Security Challenges Infrastructure security: strong, flexible, automated security for compute resources  Vulnerabilities in complex infrastructure, mitigation of cross-layer attacks  Lack of flexibility and control in security management  Automation of security management: in layers, between providers Data management: on-demand, unified experience in protection of data assets  Management of access rights, continuum between provider vs. user control  Blind compute over data stored in multi-clouds  Traceability of information for accountability and privacy Network management: resilient, secure virtual networking  Resilient resource provisioning across heterogeneous clouds  End-to-end inter-cloud network security with different security SLAs

  11. Outline  Moving to User-Centric Cloud Security  Secure Supercloud Computing  11 Key Enabling Technologies  The H2020 SUPERCLOUD Project  Next Steps

  12. Secure Supercloud Computing The Supercloud NORTH INTERFACE provides user-centric self-service security & dependability The Supercloud SOUTH INTERFACE provides provider-centric self-managed security & dependability

  13. Supercloud Computing: Self-Service Security Self-service security relies on: Abstraction & Policies Control Layer  a distributed, flexible resource & control layer spanning compute, data, network  multi-provider security policies

  14. Supercloud Computing: Self-Managed Security Security and Trust Self-managed security relies on: management  bi-dimensional (cross-layer, multi-provider) self-protection for compute and network resources  bi-dimensional trust management

  15. Supercloud Computing: End-to-End Security E2E network E2E VM SLAs security End-to-end security relies on:  E2E security SLAs for VMs & data protection  E2E network security in control and data planes E2E data E2E network security security

  16. Supercloud Computing: Resilience Resilience Resilience relies on:  multi-cloud data availability  resilient networking in data and control plane Resilience Resilience

  17. Outline  Moving to User-Centric Cloud Security  Secure Supercloud Computing  11 Key Enabling Technologies  The H2020 SUPERCLOUD Project  Next Steps

  18. Key Enabling Technologies: Self-Service Security Flexible hypervisor security architectures:  User data isolation + protection against the cloud provider  Modular, secure interface for the hypervisor Blind computation:  Lightweight homomorphic operations over encrypted data  Advanced cryptographic tools for data security Security SLA management:  Security SLA (SSLA) language bridging the gap between layers  SSLA templates and combination functions for easy specification

  19. Key Enabling Technologies: Self-Managed Security Autonomic IaaS security supervision:  Cross-layer security monitoring, even if some layers are compromised  Cross-provider security monitoring, seamless integration Security policies:  Flexible security policy languages and deployment tools  Policy negotiation tools for conflict resolution Network security management:  Finer-grained network control than current specifications  SDN components/APIs for advanced policy monitoring

  20. Key Enabling Technologies: End-to-End Security Cryptographic protection:  Integrity and consistency verification  Processing cryptographically protected data Storage access control:  Transparent cryptographic protection mechanisms  Flexible cloud-based key management Trust management:  Horizontal trust management between different cloud entities  Vertical trust management across cloud system configurations  Abstraction of trust through specification language

  21. Key Enabling Technologies: Resilience SDN Resilience:  Secure, dependable SDN controller for multi-cloud networking  Intra/inter-cloud infrastructure resilient to network failures Data availability:  Integration of disruptive secrecy technology to multi-cloud storage replication  New services based on multi-cloud storage algorithms  Adaptive multi-cloud algorithms with outstanding performance for real workloads

  22. What is VESPA? = Virtual Environments Self-Protecting Architecture An automated security supervision framework for IaaS and multi-DC infrastructures Design principles STRONG SECURITY  Cross-layer security: detect / respond to overall extent of attack.  Open architecture: mitigate new threats, integrate legacy counter-measures. SIMPLE E SECURITY  Automated security supervision: choose in-layer, cross-layer, multi-DC.  Tuneable defense patterns: orchestrate multiple loops for rich defense strategy. CLOUD PROVIDER CUSTOMERS  Anti-malware. APPLICATION ONS  Anti-DDoS. IaaS monitoring SecaaS  End-to-end security. appliances

  23. VESPA System Architecture Resource Security Agent Orchestration Plane Plane Plane Plane DETECTION HO Detection Manager VM Detection Agent DECISION Hypervisor REACTION VO Reaction Manager Reaction Agent Physical HO RESOURCES

  24. VESPA System Architecture Resource Security Agent Orchestration Plane Plane Plane Plane Intra-Layer Self-Protection DETECTION HO Detection Manager VM Detection Agent DECISION Hypervisor REACTION VO Reaction Manager Reaction Agent Physical HO RESOURCES

  25. VESPA System Architecture Resource Security Agent Orchestration Plane Plane Plane Plane Cross-Layer DETECTION Self-Protection HO Detection Manager VM Detection Agent DECISION Hypervisor REACTION VO Reaction Manager Reaction Agent Physical HO RESOURCES

  26. The VESPA Project RESULTS LTS CURRENT T VESPA FUNCTI TION ONALITI ALITIES So far VESPA = core + security plug-ins.  Framework: supervision of single Supporte ted In progres ess cloud and multi-DC security. Anti-virus Integration with Heat + Horizon Available in open source . Hypervisor control Network zones  Different applications demonstrating Firewall vSwitch management (SDN) viability of self-defending cloud concept. Log analysis  Research results :  Framework [ICAC’12 ] . .  Extensions:  Network management (SDN approach).  Mobile cloud SLAs: Orange MC2 [UCC’13].  VMM self-protection: KungFuVisor [EURODW’12], self -stabilization [DSS’14].  Keynotes [SSS’11], panels [IM’11, NOMS’14], tutorials [ICAR’13, MOBILECLOUD’14].  Code available at : https://github.com/Orange-OpenSource/vespa-core

  27. Outline  Moving to User-Centric Cloud Security  Secure Supercloud Computing  11 Key Enabling Technologies  The H2020 SUPERCLOUD Project  Next Steps

  28. The SUPERCLOUD Project 28

  29. The SUPERCLOUD Project: Goals and Expected Results Goal: a security management infrastructure for secure supercloud computing Expected Results: A security management infrastructure:  360 ° autonomic security supervision , horizontally and vertically for superclouds  A user-centric to provider-centric continuum of security services  End-to-end trust management A data management framework:  Advanced cryptographic tools (e.g., access control, secure computation)  A resilience framework for multi-cloud storage infrastructures A multi-cloud network management infrastructure:  Resilient virtual network provisioning across multiple clouds  Sanitized network environment with tunable security guarantees

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SUPERCLOUD: GOING BEYOND FEDERATED CLOUDS Hakim Weatherspoon Robbert van Renesse 1

SUPERCLOUD: GOING BEYOND FEDERATED CLOUDS Hakim Weatherspoon Robbert van Renesse 1

SUPERCLOUD: GOING BEYOND FEDERATED CLOUDS Hakim Weatherspoon Robbert van Renesse 1 CONTROLLING HIGH ASSURANCE CLOUD COMPUTATION Should we migrate critical data to computation . . . or vice versa? E.g. app needs to import or

547 views • 36 slides
Ray Wu Presentation to School of Computing, National University of Singapore Computing Evolution

Ray Wu Presentation to School of Computing, National University of Singapore Computing Evolution

Ray Wu Presentation to School of Computing, National University of Singapore Computing Evolution Internet Cloud/Mobile Computing Mainframe Client/Server Computing Everywhere Computing Computing Microsoft Apple TBD Yahoo IBM Google

614 views • 13 slides
Cloud Computing SENY KAMARA MICROSOFT RESEARCH Computing as a Service 2 Computing is a

Cloud Computing SENY KAMARA MICROSOFT RESEARCH Computing as a Service 2 Computing is a

Cloud Security & Cryptography I Cloud Computing SENY KAMARA MICROSOFT RESEARCH Computing as a Service 2 Computing is a vital resource Enterprises, governments, scientists, consumers, Computing is manageable at small

955 views • 51 slides
Bridging The Gap Between Networking And Computing A vision of future end-host computing Noa

Bridging The Gap Between Networking And Computing A vision of future end-host computing Noa

Bridging The Gap Between Networking And Computing A vision of future end-host computing Noa Zilberman Andrew W. Moore April 2015 Can Networking Answer rack-scale Computing Challenges? Scalability Resilience Predictability Computing

345 views • 9 slides
DNA computing and self- -assembly assembly DNA computing and self Jie Gao References: Erik

DNA computing and self- -assembly assembly DNA computing and self Jie Gao References: Erik

DNA computing and self- -assembly assembly DNA computing and self Jie Gao References: Erik Winfree and Ashish Goel Computing Computing Human technology Electronic circuits. Biological systems Biochemical circuits.

1.41k views • 95 slides
15-292 History of Computing Growth of Analog Computing & the Birth of Computing Theory

15-292 History of Computing Growth of Analog Computing & the Birth of Computing Theory

1/27/20 15-292 History of Computing Growth of Analog Computing & the Birth of Computing Theory Analog Computers Instead of computing with numbers, one builds a physical model (an analog) of the system to be investigated Used when

233 views • 21 slides
COMPUTING COMMUNITY CONSORTIUM The mission of the Computing Research Association's Computing

COMPUTING COMMUNITY CONSORTIUM The mission of the Computing Research Association's Computing

COMPUTING COMMUNITY CONSORTIUM The mission of the Computing Research Association's Computing Community Consortium (CCC) is to catalyze the computing research community and enable the pursuit of innovative, high-impact research. Bring the computing

784 views • 30 slides
LHC Computing LHC Computing Nick Brook The LHC & experiments Requirements

LHC Computing LHC Computing Nick Brook The LHC & experiments Requirements

LHC Computing LHC Computing Nick Brook The LHC & experiments Requirements Computing models Experiences so far Interoperability LCG Baseline service group Future requirements Summary 1 st EGEE User forum

821 views • 30 slides
Science One Math March 11, 2019 Applications of Integration Computing areas Computing

Science One Math March 11, 2019 Applications of Integration Computing areas Computing

Science One Math March 11, 2019 Applications of Integration Computing areas Computing changes Computing volumes Computing probabilities Locating centre of mass of a lamina Key ideas slicing, approximating, adding

566 views • 28 slides
Science One Math March 1, 2017 Applications of Integration Computing areas Computing

Science One Math March 1, 2017 Applications of Integration Computing areas Computing

Science One Math March 1, 2017 Applications of Integration Computing areas Computing changes Computing volumes Computing probabilities Locating centre of mass of an object Work done by a non constant force Application of

464 views • 20 slides
Cloud Computing & Cloud Models Cloud Models Topics Defining cloud computing

Cloud Computing & Cloud Models Cloud Models Topics Defining cloud computing

Cloud Computing & Cloud Models Cloud Models Topics Defining cloud computing Understanding: Distributed Application Design Resource Management Automation Virtualized Computing Environments High-performance Computing

1.02k views • 49 slides
Secure Outsourcing Computation Li Xiong Outline Cloud computing Computing on encrypted

Secure Outsourcing Computation Li Xiong Outline Cloud computing Computing on encrypted

CS573 Data Privacy and Security Secure Outsourcing Computation Li Xiong Outline Cloud computing Computing on encrypted data Homomorphic encryption What is Cloud Computing ? Cloud computing Type of computing that relies on sharing

1.29k views • 62 slides
MSc Advanced Computing, MSc Computing (Spec.) Comp. 4th year, ISE 4th year & JMC 4th year 480

MSc Advanced Computing, MSc Computing (Spec.) Comp. 4th year, ISE 4th year & JMC 4th year 480

Imperial College London - Department of Computing MSc Advanced Computing, MSc Computing (Spec.) Comp. 4th year, ISE 4th year & JMC 4th year 480 AUTOMATED REASONING CBC Otter Practice (Assessed) Issued: 30 October 2012 Due: 12 November 2011

202 views • 4 slides
Ubiquitous Computing Gabriela Avram IxDM13 The Trends in Computing Technology 1970s 1990s

Ubiquitous Computing Gabriela Avram IxDM13 The Trends in Computing Technology 1970s 1990s

Ubiquitous Computing Gabriela Avram IxDM13 The Trends in Computing Technology 1970s 1990s Late 1990s Now and Tomorrow ? Pervasive Computing Era Computing Evolution Ubiquitous Computing Mark Weiser, Xerox PARC 1988 Ubiquitous

525 views • 29 slides
GPU Computing and Accelerators: Part V Jens Saak Scientific Computing II 237/348 Open

GPU Computing and Accelerators: Part V Jens Saak Scientific Computing II 237/348 Open

Chapter 4 GPU Computing and Accelerators: Part V Jens Saak Scientific Computing II 237/348 Open Computing Language (OpenCL) Main Message The abstraction for the programming and hardware models are very similar to the CUDA concepts. Mainly

813 views • 32 slides
THE COMPUTING COMMUNITY CONSORTIUM (CCC) COMPUTING COMMUNITY CONSORTIUM The mission of Computing

THE COMPUTING COMMUNITY CONSORTIUM (CCC) COMPUTING COMMUNITY CONSORTIUM The mission of Computing

THE COMPUTING COMMUNITY CONSORTIUM (CCC) COMPUTING COMMUNITY CONSORTIUM The mission of Computing Research Association's Computing Community Consortium (CCC) is to catalyze the computing research community and enable the pursuit of innovative,

317 views • 28 slides
Kerim Y. Oktay, Vaibhav Khadilkar, Bijit Hore, Murat Kantarcioglu, Sharad Mehrotra, Bhavani

Kerim Y. Oktay, Vaibhav Khadilkar, Bijit Hore, Murat Kantarcioglu, Sharad Mehrotra, Bhavani

Kerim Y. Oktay, Vaibhav Khadilkar, Bijit Hore, Murat Kantarcioglu, Sharad Mehrotra, Bhavani Thuraisingham 1 Cloud Computing App Code Server Cloud Email Computing Database Multimedia Like Software as a service and DAS model offers many

797 views • 20 slides
Coastal Community Access to Marine Resources and Conservation in Canada Nathan J. Bennett, PhD

Coastal Community Access to Marine Resources and Conservation in Canada Nathan J. Bennett, PhD

Coastal Community Access to Marine Resources and Conservation in Canada Nathan J. Bennett, PhD Institute for Resources, Environment and Sustainability University of British Columbia Twitter @NathanJBennett Presentation Overview Provide

535 views • 24 slides
January / February 2013 MADALENA : MVN (TSX-V) Corporate Overview Market capitalization

January / February 2013 MADALENA : MVN (TSX-V) Corporate Overview Market capitalization

www.madalena-ventures.com Head Office: MADALENA VENTURES INC. Suite 200, 707 - 7th Avenue SW Calgary, Alberta, Canada T2P 3H6 International Office: MADALENA AUSTRAL SA 1209 Posadas, 5th Floor Buenos Aires, ARG C1011ABE Domestically

488 views • 36 slides
FORWARD-LOOKING INFORMATION ADVISORY Forward-Looking Statements or Information Certain statements

FORWARD-LOOKING INFORMATION ADVISORY Forward-Looking Statements or Information Certain statements

Head Office: MADALENA ENERGY INC. Suite 200, 707 - 7th Avenue SW Calgary, Alberta, Canada T2P 3H6 International Office: Madale na MADALENA ENERGY S.A. 1209 Posadas, 5th Floor inc . e n e r g y Buenos Aires, ARG C1011ABE

556 views • 24 slides
Lessons Learned Automating Cloud and Infrastructure Testing

Lessons Learned Automating Cloud and Infrastructure Testing

T23 DevOps & The Cloud 2019-05-02 15:00 Lessons Learned Automating Cloud and Infrastructure Testing Presented by:

729 views • 40 slides
Investor Presentation September 9, 2020 Disclaimer Forward rd-Loo Looking State temen ments

Investor Presentation September 9, 2020 Disclaimer Forward rd-Loo Looking State temen ments

Investor Presentation September 9, 2020 Disclaimer Forward rd-Loo Looking State temen ments ts This presentation may contain forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995 that

686 views • 41 slides
For personal use only 2015 Annual General Meeting Perth Greg Cochran Managing Director ASX:

For personal use only 2015 Annual General Meeting Perth Greg Cochran Managing Director ASX:

Deep Yellow Limited For personal use only 2015 Annual General Meeting Perth Greg Cochran Managing Director ASX: DYL www.deepyellow.com.au Disclaimer This document has been prepared by Deep Yellow Limited (Deep Yellow, DYL or the

659 views • 26 slides
Letshego Holdings Limited Group Interim Results 2020 Andrew Fening Okai Group Chief Executive

Letshego Holdings Limited Group Interim Results 2020 Andrew Fening Okai Group Chief Executive

Letshego Holdings Limited Group Interim Results 2020 Andrew Fening Okai Group Chief Executive Tuesday, 1 September 2020 AGENDA H A L F Y E A R R E V I E W 2 0 2 0 Plan 6 Update Financial Highlights DAS and MSE Operating

997 views • 43 slides

More recommend