utsa
play

UTSA Secure Information and Resource Sharing in Cloud - PowerPoint PPT Presentation

Dec 11, 2022 •267 likes •704 views

UTSA Secure Information and Resource Sharing in Cloud Infrastructure as a Service Cyber Incident Response Models for Information and Resource Sharing Amy(Yun) Zhang, Ravi Sandhu Institute for Cyber Security University of Texas at San

  1. UTSA Secure Information and Resource Sharing in Cloud Infrastructure as a Service Cyber Incident Response 
 Models for Information and Resource Sharing Amy(Yun) Zhang, Ravi Sandhu Institute for Cyber Security University of Texas at San Antonio San Antonio, TX 78249 Mar 25, 2016 Presented by: Amy(Yun) Zhang

  2. UTSA Information and Resource Sharing • Information sharing – exchanges of data between a sender and receiver – one-to-one, one-to-many, many-to-one, many-to- many • Resource sharing – a computer resource made available from one host to other hosts on a computer network – computer programs, data, storage devices, and printers. • shared file access • shared printer access Ref: https://en.wikipedia.org/wiki/ 2

  3. UTSA Cloud Computing • Concept – a kind of Internet-based computing that provides shared processing resources and data to computers and other devices on demand. • Service models – Infrastructure as a service (IaaS) • computers(physical or virtual machines) and other resources. • AWS, Microsoft Azure, OpenStack. – Platform as a service (PaaS) • a development environment to application developers. • Salesforce, Microsoft Azure. – Software as a service (SaaS) • users gain access to application software and databases. • Google, Dropbox. Ref: https://en.wikipedia.org/wiki/Cloud_computing 3

  4. UTSA Cyber Collaboration Initiatives • Cyber attacks are becoming increasingly sophisticated. – Hard to defend by a single organization on its own. • Collaborate to enhance situational awareness – Share cyber information • M alicious activities • Technologies, tools, procedures, analytics. Ref: www.huffingtonpost.co.uk/2013/04/23/uk-government- faces-1000-cyber-attacks-a-day_n_3138164.html 4

  5. UTSA Scope • Focus on technical challenges • Sharing amongst a set of organizations – Information, infrastructure, tools, analytics, etc. – May want to share malicious or infected code/ systems (e.g. virus, worms, etc.) – Sensitive – Often ad hoc • What are the effective ways to facilitate sharing in such circumstances? – Information sharing models – Infrastructure, technologies, platforms 5

  6. UTSA Traditional Cyber Collaboration • Traditional collaboration – Subscription services – Limitations • Organizations Sharing information through subscription. • Organizations are not actively participating in analyzing and processing the cyber information they submit. • Organizations don't directly interact with each other on sharing activities. 6

  7. UTSA Cloud IaaS Advantages for 
 Cyber Incident Sharing • Virtualized resources – Theoretically, one can take a snapshot and mobilize • Operational efficiency – Light-weight and agile – Rapid deployment and configuration – Dynamic scaling – Self-service 7

  8. UTSA Cloud IaaS Challenges for 
 Cyber Incident Sharing • IaaS clouds lack secure sharing models – Storage – Compute – Networks • Need ability to snapshot tenant infrastructure, share, and control who can access – Share by copy 8

  9. UTSA Sharing Model in Cloud IaaS Add/Remove Data Add/Remove View #1: Org C Data Secure View #1: Org A Participant Isolated View #2: SID Participant C View #2: SID Domain A Join/Leave (SID) Join/Leave Users Users Add/Remove Join/Leave Data Users Participant B Can create multiple View #1: Org B secure isolated projects View #2: SID (SIPs) within SID with different controls 9

  10. UTSA Community Cyber Incident Response Governance Incident Response Group Organization Cyber Security External Security Committee Experts Specialists Conditional Shared Membership Information 10

  11. UTSA Cyber Collaboration in Cloud • Cloud platform (community) – Cyber Security Committee. – Organizations routinely collect cyber information. – Cross organization cyber collaborations. 11

  12. UTSA Secure Isolated Domain (SID) Model Secure Isolated Domain (SID) Secure Secure Core Open Isolated Isolated Project Project Project Project (CP) (OP) SIP-1 SIP-n Expert-1 Expert-k Org-1 Org-m Community Experts 12

  13. UTSA SID Service 13

  14. UTSA Overview • Part I: OpenStack • Part II: AWS • Part III: Azure 14

  15. UTSA OpenStack ➢ > 200 companies • OpenStack ➢ ~14000 developers ➢ >130 countries – Dominant open-source cloud IaaS software 15 Ref: http://www.openstack.org

  16. UTSA OpenStack HMT • HMT : Hierarchical Multitenancy – D Cloud Domain 1 Domain n Project 1 Project p Project 1 Project q childProject 1 childProject k child … childProject 1 child … childProject l 16

  17. UTSA OSAC Model with HMT Project Hiearachy: One-to-one relation: One-to-multiple relation: Multiple-to-multiple relation: Role Inheritance: Services (S) Group Domains Ownership (D) ot_service (GO) Project Groups Group Ownership (G) Assignment (PO) Object (GA) Permission Types Project-Role Pair Assignment (OT) User (PRP) (PA) Ownership User (UO) Roles Projects Group PRMS (R) (P) (UG) User Assignment (UA) Operations (OP) token_project Users (U) token_roles user_token Tokens (T) 17

  18. UTSA OSAC-HMT-SID Model Secure Expert User Isolated Domains Ownership Domain (D) (EUO) (SID) Expert SIP Users Project association Open Project Security Project Core Project Ownership (assoc) Ownership Ownership Ownership User (PO) (OPO) (SPO) (CPO) Assignment (UA) SIP Secure Ownership Core Security Open Isolated Projects (SIPO) Project Projects Project Projects (P) (CP) (OP) (SP) (SIP) Project-Role Project-Role Project-Role Project-Role Project-Role Pair Pair Pair Pair Pair (PRP) (PRP) (PRP) (PRP) (PRP) Roles Roles Roles Roles Roles (R) (R) (R) (R) (R) User Ownership (UO) Routine Cyber Cyber Cyber Cyber Information Collaboration Security Security Process Committee Forum User User Assignment Assignment User User (UA) User Self (UA) Assignment Assignment Subscription (UA) (UA) (USS) Users (U) 18

  19. UTSA OSAC-SID Administrative Model • SipCreate(uSet, sip) 
 /* A subset of Core Project/domain admin users together create a sip */ • SipDelete(uSet, sip) 
 /* The same subset of Core Project/domain admin users together delete a sip*/ • UserAdd(adminuser, r, u, sp, p) 
 /* CP/Sip admin can add a user from his home domain Security Project to CP/sip*/ • UserRemove(adminuser, r, u, sp, p) 
 /* CP/Sip admin can remove a user from the Core Project/sip */ • OpenUserSubscribe(u, member, OP) 
 /* Users subscribe to Open Project */ • OpenUserUnsubscribe(u, member, OP) 
 /* Users unsubcsribe from Open Project */ • CopyObject(u, so1, sp, so2, p) 
 /* Copy object from Security Project to Core Project/SIP */ • ExportObject(adminuser, so1, p, so2, sp) 
 /* Export object from Core Project/SIP to Security Project */ • ExpertUserCreate(coreadmin, eu) 
 /* Core Project admin users can create an expert user */ • ExpertUserDelete(coreadmin, eu) 
 /* Core Project admin users can delete an expert user */ • ExpertUserList(adminuser) 
 /* Admin users of Core Project and SIPs can list expert users */ • ExpertUserAdd(adminuser, r, eu, proj) 
 /* Core Project/sip admin can add an expert user to Core Project/sip*/ • ExpertUserRemove(adminuser, r, eu, proj) 
 /* Core Project/sip admin can remove an expert user from Core Project/sip */ 19

  20. UTSA Enforcement • Set up the cloud Community Cloud:Cloud Admin Assign an admin user as Domains:Domain Admin SID:Cloud Admin Assign domain admins as Assign domain admins as Assign users from Security Project: Admin/member Core Project: Admin domains as Assign users from home domain as Assign expert users as Admin user assign users to SP as member Open Project: member Core Project: member 20

  21. UTSA Enforcement SID: Cloud Admin Assign domain admins as Create SIP/child SIP/…, Core Project: Admin assign domain admins as Assign users from home domain as Assign expert users as Core Project: member SIP: Admin Assign users from home domain as Assign expert users as SIP: member child SIP: Admin Assign users from home domain as Assign expert users as child SIP: member child SIP’s … child SIP: Admin Assign users from home domain as Assign expert users as 21 child SIP’s … child SIP: member

  22. UTSA Overview • Part I: OpenStack • Part II: AWS • Part III: Azure 22

  23. UTSA Amazon Web Service (AWS) • Dominant public cloud software – Amazon Web Services ( AWS ), a collection of remote computing services, also called web services, make up a cloud-computing platform offered by Amazon.com. 23 Ref: https://en.wikipedia.org/wiki/Amazon_Web_Services

  24. UTSA AWS Access Control Model • AWS Access Control within a Single Account Groups Virtual (G) Services Permission (S) Assignment Group (VPA) Ownership (GO) user_ OT group Ownership (OTO) Virtual Permission User Assignment Ownership (VPA) Object Accounts (UO) Users Types (A) (U) (OT) Virtual Permission virtual PRMS Assignment Roles user_role (VPA) Ownership (RO) Operations “Roles” (OP) (R) 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

UTSA FY 2018 Budget 101 Presentation Foundational Business Affairs Kathryn Funk-Baxter, Vice

UTSA FY 2018 Budget 101 Presentation Foundational Business Affairs Kathryn Funk-Baxter, Vice

UTSA FY 2018 Budget 101 Presentation Foundational Business Affairs Kathryn Funk-Baxter, Vice President for Business Affairs www.utsa.edu/businessaffairs UTSA Budget Process Current budgeting process overview Overview of Revenue

619 views • 58 slides
UTSA SBDC COVID Business Recovery Accelerator COVID Business Town Hall Preparing For the

UTSA SBDC COVID Business Recovery Accelerator COVID Business Town Hall Preparing For the

UTSA SBDC COVID Business Recovery Accelerator COVID Business Town Hall Preparing For the Paycheck Protection Program Loan Forgiveness https://txsbdc.org/businessrecovery/ businessrecovery@utsa.edu (210) 458-2272 Disclaimer This training is

550 views • 28 slides
Financial Aid Hey, Im Will ill Moo Moody dy Financial Aid Types of UTSA State Federal

Financial Aid Hey, Im Will ill Moo Moody dy Financial Aid Types of UTSA State Federal

FUTURE ROADRUNNERS Financial Aid Hey, Im Will ill Moo Moody dy Financial Aid Types of UTSA State Federal Institutional Aid Aid Aid Grants Scholarships Work Study Loans Deadlines Financial Aid January 15 FA L L T E

217 views • 17 slides
UTSA Preemp+on and the Public Domain: How Courts Have Overlooked Patent Preemp5on of State Law

UTSA Preemp+on and the Public Domain: How Courts Have Overlooked Patent Preemp5on of State Law

UTSA Preemp+on and the Public Domain: How Courts Have Overlooked Patent Preemp5on of State Law Claims Alleging Employee Wrongdoing Elizabeth Tippe? Charles Tait Graves Partner Assistant Professor Wilson Sonsini Goodrich & Rosa5

109 views • 6 slides
Programming Languages Qing Yi Course web site: www.cs.utsa.edu/~qingyi/cs3723 cs3723 1 A

Programming Languages Qing Yi Course web site: www.cs.utsa.edu/~qingyi/cs3723 cs3723 1 A

Programming Languages Qing Yi Course web site: www.cs.utsa.edu/~qingyi/cs3723 cs3723 1 A little about myself Qing Yi Ph.D. Rice University, USA. Assistant Professor, Department of Computer Science Office: SB 4.01.30

498 views • 20 slides
House Appropriations Committee Hearing Dr. Taylor Eighmy President, UTSA February 14, 2019

House Appropriations Committee Hearing Dr. Taylor Eighmy President, UTSA February 14, 2019

House Appropriations Committee Hearing Dr. Taylor Eighmy President, UTSA February 14, 2019 UTSAs Legislative Priorities FORMULA COLLEGE OF TRIP CORE NRUF FUNDING BUSINESS RESEARCH Restore and Increase the EXPANSION FUND

271 views • 24 slides
ARM Platform NAIWEI LIU, WANYU ZANG, MENG YU, RAVI SANDHU UTSA ICS LAB; ROOSEVELT UNIVERSITY

ARM Platform NAIWEI LIU, WANYU ZANG, MENG YU, RAVI SANDHU UTSA ICS LAB; ROOSEVELT UNIVERSITY

On the Cost-Effectiveness of TrustZone Defense on ARM Platform NAIWEI LIU, WANYU ZANG, MENG YU, RAVI SANDHU UTSA ICS LAB; ROOSEVELT UNIVERSITY Contents Abstract and Introduction Related Work Cache-Based Security Threats and Attack

618 views • 25 slides
Senate Finance Committee Hearing Dr. Taylor Eighmy President, UTSA February 13, 2019

Senate Finance Committee Hearing Dr. Taylor Eighmy President, UTSA February 13, 2019

Senate Finance Committee Hearing Dr. Taylor Eighmy President, UTSA February 13, 2019 UTSAs Legislative Priorities FORMULA COLLEGE OF TRIP CORE NRUF FUNDING BUSINESS RESEARCH Restore and Increase the EXPANSION FUND maintain

574 views • 24 slides
Turgay Korkmaz Office: NPB 3.330 Phone: (210) 458-7346 Fax: (210) 458-4437 e-mail:

Turgay Korkmaz Office: NPB 3.330 Phone: (210) 458-7346 Fax: (210) 458-4437 e-mail:

CS 1063 Introduction to Computer Programming I Ch 0 Overview - Problem solving Turgay Korkmaz Office: NPB 3.330 Phone: (210) 458-7346 Fax: (210) 458-4437 e-mail: korkmaz@cs.utsa.edu web: www.cs.utsa.edu/~korkmaz 1 What is the goal of a

399 views • 28 slides
Turgay Korkmaz Office: SB 4.01.13 Phone: (210) 458-7346 Fax: (210) 458-4437 e-mail:

Turgay Korkmaz Office: SB 4.01.13 Phone: (210) 458-7346 Fax: (210) 458-4437 e-mail:

CS 1713 Introduction to Computer Programming II Ch 0 Overview - Problem solving Turgay Korkmaz Office: SB 4.01.13 Phone: (210) 458-7346 Fax: (210) 458-4437 e-mail: korkmaz@cs.utsa.edu web: www.cs.utsa.edu/~korkmaz 1 What is the goal of

286 views • 28 slides
UTSA Computer Science Transfer credits MS Degree Program Program options Courses &

UTSA Computer Science Transfer credits MS Degree Program Program options Courses &

Outline General information Admission conditions UTSA Computer Science Transfer credits MS Degree Program Program options Courses & Comprehensive exam Academic Status Financial Aids Weining Zhang Ph. D. program

820 views • 6 slides
Compiler Writing Qing Yi class web site: www.cs.utsa.edu/ ~qingyi/cs4713 cs4713 1 A little

Compiler Writing Qing Yi class web site: www.cs.utsa.edu/ ~qingyi/cs4713 cs4713 1 A little

Compiler Writing Qing Yi class web site: www.cs.utsa.edu/ ~qingyi/cs4713 cs4713 1 A little about myself Qing Yi Ph.D. Rice University, USA. Assistant Professor, Department of Computer Science Office: SB 4.01.30 Phone :

632 views • 26 slides
UTSA Computer Science MS Degree Program Weining Zhang Outline General information

UTSA Computer Science MS Degree Program Weining Zhang Outline General information

UTSA Computer Science MS Degree Program Weining Zhang Outline General information Admission conditions Transfer credits Program options Courses & Comprehensive exam Academic Status Financial Aids Ph. D. program

504 views • 22 slides
Programming Languages and Compilers Qing Yi class web site: www.cs.utsa.edu/~qingyi/cs5363

Programming Languages and Compilers Qing Yi class web site: www.cs.utsa.edu/~qingyi/cs5363

Programming Languages and Compilers Qing Yi class web site: www.cs.utsa.edu/~qingyi/cs5363 cs5363 1 A little about myself Qing Yi Ph.D. Rice University, USA. Assistant Professor, Department of Computer Science Office: SB

452 views • 19 slides
Advanced Compiler Construction Qing Yi class web site: www.cs.utsa.edu/~qingyi/cs6363 cs6363

Advanced Compiler Construction Qing Yi class web site: www.cs.utsa.edu/~qingyi/cs6363 cs6363

Advanced Compiler Construction Qing Yi class web site: www.cs.utsa.edu/~qingyi/cs6363 cs6363 1 A little about myself Qing Yi Ph.D. Rice University, USA. Assistant Professor, Department of Computer Science Office: SB 4.01.30

925 views • 14 slides
Turgay Korkmaz Office: SB 4.01.13 Phone: (210) 458-7346 Fax: (210) 458-4437 e-mail:

Turgay Korkmaz Office: SB 4.01.13 Phone: (210) 458-7346 Fax: (210) 458-4437 e-mail:

CS 1713 Introduction to Computer Programming II Ch 1 Overview C programming Language Turgay Korkmaz Office: SB 4.01.13 Phone: (210) 458-7346 Fax: (210) 458-4437 e-mail: korkmaz@cs.utsa.edu web: www.cs.utsa.edu/~korkmaz 1 What is C?

2.13k views • 190 slides
On Development of Chinese IP System and How to Protect Enterprises' Technology and Brand by

On Development of Chinese IP System and How to Protect Enterprises' Technology and Brand by

On Development of Chinese IP System and How to Protect Enterprises' Technology and Brand by Using the IP System Jason X. WANG Patent Attorney Trademark Attorney Manager of International Dept. Nov. 2013

516 views • 25 slides
ASX Announcement 28 April 2017 Presentation by David Griffith to Goldman Sachs Small &

ASX Announcement 28 April 2017 Presentation by David Griffith to Goldman Sachs Small &

ASX Announcement 28 April 2017 Presentation by David Griffith to Goldman Sachs Small & Mid-Cap Conference Attached is a presentation to be given this morning by IPHs CEO & Managing Director, David Griffith to the Goldman Sachs Eighth

347 views • 10 slides
The mass-loss return from nearby evolved stars as deduced by Herschel Leen Decin on behalf of

The mass-loss return from nearby evolved stars as deduced by Herschel Leen Decin on behalf of

The mass-loss return from nearby evolved stars as deduced by Herschel Leen Decin on behalf of the MESS GTKP, HIFISTARS GTKP and HIFI Scan team on IRC+10216 I VOOR STERREN K N S U N T I D E T U U T Stellar mass loss: the Sun

866 views • 51 slides
Integrated thick-film hybrid microelectronics applied on different material substrates C. Jacq,

Integrated thick-film hybrid microelectronics applied on different material substrates C. Jacq,

Integrated thick-film hybrid microelectronics applied on different material substrates C. Jacq, T. Maeder, S. Menot-Vionnet, I. Saglini, H. Birol, and P. Ryser EPFL - LPM Lausanne, Switzerland lpmwww.epfl.ch June 14, 2005 EMPS - IMAPS

875 views • 23 slides
ROLE OF CARREER OPPORTUNITIES INTELLECTUAL PROPERTY IP COMPANIES RESEARCH LABS UNIVERSITIES

ROLE OF CARREER OPPORTUNITIES INTELLECTUAL PROPERTY IP COMPANIES RESEARCH LABS UNIVERSITIES

ROLE OF CARREER OPPORTUNITIES INTELLECTUAL PROPERTY IP COMPANIES RESEARCH LABS UNIVERSITIES INDIVIDUALS COLLEGES SCHOOLS Patent examiner Design Careers examiner in govt. Trademark Patent examiner Offices Patent analyst Careers

328 views • 10 slides
Rukumoana Marae What has been completed in the last 12 months since the Deed of Settlement

Rukumoana Marae What has been completed in the last 12 months since the Deed of Settlement

ANNUAL GENERAL MEETING Saturday 13 th September 2014 Rukumoana Marae What has been completed in the last 12 months since the Deed of Settlement Signing? Strategic Objective 1 Kia pono NHIT Office Functions, Personnel in place

160 views • 14 slides
decision or politics? Dr. Severin Fischer, Center for Security Studies (CSS), ETH Zurich

decision or politics? Dr. Severin Fischer, Center for Security Studies (CSS), ETH Zurich

Future gas demand and supply in Europe market decision or politics? Dr. Severin Fischer, Center for Security Studies (CSS), ETH Zurich 29.11.2016 Structure 1. Global framework: COP21 and changing markets 2. The EUs approach: All new

675 views • 20 slides
Organised crime in Southern Africa: Problems and solutions Gail Wannenburg SAIIA War and

Organised crime in Southern Africa: Problems and solutions Gail Wannenburg SAIIA War and

Organised crime in Southern Africa: Problems and solutions Gail Wannenburg SAIIA War and Organised Crime researcher Introduction Is organised crime a threat to national and regional security? Is there a role for the military?

692 views • 14 slides

More recommend