towards supercloud computing
play

Towards Supercloud Computing: User-Centric Security Management for - PowerPoint PPT Presentation

Apr 19, 2023 •2.36k likes •2.73k views

Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds Marc Lacoste Orange Labs SEC2 ComPAS15 Workshop on Cloud Security Lille, June 30, 2015 Cloud Security Today Security = key concern in cloud adoption for the

  1. Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds Marc Lacoste Orange Labs SEC2 ComPAS’15 Workshop on Cloud Security Lille, June 30, 2015

  2. Cloud Security Today Security = key concern in cloud adoption for the enterprise market  Threats are on the rise Source: Cloud Security Alliance, 2013.  Attacks are costly Source: Ponemon, 2013.  Awareness is growing, but is not enough

  3. The Cloud everywhere, increasingly complex …

  4. …and so are security breaches! Classical cloud threats… Secure, Robust SDN NFV Security …  Root causes: commodity hardware,  Challenges: central PoF, trust and cloud isolation technology  Mitigation:  Issues:  Replication, diversity, authentication  Topology validation new threats  Policy consistency, secure SDN toolkits  Availability of management network  Intrusion prevention?  Secure boot ...  Fault tolerance?  I/O partitioning  Performance isolation

  5. Hasn’t someone been forgotten? The User? The Customer?  Are they going to use those infrastructures?  Are they going to pay for them?

  6. Provider-centric clouds prevent interoperability and unified control The Cloud as utility Multi-provider clouds Promise: high availability & security , NOT ACHIEVED energy efficiency, scalability , … Feature-rich services: intrusion NOT DEPLOYED monitoring, elastic load balancing, … INTEROPERABILITY S  Vendor lock-in E  Different SLAs C Provider-centric U cloud UNIFIED CONTROL R deficiencies  Heterogeneous I infrastructure services T  Monolithic infrastructure  Technological choices Y

  7. Outline  Moving to User-Centric Cloud Security  Secure Supercloud Computing  11 Key Enabling Technologies  The H2020 SUPERCLOUD Project  Next Steps

  8. User-centric clouds require a resource distribution layer

  9. Customer Security Expectations

  10. Taking Into Account Security Challenges Infrastructure security: strong, flexible, automated security for compute resources  Vulnerabilities in complex infrastructure, mitigation of cross-layer attacks  Lack of flexibility and control in security management  Automation of security management: in layers, between providers Data management: on-demand, unified experience in protection of data assets  Management of access rights, continuum between provider vs. user control  Blind compute over data stored in multi-clouds  Traceability of information for accountability and privacy Network management: resilient, secure virtual networking  Resilient resource provisioning across heterogeneous clouds  End-to-end inter-cloud network security with different security SLAs

  11. Outline  Moving to User-Centric Cloud Security  Secure Supercloud Computing  11 Key Enabling Technologies  The H2020 SUPERCLOUD Project  Next Steps

  12. Secure Supercloud Computing The Supercloud NORTH INTERFACE provides user-centric self-service security & dependability The Supercloud SOUTH INTERFACE provides provider-centric self-managed security & dependability

  13. Supercloud Computing: Self-Service Security Self-service security relies on: Abstraction & Policies Control Layer  a distributed, flexible resource & control layer spanning compute, data, network  multi-provider security policies

  14. Supercloud Computing: Self-Managed Security Security and Trust Self-managed security relies on: management  bi-dimensional (cross-layer, multi-provider) self-protection for compute and network resources  bi-dimensional trust management

  15. Supercloud Computing: End-to-End Security E2E network E2E VM SLAs security End-to-end security relies on:  E2E security SLAs for VMs & data protection  E2E network security in control and data planes E2E data E2E network security security

  16. Supercloud Computing: Resilience Resilience Resilience relies on:  multi-cloud data availability  resilient networking in data and control plane Resilience Resilience

  17. Outline  Moving to User-Centric Cloud Security  Secure Supercloud Computing  11 Key Enabling Technologies  The H2020 SUPERCLOUD Project  Next Steps

  18. Key Enabling Technologies: Self-Service Security Flexible hypervisor security architectures:  User data isolation + protection against the cloud provider  Modular, secure interface for the hypervisor Blind computation:  Lightweight homomorphic operations over encrypted data  Advanced cryptographic tools for data security Security SLA management:  Security SLA (SSLA) language bridging the gap between layers  SSLA templates and combination functions for easy specification

  19. Key Enabling Technologies: Self-Managed Security Autonomic IaaS security supervision:  Cross-layer security monitoring, even if some layers are compromised  Cross-provider security monitoring, seamless integration Security policies:  Flexible security policy languages and deployment tools  Policy negotiation tools for conflict resolution Network security management:  Finer-grained network control than current specifications  SDN components/APIs for advanced policy monitoring

  20. Key Enabling Technologies: End-to-End Security Cryptographic protection:  Integrity and consistency verification  Processing cryptographically protected data Storage access control:  Transparent cryptographic protection mechanisms  Flexible cloud-based key management Trust management:  Horizontal trust management between different cloud entities  Vertical trust management across cloud system configurations  Abstraction of trust through specification language

  21. Key Enabling Technologies: Resilience SDN Resilience:  Secure, dependable SDN controller for multi-cloud networking  Intra/inter-cloud infrastructure resilient to network failures Data availability:  Integration of disruptive secrecy technology to multi-cloud storage replication  New services based on multi-cloud storage algorithms  Adaptive multi-cloud algorithms with outstanding performance for real workloads

  22. What is VESPA? = Virtual Environments Self-Protecting Architecture An automated security supervision framework for IaaS and multi-DC infrastructures Design principles STRONG SECURITY  Cross-layer security: detect / respond to overall extent of attack.  Open architecture: mitigate new threats, integrate legacy counter-measures. SIMPLE E SECURITY  Automated security supervision: choose in-layer, cross-layer, multi-DC.  Tuneable defense patterns: orchestrate multiple loops for rich defense strategy. CLOUD PROVIDER CUSTOMERS  Anti-malware. APPLICATION ONS  Anti-DDoS. IaaS monitoring SecaaS  End-to-end security. appliances

  23. VESPA System Architecture Resource Security Agent Orchestration Plane Plane Plane Plane DETECTION HO Detection Manager VM Detection Agent DECISION Hypervisor REACTION VO Reaction Manager Reaction Agent Physical HO RESOURCES

  24. VESPA System Architecture Resource Security Agent Orchestration Plane Plane Plane Plane Intra-Layer Self-Protection DETECTION HO Detection Manager VM Detection Agent DECISION Hypervisor REACTION VO Reaction Manager Reaction Agent Physical HO RESOURCES

  25. VESPA System Architecture Resource Security Agent Orchestration Plane Plane Plane Plane Cross-Layer DETECTION Self-Protection HO Detection Manager VM Detection Agent DECISION Hypervisor REACTION VO Reaction Manager Reaction Agent Physical HO RESOURCES

  26. The VESPA Project RESULTS LTS CURRENT T VESPA FUNCTI TION ONALITI ALITIES So far VESPA = core + security plug-ins.  Framework: supervision of single Supporte ted In progres ess cloud and multi-DC security. Anti-virus Integration with Heat + Horizon Available in open source . Hypervisor control Network zones  Different applications demonstrating Firewall vSwitch management (SDN) viability of self-defending cloud concept. Log analysis  Research results :  Framework [ICAC’12 ] . .  Extensions:  Network management (SDN approach).  Mobile cloud SLAs: Orange MC2 [UCC’13].  VMM self-protection: KungFuVisor [EURODW’12], self -stabilization [DSS’14].  Keynotes [SSS’11], panels [IM’11, NOMS’14], tutorials [ICAR’13, MOBILECLOUD’14].  Code available at : https://github.com/Orange-OpenSource/vespa-core

  27. Outline  Moving to User-Centric Cloud Security  Secure Supercloud Computing  11 Key Enabling Technologies  The H2020 SUPERCLOUD Project  Next Steps

  28. The SUPERCLOUD Project 28

  29. The SUPERCLOUD Project: Goals and Expected Results Goal: a security management infrastructure for secure supercloud computing Expected Results: A security management infrastructure:  360 ° autonomic security supervision , horizontally and vertically for superclouds  A user-centric to provider-centric continuum of security services  End-to-end trust management A data management framework:  Advanced cryptographic tools (e.g., access control, secure computation)  A resilience framework for multi-cloud storage infrastructures A multi-cloud network management infrastructure:  Resilient virtual network provisioning across multiple clouds  Sanitized network environment with tunable security guarantees

Recommend

SUPERCLOUD: GOING BEYOND FEDERATED CLOUDS Hakim Weatherspoon Robbert van Renesse 1

SUPERCLOUD: GOING BEYOND FEDERATED CLOUDS Hakim Weatherspoon Robbert van Renesse 1

SUPERCLOUD: GOING BEYOND FEDERATED CLOUDS Hakim Weatherspoon Robbert van Renesse 1 CONTROLLING HIGH ASSURANCE CLOUD COMPUTATION Should we migrate critical data to computation . . . or vice versa? E.g. app needs to import or

547 views • 36 slides
Ray Wu Presentation to School of Computing, National University of Singapore Computing Evolution

Ray Wu Presentation to School of Computing, National University of Singapore Computing Evolution

Ray Wu Presentation to School of Computing, National University of Singapore Computing Evolution Internet Cloud/Mobile Computing Mainframe Client/Server Computing Everywhere Computing Computing Microsoft Apple TBD Yahoo IBM Google

614 views • 13 slides
Cloud Computing SENY KAMARA MICROSOFT RESEARCH Computing as a Service 2 Computing is a

Cloud Computing SENY KAMARA MICROSOFT RESEARCH Computing as a Service 2 Computing is a

Cloud Security & Cryptography I Cloud Computing SENY KAMARA MICROSOFT RESEARCH Computing as a Service 2 Computing is a vital resource Enterprises, governments, scientists, consumers, Computing is manageable at small

955 views • 51 slides
Bridging The Gap Between Networking And Computing A vision of future end-host computing Noa

Bridging The Gap Between Networking And Computing A vision of future end-host computing Noa

Bridging The Gap Between Networking And Computing A vision of future end-host computing Noa Zilberman Andrew W. Moore April 2015 Can Networking Answer rack-scale Computing Challenges? Scalability Resilience Predictability Computing

345 views • 9 slides
DNA computing and self- -assembly assembly DNA computing and self Jie Gao References: Erik

DNA computing and self- -assembly assembly DNA computing and self Jie Gao References: Erik

DNA computing and self- -assembly assembly DNA computing and self Jie Gao References: Erik Winfree and Ashish Goel Computing Computing Human technology Electronic circuits. Biological systems Biochemical circuits.

1.41k views • 95 slides
15-292 History of Computing Growth of Analog Computing & the Birth of Computing Theory

15-292 History of Computing Growth of Analog Computing & the Birth of Computing Theory

1/27/20 15-292 History of Computing Growth of Analog Computing & the Birth of Computing Theory Analog Computers Instead of computing with numbers, one builds a physical model (an analog) of the system to be investigated Used when

233 views • 21 slides
COMPUTING COMMUNITY CONSORTIUM The mission of the Computing Research Association's Computing

COMPUTING COMMUNITY CONSORTIUM The mission of the Computing Research Association's Computing

COMPUTING COMMUNITY CONSORTIUM The mission of the Computing Research Association's Computing Community Consortium (CCC) is to catalyze the computing research community and enable the pursuit of innovative, high-impact research. Bring the computing

784 views • 30 slides
LHC Computing LHC Computing Nick Brook The LHC & experiments Requirements

LHC Computing LHC Computing Nick Brook The LHC & experiments Requirements

LHC Computing LHC Computing Nick Brook The LHC & experiments Requirements Computing models Experiences so far Interoperability LCG Baseline service group Future requirements Summary 1 st EGEE User forum

821 views • 30 slides
Science One Math March 11, 2019 Applications of Integration Computing areas Computing

Science One Math March 11, 2019 Applications of Integration Computing areas Computing

Science One Math March 11, 2019 Applications of Integration Computing areas Computing changes Computing volumes Computing probabilities Locating centre of mass of a lamina Key ideas slicing, approximating, adding

566 views • 28 slides
Science One Math March 1, 2017 Applications of Integration Computing areas Computing

Science One Math March 1, 2017 Applications of Integration Computing areas Computing

Science One Math March 1, 2017 Applications of Integration Computing areas Computing changes Computing volumes Computing probabilities Locating centre of mass of an object Work done by a non constant force Application of

464 views • 20 slides
Cloud Computing & Cloud Models Cloud Models Topics Defining cloud computing

Cloud Computing & Cloud Models Cloud Models Topics Defining cloud computing

Cloud Computing & Cloud Models Cloud Models Topics Defining cloud computing Understanding: Distributed Application Design Resource Management Automation Virtualized Computing Environments High-performance Computing

1.02k views • 49 slides
Secure Outsourcing Computation Li Xiong Outline Cloud computing Computing on encrypted

Secure Outsourcing Computation Li Xiong Outline Cloud computing Computing on encrypted

CS573 Data Privacy and Security Secure Outsourcing Computation Li Xiong Outline Cloud computing Computing on encrypted data Homomorphic encryption What is Cloud Computing ? Cloud computing Type of computing that relies on sharing

1.29k views • 62 slides
MSc Advanced Computing, MSc Computing (Spec.) Comp. 4th year, ISE 4th year & JMC 4th year 480

MSc Advanced Computing, MSc Computing (Spec.) Comp. 4th year, ISE 4th year & JMC 4th year 480

Imperial College London - Department of Computing MSc Advanced Computing, MSc Computing (Spec.) Comp. 4th year, ISE 4th year & JMC 4th year 480 AUTOMATED REASONING CBC Otter Practice (Assessed) Issued: 30 October 2012 Due: 12 November 2011

202 views • 4 slides
Ubiquitous Computing Gabriela Avram IxDM13 The Trends in Computing Technology 1970s 1990s

Ubiquitous Computing Gabriela Avram IxDM13 The Trends in Computing Technology 1970s 1990s

Ubiquitous Computing Gabriela Avram IxDM13 The Trends in Computing Technology 1970s 1990s Late 1990s Now and Tomorrow ? Pervasive Computing Era Computing Evolution Ubiquitous Computing Mark Weiser, Xerox PARC 1988 Ubiquitous

525 views • 29 slides
GPU Computing and Accelerators: Part V Jens Saak Scientific Computing II 237/348 Open

GPU Computing and Accelerators: Part V Jens Saak Scientific Computing II 237/348 Open

Chapter 4 GPU Computing and Accelerators: Part V Jens Saak Scientific Computing II 237/348 Open Computing Language (OpenCL) Main Message The abstraction for the programming and hardware models are very similar to the CUDA concepts. Mainly

813 views • 32 slides
THE COMPUTING COMMUNITY CONSORTIUM (CCC) COMPUTING COMMUNITY CONSORTIUM The mission of Computing

THE COMPUTING COMMUNITY CONSORTIUM (CCC) COMPUTING COMMUNITY CONSORTIUM The mission of Computing

THE COMPUTING COMMUNITY CONSORTIUM (CCC) COMPUTING COMMUNITY CONSORTIUM The mission of Computing Research Association's Computing Community Consortium (CCC) is to catalyze the computing research community and enable the pursuit of innovative,

317 views • 28 slides
Table of Contents Why DNA Computing? The Structure of DNA DNA Computing Operations on

Table of Contents Why DNA Computing? The Structure of DNA DNA Computing Operations on

Table of Contents Why DNA Computing? The Structure of DNA DNA Computing Operations on DNA Molecules Reading DNA Example of a Molecular Computer Information Processing with DNA Molecules Christian Jacob Why DNA Computing?

400 views • 7 slides
Table of Contents Why DNA Computing? The Structure of DNA DNA Computing Operations on DNA

Table of Contents Why DNA Computing? The Structure of DNA DNA Computing Operations on DNA

Table of Contents Why DNA Computing? The Structure of DNA DNA Computing Operations on DNA Molecules Reading DNA Example of a Molecular Computer Information Processing with DNA Molecules Christian Jacob Why DNA Computing?

223 views • 9 slides
Neural Computing for Scientific Computing Applications: More than Just Machine Learning

Neural Computing for Scientific Computing Applications: More than Just Machine Learning

Photos placed in horizontal position with even amount of white space between photos and header Neural Computing for Scientific Computing Applications: More than Just Machine Learning Neuromorphic Computing Workshop, Knoxville TN, 7/17/17 Brad

410 views • 22 slides
The MNM-CloudLab -- Ideas, Concepts & Implemenation 17.7. 22.7. 2011 Nils gentschen Felde

The MNM-CloudLab -- Ideas, Concepts & Implemenation 17.7. 22.7. 2011 Nils gentschen Felde

DEUTSCH-FRANZSISCHE SOMMERUNIVERSITT UNIVERSIT DT FRANCO-ALLEMANDE FR NACHWUCHSWISSENSCHAFTLER 2011 POUR JEUNES CHERCHEURS 2011 CLOUD COMPUTING : CLOUD COMPUTING : CLOUD COMPUTING : CLOUD COMPUTING : DFIS ET OPPORTUNITS

965 views • 50 slides
Cloud Computing Tom Hendrickx RESEARCH QUESTION Define Cloud Computing in context of the higher

Cloud Computing Tom Hendrickx RESEARCH QUESTION Define Cloud Computing in context of the higher

Cloud Computing Tom Hendrickx RESEARCH QUESTION Define Cloud Computing in context of the higher education and research community in general and of an NREN in specific. CLOUD COMPUTING SaaS PaaS STaaS IaaS Utility GRID computing

458 views • 9 slides
CMS Computing Using the Worldwide LHC Computing Grids Lothar A. T. Bauerdick/Fermilab Talk at

CMS Computing Using the Worldwide LHC Computing Grids Lothar A. T. Bauerdick/Fermilab Talk at

CMS CMS CMS Computing Using the Worldwide LHC Computing Grids Lothar A. T. Bauerdick/Fermilab Talk at the International Symposium for Grid Computing 2006 Academia Sinica, Taipei, May 2006 LATBauerdick Fermilab ISGC 2006 CMS Computing

683 views • 22 slides
CEPH FileSystem Course: Computing Clusters, Computing Grids, Computing Clouds Presenter: An Pham

CEPH FileSystem Course: Computing Clusters, Computing Grids, Computing Clouds Presenter: An Pham

CEPH FileSystem Course: Computing Clusters, Computing Grids, Computing Clouds Presenter: An Pham (ptan1991@gmail.com) Professor: Andrey Y Shevel ITMO University, St. Petersburg, Russia June 2018. 1 An Pham - ITMO - Summer 2018 Outlines 1.

408 views • 17 slides
Computing Sparse Hessians with AD Andrea Walther Institute of Scientific Computing TU Dresden

Computing Sparse Hessians with AD Andrea Walther Institute of Scientific Computing TU Dresden

Computing Sparse Hessians with AD Andrea Walther Institute of Scientific Computing TU Dresden Hatfield, May 21, 2007 Overview Motivation 1 Computing Sparsity Patterns 2 Evaluating Hessian-matrix Products 3 Numerical Results 4

667 views • 35 slides

More recommend