Cloudy with a Chance of Rootkits - Assurance Requirements for e-Infrastructure Services

•Download as PPTX, PDF•

1 like•1,184 views

Martin Hamilton

Technology

Cloudy With a Chance of Rootkits
Martin Hamilton
Loughborough University /
HPC Midlands

Topics
1. What is e-Infrastructure?
2. Barriers to Adoption
3. Opening Pandora’s Box

4. Conclusions

1. What is e-Infrastructure?
—Research community
context:
HPC, SKA, LHC, DLS, NGS
and other TLAs
—Industrial context:
TSB Catapults, BIS/EPSRC
supercomputer
centres, “on ramps” for
SMEs

1. What is e-Infrastructure?
[http://goo.gl/fIpA7R]

1. What is e-Infrastructure?
Case Study - HPC Midlands:
—BIS/EPSRC regional centre
—3,000 core supercomputer
—Expertise from Loughborough
University & University of
Leicester
—Software from leading ISVs
—Flexible usage model for use
by research and industry

1. What is e-Infrastructure?
Not just HPC:
- Bioinformatics
- Diamond Light
Source, SKA etc
- Major capital kit at
Institutions
- But not just kit?
- Open Access Pubs
- Open Data
- Software

2. Barriers to Adoption

Picture credits: CC-BY-NC by Flickr user ladybeames; Peter Strutton, HPC Midlands

2. Barriers to Adoption - Awareness
equipment.data.ac.uk
Kit Catalogue™ – kitcatalogue.com

Key question:
What are the boundaries
of e-Infrastructure?

2. Barriers to Adoption - Training
- Typically supply led
- Inflexible timing
- Prohibitively
expensive for SMEs
- Ad-hoc engagement
with ISVs
- Where is the MOOC?

2. Barriers to Adoption - Assurance
Challenging
preconceptions:
—“Supercomputing is just for
rocket scientists”
—“Academic services are
inherently insecure”
—“Legal would never sign off
on anything like this”
—“It’s just too hard to satisfy
assurance requirements”
Photo credit: CC-BY-NC by Flickr user justin_case

2. Barriers to Adoption - Assurance
Challenging preconceptions:
—Common off-the-shelf packages
have HPC solver capability, e.g.
FLUENT, NASTRAN, MATLAB
—Pen testing / audit tools don’t
care if you are an academic site
—Locking systems down is hard
work – get over it
—FTSE100 firms’ have similar
requirements to research and
education organizations
Photo credit: CC-BY-NC by Flickr user justin_case

3. Opening Pandora’s Box
—Who makes the agreement?
—Dedicated special purpose vehicle, spin-out
company, cost sharing groups, VAT exemption etc

—What does it look like?
—Guaranteed turnaround time?
—Reducing the friction

—Compliance challenges
—ISO 27002, CESG InfoSec, physical security (e.g.
LPS 1175), CIS audit tool, pen testing / auditing

3. Opening Pandora’s Box

Sample security audit tool output from http://benchmarks.cisecurity.org/

3. Opening Pandora’s Box
—Relationship with customer networks
—Firewall traversal, double NAT, outbound access to
service, inbound access to license servers, double
encryption? (VPN + ssh)

—What would root do?
—Remove unnecessary permissions, turn off unused
services, is command line access even necessary?

—Connectivity
—Online access vs. sneakernet, remote visualization
requirement, JANET connectivity + AAA support
through Moonshot

4. Conclusions

Photo credit CC-BY-NC Flickr user brianklug

4. Conclusions
—More disciplined approach to contractual
relations, technical aspects of service provision
—Requirement for certain public sector data, e.g. NHS
patient records

—Similar considerations around regional shared
services as for generic “cloud” providers
—Opportunity to set common expectations around
levels and types of service
—Migration between service providers and marketplace
for e-Infrastructure services

Cloudy With a Chance of Rootkits
Martin Hamilton
@martin_hamilton
m.t.hamilton@lboro.ac.uk

Similar to Cloudy with a Chance of Rootkits - Assurance Requirements for e-Infrastructure Services

Offensive cyber security engineer pragram course agenda

ShivamSharma909

Offensive cyber security engineer

ShivamSharma909

Offensive cyber security engineer updated

InfosecTrain

e-Discovery_2_Cloud_v5

Steve Markey

Cloud bursting methodology

Jonathan Spindel

To cloud or not to cloud

Alejandro De La Borbolla Ruiz

To Cloud or Not To Cloud

Michael Yung

Securing The Clouds with The Standard Best Practices-1.pdf

Chinatu Uzuegbu

SplunkLive! Customer Presentation – UMCP

Splunk

IT is Innovation in Technology

Martin Hamilton

2015 04 bio it world

Chris Dwan

Managing Cloud Security Risks in Your Organization

Charles Lim

By the end of this webinar you should be able to understand Top five skills needed to break into a career in information security analysis Tips and tricks to study for the CS0-001 IDS, Firewalls, etc CompTIA Cybersecurity Analyst (CSA+) is an international, vendor-neutral cybersecurity certification that applies behavioral analytics to improve the overall state of IT security. CSA+ validates critical knowledge and skills that are required to prevent, detect and combat cybersecurity threats.

CompTIA Cybersecurity Analyst Certification Tips and Tricks

Joseph Holbrook, Chief Learning Officer (CLO)

A Strategy for Addressing Cyber Security Challenges

Cybersecurity Education and Research Centre

Thesis Defense MBI

Juan Hernandez

Talk at RELENG 2014 Full paper: http://www.nicta.com.au/pub?doc=7925 The continuous delivery trend is dramatically shortening release cycles from months into hours. Applications with high frequency releases often rely heavily on automated deployment tools using cloud infrastructure APIs. We report some results from experiments on reliability issues of cloud infrastructure and trade-offs between using heavily-baked and lightly-baked images. Our experiments were based on Amazon Web Service (AWS) OpsWorks APIs and configuration management tool Chef. As a result of our experiments, we then propose error handling practices that can be included in tailor-made continuous deployment facilities. More related info at our DevOps book http://www.ssrg.nicta.com.au/projects/devops_book/

Challenges in Practicing High Frequency Releases in Cloud Environments

Liming Zhu

The SOC analyst training program is meticulously designed by the subject matter experts at Infosec Train. The training program offers a deep insight into the SOC operations and workflows. It is an excellent opportunity for aspiring and current SOC analysts (L1/L2/L3) to level up their skills to mitigate business risks by effectively handling and responding to security threats. https://www.infosectrain.com/courses/soc-analyst-expert-training/

Soc analyst course content v3

ShivamSharma909

Soc analyst course content

ShivamSharma909

Future-proofing Supply Chain against emerging Cyber-physical Threats

Steven SIM Kok Leong

A presentation I gave at UCL, while I was managing the UK OGSA Evaluation Project in 2004, while I was on leave from CSIRO, at UCL Computer Science department, working with Wolfgang Emmerich. Paul Brebner, University College London, Computer Science Department Seminar: "Grid Middleware - Principles, Practice, and Potential", 1 November 2004. The project page was still here (2020): http://sse.cs.ucl.ac.uk/UK-OGSA/

Grid Middleware – Principles, Practice and Potential

Paul Brebner

Similar to Cloudy with a Chance of Rootkits - Assurance Requirements for e-Infrastructure Services (20)

Offensive cyber security engineer pragram course agenda

Offensive cyber security engineer

Offensive cyber security engineer updated

e-Discovery_2_Cloud_v5

Cloud bursting methodology

To cloud or not to cloud

To Cloud or Not To Cloud

Securing The Clouds with The Standard Best Practices-1.pdf

SplunkLive! Customer Presentation – UMCP

IT is Innovation in Technology

2015 04 bio it world

Managing Cloud Security Risks in Your Organization

CompTIA Cybersecurity Analyst Certification Tips and Tricks

A Strategy for Addressing Cyber Security Challenges

Thesis Defense MBI

Challenges in Practicing High Frequency Releases in Cloud Environments

Soc analyst course content v3

Soc analyst course content

Future-proofing Supply Chain against emerging Cyber-physical Threats

Grid Middleware – Principles, Practice and Potential

More from Martin Hamilton

Over the last ten years, smartphones and tablets and pervasive Internet connectivity have taken over our lives, and more importantly the lives of our children. In this talk for Loughborough University's 2018 Learning and Teaching conference I reflect on how higher education could respond to this trend. I invite the audience to consider what children who have always had access to the sum total of human knowledge will will expect and need from universities in the future, and how we might best support learners from disadvantaged backgrounds to thrive

Keep taking the tablets? The graduation of the iPad generation

Martin Hamilton

The Intelligent Campus - Where the Internet of Things meets AI - HESCA June 2018

Martin Hamilton

We’ve grown accustomed to being able to call up any information, anywhere, any time - but what happens when our digital landlord forecloses? When that service we entrusted our data to goes to the Startup Graveyard? In this talk for the University of Edinburgh's Near Future Library Symposium I highlight some of the risks to our culture and the scientific record, and what the near future library can do to help

The Digital Book Thief has a Napster Moment - Edinburgh Near Future Library S...

Martin Hamilton

Does it feel like the world has recently become much less certain and predictable? We tend to expect that each day will be like the last, more or less, but incremental change is increasingly feeling like a thing of the past. In this talk for the 2018 Scientia EMEA User Conference I look at how we can read the signals around us to better predict the future, and consider the impact of technologies and trends like blockchain, artificial intelligence and Brexit on further and higher education

Martin Hamilton - The wind from nowhere - Horizon scanning in an uncertain ag...

Martin Hamilton

In this talk for BETT 2018 I take a look at a few of the socio-technical trends that are set to have a big impact on universities and colleges in 2018 from blockchain to Brexit, and data vandalism to UK spaceports. I look at some approaches that institutions can take to help plan for an uncertain future, and consider how the community can mobilise to protect the progressive values that now often seem to be under threat.

From Blockchain to Brexit - edtech trends for 2018 - BETT 2018

Martin Hamilton

Martin Hamilton - Digital skills: You won't believe what happened next!

Martin Hamilton

We are becoming used to living in an interconnected world, with vast amounts of data at our fingertips, but what happens when our preconceptions are challenged? What happens when the things that we take for granted simply don’t work any more? How can librarians rise to the challenge? In this invited talk for CILIP, I reflect on the impact for libraries and librarians of some of the defining narratives of the late Anthropocene era: from climate change and failed states to cheap space travel and artificial intelligence

Martin Hamilton - Librarians in Outer Space - CILIP invited talk

Martin Hamilton

Martin Hamilton - The impact of technology on the higher education sector - L...

Martin Hamilton

In this invited talk for the BCS I look at the state of the art in robots and artificial intelligence, and what this tells us about the near-term future that our children and grandchildren will live in. Will the imminent arrival of AI powered self-driving vehicles mean redundancies for truck and taxi drivers? What will these people do next? I also show how robots and AI are already becoming commonplace, working in places like shops, restaurants and distribution centres

Martin Hamilton - Robots and AI, the calm before the Singularity? - BCS invit...

Martin Hamilton

Artificial intelligence and machine learning are used extensively by Internet services to help us find and classify information. This is how products like Google Photos can "magically" find all your photos of cats or trees - or cats up trees! But there's a new wave of AI called generative adversarial neural networks that's all about using AI to make things. In this invited talk for the British Computer Society (BCS) I reflect on what we could use this technology for and the implications for people and society.

Martin Hamilton - What did your AI make today? - BCS invited talk

Martin Hamilton

Blockchain in research and education - UKSG Webinar - September 2017

Martin Hamilton

What does HPC in the cloud look like in 2017, and how did we get there? In this talk for Red Oak's HPC Seminar, I look at the origins of cloud HPC, and how it has become mainstream through technologies like Amazon Web Services and OpenStack. I also offer a sneak preview of the 2017 UK national e-Infrastructure survey results, and some thoughts about what's next in cloud HPC, from hyperscale providers to the momentum behind container technologies from Docker and the Open Container Initiative.

HPC in the cloud comes of age - Red Oak HPC Seminar

Martin Hamilton

Imagining Mars University - Universities UK 2017 conference

Martin Hamilton

Back to the future - Future Proof IT 2017

Martin Hamilton

Tech in exams - SQA Assessment Expert Group - June 2017

Martin Hamilton

Through the Overton Window - Health Education England horizon scanning worksh...

Martin Hamilton

A new life awaits you in the off world colonies - UCISA Spotlight on Digital ...

Martin Hamilton

Help! My robot is a teacher! - Future Edtech 2017

Martin Hamilton

Towards a UK Edtech Strategy - Edtech Vision 2020

Martin Hamilton

Bridging the digital divide - Digital Skills Summit 2017

Martin Hamilton

More from Martin Hamilton (20)