SlideShare a Scribd company logo

Security cloud computing

Brett Sinclair
Brett Sinclair
TechnologyBusiness
1 of 3
Download to read offline
news Technology | DOI:10.1145/1839676.1839683 Gary Anthes security in the cloud Cloud computing offers many advantages, but also involves security risks. Fortunately, researchers are devising some ingenious solutions. C o M Pu T I Ng May So Me day be organized as a public util- ity, just as the telephone system is a public utility,” Massachusetts Institute of Technology (MIT) computer science pioneer John McCarthy noted in 1961. We aren’t quite there yet, but cloud computing brings us close. Clouds are all the rage today, promising con- venience, elasticity, transparency, and economy. But with the many ben- efits come thorny issues of security and privacy. The history of computing since the 1960s can be viewed as a continuous move toward ever greater specializa- tion and distribution of computing resources. First we had mainframes, and security was fairly simple. Then we added minicomputers and desktop and laptop computers and client-server models, and it got more complicated. cloud computing simplifies security issues for users by outsourcing them to companies such These computing paradigms gave way as microsoft, which recently opened a $550 million data center in chicago. in turn to n-tier and grid computing and to various types of virtualization. rity management in the cloud. A cell, take action accordingly. They might, As hardware infrastructures grew managed as a single administrative for instance, throttle back the CPU, more complicated and fragmented, domain using common security poli- stop all I/O to a virtual machine (VM), so did the distribution of software and cies, contains a bundle of virtual ma- or take a clone of the VM and move it data. There seemed no end to the ways chines, storage volumes, and networks elsewhere for evaluation. Agents could that users could split up their comput- running across multiple physical ma- be deployed by cloud users, cloud ser- ing resources, and no end to the securi- chines. Around the cells HP inserts vice providers, or third parties such as a ty problems that arose as a result. Part various sensors, detectors, and mitiga- virus protection company, Sadler says. of the problem has been one of moving tors that look for viruses, intrusions, But these agents introduce their targets—just as one computing para- and other suspicious behavior. Virtual- own management challenges. There digm seemed solid, a new, more attrac- ization enables these agents to be very might be as many as 30 agents, inter- tive one beckoned. close to the action without being part acting in various ways and with varying In a sense, cloud computing sim- of it or observed by it, according to HP. drains on system resources. HP Labs plifies security issues for users by out- “People often think of virtualization is developing analytic tools that can sourcing them to another party, one as adding to security problems, but it generate playbooks that script system pHotogra pH useD WIt H p erm IssIon f rom m Icrosoft that is presumed to be highly skilled is fundamentally the answer to a lot of behavior. These templates, tailorable at dealing with them. Cloud users those problems,” says Martin Sadler, by users, employ cost/benefit analyses may think they don’t have to worry director of HP’s Systems Security Lab. and reflect what is most important to about the security of their software “You can do all sorts of things you can’t users and what cost they are willing to and data anymore, because they’re in do when these things are physical ma- bear for various types of protection. expert hands. chines.” For example, the sensors can But such complacency is a mistake, watch CPU activity, I/O patterns, and Virtual machine introspection say researchers at Hewlett-Packard memory usage and, based on models IBM Research is pursuing a similar (HP) Laboratories in Bristol, U.K. They of past behavior, recognize suspicious approach called “virtual machine in- are prototyping Cells as a Service, by activity. They can also assess the prob- trospection.” It puts security inside which they hope to automate secu- ability of certain events happening and a protected VM running on the same 16 communications of th e ac m | n ov e m b e r 2 0 1 0 | vo l . 5 3 | n o. 1 1
news physical machine as the guest VMs Society Pew running in the cloud. The security VM employs a number of protective meth- “People often think ods, including the whitelisting and of virtualization as blacklisting of guest kernel functions. It can determine the operating system adding to security Report on and version of the guest VM and can start monitoring a VM without any problems, but it is fundamentally Mobile beginning assumption of its running state or integrity. Instead of running 50 virus scan- the answer to a lot Apps ners on a machine with 50 guest VMs, of those problems,” although a greater number of virtual machine introspection uses just says martin sadler, adults are turning to mobile phones to text and access one, which is much more efficient, says Matthias Schunter, a researcher at IBM director of the Internet, age and gender differences exist, according to a Research’s Zurich lab. “Another big hP’s systems report by Pew research Center’s advantage is the VM can’t do anything Internet & american Life Project against the virus scan since it’s not security Lab. and The Nielsen Company. The report, titled The Rise aware it’s being scanned,” he says. of Apps Culture, found that 35% Another variation, called “lie de- of u.S. adults have software tection,” puts a tiny piece of software applications or apps on their phones, yet only 24% of adults inside the VM to look at the list of run- use those apps. overall, today’s ning processes as seen by the user. In- apps culture—essentially born trospection software outside the VM adversary could launch a side-channel a couple of years ago with can reliably determine all the process- attack based on the VM’s sharing of the introduction of apple’s iPhone—is predominantly es actually running on the VM; if there physical resources such as CPU data male, younger, and more is any difference between the two lists, caches. The researchers also outlined affluent. some malware, such as a rootkit, is sus- a number of mitigation steps, but con- eighteen to 29-year-olds pected of running on the VM. cluded the only practical and foolproof comprise only 23% of the u.S. adult population but constitute Looking from both within the VM protection is for cloud users to require 44% of the apps-using and without, the lie detector can also that their VMs run on dedicated ma- population. By contrast, 41% of compare the lists of files on disk, the chines, which is potentially a costly so- the adult population is age 50 and older but this group makes views of open sockets, the lists of load- lution. up just 14% of apps users. ed kernel modules, and so on. “Each younger adopters also use apps, of these lie tests improves the chanc- Difficulties With encryption including games and social es of detecting potential malware, Encryption is sometimes seen as the media, more frequently. gender differences were but none of them can prove that no ultimate security measure, but it also also apparent. Women are malware exists,” says IBM researcher presents difficulties in the cloud. At more likely to rely on social Klaus Julisch. present, processing encrypted data networking apps such as Facebook and Twitter while In a third application, a virtual in- means downloading it and decrypting men are inclined to use trusion detection system runs inside it for local use and then possibly up- productivity and financial apps. the physical machine to monitor traf- loading the results, which is a cumber- Nevertheless, adoption is fic among the guest VMs. The virtual some and costly process. growing rapidly. The Nielsen Company found that the networks hidden inside a physical The ability to process encrypted average number of apps on machine are not visible to conven- data in place has been a dream of a smartphone has swelled tional detectors because the detec- cryptographers for years, but it is now from 22 in December 2009 tors usually reside in a separate ma- demonstrating some progress. Last to 27 today. Not surprisingly, iPhone owners top the list with chine, Schunter says. year, Craig Gentry, first at Stanford an average of 40 apps, while Indeed, snooping between VMs in- University and then at IBM Research, android users claim 25 and side a machine was shown to be a real proved it is possible to perform cer- BlackBerry owners 14. The next few years will possibility by researchers last year. tain operations on data without first likely usher in dramatic Computer scientists Thomas Risten- decrypting it. The technique, called changes. “every metric we part, Hovav Shacham, and Stefan Sav- “fully homomorphic encryption,” was capture shows a widening age at the University of California, San hailed as a conceptual breakthrough, embrace of all kinds of apps by a widening population, Diego and Eran Tromer at MIT proved but is so computationally demanding states roger entner, coauthor it was possible for an adversary to get that practical applications are years of the report and senior vice his or her VM co-located with a target’s away, experts say. president at Nielsen. “It’s … not too early to say that this is VM on a cloud’s physical machine 40% Meanwhile, the more limited abil- an important new part of the of the time. In a paper, “Hey, You, Get ity to search encrypted data is closer to technology world.” Off of My Cloud,” they showed how the reality. In “Cryptographic Cloud Stor- —Samuel Greengard n ov e m b e r 2 0 1 0 | vo l . 5 3 | n o. 1 1 | c o m m u n i c at i o n s o f t he acm 17
news age,” a paper published earlier this nies like Google and Amazon and Mi- year, researchers Seny Kamara and crosoft have hundreds of people de- Kristin Lauter of Microsoft Research in “cryptographic voted to security,” he says. “How many described a virtual private storage ser- cloud storage,” do you have?” vice that aims to provide the security of a private cloud and the cost savings microsoft of a public cloud. Data in the cloud researchers seny Further Reading Christodorescu, M., Sailer, R., Schales, D., remains encrypted, and hence pro- tected from the cloud provider, court Kamara and Kristin Sgandurra, D., and Zamboni, D. Cloud security is not (just) virtualization subpoenas, and the like. Users index Lauter describe security, Proceedings of the 2009 ACM their data, then upload the data and the index, which are both encrypted, to a virtual private Workshop on Cloud Computing Security, Chicago, IL, nov. 13, 2009. the cloud. As needed, users can gener- storage service that Gentry, C. ate tokens and credentials that control Fully homomorphic encryption using ideal who has access to what data. provides the security lattices, Proceedings of the 41st Annual Given a token for a keyword, an of a private cloud ACM Symposium on Theory of Computing, Bethesda, MD, May 31–June 2, 2009. authorized user can retrieve point- ers to the encrypted files that contain and the cost savings Kamara, S. and Lauter, K. Cryptographic cloud storage, Proceedings the keyword, and then search for and of a public cloud. of Financial Cryptography: Workshop on download the desired data in encrypt- Real-Life Cryptographic Protocols and ed form. Unauthorized observers can’t Standardization, Tenerife, Canary Islands, know anything useful about the files or Spain, January 25–28, 2010. the keywords. Ristanpart, T., Tromer, E., Sacham, H., The experimental Microsoft service and Savage, S. also offers users “proof of storage,” a when your data is on a server in China hey, you, get off of my cloud: exploring information leakage in third-party protocol by which a server can prove to but you outsourced to a cloud service compute clouds, Proceedings of the a client that it did not tamper with its in New York?” asks Sion. “Or what if 16th ACM Conference on Computer and encrypted data. The client encodes the you have the legal resources to fight a Communications Security, Chicago, IL, data before uploading it and can verify subpoena for your data, but they sub- nov. 9–13, 2009. the data’s integrity at will. poena your cloud provider instead? Shi, E., Bethencourt, J., Chan, T-H., Song, D., Not all cloud security risks arise You will be under scrutiny for moving and Perrig, A. from technology, says Radu Sion, a to the cloud by your shareholders and Multi-dimensional range query over encrypted data, Computer Science computer science professor at Stony everyone else.” Technical Report CMU-CS-06-135R, Brook University. There is scant le- Nevertheless, Sion says all but the Carnegie Mellon University, March 2007. gal or regulatory framework, and few most sophisticated enterprises will precedents, to deal with issues of li- be safer putting their computing re- Gary Anthes is a technology writer and editor based in arlington, Va. ability among the parties in cloud ar- sources in the expert hands of one of rangements, he notes. “What happens the major cloud providers. “Compa- © 2010 acm 0001-0782/10/1100 $10.00 Distributed Computing Math at Web Speed “Many hands make light work,” The researchers estimate that possible combinations of the “We believe that our hadoop goes the old adage. Now there’s a typical computer would have cube in just a few weeks, a task clusters are already more data to prove it. taken at least 500 years to carry the researchers estimate would powerful than many other In recent weeks, both yahoo! out the same operation. have taken a single computer supercomputers,” says Sze, who and google have announced the another group of researchers 35 years. conceived of the project as part results of separate mathematical recently took advantage of google has yet to release the of an internal yahoo! contest to experiments that demonstrate google’s distributed computing details of its technical solution, demonstrate the capabilities of the computational power of large infrastructure to tackle another but it probably bears some hadoop. clusters of networked PCs. famously thorny computational resemblance to the approach In both cases, the at yahoo!, a team led by challenge: rubik’s Cube. The used at yahoo!, where the team mathematical problems proved researcher Tsz-Wo Sze broke team developed an algorithm used apache hadoop, open- particularly well-suited to the world record for calculating capable of solving any rubik’s source software originally distributed computing because the digits of pi, crunching the Cube configuration in 20 developed at google (and later the calculations can be parceled famously irrational number moves or less, resolving a developed extensively by yahoo!) out over the network into much to the two-quadrillionth bit by conundrum that has puzzled that allows developers to stitch smaller operations, capable of stitching together more than mathematicians for three together thousands of computers running on a standard-issue PC. 1,000 computers to complete the decades. The computers over the network into a powerful Making light work indeed. calculation over a 23-day period. simulated all 43 quintillion cloud computer. —Alex Wright 18 communications of th e ac m | n ov e m b e r 2 0 1 0 | vo l . 5 3 | n o. 1 1

Recommended

Wall street journal 22 sept 10 - perspectives on risk it
Wall street journal 22 sept 10 - perspectives on risk itWall street journal 22 sept 10 - perspectives on risk it
Wall street journal 22 sept 10 - perspectives on risk itMessiernl
 
What is the future of cloud security linked in
What is the future of cloud security linked inWhat is the future of cloud security linked in
What is the future of cloud security linked inJonathan Spindel
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingUmang Patel
 
What Possible Computer Disasters Can Be Associated With "Cloud Computing"?
What Possible Computer Disasters Can Be Associated With "Cloud Computing"? What Possible Computer Disasters Can Be Associated With "Cloud Computing"?
What Possible Computer Disasters Can Be Associated With "Cloud Computing"? white paper
 
SMARCOS Project Brochure
SMARCOS Project Brochure SMARCOS Project Brochure
SMARCOS Project Brochure Smarcos Eu
 
Dont Let Data And Business Assets Slip Out The Back Door Cm101243
Dont Let Data And Business Assets Slip Out The Back Door Cm101243Dont Let Data And Business Assets Slip Out The Back Door Cm101243
Dont Let Data And Business Assets Slip Out The Back Door Cm101243Erik Ginalick
 
Cloud Computing White Paper
Cloud Computing White PaperCloud Computing White Paper
Cloud Computing White PaperChris O'Neal
 
Thales launches Cisco Unified Computing System
Thales launches Cisco Unified Computing SystemThales launches Cisco Unified Computing System
Thales launches Cisco Unified Computing SystemCisco Case Studies
 

Recommended

Wall street journal 22 sept 10 - perspectives on risk it
Wall street journal 22 sept 10 - perspectives on risk itWall street journal 22 sept 10 - perspectives on risk it
Wall street journal 22 sept 10 - perspectives on risk itMessiernl
 
What is the future of cloud security linked in
What is the future of cloud security linked inWhat is the future of cloud security linked in
What is the future of cloud security linked inJonathan Spindel
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingUmang Patel
 
What Possible Computer Disasters Can Be Associated With "Cloud Computing"?
What Possible Computer Disasters Can Be Associated With "Cloud Computing"? What Possible Computer Disasters Can Be Associated With "Cloud Computing"?
What Possible Computer Disasters Can Be Associated With "Cloud Computing"? white paper
 
SMARCOS Project Brochure
SMARCOS Project Brochure SMARCOS Project Brochure
SMARCOS Project Brochure Smarcos Eu
 
Dont Let Data And Business Assets Slip Out The Back Door Cm101243
Dont Let Data And Business Assets Slip Out The Back Door Cm101243Dont Let Data And Business Assets Slip Out The Back Door Cm101243
Dont Let Data And Business Assets Slip Out The Back Door Cm101243Erik Ginalick
 
Cloud Computing White Paper
Cloud Computing White PaperCloud Computing White Paper
Cloud Computing White PaperChris O'Neal
 
Thales launches Cisco Unified Computing System
Thales launches Cisco Unified Computing SystemThales launches Cisco Unified Computing System
Thales launches Cisco Unified Computing SystemCisco Case Studies
 
Digital Trust In The Cloud
Digital Trust In The CloudDigital Trust In The Cloud
Digital Trust In The CloudCSC Trusted Cloud Services
 
Security, Privacy and the Future Internet
Security, Privacy and the Future InternetSecurity, Privacy and the Future Internet
Security, Privacy and the Future InternetFraunhofer Institute for Secure Information Technology
 
Peering Through the Cloud Forrester EMEA 2010
Peering Through the Cloud Forrester EMEA 2010Peering Through the Cloud Forrester EMEA 2010
Peering Through the Cloud Forrester EMEA 2010graywilliams
 
Cloud Computing - Is it the Future of ESI?
Cloud Computing - Is it the Future of ESI?Cloud Computing - Is it the Future of ESI?
Cloud Computing - Is it the Future of ESI?trentlivingston
 
Are you ready for the private cloud? [WHITEPAPER]
Are you ready for the private cloud? [WHITEPAPER]Are you ready for the private cloud? [WHITEPAPER]
Are you ready for the private cloud? [WHITEPAPER]KVH Co. Ltd.
 
Think like a hacker for better security awareness
Think like a hacker for better security awarenessThink like a hacker for better security awareness
Think like a hacker for better security awarenessCOMSATS
 
A mobile agent based approach for data management to support 3 d emergency pr...
A mobile agent based approach for data management to support 3 d emergency pr...A mobile agent based approach for data management to support 3 d emergency pr...
A mobile agent based approach for data management to support 3 d emergency pr...Ijrdt Journal
 
White Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceWhite Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceCourtland Smith
 
Smart, Data-Centric Security for the Post-PC Era
Smart, Data-Centric Security for the Post-PC EraSmart, Data-Centric Security for the Post-PC Era
Smart, Data-Centric Security for the Post-PC EraTrend Micro (EMEA) Limited
 
White Paper: Is Your Network Safe Behind Just a Firewall?
White Paper: Is Your Network Safe Behind Just a Firewall?White Paper: Is Your Network Safe Behind Just a Firewall?
White Paper: Is Your Network Safe Behind Just a Firewall?Windstream Enterprise
 
Emc keynote 0945 1030
Emc keynote 0945 1030Emc keynote 0945 1030
Emc keynote 0945 1030Chiou-Nan Chen
 
security_secure_pipes_frost_whitepaper
security_secure_pipes_frost_whitepapersecurity_secure_pipes_frost_whitepaper
security_secure_pipes_frost_whitepaperAlan Rudd
 
Private Cloud: Debunking Myths Preventing Adoption
Private Cloud: Debunking Myths Preventing AdoptionPrivate Cloud: Debunking Myths Preventing Adoption
Private Cloud: Debunking Myths Preventing AdoptionDana Gardner
 
How information security empowers mobile innovation v3 branded
How information security empowers mobile innovation v3 brandedHow information security empowers mobile innovation v3 branded
How information security empowers mobile innovation v3 brandedNalneesh Gaur
 
What does Information Security have in common with Eastern Air Lines Flight 401
What does Information Security have in common with Eastern Air Lines Flight 401What does Information Security have in common with Eastern Air Lines Flight 401
What does Information Security have in common with Eastern Air Lines Flight 401Chris Ross
 
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...Dana Gardner
 
Artificial Intelligence powered malware - A Smart virus
Artificial Intelligence powered malware - A Smart virusArtificial Intelligence powered malware - A Smart virus
Artificial Intelligence powered malware - A Smart virusStig-Arne Kristoffersen
 
Battlefield airmen operating system19 apr
Battlefield airmen operating system19 aprBattlefield airmen operating system19 apr
Battlefield airmen operating system19 aprreclare
 
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...Dana Gardner
 
Mobile security hakin9_Revista
Mobile security hakin9_RevistaMobile security hakin9_Revista
Mobile security hakin9_Revistathe_ro0t
 
The Observer - Enneagram Personality Type 5
The Observer - Enneagram Personality Type 5The Observer - Enneagram Personality Type 5
The Observer - Enneagram Personality Type 5Greema Pande
 
3[1]. Enneagram Symbol
3[1]. Enneagram Symbol3[1]. Enneagram Symbol
3[1]. Enneagram Symboloscarayalaa
 

More Related Content

What's hot

Peering Through the Cloud Forrester EMEA 2010
Peering Through the Cloud Forrester EMEA 2010Peering Through the Cloud Forrester EMEA 2010
Peering Through the Cloud Forrester EMEA 2010graywilliams
 
Cloud Computing - Is it the Future of ESI?
Cloud Computing - Is it the Future of ESI?Cloud Computing - Is it the Future of ESI?
Cloud Computing - Is it the Future of ESI?trentlivingston
 
Are you ready for the private cloud? [WHITEPAPER]
Are you ready for the private cloud? [WHITEPAPER]Are you ready for the private cloud? [WHITEPAPER]
Are you ready for the private cloud? [WHITEPAPER]KVH Co. Ltd.
 
Think like a hacker for better security awareness
Think like a hacker for better security awarenessThink like a hacker for better security awareness
Think like a hacker for better security awarenessCOMSATS
 
A mobile agent based approach for data management to support 3 d emergency pr...
A mobile agent based approach for data management to support 3 d emergency pr...A mobile agent based approach for data management to support 3 d emergency pr...
A mobile agent based approach for data management to support 3 d emergency pr...Ijrdt Journal
 
White Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceWhite Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceCourtland Smith
 
Smart, Data-Centric Security for the Post-PC Era
Smart, Data-Centric Security for the Post-PC EraSmart, Data-Centric Security for the Post-PC Era
Smart, Data-Centric Security for the Post-PC EraTrend Micro (EMEA) Limited
 
White Paper: Is Your Network Safe Behind Just a Firewall?
White Paper: Is Your Network Safe Behind Just a Firewall?White Paper: Is Your Network Safe Behind Just a Firewall?
White Paper: Is Your Network Safe Behind Just a Firewall?Windstream Enterprise
 
security_secure_pipes_frost_whitepaper
security_secure_pipes_frost_whitepapersecurity_secure_pipes_frost_whitepaper
security_secure_pipes_frost_whitepaperAlan Rudd
 
Private Cloud: Debunking Myths Preventing Adoption
Private Cloud: Debunking Myths Preventing AdoptionPrivate Cloud: Debunking Myths Preventing Adoption
Private Cloud: Debunking Myths Preventing AdoptionDana Gardner
 
How information security empowers mobile innovation v3 branded
How information security empowers mobile innovation v3 brandedHow information security empowers mobile innovation v3 branded
How information security empowers mobile innovation v3 brandedNalneesh Gaur
 
What does Information Security have in common with Eastern Air Lines Flight 401
What does Information Security have in common with Eastern Air Lines Flight 401What does Information Security have in common with Eastern Air Lines Flight 401
What does Information Security have in common with Eastern Air Lines Flight 401Chris Ross
 
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...Dana Gardner
 
Artificial Intelligence powered malware - A Smart virus
Artificial Intelligence powered malware - A Smart virusArtificial Intelligence powered malware - A Smart virus
Artificial Intelligence powered malware - A Smart virusStig-Arne Kristoffersen
 
Battlefield airmen operating system19 apr
Battlefield airmen operating system19 aprBattlefield airmen operating system19 apr
Battlefield airmen operating system19 aprreclare
 
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...Dana Gardner
 
Mobile security hakin9_Revista
Mobile security hakin9_RevistaMobile security hakin9_Revista
Mobile security hakin9_Revistathe_ro0t
 

What's hot (20)

Digital Trust In The Cloud
Digital Trust In The CloudDigital Trust In The Cloud
Digital Trust In The Cloud
 
Security, Privacy and the Future Internet
Security, Privacy and the Future InternetSecurity, Privacy and the Future Internet
Security, Privacy and the Future Internet
 
Peering Through the Cloud Forrester EMEA 2010
Peering Through the Cloud Forrester EMEA 2010Peering Through the Cloud Forrester EMEA 2010
Peering Through the Cloud Forrester EMEA 2010
 
Cloud Computing - Is it the Future of ESI?
Cloud Computing - Is it the Future of ESI?Cloud Computing - Is it the Future of ESI?
Cloud Computing - Is it the Future of ESI?
 
Are you ready for the private cloud? [WHITEPAPER]
Are you ready for the private cloud? [WHITEPAPER]Are you ready for the private cloud? [WHITEPAPER]
Are you ready for the private cloud? [WHITEPAPER]
 
Think like a hacker for better security awareness
Think like a hacker for better security awarenessThink like a hacker for better security awareness
Think like a hacker for better security awareness
 
A mobile agent based approach for data management to support 3 d emergency pr...
A mobile agent based approach for data management to support 3 d emergency pr...A mobile agent based approach for data management to support 3 d emergency pr...
A mobile agent based approach for data management to support 3 d emergency pr...
 
White Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceWhite Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic Workforce
 
Smart, Data-Centric Security for the Post-PC Era
Smart, Data-Centric Security for the Post-PC EraSmart, Data-Centric Security for the Post-PC Era
Smart, Data-Centric Security for the Post-PC Era
 
White Paper: Is Your Network Safe Behind Just a Firewall?
White Paper: Is Your Network Safe Behind Just a Firewall?White Paper: Is Your Network Safe Behind Just a Firewall?
White Paper: Is Your Network Safe Behind Just a Firewall?
 
Emc keynote 0945 1030
Emc keynote 0945 1030Emc keynote 0945 1030
Emc keynote 0945 1030
 
security_secure_pipes_frost_whitepaper
security_secure_pipes_frost_whitepapersecurity_secure_pipes_frost_whitepaper
security_secure_pipes_frost_whitepaper
 
Private Cloud: Debunking Myths Preventing Adoption
Private Cloud: Debunking Myths Preventing AdoptionPrivate Cloud: Debunking Myths Preventing Adoption
Private Cloud: Debunking Myths Preventing Adoption
 
How information security empowers mobile innovation v3 branded
How information security empowers mobile innovation v3 brandedHow information security empowers mobile innovation v3 branded
How information security empowers mobile innovation v3 branded
 
What does Information Security have in common with Eastern Air Lines Flight 401
What does Information Security have in common with Eastern Air Lines Flight 401What does Information Security have in common with Eastern Air Lines Flight 401
What does Information Security have in common with Eastern Air Lines Flight 401
 
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
 
Artificial Intelligence powered malware - A Smart virus
Artificial Intelligence powered malware - A Smart virusArtificial Intelligence powered malware - A Smart virus
Artificial Intelligence powered malware - A Smart virus
 
Battlefield airmen operating system19 apr
Battlefield airmen operating system19 aprBattlefield airmen operating system19 apr
Battlefield airmen operating system19 apr
 
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
 
Mobile security hakin9_Revista
Mobile security hakin9_RevistaMobile security hakin9_Revista
Mobile security hakin9_Revista
 

Viewers also liked

The Observer - Enneagram Personality Type 5
The Observer - Enneagram Personality Type 5The Observer - Enneagram Personality Type 5
The Observer - Enneagram Personality Type 5Greema Pande
 
3[1]. Enneagram Symbol
3[1]. Enneagram Symbol3[1]. Enneagram Symbol
3[1]. Enneagram Symboloscarayalaa
 
Moving Around The Enneagram
Moving Around The EnneagramMoving Around The Enneagram
Moving Around The EnneagramKathleen Schafer
 
Enneagram Presentation Expanded
Enneagram Presentation ExpandedEnneagram Presentation Expanded
Enneagram Presentation ExpandedChris Borrett
 
Enneagram by Tai Tran
Enneagram by Tai TranEnneagram by Tai Tran
Enneagram by Tai TranTai Tran
 
Introduction to the Enneagram
Introduction to the EnneagramIntroduction to the Enneagram
Introduction to the EnneagramLinda Ferguson
 
Enneagram of personality
Enneagram of personalityEnneagram of personality
Enneagram of personalityAli BARAN
 
Enneagram symbol talk revised 07 21_2012
Enneagram symbol talk revised 07 21_2012Enneagram symbol talk revised 07 21_2012
Enneagram symbol talk revised 07 21_2012Arthur Kranz
 

Viewers also liked (11)

The Observer - Enneagram Personality Type 5
The Observer - Enneagram Personality Type 5The Observer - Enneagram Personality Type 5
The Observer - Enneagram Personality Type 5
 
3[1]. Enneagram Symbol
3[1]. Enneagram Symbol3[1]. Enneagram Symbol
3[1]. Enneagram Symbol
 
Ppt on leadership
Ppt on leadershipPpt on leadership
Ppt on leadership
 
MANAGEMENT WISDOM
MANAGEMENT WISDOMMANAGEMENT WISDOM
MANAGEMENT WISDOM
 
Moving Around The Enneagram
Moving Around The EnneagramMoving Around The Enneagram
Moving Around The Enneagram
 
Enneagram Presentation Expanded
Enneagram Presentation ExpandedEnneagram Presentation Expanded
Enneagram Presentation Expanded
 
Enneagram
EnneagramEnneagram
Enneagram
 
Enneagram by Tai Tran
Enneagram by Tai TranEnneagram by Tai Tran
Enneagram by Tai Tran
 
Introduction to the Enneagram
Introduction to the EnneagramIntroduction to the Enneagram
Introduction to the Enneagram
 
Enneagram of personality
Enneagram of personalityEnneagram of personality
Enneagram of personality
 
Enneagram symbol talk revised 07 21_2012
Enneagram symbol talk revised 07 21_2012Enneagram symbol talk revised 07 21_2012
Enneagram symbol talk revised 07 21_2012
 

Similar to Security cloud computing

An Architecture for Providing Security to Cloud Resources
An Architecture for Providing Security to Cloud ResourcesAn Architecture for Providing Security to Cloud Resources
An Architecture for Providing Security to Cloud ResourcesNiranjana Padmanabhan
 
VIRTUAL MACHINES DETECTION METHODS USING IP TIMESTAMPS PATTERN CHARACTERISTIC
VIRTUAL MACHINES DETECTION METHODS USING IP TIMESTAMPS PATTERN CHARACTERISTICVIRTUAL MACHINES DETECTION METHODS USING IP TIMESTAMPS PATTERN CHARACTERISTIC
VIRTUAL MACHINES DETECTION METHODS USING IP TIMESTAMPS PATTERN CHARACTERISTICijcsit
 
Todd Deshane's PhD Proposal
Todd Deshane's PhD ProposalTodd Deshane's PhD Proposal
Todd Deshane's PhD ProposalTodd Deshane
 
Hot Cyber Security Technologies
Hot Cyber Security TechnologiesHot Cyber Security Technologies
Hot Cyber Security TechnologiesRuchikaSachdeva4
 
Security in a Virtualised Computing
Security in a Virtualised ComputingSecurity in a Virtualised Computing
Security in a Virtualised ComputingIOSR Journals
 
Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011Kim Jensen
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingKumar
 
Virtualization in Cloud computing
Virtualization in Cloud computing Virtualization in Cloud computing
Virtualization in Cloud computing Priti Banya Mohanty
 
Cloud security Deep Dive 2011
Cloud security Deep Dive 2011Cloud security Deep Dive 2011
Cloud security Deep Dive 2011Kim Jensen
 
Iirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environmentIirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environmentIaetsd Iaetsd
 
When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.Yury Chemerkin
 
BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...Dana Gardner
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTUREacijjournal
 

Similar to Security cloud computing (20)

An Architecture for Providing Security to Cloud Resources
An Architecture for Providing Security to Cloud ResourcesAn Architecture for Providing Security to Cloud Resources
An Architecture for Providing Security to Cloud Resources
 
VIRTUAL MACHINES DETECTION METHODS USING IP TIMESTAMPS PATTERN CHARACTERISTIC
VIRTUAL MACHINES DETECTION METHODS USING IP TIMESTAMPS PATTERN CHARACTERISTICVIRTUAL MACHINES DETECTION METHODS USING IP TIMESTAMPS PATTERN CHARACTERISTIC
VIRTUAL MACHINES DETECTION METHODS USING IP TIMESTAMPS PATTERN CHARACTERISTIC
 
CSEC630 individaul assign
CSEC630 individaul assignCSEC630 individaul assign
CSEC630 individaul assign
 
Todd Deshane's PhD Proposal
Todd Deshane's PhD ProposalTodd Deshane's PhD Proposal
Todd Deshane's PhD Proposal
 
Managing The Virtualized Enterprise New Technology, New Challenges
Managing The Virtualized Enterprise New Technology, New ChallengesManaging The Virtualized Enterprise New Technology, New Challenges
Managing The Virtualized Enterprise New Technology, New Challenges
 
Hot Cyber Security Technologies
Hot Cyber Security TechnologiesHot Cyber Security Technologies
Hot Cyber Security Technologies
 
Security in a Virtualised Computing
Security in a Virtualised ComputingSecurity in a Virtualised Computing
Security in a Virtualised Computing
 
Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Virtualization in Cloud computing
Virtualization in Cloud computing Virtualization in Cloud computing
Virtualization in Cloud computing
 
Cloud security Deep Dive 2011
Cloud security Deep Dive 2011Cloud security Deep Dive 2011
Cloud security Deep Dive 2011
 
Iirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environmentIirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environment
 
cloud security
cloud securitycloud security
cloud security
 
When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.
 
BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...
 
Download
DownloadDownload
Download
 
Cloudcpmuting journal
Cloudcpmuting journalCloudcpmuting journal
Cloudcpmuting journal
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURE
 
Seminar
SeminarSeminar
Seminar
 

Recently uploaded

SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 

Recently uploaded (20)

SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 

Security cloud computing

  • 1. news Technology | DOI:10.1145/1839676.1839683 Gary Anthes security in the cloud Cloud computing offers many advantages, but also involves security risks. Fortunately, researchers are devising some ingenious solutions. C o M Pu T I Ng May So Me day be organized as a public util- ity, just as the telephone system is a public utility,” Massachusetts Institute of Technology (MIT) computer science pioneer John McCarthy noted in 1961. We aren’t quite there yet, but cloud computing brings us close. Clouds are all the rage today, promising con- venience, elasticity, transparency, and economy. But with the many ben- efits come thorny issues of security and privacy. The history of computing since the 1960s can be viewed as a continuous move toward ever greater specializa- tion and distribution of computing resources. First we had mainframes, and security was fairly simple. Then we added minicomputers and desktop and laptop computers and client-server models, and it got more complicated. cloud computing simplifies security issues for users by outsourcing them to companies such These computing paradigms gave way as microsoft, which recently opened a $550 million data center in chicago. in turn to n-tier and grid computing and to various types of virtualization. rity management in the cloud. A cell, take action accordingly. They might, As hardware infrastructures grew managed as a single administrative for instance, throttle back the CPU, more complicated and fragmented, domain using common security poli- stop all I/O to a virtual machine (VM), so did the distribution of software and cies, contains a bundle of virtual ma- or take a clone of the VM and move it data. There seemed no end to the ways chines, storage volumes, and networks elsewhere for evaluation. Agents could that users could split up their comput- running across multiple physical ma- be deployed by cloud users, cloud ser- ing resources, and no end to the securi- chines. Around the cells HP inserts vice providers, or third parties such as a ty problems that arose as a result. Part various sensors, detectors, and mitiga- virus protection company, Sadler says. of the problem has been one of moving tors that look for viruses, intrusions, But these agents introduce their targets—just as one computing para- and other suspicious behavior. Virtual- own management challenges. There digm seemed solid, a new, more attrac- ization enables these agents to be very might be as many as 30 agents, inter- tive one beckoned. close to the action without being part acting in various ways and with varying In a sense, cloud computing sim- of it or observed by it, according to HP. drains on system resources. HP Labs plifies security issues for users by out- “People often think of virtualization is developing analytic tools that can sourcing them to another party, one as adding to security problems, but it generate playbooks that script system pHotogra pH useD WIt H p erm IssIon f rom m Icrosoft that is presumed to be highly skilled is fundamentally the answer to a lot of behavior. These templates, tailorable at dealing with them. Cloud users those problems,” says Martin Sadler, by users, employ cost/benefit analyses may think they don’t have to worry director of HP’s Systems Security Lab. and reflect what is most important to about the security of their software “You can do all sorts of things you can’t users and what cost they are willing to and data anymore, because they’re in do when these things are physical ma- bear for various types of protection. expert hands. chines.” For example, the sensors can But such complacency is a mistake, watch CPU activity, I/O patterns, and Virtual machine introspection say researchers at Hewlett-Packard memory usage and, based on models IBM Research is pursuing a similar (HP) Laboratories in Bristol, U.K. They of past behavior, recognize suspicious approach called “virtual machine in- are prototyping Cells as a Service, by activity. They can also assess the prob- trospection.” It puts security inside which they hope to automate secu- ability of certain events happening and a protected VM running on the same 16 communications of th e ac m | n ov e m b e r 2 0 1 0 | vo l . 5 3 | n o. 1 1
  • 2. news physical machine as the guest VMs Society Pew running in the cloud. The security VM employs a number of protective meth- “People often think ods, including the whitelisting and of virtualization as blacklisting of guest kernel functions. It can determine the operating system adding to security Report on and version of the guest VM and can start monitoring a VM without any problems, but it is fundamentally Mobile beginning assumption of its running state or integrity. Instead of running 50 virus scan- the answer to a lot Apps ners on a machine with 50 guest VMs, of those problems,” although a greater number of virtual machine introspection uses just says martin sadler, adults are turning to mobile phones to text and access one, which is much more efficient, says Matthias Schunter, a researcher at IBM director of the Internet, age and gender differences exist, according to a Research’s Zurich lab. “Another big hP’s systems report by Pew research Center’s advantage is the VM can’t do anything Internet & american Life Project against the virus scan since it’s not security Lab. and The Nielsen Company. The report, titled The Rise aware it’s being scanned,” he says. of Apps Culture, found that 35% Another variation, called “lie de- of u.S. adults have software tection,” puts a tiny piece of software applications or apps on their phones, yet only 24% of adults inside the VM to look at the list of run- use those apps. overall, today’s ning processes as seen by the user. In- apps culture—essentially born trospection software outside the VM adversary could launch a side-channel a couple of years ago with can reliably determine all the process- attack based on the VM’s sharing of the introduction of apple’s iPhone—is predominantly es actually running on the VM; if there physical resources such as CPU data male, younger, and more is any difference between the two lists, caches. The researchers also outlined affluent. some malware, such as a rootkit, is sus- a number of mitigation steps, but con- eighteen to 29-year-olds pected of running on the VM. cluded the only practical and foolproof comprise only 23% of the u.S. adult population but constitute Looking from both within the VM protection is for cloud users to require 44% of the apps-using and without, the lie detector can also that their VMs run on dedicated ma- population. By contrast, 41% of compare the lists of files on disk, the chines, which is potentially a costly so- the adult population is age 50 and older but this group makes views of open sockets, the lists of load- lution. up just 14% of apps users. ed kernel modules, and so on. “Each younger adopters also use apps, of these lie tests improves the chanc- Difficulties With encryption including games and social es of detecting potential malware, Encryption is sometimes seen as the media, more frequently. gender differences were but none of them can prove that no ultimate security measure, but it also also apparent. Women are malware exists,” says IBM researcher presents difficulties in the cloud. At more likely to rely on social Klaus Julisch. present, processing encrypted data networking apps such as Facebook and Twitter while In a third application, a virtual in- means downloading it and decrypting men are inclined to use trusion detection system runs inside it for local use and then possibly up- productivity and financial apps. the physical machine to monitor traf- loading the results, which is a cumber- Nevertheless, adoption is fic among the guest VMs. The virtual some and costly process. growing rapidly. The Nielsen Company found that the networks hidden inside a physical The ability to process encrypted average number of apps on machine are not visible to conven- data in place has been a dream of a smartphone has swelled tional detectors because the detec- cryptographers for years, but it is now from 22 in December 2009 tors usually reside in a separate ma- demonstrating some progress. Last to 27 today. Not surprisingly, iPhone owners top the list with chine, Schunter says. year, Craig Gentry, first at Stanford an average of 40 apps, while Indeed, snooping between VMs in- University and then at IBM Research, android users claim 25 and side a machine was shown to be a real proved it is possible to perform cer- BlackBerry owners 14. The next few years will possibility by researchers last year. tain operations on data without first likely usher in dramatic Computer scientists Thomas Risten- decrypting it. The technique, called changes. “every metric we part, Hovav Shacham, and Stefan Sav- “fully homomorphic encryption,” was capture shows a widening age at the University of California, San hailed as a conceptual breakthrough, embrace of all kinds of apps by a widening population, Diego and Eran Tromer at MIT proved but is so computationally demanding states roger entner, coauthor it was possible for an adversary to get that practical applications are years of the report and senior vice his or her VM co-located with a target’s away, experts say. president at Nielsen. “It’s … not too early to say that this is VM on a cloud’s physical machine 40% Meanwhile, the more limited abil- an important new part of the of the time. In a paper, “Hey, You, Get ity to search encrypted data is closer to technology world.” Off of My Cloud,” they showed how the reality. In “Cryptographic Cloud Stor- —Samuel Greengard n ov e m b e r 2 0 1 0 | vo l . 5 3 | n o. 1 1 | c o m m u n i c at i o n s o f t he acm 17
  • 3. news age,” a paper published earlier this nies like Google and Amazon and Mi- year, researchers Seny Kamara and crosoft have hundreds of people de- Kristin Lauter of Microsoft Research in “cryptographic voted to security,” he says. “How many described a virtual private storage ser- cloud storage,” do you have?” vice that aims to provide the security of a private cloud and the cost savings microsoft of a public cloud. Data in the cloud researchers seny Further Reading Christodorescu, M., Sailer, R., Schales, D., remains encrypted, and hence pro- tected from the cloud provider, court Kamara and Kristin Sgandurra, D., and Zamboni, D. Cloud security is not (just) virtualization subpoenas, and the like. Users index Lauter describe security, Proceedings of the 2009 ACM their data, then upload the data and the index, which are both encrypted, to a virtual private Workshop on Cloud Computing Security, Chicago, IL, nov. 13, 2009. the cloud. As needed, users can gener- storage service that Gentry, C. ate tokens and credentials that control Fully homomorphic encryption using ideal who has access to what data. provides the security lattices, Proceedings of the 41st Annual Given a token for a keyword, an of a private cloud ACM Symposium on Theory of Computing, Bethesda, MD, May 31–June 2, 2009. authorized user can retrieve point- ers to the encrypted files that contain and the cost savings Kamara, S. and Lauter, K. Cryptographic cloud storage, Proceedings the keyword, and then search for and of a public cloud. of Financial Cryptography: Workshop on download the desired data in encrypt- Real-Life Cryptographic Protocols and ed form. Unauthorized observers can’t Standardization, Tenerife, Canary Islands, know anything useful about the files or Spain, January 25–28, 2010. the keywords. Ristanpart, T., Tromer, E., Sacham, H., The experimental Microsoft service and Savage, S. also offers users “proof of storage,” a when your data is on a server in China hey, you, get off of my cloud: exploring information leakage in third-party protocol by which a server can prove to but you outsourced to a cloud service compute clouds, Proceedings of the a client that it did not tamper with its in New York?” asks Sion. “Or what if 16th ACM Conference on Computer and encrypted data. The client encodes the you have the legal resources to fight a Communications Security, Chicago, IL, data before uploading it and can verify subpoena for your data, but they sub- nov. 9–13, 2009. the data’s integrity at will. poena your cloud provider instead? Shi, E., Bethencourt, J., Chan, T-H., Song, D., Not all cloud security risks arise You will be under scrutiny for moving and Perrig, A. from technology, says Radu Sion, a to the cloud by your shareholders and Multi-dimensional range query over encrypted data, Computer Science computer science professor at Stony everyone else.” Technical Report CMU-CS-06-135R, Brook University. There is scant le- Nevertheless, Sion says all but the Carnegie Mellon University, March 2007. gal or regulatory framework, and few most sophisticated enterprises will precedents, to deal with issues of li- be safer putting their computing re- Gary Anthes is a technology writer and editor based in arlington, Va. ability among the parties in cloud ar- sources in the expert hands of one of rangements, he notes. “What happens the major cloud providers. “Compa- © 2010 acm 0001-0782/10/1100 $10.00 Distributed Computing Math at Web Speed “Many hands make light work,” The researchers estimate that possible combinations of the “We believe that our hadoop goes the old adage. Now there’s a typical computer would have cube in just a few weeks, a task clusters are already more data to prove it. taken at least 500 years to carry the researchers estimate would powerful than many other In recent weeks, both yahoo! out the same operation. have taken a single computer supercomputers,” says Sze, who and google have announced the another group of researchers 35 years. conceived of the project as part results of separate mathematical recently took advantage of google has yet to release the of an internal yahoo! contest to experiments that demonstrate google’s distributed computing details of its technical solution, demonstrate the capabilities of the computational power of large infrastructure to tackle another but it probably bears some hadoop. clusters of networked PCs. famously thorny computational resemblance to the approach In both cases, the at yahoo!, a team led by challenge: rubik’s Cube. The used at yahoo!, where the team mathematical problems proved researcher Tsz-Wo Sze broke team developed an algorithm used apache hadoop, open- particularly well-suited to the world record for calculating capable of solving any rubik’s source software originally distributed computing because the digits of pi, crunching the Cube configuration in 20 developed at google (and later the calculations can be parceled famously irrational number moves or less, resolving a developed extensively by yahoo!) out over the network into much to the two-quadrillionth bit by conundrum that has puzzled that allows developers to stitch smaller operations, capable of stitching together more than mathematicians for three together thousands of computers running on a standard-issue PC. 1,000 computers to complete the decades. The computers over the network into a powerful Making light work indeed. calculation over a 23-day period. simulated all 43 quintillion cloud computer. —Alex Wright 18 communications of th e ac m | n ov e m b e r 2 0 1 0 | vo l . 5 3 | n o. 1 1