SlideShare a Scribd company logo

Trust and Cloud computing, removing the need for the consumer to trust their provider

Download as PPTX, PDF
David Wallom
David Wallom

Trusted computing and remote attestation techniques can be used to build trust in cloud computing by creating a "chain of trust" from the hardware to the cloud services and user data. This allows a user to verify the configuration of each component in the cloud and ensure only authorized applications and services can access sensitive data. The solution involves using trusted computing mechanisms like TPM chips to attest cloud hosts, VMs, and services. It also allows application and data whitelisting based on these remote attestations to build trust without requiring users to unconditionally trust their cloud provider.

Technology
1 of 25
Trust and Cloud computing, removing the need for the consumer to trust their provider Prof David Wallom University of Oxford
Overview • The problem – Drivers of cloud adoption – Threats forming barriers to adoption – Trust and the stakeholders in the cloud – Building trust through regulation – Trusted products within a marketplace • The solution – Trusted Computing – Chain of trust – OAT – Trusted Appliances, Applications and user data
Problem…
7 Cloud Computing security risks
Trust at the Last Mile • Problem for high value instantly usable data and services – Critical data or keys are still exposed inside the cloud at the final steps – Still require customers unconditional trust of their CSP – Value may be great enough that traditional blackmail/bribery may be enough to gain access
Cloud (IaaS) and Security cloud infrastructure Storage (Object) Storage (Block) Host VM Host VM … Users • AAI: management, storage APIs. • VMs: security groups (layer 2/3), firewall, VPN. • OS: admin policies, monitoring, auditing, patches, etc. • HW: physical security • How can users trust the origin and identity of the cloud infrastructure software stack? • How can users trust the origin and identity of VMs, Block Storage, Storage Objects?
“What is really going on inside the cloud?”
New Industries Around Security and Trust
Building trust through regulation
Building trust by building brands
Recap • Cloud already affects all our lives, it will soon affect extremely high value parts of our lives even more • Security, Trust and Privacy still great concerns • The very thing that makes cloud great (of not caring about the innards) also causes some of our headaches • Regulation may be well meaning when introduced but ultimately doesn’t improve the user experience as it by def. limits some functions or capabilities • Providing improved consumer information may allow us to build reputation systems but there is nothing to stop them being subverted and having to use clean branded appliances each time will cause operational headaches. • We must trust our cloud provider, completely! • We don’t really know whats going on within the cloud • We are worried we may lose our data
A solution
Trusted Computing • What it is: A set of specifications proposed by the Trusted Computing Group (TCG) for implementing a remotely verifiable infrastructure. • What it does and what it does not: It enables a challenger to remotely verify the genuine configurations of a platform. It provides no guarantee on the security properties of the platform, but leaves the challengers to determine the properties by mapping the configurations to a predefined security properties repository. • TPM: A cost-effective secure hardware, providing tamper-proof capabilities for storing and reporting the platform’s configuration, together with other supporting capabilities, such as secure key management. • Integrity and attestation: The integrity of a platform is defined as its capability to behave as expected. In general implementation, integrity is interpreted as whether only expected software components with expected configurations have been loaded on the target platform. Remote Attestations are performed to examine the integrity of a remote platform. • Strengths and limitations: Trust Computing mechanisms are built upon the tamper-proof hardware. However, complexities in managing the expected platform configurations have inhibited the widespread adoption of Trusted Computing.
Extend the Trusted Platform to the cloud • Reassure customers that the cloud infrastructure is strong enough to defend against attackers or malicious users. • Enables a mechanism by which the properties of the cloud service components and third-party extensions can be continuously inspected and examined.
Trusted Computing and Cloud Computing User verifiable Chain of Trust = Attestation result of Storage + Attestation result of Host + Attestation result of VM …but in the cloud the hardware components can change… HW/TPM Host Controller Hypervisor Virtual Machine vTPM Virtual Machine vTPM Virtual Machine vTPM HW/TPM Storage Controller Storage Service 12 3 123
Open Attestation (OAT) as a Trusted Third Party …but what about resilience and scalability?
Porridge (Distributed OAT) • High frequency platform verification • Application whitelisting • Verifiable Logging
Implementation in Openstack
Attesting Cloud Services • VM attestation – Know exactly the status of your system, its how you left it! • Centralized Attestation Service – A service to periodically examining all the cloud nodes and recording their configurations; – Customers attest the delegates to make sure the attestation service is correctly running. – Supporting dynamic VM migration attesting both source and destination to ensure continual validity • Property-based Access Controls – Customers define the access control policies to their data or keys based on the properties of the accessing cloud applications and the underlying hosting infrastructure. – Whitelisting application software within a cloud instance
Trusted Data Processing • To ensure that customer data is not abused by their CSP when outsourced to the cloud infrastructure for processing or storage. • TDP ensures customers that their data is only decrypted by their applications, having the predefined states, and being deployed on the part of the cloud satisfying predefined SLA.
Trusted Data Exchanging • To ensure that Customer Data is not abused by other customers when shared on a common infrastructure to achieve cooperative computations. • TDP ensures a Data Provider that every piece of data is processed only by applications with predetermined properties.
Conclusion • Trust is still highlighted as a significant barrier to cloud adoption in high value usecases • Traditional security still requires users to trust their CSP • Regulation may aim for a secure business as usual, it doesn’t support you when things go wrong • Utilising Trusted Computing and remote attestation builds a chain of trust – Hardware -> Cloud Host -> Hypervisor -> VM -> application software + Data – Support application and data whitelisting to ensure only those with permission can use services or capabilities • Only registered and verified hosts can run high value applications • Only registered and verifies services can access high value data • Extending existing Trusted Third Party capabilities to support multiple trusted Service Providers providing externally verifiable measurement of cloud located services • We are removing the need to trust your cloud provider by building cryptographically secure cloud
Thank You!

Recommended

Trust and Cloud computing, removing the need for the consumer to trust their ...
Trust and Cloud computing, removing the need for the consumer to trust their ...Trust and Cloud computing, removing the need for the consumer to trust their ...
Trust and Cloud computing, removing the need for the consumer to trust their ...
David Wallom
 
E magic case study
E magic case studyE magic case study
E magic case study
Allyssa1Davis
 
Ame 2269 ibm mq high availability
Ame 2269 ibm mq high availabilityAme 2269 ibm mq high availability
Ame 2269 ibm mq high availability
Andrew Schofield
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...
Robert Parker
 
IBM Integration Bus & WebSphere MQ - High Availability & Disaster Recovery
IBM Integration Bus & WebSphere MQ - High Availability & Disaster RecoveryIBM Integration Bus & WebSphere MQ - High Availability & Disaster Recovery
IBM Integration Bus & WebSphere MQ - High Availability & Disaster Recovery
Rob Convery
 
VMworld 2015: The Best SDDC!
VMworld 2015: The Best SDDC!VMworld 2015: The Best SDDC!
VMworld 2015: The Best SDDC!
VMworld
 
Health monitoring and alerting for xen app, xendesktop and netscaler
Health monitoring and alerting for xen app, xendesktop and netscalerHealth monitoring and alerting for xen app, xendesktop and netscaler
Health monitoring and alerting for xen app, xendesktop and netscaler
solarisyougood
 
DATA STORAGE REPLICATION aCelera and WAN Series Solution Brief
DATA STORAGE REPLICATION aCelera and WAN Series Solution BriefDATA STORAGE REPLICATION aCelera and WAN Series Solution Brief
DATA STORAGE REPLICATION aCelera and WAN Series Solution Brief
Array Networks
 

Recommended

Trust and Cloud computing, removing the need for the consumer to trust their ...
Trust and Cloud computing, removing the need for the consumer to trust their ...Trust and Cloud computing, removing the need for the consumer to trust their ...
Trust and Cloud computing, removing the need for the consumer to trust their ...
David Wallom
 
E magic case study
E magic case studyE magic case study
E magic case study
Allyssa1Davis
 
Ame 2269 ibm mq high availability
Ame 2269 ibm mq high availabilityAme 2269 ibm mq high availability
Ame 2269 ibm mq high availability
Andrew Schofield
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...
Robert Parker
 
IBM Integration Bus & WebSphere MQ - High Availability & Disaster Recovery
IBM Integration Bus & WebSphere MQ - High Availability & Disaster RecoveryIBM Integration Bus & WebSphere MQ - High Availability & Disaster Recovery
IBM Integration Bus & WebSphere MQ - High Availability & Disaster Recovery
Rob Convery
 
VMworld 2015: The Best SDDC!
VMworld 2015: The Best SDDC!VMworld 2015: The Best SDDC!
VMworld 2015: The Best SDDC!
VMworld
 
Health monitoring and alerting for xen app, xendesktop and netscaler
Health monitoring and alerting for xen app, xendesktop and netscalerHealth monitoring and alerting for xen app, xendesktop and netscaler
Health monitoring and alerting for xen app, xendesktop and netscaler
solarisyougood
 
DATA STORAGE REPLICATION aCelera and WAN Series Solution Brief
DATA STORAGE REPLICATION aCelera and WAN Series Solution BriefDATA STORAGE REPLICATION aCelera and WAN Series Solution Brief
DATA STORAGE REPLICATION aCelera and WAN Series Solution Brief
Array Networks
 
move-anti-virus
move-anti-virusmove-anti-virus
move-anti-virus
Aakash Chaturvedi
 
CompTIA Security Plus Overview
CompTIA Security Plus OverviewCompTIA Security Plus Overview
CompTIA Security Plus Overview
Joseph Holbrook, Chief Learning Officer (CLO)
 
6421 b Module-07
6421 b Module-076421 b Module-07
6421 b Module-07
Bibekananada Jena
 
Performance testing virtualized systems v5
Performance testing virtualized systems v5Performance testing virtualized systems v5
Performance testing virtualized systems v5
Mentora
 
VMware: my jsme “software defined”
VMware: my jsme “software defined”VMware: my jsme “software defined”
VMware: my jsme “software defined”
MarketingArrowECS_CZ
 
Encoding Enhancers Woolpack virtualization services
Encoding Enhancers Woolpack virtualization servicesEncoding Enhancers Woolpack virtualization services
Encoding Enhancers Woolpack virtualization services
Aditi Shrivastava
 
[DSBW Spring 2009] Unit 05: Web Architectures
[DSBW Spring 2009] Unit 05: Web Architectures[DSBW Spring 2009] Unit 05: Web Architectures
[DSBW Spring 2009] Unit 05: Web Architectures
Carles Farré
 
Network access protection ppt
Network access protection pptNetwork access protection ppt
Network access protection ppt
Dasarathi Dash
 
Understanding mq deployment choices and use cases
Understanding mq deployment choices and use casesUnderstanding mq deployment choices and use cases
Understanding mq deployment choices and use cases
Leif Davidsen
 
Troubleshooting Tools – How to isolate and resolve issues in your XenApp & Xe...
Troubleshooting Tools – How to isolate and resolve issues in your XenApp & Xe...Troubleshooting Tools – How to isolate and resolve issues in your XenApp & Xe...
Troubleshooting Tools – How to isolate and resolve issues in your XenApp & Xe...
David McGeough
 
Expanding your options with the MQ Appliance
Expanding your options with the MQ ApplianceExpanding your options with the MQ Appliance
Expanding your options with the MQ Appliance
Anthony Beardsmore
 
Why Security Teams should care about VMware
Why Security Teams should care about VMwareWhy Security Teams should care about VMware
Why Security Teams should care about VMware
JJDiGeronimo
 
Flex Cloud Hosting - Reduce server sprawl and optimize server utilization
Flex Cloud Hosting - Reduce server sprawl and optimize server utilizationFlex Cloud Hosting - Reduce server sprawl and optimize server utilization
Flex Cloud Hosting - Reduce server sprawl and optimize server utilization
Mike Ricca
 
Stratus Fault-Tolerant Cloud Infrastructure Software for NFV using OpenStack
Stratus Fault-Tolerant Cloud Infrastructure Software for NFV using OpenStackStratus Fault-Tolerant Cloud Infrastructure Software for NFV using OpenStack
Stratus Fault-Tolerant Cloud Infrastructure Software for NFV using OpenStack
Ali Kafel
 
Aruba Rightsizing Your Network
Aruba Rightsizing Your NetworkAruba Rightsizing Your Network
Aruba Rightsizing Your Network
hypknight
 
Virtualization 2.0
Virtualization 2.0Virtualization 2.0
Virtualization 2.0
Unitiv
 
Session #107 - AMSI Hosting Options
Session #107 - AMSI Hosting OptionsSession #107 - AMSI Hosting Options
Session #107 - AMSI Hosting Options
webhostingguy
 
Cloud Computing and Data Centers
Cloud Computing and Data CentersCloud Computing and Data Centers
Cloud Computing and Data Centers
bega karadza
 
Troubleshooting and debugging Citrix Receiver for iOS and Android
Troubleshooting and debugging Citrix Receiver for iOS and AndroidTroubleshooting and debugging Citrix Receiver for iOS and Android
Troubleshooting and debugging Citrix Receiver for iOS and Android
Citrix
 
Cross selling 5
Cross selling 5Cross selling 5
Cross selling 5
Sen Nathan
 
Trust and Cloud Computing, removing the need to trust your cloud provider
Trust and Cloud Computing, removing the need to trust your cloud providerTrust and Cloud Computing, removing the need to trust your cloud provider
Trust and Cloud Computing, removing the need to trust your cloud provider
David Wallom
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
Falgun Rathod
 

More Related Content

What's hot

move-anti-virus
move-anti-virusmove-anti-virus
move-anti-virus
Aakash Chaturvedi
 
CompTIA Security Plus Overview
CompTIA Security Plus OverviewCompTIA Security Plus Overview
CompTIA Security Plus Overview
Joseph Holbrook, Chief Learning Officer (CLO)
 
6421 b Module-07
6421 b Module-076421 b Module-07
6421 b Module-07
Bibekananada Jena
 
Performance testing virtualized systems v5
Performance testing virtualized systems v5Performance testing virtualized systems v5
Performance testing virtualized systems v5
Mentora
 
VMware: my jsme “software defined”
VMware: my jsme “software defined”VMware: my jsme “software defined”
VMware: my jsme “software defined”
MarketingArrowECS_CZ
 
Encoding Enhancers Woolpack virtualization services
Encoding Enhancers Woolpack virtualization servicesEncoding Enhancers Woolpack virtualization services
Encoding Enhancers Woolpack virtualization services
Aditi Shrivastava
 
[DSBW Spring 2009] Unit 05: Web Architectures
[DSBW Spring 2009] Unit 05: Web Architectures[DSBW Spring 2009] Unit 05: Web Architectures
[DSBW Spring 2009] Unit 05: Web Architectures
Carles Farré
 
Network access protection ppt
Network access protection pptNetwork access protection ppt
Network access protection ppt
Dasarathi Dash
 
Understanding mq deployment choices and use cases
Understanding mq deployment choices and use casesUnderstanding mq deployment choices and use cases
Understanding mq deployment choices and use cases
Leif Davidsen
 
Troubleshooting Tools – How to isolate and resolve issues in your XenApp & Xe...
Troubleshooting Tools – How to isolate and resolve issues in your XenApp & Xe...Troubleshooting Tools – How to isolate and resolve issues in your XenApp & Xe...
Troubleshooting Tools – How to isolate and resolve issues in your XenApp & Xe...
David McGeough
 
Expanding your options with the MQ Appliance
Expanding your options with the MQ ApplianceExpanding your options with the MQ Appliance
Expanding your options with the MQ Appliance
Anthony Beardsmore
 
Why Security Teams should care about VMware
Why Security Teams should care about VMwareWhy Security Teams should care about VMware
Why Security Teams should care about VMware
JJDiGeronimo
 
Flex Cloud Hosting - Reduce server sprawl and optimize server utilization
Flex Cloud Hosting - Reduce server sprawl and optimize server utilizationFlex Cloud Hosting - Reduce server sprawl and optimize server utilization
Flex Cloud Hosting - Reduce server sprawl and optimize server utilization
Mike Ricca
 
Stratus Fault-Tolerant Cloud Infrastructure Software for NFV using OpenStack
Stratus Fault-Tolerant Cloud Infrastructure Software for NFV using OpenStackStratus Fault-Tolerant Cloud Infrastructure Software for NFV using OpenStack
Stratus Fault-Tolerant Cloud Infrastructure Software for NFV using OpenStack
Ali Kafel
 
Aruba Rightsizing Your Network
Aruba Rightsizing Your NetworkAruba Rightsizing Your Network
Aruba Rightsizing Your Network
hypknight
 
Virtualization 2.0
Virtualization 2.0Virtualization 2.0
Virtualization 2.0
Unitiv
 
Session #107 - AMSI Hosting Options
Session #107 - AMSI Hosting OptionsSession #107 - AMSI Hosting Options
Session #107 - AMSI Hosting Options
webhostingguy
 
Cloud Computing and Data Centers
Cloud Computing and Data CentersCloud Computing and Data Centers
Cloud Computing and Data Centers
bega karadza
 
Troubleshooting and debugging Citrix Receiver for iOS and Android
Troubleshooting and debugging Citrix Receiver for iOS and AndroidTroubleshooting and debugging Citrix Receiver for iOS and Android
Troubleshooting and debugging Citrix Receiver for iOS and Android
Citrix
 
Cross selling 5
Cross selling 5Cross selling 5
Cross selling 5
Sen Nathan
 

What's hot (20)

move-anti-virus
move-anti-virusmove-anti-virus
move-anti-virus
 
CompTIA Security Plus Overview
CompTIA Security Plus OverviewCompTIA Security Plus Overview
CompTIA Security Plus Overview
 
6421 b Module-07
6421 b Module-076421 b Module-07
6421 b Module-07
 
Performance testing virtualized systems v5
Performance testing virtualized systems v5Performance testing virtualized systems v5
Performance testing virtualized systems v5
 
VMware: my jsme “software defined”
VMware: my jsme “software defined”VMware: my jsme “software defined”
VMware: my jsme “software defined”
 
Encoding Enhancers Woolpack virtualization services
Encoding Enhancers Woolpack virtualization servicesEncoding Enhancers Woolpack virtualization services
Encoding Enhancers Woolpack virtualization services
 
[DSBW Spring 2009] Unit 05: Web Architectures
[DSBW Spring 2009] Unit 05: Web Architectures[DSBW Spring 2009] Unit 05: Web Architectures
[DSBW Spring 2009] Unit 05: Web Architectures
 
Network access protection ppt
Network access protection pptNetwork access protection ppt
Network access protection ppt
 
Understanding mq deployment choices and use cases
Understanding mq deployment choices and use casesUnderstanding mq deployment choices and use cases
Understanding mq deployment choices and use cases
 
Troubleshooting Tools – How to isolate and resolve issues in your XenApp & Xe...
Troubleshooting Tools – How to isolate and resolve issues in your XenApp & Xe...Troubleshooting Tools – How to isolate and resolve issues in your XenApp & Xe...
Troubleshooting Tools – How to isolate and resolve issues in your XenApp & Xe...
 
Expanding your options with the MQ Appliance
Expanding your options with the MQ ApplianceExpanding your options with the MQ Appliance
Expanding your options with the MQ Appliance
 
Why Security Teams should care about VMware
Why Security Teams should care about VMwareWhy Security Teams should care about VMware
Why Security Teams should care about VMware
 
Flex Cloud Hosting - Reduce server sprawl and optimize server utilization
Flex Cloud Hosting - Reduce server sprawl and optimize server utilizationFlex Cloud Hosting - Reduce server sprawl and optimize server utilization
Flex Cloud Hosting - Reduce server sprawl and optimize server utilization
 
Stratus Fault-Tolerant Cloud Infrastructure Software for NFV using OpenStack
Stratus Fault-Tolerant Cloud Infrastructure Software for NFV using OpenStackStratus Fault-Tolerant Cloud Infrastructure Software for NFV using OpenStack
Stratus Fault-Tolerant Cloud Infrastructure Software for NFV using OpenStack
 
Aruba Rightsizing Your Network
Aruba Rightsizing Your NetworkAruba Rightsizing Your Network
Aruba Rightsizing Your Network
 
Virtualization 2.0
Virtualization 2.0Virtualization 2.0
Virtualization 2.0
 
Session #107 - AMSI Hosting Options
Session #107 - AMSI Hosting OptionsSession #107 - AMSI Hosting Options
Session #107 - AMSI Hosting Options
 
Cloud Computing and Data Centers
Cloud Computing and Data CentersCloud Computing and Data Centers
Cloud Computing and Data Centers
 
Troubleshooting and debugging Citrix Receiver for iOS and Android
Troubleshooting and debugging Citrix Receiver for iOS and AndroidTroubleshooting and debugging Citrix Receiver for iOS and Android
Troubleshooting and debugging Citrix Receiver for iOS and Android
 
Cross selling 5
Cross selling 5Cross selling 5
Cross selling 5
 

Similar to Trust and Cloud computing, removing the need for the consumer to trust their provider

Trust and Cloud Computing, removing the need to trust your cloud provider
Trust and Cloud Computing, removing the need to trust your cloud providerTrust and Cloud Computing, removing the need to trust your cloud provider
Trust and Cloud Computing, removing the need to trust your cloud provider
David Wallom
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
Falgun Rathod
 
Cloud-based vs. On-site CTMS - Which is Right for Your Organization?
Cloud-based vs. On-site CTMS - Which is Right for Your Organization?Cloud-based vs. On-site CTMS - Which is Right for Your Organization?
Cloud-based vs. On-site CTMS - Which is Right for Your Organization?
Perficient
 
Software Defined Networking in the ATMOSPHERE project
Software Defined Networking in the ATMOSPHERE projectSoftware Defined Networking in the ATMOSPHERE project
Software Defined Networking in the ATMOSPHERE project
ATMOSPHERE .
 
Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2
Srinivasa Addepalli
 
Lecture27 cc-security2
Lecture27 cc-security2Lecture27 cc-security2
Lecture27 cc-security2
Ankit Gupta
 
Cloud Cmputing Security
Cloud Cmputing SecurityCloud Cmputing Security
Cloud Cmputing Security
Devyani Vaidya
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
Pyingkodi Maran
 
Privacy preserving public auditing for secure cloud storage
Privacy preserving public auditing for secure cloud storagePrivacy preserving public auditing for secure cloud storage
Privacy preserving public auditing for secure cloud storage
Shakas Technologies
 
Is it an internal affair
Is it an internal affairIs it an internal affair
Is it an internal affair
George Delikouras
 
Cloud computing-2 (1)
Cloud computing-2 (1)Cloud computing-2 (1)
Cloud computing-2 (1)
JUDYFLAVIAB
 
Myths of validation
Myths of validationMyths of validation
Myths of validation
Jeff Thomas
 
Client Server Network Security
Client Server Network SecurityClient Server Network Security
Client Server Network Security
MithilDoshi1
 
Unit 1.2 move to cloud computing
Unit 1.2 move to cloud computingUnit 1.2 move to cloud computing
Unit 1.2 move to cloud computing
eShikshak
 
Gary Homeland Security Presentation 102114
Gary Homeland Security Presentation 102114Gary Homeland Security Presentation 102114
Gary Homeland Security Presentation 102114
Gary Dischner
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
Pyingkodi Maran
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
Moshe Ferber
 
Zero trust model for cloud computing.pptx
Zero trust model for cloud computing.pptxZero trust model for cloud computing.pptx
Zero trust model for cloud computing.pptx
kkhhusshi
 
Managing Trustworthy Big-data Applications in the Cloud with the ATMOSPHERE P...
Managing Trustworthy Big-data Applications in the Cloud with the ATMOSPHERE P...Managing Trustworthy Big-data Applications in the Cloud with the ATMOSPHERE P...
Managing Trustworthy Big-data Applications in the Cloud with the ATMOSPHERE P...
ATMOSPHERE .
 
IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...
Leif Davidsen
 

Similar to Trust and Cloud computing, removing the need for the consumer to trust their provider (20)

Trust and Cloud Computing, removing the need to trust your cloud provider
Trust and Cloud Computing, removing the need to trust your cloud providerTrust and Cloud Computing, removing the need to trust your cloud provider
Trust and Cloud Computing, removing the need to trust your cloud provider
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
 
Cloud-based vs. On-site CTMS - Which is Right for Your Organization?
Cloud-based vs. On-site CTMS - Which is Right for Your Organization?Cloud-based vs. On-site CTMS - Which is Right for Your Organization?
Cloud-based vs. On-site CTMS - Which is Right for Your Organization?
 
Software Defined Networking in the ATMOSPHERE project
Software Defined Networking in the ATMOSPHERE projectSoftware Defined Networking in the ATMOSPHERE project
Software Defined Networking in the ATMOSPHERE project
 
Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2
 
Lecture27 cc-security2
Lecture27 cc-security2Lecture27 cc-security2
Lecture27 cc-security2
 
Cloud Cmputing Security
Cloud Cmputing SecurityCloud Cmputing Security
Cloud Cmputing Security
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Privacy preserving public auditing for secure cloud storage
Privacy preserving public auditing for secure cloud storagePrivacy preserving public auditing for secure cloud storage
Privacy preserving public auditing for secure cloud storage
 
Is it an internal affair
Is it an internal affairIs it an internal affair
Is it an internal affair
 
Cloud computing-2 (1)
Cloud computing-2 (1)Cloud computing-2 (1)
Cloud computing-2 (1)
 
Myths of validation
Myths of validationMyths of validation
Myths of validation
 
Client Server Network Security
Client Server Network SecurityClient Server Network Security
Client Server Network Security
 
Unit 1.2 move to cloud computing
Unit 1.2 move to cloud computingUnit 1.2 move to cloud computing
Unit 1.2 move to cloud computing
 
Gary Homeland Security Presentation 102114
Gary Homeland Security Presentation 102114Gary Homeland Security Presentation 102114
Gary Homeland Security Presentation 102114
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
 
Zero trust model for cloud computing.pptx
Zero trust model for cloud computing.pptxZero trust model for cloud computing.pptx
Zero trust model for cloud computing.pptx
 
Managing Trustworthy Big-data Applications in the Cloud with the ATMOSPHERE P...
Managing Trustworthy Big-data Applications in the Cloud with the ATMOSPHERE P...Managing Trustworthy Big-data Applications in the Cloud with the ATMOSPHERE P...
Managing Trustworthy Big-data Applications in the Cloud with the ATMOSPHERE P...
 
IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...
 

More from David Wallom

Quantifying the impact of green leasing on energy use in a retail portfolio: ...
Quantifying the impact of green leasing on energy use in a retail portfolio: ...Quantifying the impact of green leasing on energy use in a retail portfolio: ...
Quantifying the impact of green leasing on energy use in a retail portfolio: ...
David Wallom
 
The University of Oxford e-Research Centre
The University of Oxford e-Research CentreThe University of Oxford e-Research Centre
The University of Oxford e-Research Centre
David Wallom
 
Introduction to Cloud Computing
Introduction to Cloud ComputingIntroduction to Cloud Computing
Introduction to Cloud Computing
David Wallom
 
Benefits of big data analytics in Smart Metering, ADEPT, WICKED and beyond
Benefits of big data analytics in Smart Metering, ADEPT, WICKED and beyondBenefits of big data analytics in Smart Metering, ADEPT, WICKED and beyond
Benefits of big data analytics in Smart Metering, ADEPT, WICKED and beyond
David Wallom
 
Smarter Energy, Infrastruture service, consumtion analytics and applications
Smarter Energy, Infrastruture service, consumtion analytics and applicationsSmarter Energy, Infrastruture service, consumtion analytics and applications
Smarter Energy, Infrastruture service, consumtion analytics and applications
David Wallom
 
The Climateprediction.net programme, big data climate modelling
The Climateprediction.net programme, big data climate modellingThe Climateprediction.net programme, big data climate modelling
The Climateprediction.net programme, big data climate modelling
David Wallom
 
1990-2050 sulphur dioxide emissions data from ECLIPSE v5a for use in Met Offi...
1990-2050 sulphur dioxide emissions data from ECLIPSE v5a for use in Met Offi...1990-2050 sulphur dioxide emissions data from ECLIPSE v5a for use in Met Offi...
1990-2050 sulphur dioxide emissions data from ECLIPSE v5a for use in Met Offi...
David Wallom
 
Supporting Research through "Desktop as a Service" models of e-infrastructure...
Supporting Research through "Desktop as a Service" models of e-infrastructure...Supporting Research through "Desktop as a Service" models of e-infrastructure...
Supporting Research through "Desktop as a Service" models of e-infrastructure...
David Wallom
 
e-Research & the art of linking Astrophysics to Deforestation
e-Research & the art of linking Astrophysics to Deforestatione-Research & the art of linking Astrophysics to Deforestation
e-Research & the art of linking Astrophysics to Deforestation
David Wallom
 
Privacy and Security policies in the cloud
Privacy and Security policies in the cloudPrivacy and Security policies in the cloud
Privacy and Security policies in the cloud
David Wallom
 
Working with Earth Observation Data, INFORM and the IEA
Working with Earth Observation Data, INFORM and the IEAWorking with Earth Observation Data, INFORM and the IEA
Working with Earth Observation Data, INFORM and the IEA
David Wallom
 
WICKED - Working with the data rich
WICKED - Working with the data richWICKED - Working with the data rich
WICKED - Working with the data rich
David Wallom
 
Mapping Priorities and Future Collaborations for you Projects
Mapping Priorities and Future Collaborations for you ProjectsMapping Priorities and Future Collaborations for you Projects
Mapping Priorities and Future Collaborations for you Projects
David Wallom
 
CloudWatch: Mapping priorities and future collaboration for your project
CloudWatch: Mapping priorities and future collaboration for your projectCloudWatch: Mapping priorities and future collaboration for your project
CloudWatch: Mapping priorities and future collaboration for your project
David Wallom
 
CloudWatch2 Adoption Deep Dive
CloudWatch2 Adoption Deep DiveCloudWatch2 Adoption Deep Dive
CloudWatch2 Adoption Deep Dive
David Wallom
 
e-infrastructural needs to support informatics
e-infrastructural needs to support informaticse-infrastructural needs to support informatics
e-infrastructural needs to support informatics
David Wallom
 
Generating Insight from Big Data
Generating Insight from Big DataGenerating Insight from Big Data
Generating Insight from Big Data
David Wallom
 
International Forest Risk Model
International Forest Risk ModelInternational Forest Risk Model
International Forest Risk Model
David Wallom
 
Generating Insight from Big Data in Energy and the Environment
Generating Insight from Big Data in Energy and the EnvironmentGenerating Insight from Big Data in Energy and the Environment
Generating Insight from Big Data in Energy and the Environment
David Wallom
 
Smart Grid, Smart Metering and Cybersecurity
Smart Grid, Smart Metering and CybersecuritySmart Grid, Smart Metering and Cybersecurity
Smart Grid, Smart Metering and Cybersecurity
David Wallom
 

More from David Wallom (20)

Quantifying the impact of green leasing on energy use in a retail portfolio: ...
Quantifying the impact of green leasing on energy use in a retail portfolio: ...Quantifying the impact of green leasing on energy use in a retail portfolio: ...
Quantifying the impact of green leasing on energy use in a retail portfolio: ...
 
The University of Oxford e-Research Centre
The University of Oxford e-Research CentreThe University of Oxford e-Research Centre
The University of Oxford e-Research Centre
 
Introduction to Cloud Computing
Introduction to Cloud ComputingIntroduction to Cloud Computing
Introduction to Cloud Computing
 
Benefits of big data analytics in Smart Metering, ADEPT, WICKED and beyond
Benefits of big data analytics in Smart Metering, ADEPT, WICKED and beyondBenefits of big data analytics in Smart Metering, ADEPT, WICKED and beyond
Benefits of big data analytics in Smart Metering, ADEPT, WICKED and beyond
 
Smarter Energy, Infrastruture service, consumtion analytics and applications
Smarter Energy, Infrastruture service, consumtion analytics and applicationsSmarter Energy, Infrastruture service, consumtion analytics and applications
Smarter Energy, Infrastruture service, consumtion analytics and applications
 
The Climateprediction.net programme, big data climate modelling
The Climateprediction.net programme, big data climate modellingThe Climateprediction.net programme, big data climate modelling
The Climateprediction.net programme, big data climate modelling
 
1990-2050 sulphur dioxide emissions data from ECLIPSE v5a for use in Met Offi...
1990-2050 sulphur dioxide emissions data from ECLIPSE v5a for use in Met Offi...1990-2050 sulphur dioxide emissions data from ECLIPSE v5a for use in Met Offi...
1990-2050 sulphur dioxide emissions data from ECLIPSE v5a for use in Met Offi...
 
Supporting Research through "Desktop as a Service" models of e-infrastructure...
Supporting Research through "Desktop as a Service" models of e-infrastructure...Supporting Research through "Desktop as a Service" models of e-infrastructure...
Supporting Research through "Desktop as a Service" models of e-infrastructure...
 
e-Research & the art of linking Astrophysics to Deforestation
e-Research & the art of linking Astrophysics to Deforestatione-Research & the art of linking Astrophysics to Deforestation
e-Research & the art of linking Astrophysics to Deforestation
 
Privacy and Security policies in the cloud
Privacy and Security policies in the cloudPrivacy and Security policies in the cloud
Privacy and Security policies in the cloud
 
Working with Earth Observation Data, INFORM and the IEA
Working with Earth Observation Data, INFORM and the IEAWorking with Earth Observation Data, INFORM and the IEA
Working with Earth Observation Data, INFORM and the IEA
 
WICKED - Working with the data rich
WICKED - Working with the data richWICKED - Working with the data rich
WICKED - Working with the data rich
 
Mapping Priorities and Future Collaborations for you Projects
Mapping Priorities and Future Collaborations for you ProjectsMapping Priorities and Future Collaborations for you Projects
Mapping Priorities and Future Collaborations for you Projects
 
CloudWatch: Mapping priorities and future collaboration for your project
CloudWatch: Mapping priorities and future collaboration for your projectCloudWatch: Mapping priorities and future collaboration for your project
CloudWatch: Mapping priorities and future collaboration for your project
 
CloudWatch2 Adoption Deep Dive
CloudWatch2 Adoption Deep DiveCloudWatch2 Adoption Deep Dive
CloudWatch2 Adoption Deep Dive
 
e-infrastructural needs to support informatics
e-infrastructural needs to support informaticse-infrastructural needs to support informatics
e-infrastructural needs to support informatics
 
Generating Insight from Big Data
Generating Insight from Big DataGenerating Insight from Big Data
Generating Insight from Big Data
 
International Forest Risk Model
International Forest Risk ModelInternational Forest Risk Model
International Forest Risk Model
 
Generating Insight from Big Data in Energy and the Environment
Generating Insight from Big Data in Energy and the EnvironmentGenerating Insight from Big Data in Energy and the Environment
Generating Insight from Big Data in Energy and the Environment
 
Smart Grid, Smart Metering and Cybersecurity
Smart Grid, Smart Metering and CybersecuritySmart Grid, Smart Metering and Cybersecurity
Smart Grid, Smart Metering and Cybersecurity
 

Recently uploaded

Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
Wouter Lemaire
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Trusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process MiningTrusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process Mining
LucaBarbaro3
 
AWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptxAWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptx
HarisZaheer8
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!
GDSC PJATK
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Postman
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
Hiike
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Tatiana Kojar
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 

Recently uploaded (20)

Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Trusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process MiningTrusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process Mining
 
AWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptxAWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptx
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 

Trust and Cloud computing, removing the need for the consumer to trust their provider

  • 1. Trust and Cloud computing, removing the need for the consumer to trust their provider Prof David Wallom University of Oxford
  • 2. Overview • The problem – Drivers of cloud adoption – Threats forming barriers to adoption – Trust and the stakeholders in the cloud – Building trust through regulation – Trusted products within a marketplace • The solution – Trusted Computing – Chain of trust – OAT – Trusted Appliances, Applications and user data
  • 4.
  • 5.
  • 6. 7 Cloud Computing security risks
  • 7. Trust at the Last Mile • Problem for high value instantly usable data and services – Critical data or keys are still exposed inside the cloud at the final steps – Still require customers unconditional trust of their CSP – Value may be great enough that traditional blackmail/bribery may be enough to gain access
  • 8. Cloud (IaaS) and Security cloud infrastructure Storage (Object) Storage (Block) Host VM Host VM … Users • AAI: management, storage APIs. • VMs: security groups (layer 2/3), firewall, VPN. • OS: admin policies, monitoring, auditing, patches, etc. • HW: physical security • How can users trust the origin and identity of the cloud infrastructure software stack? • How can users trust the origin and identity of VMs, Block Storage, Storage Objects?
  • 9. “What is really going on inside the cloud?”
  • 10. New Industries Around Security and Trust
  • 12. Building trust by building brands
  • 13. Recap • Cloud already affects all our lives, it will soon affect extremely high value parts of our lives even more • Security, Trust and Privacy still great concerns • The very thing that makes cloud great (of not caring about the innards) also causes some of our headaches • Regulation may be well meaning when introduced but ultimately doesn’t improve the user experience as it by def. limits some functions or capabilities • Providing improved consumer information may allow us to build reputation systems but there is nothing to stop them being subverted and having to use clean branded appliances each time will cause operational headaches. • We must trust our cloud provider, completely! • We don’t really know whats going on within the cloud • We are worried we may lose our data
  • 15. Trusted Computing • What it is: A set of specifications proposed by the Trusted Computing Group (TCG) for implementing a remotely verifiable infrastructure. • What it does and what it does not: It enables a challenger to remotely verify the genuine configurations of a platform. It provides no guarantee on the security properties of the platform, but leaves the challengers to determine the properties by mapping the configurations to a predefined security properties repository. • TPM: A cost-effective secure hardware, providing tamper-proof capabilities for storing and reporting the platform’s configuration, together with other supporting capabilities, such as secure key management. • Integrity and attestation: The integrity of a platform is defined as its capability to behave as expected. In general implementation, integrity is interpreted as whether only expected software components with expected configurations have been loaded on the target platform. Remote Attestations are performed to examine the integrity of a remote platform. • Strengths and limitations: Trust Computing mechanisms are built upon the tamper-proof hardware. However, complexities in managing the expected platform configurations have inhibited the widespread adoption of Trusted Computing.
  • 16. Extend the Trusted Platform to the cloud • Reassure customers that the cloud infrastructure is strong enough to defend against attackers or malicious users. • Enables a mechanism by which the properties of the cloud service components and third-party extensions can be continuously inspected and examined.
  • 17. Trusted Computing and Cloud Computing User verifiable Chain of Trust = Attestation result of Storage + Attestation result of Host + Attestation result of VM …but in the cloud the hardware components can change… HW/TPM Host Controller Hypervisor Virtual Machine vTPM Virtual Machine vTPM Virtual Machine vTPM HW/TPM Storage Controller Storage Service 12 3 123
  • 18. Open Attestation (OAT) as a Trusted Third Party …but what about resilience and scalability?
  • 19. Porridge (Distributed OAT) • High frequency platform verification • Application whitelisting • Verifiable Logging
  • 21. Attesting Cloud Services • VM attestation – Know exactly the status of your system, its how you left it! • Centralized Attestation Service – A service to periodically examining all the cloud nodes and recording their configurations; – Customers attest the delegates to make sure the attestation service is correctly running. – Supporting dynamic VM migration attesting both source and destination to ensure continual validity • Property-based Access Controls – Customers define the access control policies to their data or keys based on the properties of the accessing cloud applications and the underlying hosting infrastructure. – Whitelisting application software within a cloud instance
  • 22. Trusted Data Processing • To ensure that customer data is not abused by their CSP when outsourced to the cloud infrastructure for processing or storage. • TDP ensures customers that their data is only decrypted by their applications, having the predefined states, and being deployed on the part of the cloud satisfying predefined SLA.
  • 23. Trusted Data Exchanging • To ensure that Customer Data is not abused by other customers when shared on a common infrastructure to achieve cooperative computations. • TDP ensures a Data Provider that every piece of data is processed only by applications with predetermined properties.
  • 24. Conclusion • Trust is still highlighted as a significant barrier to cloud adoption in high value usecases • Traditional security still requires users to trust their CSP • Regulation may aim for a secure business as usual, it doesn’t support you when things go wrong • Utilising Trusted Computing and remote attestation builds a chain of trust – Hardware -> Cloud Host -> Hypervisor -> VM -> application software + Data – Support application and data whitelisting to ensure only those with permission can use services or capabilities • Only registered and verified hosts can run high value applications • Only registered and verifies services can access high value data • Extending existing Trusted Third Party capabilities to support multiple trusted Service Providers providing externally verifiable measurement of cloud located services • We are removing the need to trust your cloud provider by building cryptographically secure cloud

Editor's Notes

  1. How to effectively verify “what is really going on inside the cloud”. Whether the acquired Cloud services are enforced; Whether only the acquired Cloud services are accessing customers’ data.
  2. The tripadvisor methodology
  3. 15
  4. Attestation of VMs: only expected programs with expected configuration files are loaded inside the VM. Attestation of Hosts: only the expected VM with the expected software stack has been instantiated. The VM the user is currently connecting to, is genuinely loaded by the genuine hypervisor. Attestation of Storage: the VM is binding to the expected virtual storage, and the state of the virtual storage can only be manipulated by an expected software stack. The virtual storage connected to the user’s VM is genuinely loaded and managed by the genuine Storage Management software with the specified parameters.
  5. Intels