[go: up one dir, main page]
Scribd
Upload
23 views20 pages

Chapter 04 Part5

Uploaded by

jockerrockyramesh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
23 views20 pages

Chapter 04 Part5

Uploaded by

jockerrockyramesh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 20

Distributed and Cloud Computing

K. Hwang, G. Fox and J. Dongarra

Chapter 4: Cloud Platform Architecture


over Virtualized Datacenters
(suggested for use in 5 lectures in 250 minutes)

Prepared by Kai Hwang


University of Southern California
April 3, 2012

Copyright © 2012, Elsevier Inc. All rights reserved. 4-1


Copyright © 2012, Elsevier Inc. All rights reserved. 4-2
Copyright © 2012, Elsevier Inc. All rights reserved. 4-3
Copyright © 2012, Elsevier Inc. All rights reserved. 4-4
Trusted Zones for VM Insulation
Insulate Anti-malware
Federate infrastructure
Identity
identities from Malware, Cybercrime
federation intelligence
with Trojans and
public cybercriminal Strong
APP APP
clouds OS OS
Tena s authentication
nt #2 Insulate
Control Virtual Infrastructure
Virtual and isolate informatio Data loss
network VM in the n prevention
security virtual APP APP from other
OS OS
Tena tenants
infrastruct nt #1
ure Virtual Infrastructure Insulate Encryption &
Access Segregate informatio key mgmt
Mgmt and control n from
cloud Tokenization
user access Cloud Provider providers’
Security Info. &
Physical employees
Event Mgmt Infrastructure
Physical Infrastructure GRC
Enable end to end view of security events
and compliance across infrastructures

Copyright © 2012, Elsevier Inc. All rights reserved.


October 26, 2011 4-5
Security Issues on VMs
 Access Control is discretionary. Fine-grained multilevel controls are
needed (Iitegrity lock architecture)

 Secure Boot – The boot process needs to be secured. Proper attestation


methods desired. More robust logging is needed.

 Component Isolation – Dom0 in XEN supports networking, disk I/O, VM boot


loading, hardware emulation and workload balancing, all need to be
decomposed into components

 Logging –Introspection – a VM running security software is allowed to look


inside the memory of another VM. Software such as IPS and antriviruses,
using introspection should be safe from tampering.

 Avoiding man-in-the-middle attack on VMs during VM migration.

Copyright © 2012, Elsevier Inc. All rights reserved.


October 26, 2011 Prof. Kai Hwang, USC/THU 4-6
Copyright © 2012, Elsevier Inc. All rights reserved. 4-7
Fine-grained Access Control with Hive
 Hive is a data warehouse infrastructure built on top of Hadoop that
provides tools to enable easy data summarization, adhoc querying and
analysis of large datasets stored in Hadoop files. It provides a
mechanism to put structure on this data with a simple query language
called Hive QL based on SQL.
 Policies include content dependent access control, association based
access control, time-dependent access control
 Table/View definition and loading,
 Users create tables as well as load data into tables. Further, they
 can also upload XACML policies for the table they are creating.
 Users can also create XACML policies for tables/views.
 Users define views only if they have permissions for all tables
 Specifing in the query to create the view, they can create XACML
policies for the views defined.

Copyright © 2012, Elsevier Inc. All rights reserved. 4-8


(Courtesy of Hai Jin, 2012)

Copyright © 2012, Elsevier Inc. All rights reserved. 4-9


(Courtesy of Hai Jin, 2012)
Copyright © 2012, Elsevier Inc. All rights reserved. 4 - 10
(Courtesy of Hai Jin, 2012)

Copyright © 2012, Elsevier Inc. All rights reserved. 4 - 11


(Courtesy of Hai Jin, 2012)
Copyright © 2012, Elsevier Inc. All rights reserved. 4 - 12
Copyright © 2012, Elsevier Inc. All rights reserved. 4 - 13
Reputation Systems for Social
Networks and Cloud Systems

Copyright © 2012, Elsevier Inc. All rights reserved. 14


4 - 14
PowerTrust Built over A Trust Overlay Network
Global Reputation Scores V
v1 v2 v3 ... ... ... ... vn

Power
Initial Reputation Nodes
Reputation Updating
Aggregation
Regular Random Walk Look-ahead Random Walk Distributed Ranking Module

Local Trust Scores

Trust Overlay Network

(Courtesy of R. Zhou and K. Hwang, “PowerTrust : A scalable and robust reputation


system for structured P2P networks”, IEEE-TPDS, May 2007)

Copyright © 2012, Elsevier Inc. All rights reserved. 4 - 15


Data Coloring for Cloud Privacy Protection

Copyright © 2012, Elsevier Inc. All rights reserved. 4 - 16


Copyright © 2012, Elsevier Inc. All rights reserved. 4 - 17
Clouds vs. Job Opportunities
 Clouds forming a major industry thrust that IDC estimates will grow to
$44.2 billion investment in 2013 while 15% of IT investment in 2011 was
related to cloud systems.
 Gartner rates cloud computing high on list of critical emerging
technologies that are transformational (their highest rating for impact)
in the next 2 - 5 years.
 There are many opportunities for new jobs in cloud computing with a
recent European study estimating 2.4 million new cloud computing
jobs in Europe alone by 2015.
 Cloud computing spans research and economy and so attractive
component of curriculum for students that mix “going on to PhD” or
“graduating and working in industry”
(Courtesy of Geoffrey Fox, 2012)

Copyright © 2012, Elsevier Inc. All rights reserved. 4 - 18


Conclusions:
 Computing clouds are changing the whole IT , service
industry, and global economy. Clearly, cloud computing
demands ubiquity, efficiency, security, and
trustworthiness.

 Cloud computing has become a common practice in business,


government, education, and entertainment leveraging 50 millions
of servers globally installed at thousands of datacenters today.

 Private clouds will become widespread in addition to using a few


public clouds, that are under heavy competition among Google, MS,
Amazon, Intel, EMC, IBM, SGI, VMWare, Saleforce.com, etc.

 Effective trust management, guaranteed security, user privacy,


data integrity, mobility support, and copyright protection are crucial
to the universal acceptance of cloud as a ubiquitous service.
Copyright © 2012, Elsevier Inc. All rights reserved. 4 - 19
Basic Papers to Read:
1. M. Armbrust, et al, “Above the Clouds: A Berkeley View of Cloud

Computing”, Technical Report, UCB/EECS-2009-28, Feb.2009.

2. K. Hwang and D. Li, “ Trusted Cloud Computing with Secure

Resources and Data Coloring”, IEEE Internet Computing, Sept.

2010.

3. M. Rosenblum and T. Garfinkel, “Virtual Machine Monitors: Current

Technology and Future Trends”, IEEE Computer, May 2005, pp.39-

47.

4. B. Sotomayor, R. Montero, and I. Foster, “Virtual Infrastructure

Management in Private and Hybrid Clouds”, IEEE Internet


Copyright © 2012, Elsevier Inc. All rights reserved. 4 - 20
Computing, Sept. 2009

You might also like