UTSA Amy(Yun) Zhang, Ram Krishnan, Ravi Sandhu Institute for Cyber Security University of Texas at San Antonio San Antonio, TX 78249 Nov 03, 2014 Presented.

Slides:



Advertisements
Similar presentations
INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.
Advertisements

Towards Secure Information Sharing Models for Community Cyber Security Ravi Sandhu, Ram Krishnan and Gregory B. White Institute for Cyber Security University.
1 Towards a Discipline of Mission-Aware Cloud Computing (A Position Paper) Ravi Sandhu Executive Director and Endowed Professor October 2010
Institute for Cyber Security
1 New Trends and Challenges in Computer Network Security Ravi Sandhu Executive Director and Endowed Professor September 2010
1 Cloud Computing Prof. Ravi Sandhu Executive Director and Endowed Chair April 12, © Ravi Sandhu World-Leading.
If you knew what I know or CloudWave - Improving services in the Cloud through collaborative adaptation Eliot Salant IBM Haifa Research.
Adopting Provenance-based Access Control in OpenStack Cloud IaaS October, 2014 NSS Presentation Institute for Cyber Security University of Texas at San.
Current impacts of cloud migration on broadband network operations and businesses David Sterling Partner, i 3 m 3 Solutions.
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Secure Cyber Incident Information Sharing UTSA Team Leads Dr. Ram Krishnan, Assistant Professor, ECE Dr. Ravi Sandhu, Executive Director, ICS April 30,
Institute for Cyber Security Extending OpenStack Access Control with Domain Trust World-Leading Research with Real-World Impact! 1 Bo Tang and Ravi Sandhu.
BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.
Cloud Usability Framework
11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.
Secure Information and Resource Sharing in CloudSecure Information and Resource Sharing in Cloud References OSAC-SID Model [1]K. Harrison and G. White.
11 World-Leading Research with Real-World Impact! A Formal Model for Isolation Management in Cloud Infrastructure-as-a-Service Khalid Zaman Bijon, Ram.
Introduction to Cloud Computing
TECHNOLOGY GUIDE THREE Emerging Types of Enterprise Computing.
1 World-Leading Research with Real-World Impact! Authorization Federation in IaaS Multi Cloud Navid Pustchi, Ram Krishnan and Ravi Sandhu SCC 2015.
11 World-Leading Research with Real-World Impact! A Group-Centric Model for Collaboration with Expedient Insiders in Multilevel Systems Khalid Zaman Bijon,
1 Institute for Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair February 4, 2015
Cloud computing.
TECHNOLOGY GUIDE THREE
INSTITUTE FOR CYBER SECURITY © Ravi Sandhu11 Group-Centric Information Sharing Ravi Sandhu Executive Director and Endowed Professor Institute for Cyber.
McGraw-Hill/Irwin © The McGraw-Hill Companies, All Rights Reserved BUSINESS PLUG-IN B17 Organizational Architecture Trends.
Web-Based GIS and the Future of Participatory GIS Applications within Local and Indigenous Communities By Dr. Peter A. Kyem, GISP. (Professor of Geography)
Secure Cyber Incident Information Sharing UTSA Team Leads Dr. Ram Krishnan, Assistant Professor, ECE Dr. Ravi Sandhu, Professor (CS) and Executive Director.
© 2010 Quest Software, Inc. ALL RIGHTS RESERVED Quest for Federal Data Center Consolidation Initiative (FDCCI) 26 August 2011 © 2011 Quest Software, Inc.
Institute for Cyber Security Cross-Tenant Trust Models in Cloud Computing Bo Tang and Ravi Sandhu IRI Aug 14-16, 2013 San Francisco, CA © ICS at UTSA World-Leading.
1 © 2009 Cisco Systems, Inc. All rights reserved.Cisco Confidential Cloud Computing – The Value Proposition Wayne Clark Architect, Intelligent Network.
11 World-Leading Research with Real-World Impact! Group-Centric Secure Information Sharing: A Lattice Interpretation Institute for Cyber Security Ravi.
For Testbeds TM. Secure, multi-tenant cloud orchestration platform –Turnkey platform for delivering IaaS clouds –Hypervisor agnostic –Massively scalable,
Introduction The network is the computer By Waseem Anwar Chaudhri.
Institute for Cyber Security Multi-Tenancy Authorization Models for Collaborative Cloud Services Bo Tang, Ravi Sandhu, and Qi Li Presented by Bo Tang ©
11 World-Leading Research with Real-World Impact! ZeroVM Backgroud Prosunjit Biswas Institute for Cyber Security University of Texas at San Antonio April.
Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.
National Cybersecurity Center of Excellence Increasing the deployment and use of standards-based security technologies Mid-Atlantic Federal Lab Consortium.
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 1 Automate your way to.
Rod Fontecilla, Ph.D. Vice President Application Services Nov 2015 Deploying Applications Using DevOps.
CLOUD COMPUTING RICH SANGPROM. What is cloud computing? “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a.
Robert Mahowald August 26, 2015 VP, Cloud Software, IDC
A Conceptual Framework for Group-Centric Secure Information Sharing Ram Krishnan (George Mason University) Ravi Sandhu, Jianwei Niu, William Winsborough.
CISC 849 : Applications in Fintech Namami Shukla Dept of Computer & Information Sciences University of Delaware A Cloud Computing Methodology Study of.
1 TCS Confidential. 2 Objective : In this session we will be able to learn:  What is Cloud Computing?  Characteristics  Cloud Flavors  Cloud Deployment.
Cisco Consulting Services for Application-Centric Cloud Your Company Needs Fast IT Cisco Application-Centric Cloud Can Help.
INSTITUTE FOR CYBER SECURITY 1 Enforcement Architecture and Implementation Model for Group-Centric Information Sharing © Ravi Sandhu Ram Krishnan (George.
© 2012 Eucalyptus Systems, Inc. Cloud Computing Introduction Eucalyptus Education Services 2.
1 Views of Cloud Computing Prof. Ravi Sandhu Executive Director and Endowed Chair March 25, © Ravi Sandhu.
Welcome To We have registered over 5,000 domain names and host over 1,500 cloud servers for individuals and organizations, Our fast and reliable.
1 Secure Cloud Computing: A Research Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair Texas Fresh Air Big Data and Data Analytics Conference.
Organizations Are Embracing New Opportunities
Institute for Cyber Security
Smart Cities and Communities and Social Innovation
TECHNOLOGY GUIDE THREE
StratusLab Tutorial (Bordeaux, France)
Institute for Cyber Security
World-Leading Research with Real-World Impact!
AWS. Introduction AWS launched in 2006 from the internal infrastructure that Amazon.com built to handle its online retail operations. AWS was one of the.
TECHNOLOGY GUIDE THREE
UTSA's New Center Center for Security and Privacy Enhanced Cloud Computing (C-SPECC) Ravi Sandhu Executive Director of ICS and C-SPECC Professor.
If you knew what I know or CloudWave - Improving services in the Cloud through collaborative adaptation Eliot Salant IBM Haifa Research.
Smart Learning concepts to enhance SMART Universities in Africa
Cloud Computing: Concepts
Views of Cloud Computing
Windows Azure Hybrid Architectures and Patterns
Done by:Thikra abdullah
TECHNOLOGY GUIDE THREE
Presentation transcript:

UTSA Amy(Yun) Zhang, Ram Krishnan, Ravi Sandhu Institute for Cyber Security University of Texas at San Antonio San Antonio, TX Nov 03, 2014 Presented by: Amy(Yun) Zhang Secure Information and Resource Sharing in Cloud Infrastructure as a Service Cyber Incident Response Models for Information and Resource Sharing

2 Ref: Information Sharing and Coordination Initiatives collaboration and coordination to enhance situational awareness – Share malicious activities on federal systems – Technologies, tools, procedures, analytics UTSA

Electric Grid Scenario Cyber incidents in electricity providers – Local utilities, regional, state, national operators Need a standing platform that facilitates sharing – Controlled access 3 UTSA

Scope Focus on technical challenges Sharing amongst a set of organizations – Information, infrastructure, tools, analytics, etc. – May want to share malicious or infected code/systems (e.g. virus, worms, etc.) – Sensitive – Often ad hoc What are the effective ways to facilitate sharing in such circumstances? – Information sharing models – Infrastructure, technologies, platforms 4

UTSA Key Requirements for Information Sharing Cyber infrastructure Light-weight and agile Rapid deployment and configuration Secure isolated environment 5

UTSA Cyber Infrastructure for Sharing Traditional platforms – Shared storage SharePoint, Dropbox, Google Drive, etc. – Shared infrastructure Grid computing Modern platform – Cloud 6

UTSA Cloud IaaS Advantages for Cyber Incident Sharing Virtualized resources – Theoretically, one can take a snapshot and mobilize Operational efficiency – Light-weight and agile – Rapid deployment and configuration – Dynamic scaling – Self-service 7

UTSA Cloud IaaS Challenges for Cyber Incident Sharing IaaS clouds lack secure sharing models – Storage – Compute – Networks Need ability to snapshot tenant infrastructure, share, and control who can access – Share by copy 8

UTSA Sharing Model in Cloud IaaS Participant B Secure Isolated Domain (SID) Add/Remove Data Join/Leave Users Add/Remove Data Join/Leave Users Add/Remove Data Join/Leave Users View #1: Org C View #1: Org B View #1: Org AParticipant C Participant A 9 View #2: SID Can create multiple secure isolated projects (SIPs) within SID with different controls

UTSA OpenStack – Dominant open-source cloud IaaS software > 200 companies ~14000 developers >130 countries 10 Ref:

UTSA OpenStack Access Control (OSAC) 11

UTSA OSAC-SID 12

UTSA Conceptual Model 13 ORG AORG B Establish/Disband Join User Leave User Remove Version Merge Version Substitute User Add Version Remove Version Merge Version Substitute User Create RO/RW Subject Kill Subject Create Object Read/Update Version Suspend/Resume Version Collaboration Group Create RO/RW Subject Kill Subject Create Object Read/Update Version Suspend/Resume Version Administrative Model Operational Model Add Version Import Version

UTSA OSAC-SID Administrative Model 14

UTSA OSAC-SID Operational Model 15

UTSA SID and SIP in OpenStack 16 SAWS Admin : SAWSadmin Users: IT-SAWS member SAPD Admin : SAPDadmin Users: IT-SAPD member Create Join Share objects, VMs, etc. CPS Admin : CPSadmin Users: IT-CPS member SID-Critical-Infrastructure SIP- PortScanning SIP-DOS Users: Admins : CPSadmin, SAWSadmin

UTSA Conclusion and future work Developed sharing models – Formal specification Enhanced OpenStack with SID/SIP capabilities – Cyber incident response capabilities Self-service SID/SIP specific security Share data, tools, etc. in an isolated environment Ability to execute and analyze malicious code in an isolated environment – Practitioners can deploy a “cyber incident response” cloud – Potential blueprint for official OpenStack adoption Future work – more fine grained access control within a SIP – harden the implementation to prevent overt information flow 17

UTSA Thanks Q&A 18

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.