出處 :2010 2nd International Conference on Signal Processing Systems (ICSPS) 作者 :Zhidong Shen 、 Qiang Tong 演講者 : 碩研資管一甲吳俊逸.

Slides:

Advertisements

Similar presentations

Operating Systems Components of OS

Advertisements

AUTHENTICATION AND KEY DISTRIBUTION

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Operating System Security

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.

 Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.

Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation Dane Brandon, Hardeep Uppal CSE551 University of Washington.

Securing Information Transfer in Distributed Computing Environments AbdulRahman A. Namankani.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

A Survey on Interfaces to Network Security

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.

Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus

Introduction to the Mobile Security (MD)  Chaitanya Nettem  Rawad Habib  2015.

Cloud Computing & Security Issues Prepared by: Hamoud Al-Shammari CS 6910 Summer, 2011 University of Colorado at Colorado Springs Engineering & Applied.

Cryptography and Network Security

Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

Trusted Computing BY: Sam Ranjbari Billy J. Garcia.

Chapter 3: Operating-System Structures System Components Operating System Services System Calls System Programs System Structure Virtual Machines System.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Extending user controlled security domain.

Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.

A Design of Trusted Operating System Based on Linux BY LI HONGJUAN, LANYUQING The presenter Rusul J. ALSaedi Spring 2015 CS Dr. Rothstein.

FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.

Trusted Computing Or How I Learned to Stop Worrying and Love the MPAA.

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

Kerberos Named after a mythological three-headed dog that guards the underworld of Hades, Kerberos is a network authentication protocol that was designed.

The Grid System Design Liu Xiangrui Beijing Institute of Technology.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

Summary of Distributed Computing Security Yifeng Zou Georgia State University

1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester

Virtual Workspaces Kate Keahey Argonne National Laboratory.

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Trusted Computing and the Trusted Platform Module Bruce Maggs (with some slides from Bryan Parno)

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

Trusted Platform Module as Security Enabler for Cloud Infrastructure as a Service (IaaS). Gregory T. Hoffer CS7323 – Research Seminar (Dr. Qi Tian)

Wireless and Mobile Security

Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.

Trusted Computing and the Trusted Platform Module Bruce Maggs (with some slides from Bryan Parno)

TRUSTED FLOW: Why, How and Where??? Moti Yung Columbia University.

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.

Doc.: IEEE /0098r0 Submission July 2010 Alex Reznik, et. al. (InterDigital)Slide Security Procedures Notice: This document has been.

Presented by: Sonali Pagade Nibha Dhagat paper1.pdf.

Technical Security Issues in Cloud Computing By: Meiko Jensen, Jorg Schwenk, Nils Gruschka, Luigi Lo Lacono Presentation by: Winston Tong 2009 IEEE.

SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

ASHRAY PATEL Protection Mechanisms. Roadmap Access Control Four access control processes Managing access control Firewalls Scanning and Analysis tools.

Trusted? 05/4/2016 Charles Sheehe, CCSDS Security Working Group GRC POC All information covered is from public sources.

Web Applications Security Cryptography 1

Outline What does the OS protect? Authentication for operating systems

Outline What does the OS protect? Authentication for operating systems

NAAS 2.0 Features and Enhancements

Presentation transcript:

出處 :2010 2nd International Conference on Signal Processing Systems (ICSPS) 作者 :Zhidong Shen 、 Qiang Tong 演講者 : 碩研資管一甲吳俊逸

★ Since cloud computing share distributed resources via the network in the open environment, thus it makes security problems important for us to develop the cloud computing application. ★ In this paper, they propose a model system in which cloud computing system is combined with trusted computing platform with trusted platform module. In this model, some important security services, including authentication, confidentiality and integrity, are provided in cloud computing system.

INTRODUCTION ( 一 )Distributed systems security ( 二 )Cloud computing security ( 三 )Cloud computing security mechanism ( 四 )Design: Trusted Computing Platform (TCP), which is based on Trusted Platform Module (TPM), into the cloud computing system. They also design a software middleware, the Trusted Platform Support Service (TSS), on which the cloud computing application can use easily the security function of TPM.

RELATED WORK ABOUT CLOUD COMPUTING SECURITY A.Current Security model of the cloud computing Secured messages can be transported, understood, and manipulated by standard Web services tools and software. B. The challenge for the security in cloud computing The CLOUD includes distributed users and resource from distributed local systems or organizes, which have different security policies.

TRUSTED COMPUTING TECHNOLOGY A. Trusted Computing Technology In recent years, increased reliance on computer security and the unfortunate fact of lack of it, particularly in the open-architecture computing platforms, have motivated many efforts made by the computing industry. ( 一 )Trusted Computing Platform Alliance(TCPA) ( 二 )Trusted Computing Group (TCG) ( 三 ) Trusted computing (TC)system

B. The Trusted Computing Platform TCP provides two basic services, authenticated boot and encryption, which are designed to work together. An authenticated boot service monitors what operating system software is booted on the computer and gives applications a sure way to tell which operating system is running. It does this by adding hardware that keeps a kind of audit log of the boot process. On the computer platform with TCP, the TPM is used to ensure that each computer will report its configuration parameters in a trustworthy manner. Trusted platform software stack (TSS) provides the interfaces between TPM and other system modules. The platform boot processes are augmented to allow the TPM to measure each of the components in the system (both hardware and software) and securely store the results of the measurements in Platform Configuration Registers (PCR) within the TPM.

BUILD TRUSTED CLOUD COMPUTING SYSTEM USING TCP A.Authentication cloud computing environment with TCP In cloud computing environment, different entities can appeal to join the CLOUD. Then the first step is to prove their identities to the cloud computing system administration. Because cloud computing should involve a large mount of entities, such as users and resources from different sources, the authentication is important and complicated. Considering these, we use the TCP to aid to process the authentication in cloud computing.

B. Role Based Access Control Model in cloud computing environment In the cloud computing system, there are a great number of users who hope to make the access to the cloud computing service. In order to reduce the complication of the access control model, we can classify them into several classes or groups and make the access control criteria for these classes.

C. Data Security in cloud based on TCP The security communication protocols use the system in cloud to call TSS to use the TPM. Then TPM provides the encryption key and session key to the communicators in cloud computing. With its computing capacity, TPM can burden some computation work from CPU and improve the performance. The important data stored in the computer can be encrypted with keys generated by the TPM. When accessing to these data, the users or applications should pass firstly the authentication with TPM, and encryption keys are stored in the TPM, which makes it hard to attack these keys. To prevent the attack for integrity of data, the hash function in TPM is used. The TPM will check the critical data in a certain interval to protect the integrity of data. The processes of encryption and integrity check use TSS to call the function of TPM.

D. The Trace of the User’s Behavior Before the distributed machine cooperates to do something, they should attest their local information to the remote site. When the user login the cloud computing system, his identity information should be recorded and verified at first. Each site in the cloud computing system will record the visitor’s information. So if the TCP mechanism is integrated into the cloud computing, the trace of the participants, including the users and other resources, can be knew by the cloud computing trace mechanism.

CONCLUSIONS ★ They have analyzed the trusted computing in the cloud computing environment and the function of trusted computing platform in cloud computing. ★ The advantages of our proposed approach are to extend the trusted computing technology into the cloud computing environment to achieve the trusted computing requirements for the cloud computing and then fulfill the trusted cloud computing. TCP is used as the hardware base for the cloud computing system. ★ In their design, TCP provides cloud computing system some important security functions, such authentication, communication security and data protection. Related methods for these implementations are proposed.