Security, Privacy, And Data Protection For Trusted Cloud .

Security, Privacy, and DataProtection for TrustedCloud ComputingProf. Kai Hwang, University of Southern CaliforniaKeynote Address, International Conferenceon Cloud Computing (CloudCom2010)Indianapolis, Indiana Dec.3, 2010Dec. 3, 2010 Cloud Platforms over Datacenters Cloud Infrastructure and ServicesReputation-based Trust ManagementData Coloring and Software WatermarkingCloud Support of The Internet of ThingsKai Hwang, USC1

Handy Tools We Use over theEvolutional Periods In HistoryIs it safe to play with your computer,when you are naked and vulnerable ?Dec. 3, 2010Kai Hwang, USC2

Top 10 Technologies for 2010Dec. 3, 2010Kai Hwang, USC3

Web 2.0, Clouds, and Internet of ThingsHPC: HighPerformanceComputingHTC: HighThroughputComputingP2P:Peer to PeerMPP:Massively ParallelSource: K. Hwang, G. Fox, and J. Dongarra,ProcessorsDistributed Systems and Cloud Computing,Morgan Kaufmann, 2011 (in press to appear)Dec. 3, 2010Kai Hwang, USC4

Cloud Computing as A Service[9]Dec. 3, 2010Kai Hwang, USC5

Amazon Virtual Private Cloud VPC(http://aws.amazon.com/vpc/ )Dec. 3, 2010Kai Hwang, USC6

vSphere 4 : An OS for Cloud PlatformDec. 3, 2010Kai Hwang, USC7

Cloud Services StackApplicationCloud ServicesPlatformCloud ServicesCompute & StorageCloud ServicesCo-LocationCloud ServicesNetworkCloud ServicesDec. 3, 2010Kai Hwang, USC8

Marc Benioff, Founder ofSalesforce.com1986graduated from USC1999started salesforce.com2003-05 appointed chairman of US PresidentialIT Advisory Committee2009announced Force.com platform forcloud business computingA SaaS and PaaS Cloud ProviderDec. 3, 2010Kai Hwang, USC9

Ex' XSecurity and Trust Crisisin Cloud Computing Protecting datacenters must first secure cloud resources and uphold userprivacy and data integrity. Trust overlay networks could be applied to build reputation systems forestablishing the trust among interactive datacenters. A watermarking technique is suggested to protect shared data objects andmassively distributed software modules. These techniques safeguard user authentication and tighten the dataaccess-control in public clouds. The new approach could be more cost-effective than using the traditionalencryption and firewalls to secure the clouds.Dec. 3, 2010Kai Hwang, USC10 10

Trusted Zones for VM land isolateVM in thevirtualinfrastructureDec. 3, 2010APPOSTenant #2Virtual InfrastructureAPPAPPOSTenant #1Virtual InfrastructureOSSegregateand controluser accessSecurity Info.& Event MgmtAPPOSInsulateAnti-malwareinfrastructurefrom Malware, CybercrimeintelligenceTrojans andcybercriminals StrongCloud ProviderPhysicalInfrastructurePhysical InfrastructureEnable end to end view of security eventsand compliance across infrastructuresKai Hwang, USCauthenticationInsulateinformationfrom othertenantsInsulateinformation fromcloudproviders’employeesData losspreventionEncryption& key mgmtTokenizationGRC11

Cloud Service Models and Their Security DemandsCloud computing will not be accepted by common users unlessthe trust and dependability issues are resolved satisfactorily [1].Dec. 3, 2010Kai Hwang, USC12

Data Security and Copyright Protectionin A Trusted Cloud PlatformSource: Reference [3, 4]Dec.3, 2010March11, 2009Kai Hwang, USCProf. Kai Hwang, USC13

Security Protection Mechanisms forPublic CloudsMechanismBrief DescriptionTrust delegationand NegotiationCross certificates must be used to delegate trust across differentPKI domains. Trust negotiation among different CSPs demandsresolution of policy conflicts.Wormcontainment andDDoS DefenseInternet worm containment and distributed defense againstDDoS attacks are necessary to secure all datacenters and cloudplatforms .ReputationSystem OverResource SitesReputation system could be built with P2P technology. One canbuild a hierarchy of reputation systems from datacenters todistributed file systems .Fine-grainaccess controlThis refers to fine-grain access control at the file or object level.This adds up the security protection beyond firewalls andintrusion detection systems .Collusive PiracypreventionDec. 3, 2010Piracy prevention achieved with peer collusion detection andcontent poisoning techniques .Kai Hwang, USC14 14

Trust Management for Protecting Cloud Resourcesand Safeguard Datacenter Operations [3]Dec. 3, 2010Kai Hwang, USC15Source: [4]

PowerTrust Built over A Trust Overlay NetworkGlobal Reputation Scores Vv1v2v3.vnInitial ReputationAggregationReputation UpdatingRegular Random WalkLook-ahead Random WalkPowerNodesDistributed Ranking ModuleLocal Trust ScoresTrust Overlay NetworkR. Zhou and K. Hwang, “PowerTrust : A scalable and robust reputation system forstructured P2P networks”, IEEE-TPDS, May 2007Dec. 3, 2010Kai Hwang, USC16

Data Coloring via WatermarkingDec. 3, 2010Kai Hwang, USC17

Color Matching To Authenticate DataOwners and Cloud Service ProvidersDec. 3, 2010Kai Hwang, USC18

Architecture of The Internet of ntTrafficSmartHomeCloud heInternetInformationNetworkRFIDSensor NetworkGPSRFID LabelSensor NodesRoad MapperSensingLayerDec. 3, 2010Kai Hwang, USC19

24 Satellites of GPS Deployed in OuterspaceDec. 3, 2010Kai Hwang, USC20

Service-Oriented Cloud of Clouds (Intercloud orData AnotherGridInformation lterServicefsFilterCloudAnotherGridfsfsSSWisdom DecisionsAnotherGridSSAnotherServiceKnowledge SSRaw Data udfsTraditional Gridwith seSensor or DataInterchangeServiceGeoffrey Fox: Cloud of clouds -- from Raw Data to Wisdom.SS Sensor service, fs filter servicesDec. 3, 2010Kai Hwang, USC21

Supply Chain Managementsupported by the Internet of Things.( http://www.igd.com)Dec. 3, 2010Kai Hwang, USC22

Facebook Applications(550 Millions users registered today)Dec. 3, 2010Kai Hwang, USC23

Mobility Support and Security Measuresfor Mobile Cloud ComputingCloudServiceModelsMobility Support andData Protection MethodsHardware and SoftwareMeasures for Cloud SecurityInfrastructureCloud(The IaaSModel) Special air interfacesMobile API designFile/Log access controlData coloring Hardware/software root of trust,PlatformCloud(The PaaSModel) Wireless PKI ,User authentication,Copyright protectionDisaster recovery Network-based firewallsand IDS Trust overlay network Reputation system OS patch managementDec. 3, 2010 Provisioning of virtual machines, Software watermarking Host-based firewalls and IDSKai Hwang, USC24

Cloudlets- A trusted, VM-based, and Resource-RichPortal for Upgrading Mobile Devices with Cognitive Abilities for Mobile accessof the cloud to explore Location-Aware Cloud Applications such as :Opportunity Discovery, Fast Information Processing,and Intelligent Decision Making on The Road, etc.Source: “The Case of VM-based Cloudlets in Mobile Computing”,IEEE Pervasive Computing, Vol.8, No. 4, April 2009Dec. 3, 2010Kai Hwang, USC25

Conclusions:Computing clouds are changing the whole IT , service industry, and globaleconomy. Clearly, cloud computing demands ubiquity, efficiency, security,and trustworthiness.Cloud computing has become a common practice in business,government, education, and entertainment leveraging 50 millionsof servers globally installed at thousands of datacenters today. Private clouds will become widespread in addition to using a fewpublic clouds, that are under heavy competition among Google, MS,Amazon, Intel, EMC, IBM, SGI, VMWare, Saleforce.com, etc. Effective trust management, guaranteed security, user privacy,data integrity, mobility support, and copyright protection are crucialto the universal acceptance of cloud as a ubiquitous service.Dec. 3, 2010Kai Hwang, USC26

Table 1:Cloud Security Responsibilitiesby Providers and UsersSource: Reference [4]Dec. 3, 2010Kai Hwang, USC27

Cloud Computing – ServiceProvider Priorities Ensure confidentiality, integrity, andavailability in a multi-tenantenvironment. Effectively meet the advertised SLA,while optimizing cloud resourceutilization. Offer tenants capabilities for selfservice, and achieve scaling throughautomation and simplification.Dec. 3, 2010Kai Hwang, USC28

Using Twitter Crowd to CheckWeather Conditions in Remote CitiesDec. 3, 2010Kai Hwang, USC29

IOT Telemedicine Applications:Measured Patient Data Transferred to DoctorUsing a Wireless Sensor Network.Dec. 3, 2010Kai Hwang, USC30

Opportunities of IOT in 3 DimensionsDec. 3, 2010Kai Hwang, USC31

Smart Power GridDec. 3, 2010Kai Hwang, USC32

Public, Private and Hybrid CloudsDec. 3, 2010Kai Hwang, USC33

Cloud Providers, Services and Security MeasuresKai Hwang and Deyi Li, “Trusted Cloud Computing with Secure Resourcesand Data Coloring”, IEEE Internet Computing, Sept. 2010Dec. 3, 2010Kai Hwang, USC34

The Internet of ThingsSmartEarth:Internet ofThings (IOT)Smart EarthDec. 3, 2010Kai Hwang, USCAnIBMDream35

Enabling and Synergistic Technologiesfor Building The Internet of ThingsEnabling TechnologiesSynergistic TechnologiesMachine-to-machine interfacesGeo-tagging/geo-cachingCloud Computing Services.BiometricsMicrocontrollersMachine visionWireless communicationRoboticsRadio frequency iden. (RFID)Augmented realityEnergy harvesting technologiesTelepresence and autonomySensors and sensor networksLife recorders and personal assistantActuatorsTangible user interfacesLocation technology (GPS)Clean technologiesSoftware engineeringMirror worldsTable 9.3 Enabling and Synergistic Technologies for The IoTDec. 3, 2010Kai Hwang, USC36

DDoS attacks are necessary to secure all datacenters and cloud platforms . Reputation System Over Resource Sites: Reputation system could be built with P2P technology. One can build a hierarchy of reputation systems from datacenters to distributed file systems . Fine-grain access control