Security, Privacy, and DataProtection for TrustedCloud ComputingProf. Kai Hwang, University of Southern CaliforniaKeynote Address, International Conferenceon Cloud Computing (CloudCom2010)Indianapolis, Indiana Dec.3, 2010Dec. 3, 2010 Cloud Platforms over Datacenters Cloud Infrastructure and ServicesReputation-based Trust ManagementData Coloring and Software WatermarkingCloud Support of The Internet of ThingsKai Hwang, USC1
Handy Tools We Use over theEvolutional Periods In HistoryIs it safe to play with your computer,when you are naked and vulnerable ?Dec. 3, 2010Kai Hwang, USC2
Top 10 Technologies for 2010Dec. 3, 2010Kai Hwang, USC3
Web 2.0, Clouds, and Internet of ThingsHPC: HighPerformanceComputingHTC: HighThroughputComputingP2P:Peer to PeerMPP:Massively ParallelSource: K. Hwang, G. Fox, and J. Dongarra,ProcessorsDistributed Systems and Cloud Computing,Morgan Kaufmann, 2011 (in press to appear)Dec. 3, 2010Kai Hwang, USC4
Cloud Computing as A Service[9]Dec. 3, 2010Kai Hwang, USC5
Amazon Virtual Private Cloud VPC(http://aws.amazon.com/vpc/ )Dec. 3, 2010Kai Hwang, USC6
vSphere 4 : An OS for Cloud PlatformDec. 3, 2010Kai Hwang, USC7
Cloud Services StackApplicationCloud ServicesPlatformCloud ServicesCompute & StorageCloud ServicesCo-LocationCloud ServicesNetworkCloud ServicesDec. 3, 2010Kai Hwang, USC8
Marc Benioff, Founder ofSalesforce.com1986graduated from USC1999started salesforce.com2003-05 appointed chairman of US PresidentialIT Advisory Committee2009announced Force.com platform forcloud business computingA SaaS and PaaS Cloud ProviderDec. 3, 2010Kai Hwang, USC9
Ex' XSecurity and Trust Crisisin Cloud Computing Protecting datacenters must first secure cloud resources and uphold userprivacy and data integrity. Trust overlay networks could be applied to build reputation systems forestablishing the trust among interactive datacenters. A watermarking technique is suggested to protect shared data objects andmassively distributed software modules. These techniques safeguard user authentication and tighten the dataaccess-control in public clouds. The new approach could be more cost-effective than using the traditionalencryption and firewalls to secure the clouds.Dec. 3, 2010Kai Hwang, USC10 10
Trusted Zones for VM land isolateVM in thevirtualinfrastructureDec. 3, 2010APPOSTenant #2Virtual InfrastructureAPPAPPOSTenant #1Virtual InfrastructureOSSegregateand controluser accessSecurity Info.& Event MgmtAPPOSInsulateAnti-malwareinfrastructurefrom Malware, CybercrimeintelligenceTrojans andcybercriminals StrongCloud ProviderPhysicalInfrastructurePhysical InfrastructureEnable end to end view of security eventsand compliance across infrastructuresKai Hwang, USCauthenticationInsulateinformationfrom othertenantsInsulateinformation fromcloudproviders’employeesData losspreventionEncryption& key mgmtTokenizationGRC11
Cloud Service Models and Their Security DemandsCloud computing will not be accepted by common users unlessthe trust and dependability issues are resolved satisfactorily [1].Dec. 3, 2010Kai Hwang, USC12
Data Security and Copyright Protectionin A Trusted Cloud PlatformSource: Reference [3, 4]Dec.3, 2010March11, 2009Kai Hwang, USCProf. Kai Hwang, USC13
Security Protection Mechanisms forPublic CloudsMechanismBrief DescriptionTrust delegationand NegotiationCross certificates must be used to delegate trust across differentPKI domains. Trust negotiation among different CSPs demandsresolution of policy conflicts.Wormcontainment andDDoS DefenseInternet worm containment and distributed defense againstDDoS attacks are necessary to secure all datacenters and cloudplatforms .ReputationSystem OverResource SitesReputation system could be built with P2P technology. One canbuild a hierarchy of reputation systems from datacenters todistributed file systems .Fine-grainaccess controlThis refers to fine-grain access control at the file or object level.This adds up the security protection beyond firewalls andintrusion detection systems .Collusive PiracypreventionDec. 3, 2010Piracy prevention achieved with peer collusion detection andcontent poisoning techniques .Kai Hwang, USC14 14
Trust Management for Protecting Cloud Resourcesand Safeguard Datacenter Operations [3]Dec. 3, 2010Kai Hwang, USC15Source: [4]
PowerTrust Built over A Trust Overlay NetworkGlobal Reputation Scores Vv1v2v3.vnInitial ReputationAggregationReputation UpdatingRegular Random WalkLook-ahead Random WalkPowerNodesDistributed Ranking ModuleLocal Trust ScoresTrust Overlay NetworkR. Zhou and K. Hwang, “PowerTrust : A scalable and robust reputation system forstructured P2P networks”, IEEE-TPDS, May 2007Dec. 3, 2010Kai Hwang, USC16
Data Coloring via WatermarkingDec. 3, 2010Kai Hwang, USC17
Color Matching To Authenticate DataOwners and Cloud Service ProvidersDec. 3, 2010Kai Hwang, USC18
Architecture of The Internet of ntTrafficSmartHomeCloud heInternetInformationNetworkRFIDSensor NetworkGPSRFID LabelSensor NodesRoad MapperSensingLayerDec. 3, 2010Kai Hwang, USC19
24 Satellites of GPS Deployed in OuterspaceDec. 3, 2010Kai Hwang, USC20
Service-Oriented Cloud of Clouds (Intercloud orData AnotherGridInformation lterServicefsFilterCloudAnotherGridfsfsSSWisdom DecisionsAnotherGridSSAnotherServiceKnowledge SSRaw Data udfsTraditional Gridwith seSensor or DataInterchangeServiceGeoffrey Fox: Cloud of clouds -- from Raw Data to Wisdom.SS Sensor service, fs filter servicesDec. 3, 2010Kai Hwang, USC21
Supply Chain Managementsupported by the Internet of Things.( http://www.igd.com)Dec. 3, 2010Kai Hwang, USC22
Facebook Applications(550 Millions users registered today)Dec. 3, 2010Kai Hwang, USC23
Mobility Support and Security Measuresfor Mobile Cloud ComputingCloudServiceModelsMobility Support andData Protection MethodsHardware and SoftwareMeasures for Cloud SecurityInfrastructureCloud(The IaaSModel) Special air interfacesMobile API designFile/Log access controlData coloring Hardware/software root of trust,PlatformCloud(The PaaSModel) Wireless PKI ,User authentication,Copyright protectionDisaster recovery Network-based firewallsand IDS Trust overlay network Reputation system OS patch managementDec. 3, 2010 Provisioning of virtual machines, Software watermarking Host-based firewalls and IDSKai Hwang, USC24
Cloudlets- A trusted, VM-based, and Resource-RichPortal for Upgrading Mobile Devices with Cognitive Abilities for Mobile accessof the cloud to explore Location-Aware Cloud Applications such as :Opportunity Discovery, Fast Information Processing,and Intelligent Decision Making on The Road, etc.Source: “The Case of VM-based Cloudlets in Mobile Computing”,IEEE Pervasive Computing, Vol.8, No. 4, April 2009Dec. 3, 2010Kai Hwang, USC25
Conclusions:Computing clouds are changing the whole IT , service industry, and globaleconomy. Clearly, cloud computing demands ubiquity, efficiency, security,and trustworthiness.Cloud computing has become a common practice in business,government, education, and entertainment leveraging 50 millionsof servers globally installed at thousands of datacenters today. Private clouds will become widespread in addition to using a fewpublic clouds, that are under heavy competition among Google, MS,Amazon, Intel, EMC, IBM, SGI, VMWare, Saleforce.com, etc. Effective trust management, guaranteed security, user privacy,data integrity, mobility support, and copyright protection are crucialto the universal acceptance of cloud as a ubiquitous service.Dec. 3, 2010Kai Hwang, USC26
Table 1:Cloud Security Responsibilitiesby Providers and UsersSource: Reference [4]Dec. 3, 2010Kai Hwang, USC27
Cloud Computing – ServiceProvider Priorities Ensure confidentiality, integrity, andavailability in a multi-tenantenvironment. Effectively meet the advertised SLA,while optimizing cloud resourceutilization. Offer tenants capabilities for selfservice, and achieve scaling throughautomation and simplification.Dec. 3, 2010Kai Hwang, USC28
Using Twitter Crowd to CheckWeather Conditions in Remote CitiesDec. 3, 2010Kai Hwang, USC29
IOT Telemedicine Applications:Measured Patient Data Transferred to DoctorUsing a Wireless Sensor Network.Dec. 3, 2010Kai Hwang, USC30
Opportunities of IOT in 3 DimensionsDec. 3, 2010Kai Hwang, USC31
Smart Power GridDec. 3, 2010Kai Hwang, USC32
Public, Private and Hybrid CloudsDec. 3, 2010Kai Hwang, USC33
Cloud Providers, Services and Security MeasuresKai Hwang and Deyi Li, “Trusted Cloud Computing with Secure Resourcesand Data Coloring”, IEEE Internet Computing, Sept. 2010Dec. 3, 2010Kai Hwang, USC34
The Internet of ThingsSmartEarth:Internet ofThings (IOT)Smart EarthDec. 3, 2010Kai Hwang, USCAnIBMDream35
Enabling and Synergistic Technologiesfor Building The Internet of ThingsEnabling TechnologiesSynergistic TechnologiesMachine-to-machine interfacesGeo-tagging/geo-cachingCloud Computing Services.BiometricsMicrocontrollersMachine visionWireless communicationRoboticsRadio frequency iden. (RFID)Augmented realityEnergy harvesting technologiesTelepresence and autonomySensors and sensor networksLife recorders and personal assistantActuatorsTangible user interfacesLocation technology (GPS)Clean technologiesSoftware engineeringMirror worldsTable 9.3 Enabling and Synergistic Technologies for The IoTDec. 3, 2010Kai Hwang, USC36
DDoS attacks are necessary to secure all datacenters and cloud platforms . Reputation System Over Resource Sites: Reputation system could be built with P2P technology. One can build a hierarchy of reputation systems from datacenters to distributed file systems . Fine-grain access control
EY data protection and privacy portfolio EY's data protection and privacy services and solutions are designed to help organizations protect their information over the full data lifecycle - from acquisition to disposal. Our service offering helps organizations stay up to date with data security and data privacy good
Why should I use a 3M privacy filter (compared to other brands or switchable privacy)? When it comes to protecting your data, don't compromise, use the best in class "black out" privacy filters from 3M. Ŕ Zone of privacy, protection from just 30-degree either side for best in class security against visual hackers
Embed data protection and privacy principles in the organizational culture - make employees aware of the importance of the issue and educate them the legal requirements and practices for data protection and privacy. Enhance accountability - define and implement data protection policies and guidelines and create mechanisms to ensure
6 Big data, machine learning, consumer protection and privacy Executive Summary This paper explores various challenges that consumer protection and data privacy law and regulation face with regard to big data and machine learning tech-niques, particularly where these are used for making decisions about services provided to consumers.
U.S. Department of the Interior PRIVACY IMPACT ASSESSMENT Introduction The Department of the Interior requires PIAs to be conducted and maintained on all IT systems whether already in existence, in development or undergoing modification in order to adequately evaluate privacy risks, ensure the protection of privacy information, and consider privacy
are Informatica Power Center with Power Exchange for Extract Transform Load (ETL) with masking capability. Figure 1 shows the big data privacy protection model using data masking methods. Figure 1. Big data privacy protection model using
The right to privacy is provided for under Article 13 of the Namibian Constitution1 , which states that: Besides the right to privacy being enshrined in the Constitution, its noteworthy to highlight that Namibia does not have a data protection and privacy law at the moment. Attempts have
Some security experts use 'data protection' interchangeably with 'data security', but this paper extends data protection to cover other aspects, including integrity and privacy. The figure below illustrates these assumptions and assertions: Figure 1—Data protection and the important role of Data security [source IGnPower]