Dec 3, 2010 ... Kai Hwang, University of Southern California. Keynote ... on Cloud Computing (
CloudCom2010) ... Distributed Systems and Cloud Computing,.
Security, Privacy, and Data Protection for Trusted Cloud Computing Prof. Kai Hwang, University of Southern California Keynote Address, International Conference on Cloud Computing (CloudCom2010) Indianapolis, Indiana Dec.3, 2010
Dec. 3, 2010
Cloud Platforms over Datacenters
Cloud Infrastructure and Services Reputation-based Trust Management Data Coloring and Software Watermarking Cloud Support of The Internet of Things
Kai Hwang, USC
1
Handy Tools We Use over the Evolutional Periods In History
Is it safe to play with your computer, when you are naked and vulnerable ? Dec. 3, 2010
Kai Hwang, USC
2
Top 10 Technologies for 2010
Dec. 3, 2010
Kai Hwang, USC
3
Web 2.0, Clouds, and Internet of Things HPC: HighPerformance Computing
HTC: HighThroughput Computing
P2P: Peer to Peer
MPP: Massively Parallel Source: K. Hwang, G. Fox, and J. Dongarra,
Processors
Distributed Systems and Cloud Computing, Morgan Kaufmann, 2011 (in press to appear) Dec. 3, 2010
Kai Hwang, USC
4
Cloud Computing as A Service [9]
Dec. 3, 2010
Kai Hwang, USC
5
Amazon Virtual Private Cloud VPC (http://aws.amazon.com/vpc/ )
Dec. 3, 2010
Kai Hwang, USC
6
vSphere 4 : An OS for Cloud Platform
Dec. 3, 2010
Kai Hwang, USC
7
Cloud Services Stack Application Cloud Services Platform Cloud Services Compute & Storage Cloud Services Co-Location Cloud Services Network Cloud Services Dec. 3, 2010
Kai Hwang, USC
8
Marc Benioff, Founder of Salesforce.com 1986
graduated from USC
1999 started salesforce.com 2003-05 appointed chairman of US Presidential IT Advisory Committee 2009 announced Force.com platform for cloud business computing
A SaaS and PaaS Cloud Provider Dec. 3, 2010
Kai Hwang, USC
9
Ex' = X
Security and Trust Crisis in Cloud Computing
Protecting datacenters must first secure cloud resources and uphold user privacy and data integrity.
Trust overlay networks could be applied to build reputation systems for establishing the trust among interactive datacenters.
A watermarking technique is suggested to protect shared data objects and massively distributed software modules.
These techniques safeguard user authentication and tighten the data access-control in public clouds.
The new approach could be more cost-effective than using the traditional encryption and firewalls to secure the clouds. Dec. 3, 2010
Kai Hwang, USC
10 10
Trusted Zones for VM Insulation Federate identities with public clouds
Identity federatio n
Virtual network security
Access Mgmt
Control and isolate VM in the virtual infrastruct ure
Dec. 3, 2010
APP OS
Tenan t #2 Virtual Infrastructure APP
APP OS
Tenan t #1 Virtual Infrastructure OS
Segregate and control user access
Security Info. & Event Mgmt
APP OS
Insulate Anti-malware infrastructure from Malware, Cybercrime intelligence Trojans and cybercriminals Strong
Cloud Provider Physical Infrastructure Physical Infrastructure
Enable end to end view of security events and compliance across infrastructures Kai Hwang, USC
authentication Insulate information from other tenants Insulate informatio n from cloud providers’ employees
Data loss prevention
Encryption & key mgmt Tokenization
GRC 11
Cloud Service Models and Their Security Demands
Cloud computing will not be accepted by common users unless the trust and dependability issues are resolved satisfactorily [1]. Dec. 3, 2010
Kai Hwang, USC
12
Data Security and Copyright Protection in A Trusted Cloud Platform
Source: Reference [3, 4] Dec. 3, 2010 March 11, 2009
Kai Hwang, USCProf. Kai Hwang, USC
13
Security Protection Mechanisms for Public Clouds Mechanism
Brief Description
Trust delegation and Negotiation
Cross certificates must be used to delegate trust across different PKI domains. Trust negotiation among different CSPs demands resolution of policy conflicts.
Worm containment and DDoS Defense
Internet worm containment and distributed defense against DDoS attacks are necessary to secure all datacenters and cloud platforms .
Reputation System Over Resource Sites
Reputation system could be built with P2P technology. One can build a hierarchy of reputation systems from datacenters to distributed file systems .
Fine-grain access control
This refers to fine-grain access control at the file or object level. This adds up the security protection beyond firewalls and intrusion detection systems .
Collusive Piracy prevention Dec. 3, 2010
Piracy prevention achieved with peer collusion detection and content poisoning techniques . Kai Hwang, USC
14 14
Trust Management for Protecting Cloud Resources and Safeguard Datacenter Operations [3]
Dec. 3, 2010
Kai Hwang, USC
15
Source: [4]
PowerTrust Built over A Trust Overlay Network Global Reputation Scores V v1
v2
v3
...
...
...
...
vn
Initial Reputation Aggregation
Reputation Updating
Regular Random Walk
Look-ahead Random Walk
Power Nodes Distributed Ranking Module
Local Trust Scores
Trust Overlay Network
R. Zhou and K. Hwang, “PowerTrust : A scalable and robust reputation system for structured P2P networks”, IEEE-TPDS, May 2007 Dec. 3, 2010
Kai Hwang, USC
16
Data Coloring via Watermarking
Dec. 3, 2010
Kai Hwang, USC
17
Color Matching To Authenticate Data Owners and Cloud Service Providers
Dec. 3, 2010
Kai Hwang, USC
18
Architecture of The Internet of Things Application Layer
Merchandise Tracking
Environment Protection
Intelligent Search
Telemedicine
Intelligent Traffic
Smart Home
Cloud Computing Platform
Network Layer
Mobile Telecom Network
The Internet
Information Network
RFID
Sensor Network
GPS
RFID Label
Sensor Nodes
Road Mapper
Sensing Layer
Dec. 3, 2010
Kai Hwang, USC
19
24 Satellites of GPS Deployed in Outerspace
Dec. 3, 2010
Kai Hwang, USC
20
Service-Oriented Cloud of Clouds (Intercloud or Data
Another Grid
Information
S S
S S fs
fs
fs
fs
S S
S S
S S
fs
fs fs
S S
S S
fs Filter Service
fs
fs Filter Service
fs
SS SS
Filter Cloud fs
fs
Filter Cloud
Filter Cloud
fs
SS
Discovery Cloud
fs
fs Filter Service
fs
fs
fs
SS
SS
Filter Service
fs
Filter Cloud
Another Grid
fs
fs
SS
Wisdom Decisions
Another Grid
SS
Another Service
Knowledge
S S
Raw Data
S S
Mashup)
S S
fs
Filter Cloud
S S
Compute Cloud
Discovery Cloud
fs
Traditional Grid with exposed services
Filter Cloud
S S
S S
S S
Storage Cloud
Database
Sensor or Data Interchange Service
Geoffrey Fox: Cloud of clouds -- from Raw Data to Wisdom. SS = Sensor service, fs = filter services Dec. 3, 2010
Kai Hwang, USC
21
Supply Chain Management supported by the Internet of Things. ( http://www.igd.com)
Dec. 3, 2010
Kai Hwang, USC
22
Facebook Applications (550 Millions users registered today)
Dec. 3, 2010
Kai Hwang, USC
23
Mobility Support and Security Measures for Mobile Cloud Computing Cloud Service Models
Mobility Support and Data Protection Methods
Hardware and Software Measures for Cloud Security
Infrastructure Cloud (The IaaS Model)
Special air interfaces Mobile API design File/Log access control Data coloring
Hardware/software root of trust,
Platform Cloud (The PaaS Model)
Wireless PKI , User authentication, Copyright protection Disaster recovery
Network-based firewalls and IDS Trust overlay network Reputation system OS patch management
Dec. 3, 2010
Provisioning of virtual machines, Software watermarking Host-based firewalls and IDS
Kai Hwang, USC
24
Cloudlets- A trusted, VM-based, and Resource-Rich Portal for Upgrading Mobile Devices with Cognitive Abilities for Mobile access of the cloud to explore Location-Aware Cloud Applications such as : Opportunity Discovery, Fast Information Processing, and Intelligent Decision Making on The Road, etc.
Source: “The Case of VM-based Cloudlets in Mobile Computing”, IEEE Pervasive Computing, Vol.8, No. 4, April 2009 Dec. 3, 2010
Kai Hwang, USC
25
Conclusions: Computing clouds are changing the whole IT , service industry, and global economy. Clearly, cloud computing demands ubiquity, efficiency, security, and trustworthiness. Cloud computing has become a common practice in business, government, education, and entertainment leveraging 50 millions of servers globally installed at thousands of datacenters today.
Private clouds will become widespread in addition to using a few public clouds, that are under heavy competition among Google, MS, Amazon, Intel, EMC, IBM, SGI, VMWare, Saleforce.com, etc.
Effective trust management, guaranteed security, user privacy, data integrity, mobility support, and copyright protection are crucial to the universal acceptance of cloud as a ubiquitous service.
Dec. 3, 2010
Kai Hwang, USC
26
Table 1:
Cloud Security Responsibilities by Providers and Users
Source: Reference [4] Dec. 3, 2010
Kai Hwang, USC
27
Cloud Computing – Service Provider Priorities Ensure confidentiality, integrity, and availability in a multi-tenant environment.
Effectively meet the advertised SLA, while optimizing cloud resource utilization.
Offer tenants capabilities for selfservice, and achieve scaling through automation and simplification.
Dec. 3, 2010
Kai Hwang, USC
28
Using Twitter Crowd to Check Weather Conditions in Remote Cities
Dec. 3, 2010
Kai Hwang, USC
29
IOT Telemedicine Applications:
Measured Patient Data Transferred to Doctor Using a Wireless Sensor Network.
Dec. 3, 2010
Kai Hwang, USC
30
Opportunities of IOT in 3 Dimensions
Dec. 3, 2010
Kai Hwang, USC
31
Smart Power Grid
Dec. 3, 2010
Kai Hwang, USC
32
Public, Private and Hybrid Clouds
Dec. 3, 2010
Kai Hwang, USC
33
Cloud Providers, Services and Security Measures
Kai Hwang and Deyi Li, “Trusted Cloud Computing with Secure Resources and Data Coloring”, IEEE Internet Computing, Sept. 2010 Dec. 3, 2010
Kai Hwang, USC
34
The Internet of Things Smart Earth: Internet of Things (IOT)
Smart Earth
Dec. 3, 2010
Kai Hwang, USC
An IBM Dream
35
Enabling and Synergistic Technologies for Building The Internet of Things Enabling Technologies
Synergistic Technologies
Machine-to-machine interfaces
Geo-tagging/geo-caching
Cloud Computing Services.
Biometrics
Microcontrollers
Machine vision
Wireless communication
Robotics
Radio frequency iden. (RFID)
Augmented reality
Energy harvesting technologies
Telepresence and autonomy
Sensors and sensor networks
Life recorders and personal assistant
Actuators
Tangible user interfaces
Location technology (GPS)
Clean technologies
Software engineering
Mirror worlds
Table 9.3 Enabling and Synergistic Technologies for The IoT
Dec. 3, 2010
Kai Hwang, USC
36