1 / 37

Security Issues in Transparent Computing & Cloud Computing

Security Issues in Transparent Computing & Cloud Computing. Qin Liu Email: gracelq628@126.com Hunan University. 作业. 两篇课后感想 一篇调研报告 一个月之内 王国军教授办公室(升北 405 ). Outline. Part I Securely Using Cloud Computing Services Part II Security from Transparent Computing Aspect.

mare
Download Presentation

Security Issues in Transparent Computing & Cloud Computing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Security Issues in Transparent Computing & Cloud Computing Qin Liu Email: gracelq628@126.com Hunan University

  2. 作业 • 两篇课后感想 • 一篇调研报告 • 一个月之内 王国军教授办公室(升北405)

  3. Outline • Part I • Securely Using Cloud Computing Services • Part II • Security from Transparent Computing Aspect

  4. Security from Transparent Computing Aspect Part II Accepted to appear in ICNC 2014 Qin Liu Email: gracelq628@126.com Hunan University

  5. Outline • Introduction to TC • Security Issues in TC • TC Security Architecture • Conclusion

  6. Introduction to TC

  7. Intel's Next Wave: Transparent Computing ——Intel Developer Forum (IDF)  2012

  8. Comparison • Transparent Computing (TC) ——Prof. Y. Zhang in Tsinghua, 2004 ——From academia, Computing paradigm • Cloud Computing (CC) ——Google CEO in Search Engine, 2006 ——From industry, Business model TC exists before CC !

  9. Definition & Model • Transparent computing (TC) is a computing paradigm, where the users can enjoy services over network on-demand with any kinds of devices, while they don’t have to know the location of the OS, middleware, and applications.

  10. Essential Idea Stored program Concept • “store its instructions in its internal memory and process them in its arithmetic unit, so that in the course of a computation they may be not just executed but also modified at electronic speeds.” • ----Von Neumann 1945

  11. I/O Interrupt Memory CPU CPU Memory I/O I/O Disk DISK BUS Bus Block Stream Server APP OS Essential Idea Extend from PC to network CPU Memory Network I/O DISK BUS Client Separation of computation and storage

  12. Key Features • Separation of computation and storage • Separation of software and hardware • Streaming-based scheduling and execution App App App App App Networks App App App App App Android* App App App App App Local computation Remote storage TC– SaaS cloud computing model

  13. Phone Calculation TV Internet KARAOKEOK DVD Networks Client(MID) Same Client & Different Services

  14. PC Cell phone Phone Phone MID Laptop Computing Platform Digital Appliance Same Service & Different Clients

  15. E-Classroom&E-Schoolbag Backend server: Data storage &management Student Group 1 Campus Network Updates Campus server Updates Student Group 2 Teacher instructional interaction instructional interaction Student Group 3 Router

  16. Security Issues in TC

  17. Centralized Security • Advantages • Data is fully protected by the server • Avoid privacy leaking on the clients • Limitations • Out of control of data • Problems • How to verify whether the service providers obey SLA or not? • Big target for both inner and outside attacker

  18. Other Issues • Multi-OS remote booting • Different OSs apply different security polices • Upgrade of security policies The main functionality of the MetaOS is to instantiate a BIOS-enabled virtual I/O device, with which the T-Client can redirect all I/O access requests to the T-Server.

  19. Other Issues • Virtual disk sharing • Multiple-tenant environment • No physical boundaries VDMS in T-Client: (1) Check if data requested by CPU is in Memory YES->Reply NO->(2) Initiate a page fault error to trigger a trap (3) Encapsulates the trap into a NSAP packet and send it to T-server VDMS in T-Server: (1) Check whether data exists in Cache. YES->Reply NO-> (2) Fetch data from the virtual disk images and reply

  20. CIA in TC • Confidentiality • The prevention of intentional or unintentional unauthorized disclosure of information (Encryption, Access control, Authorization, Authentication) • Integrity • Ensure that unauthorized modifications are not made to data (MAC, DS) • Availability • Ensure the reliable and timely access to data or resources (Multiple data copies)

  21. Data Encryption User Revocation Query Privacy Confidentiality in TC Confidentiality

  22. Data Encryption • Natural way • Adopting cryptographic technique • Current solutions • Traditional symmetric/ asymmetric encryption • Low cost for encryption and decryption • Hard to achieve fine-grained access control • Attribute-Based encryption (ABE) • Easy to achieve fine-grained access control

  23. Public Key Cryptography

  24. ABE Key Policy ABE Ciphertext Policy ABE

  25. User Revocation • Naïve solution • The data owner re-encrypts data and distributes new keys to the data user • Frequent revocation will make the data owner become a performance bottleneck • Proxy re-encryption (PRE)

  26. PRE • PRE in TC • The data owner to send re-encryption instruction to the T-Server • The T-Server perform re-encryption based on PRE

  27. Query Privacy • Query privacy • Search privacy: Protect what the users are searching for • Access privacy: Protect what/which files are returned to the users • Existing solutions • Searchable encryption (SE) can protect search privacy while searching encrypted data

  28. SE • Bob sends to Alice an email encrypted under Alice’s public key • Alice’s email gateway wants to test whether the email contains the keyword urgent so that it could route the email to her PDA immediately • But, Alice does not want the email gateway to be able to decrypt her messages

  29. TC Security Architecture

  30. Overview • TC security architecture (TCSA) allows the users to take initiative to customize the desired security environments for program execution and data storage • Three stages in TCSA

  31. Secure Booting • Secure Booting happens in the system booting phase, where the users choose the desired OS as well as the desired security schemes. • User-controlled security • The users classify data • T-Server encapsulates the data based on the data type • Centralized security (default)

  32. Secure Booting • Step 1: Selection • The user chooses the desired OS as well as the security scheme for the system • Step 2: Instantiation • The T-Client downloads MetaOS from the T-Server • Step 3: Booting • The MetaOS helps to find the boot sector and load the OS-specific loader. Then, the OS takes control and continues to boot up as normal The whole booting process will be safeguarded by the Extensible Firmware Interface (EFI), which supports secure booting by utilizing cryptography to ensure that only the OS loaders or divers with an acceptable digital signature will be loaded by the firmware.

  33. Data Classification The data access process in the user-controlled scheme

  34. Data Classification

  35. Data Encapsulation • Encapsulating data in onion way • From type I to type III, the number of layers for encapsulation steadily increases

  36. Conclusion • We investigate the definition, features of transparent computing • We discuss the security challenges in TC • We propose TCSA to achieve user-controlled security in TC

  37. Questions?

More Related