Secure Sharing of an ICT Infrastructure Through Vinci
|
|
- Louise Norton
- 5 years ago
- Views:
Transcription
1 Secure Sharing of an ICT Infrastructure Through Vinci Fabrizio Baiardi 1 Daniele Sgandurra 2 1 Polo G. Marconi - La Spezia, University of Pisa, Italy 2 Department of Computer Science, University of Pisa, Italy AIMS /32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
2 Outline 1 Secure Sharing of ICT Infrastructures Assumptions 2 3 Results and Future Works 2/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
3 Secure Sharing of ICT Infrastructures Assumptions Users and Applications Private ICT infrastructure: Bank, Hospital, Scada. Secure file sharing among users with distinct requirements. Several classes of users: users may belong to several classes; distinct security policies and reliability requirements; control shared data among users. Applications have different trust level: browser; home banking. 3/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
4 Example Secure Sharing of ICT Infrastructures Assumptions Hospital infrastructure: Communities (classes of users): doctors; nurses; administration. Each community manages its private information but also share some information with other communities. Each community should be able to: define its security policy; define its reliability requirements; control information to be shared. 4/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
5 Secure Sharing of ICT Infrastructures Assumptions Assumptions The infrastructure is a private network that: spans several locations; is centrally managed by a set of administrators. Most of the nodes are PC accessed by one person at time. Some server nodes to store shared data and execute server apps. Each node runs a virtual machine monitor (VMM). 5/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
6 Virtualization Technology Virtual Interacting Network CommunIty (Vinci) is a software architecture aimed at sharing an ICT infrastructure securely. Vinci exploits virtualization technology: Software emulation of HW: virtual machines (VMs). Benefits: 1 confinement among the VMs; 2 server consolidation: better resource utilization; 3 centralized management: easier administration. Widespread usage. 6/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
7 Virtualization Technology 7/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
8 Vinci defines many highly specialized and simple VM templates: each VM template implements different functionalities; dynamically instantiated; connected into overlays (network of VMs). Software customization. Minimization of complexity. More robustness. 8/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
9 9/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
10 9/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
11 9/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
12 9/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
13 9/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
14 Advantages: Easy-to-deploy virtual appliances. Minimize the software each VM runs. Run-time environment is highly customized, according to user and community of interest: amount of allocated memory; OS version; running kernel modules; applications and their configuration. 10/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
15 Currently, Vinci defines 6 VM templates: 1 Application VM: it runs a set of applications on behalf of a single user; 2 Community VM: it manages the private resources of a community; 3 File System VM: it belongs to several overlays and protects information shared among distinct communities; 11/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
16 4 Communication and Control VM: it implements and monitors flows among VMs of the same or distinct communities; 5 Assurance VM: it checks that Application VMs only run authorized software; 6 Infrastructure VM: these VMs manage the overall infrastructure. 12/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
17 Application VMs Run applications of a single user. Labeled with a global level of the community the user joins. A user can join distinct communities through distinct APP VMs. 13/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
18 Community VMs Manage and control private community resources: configuration files, system binaries, shared libraries; user home directories. MAC/DAC policies. 14/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
19 File System VMs Export shared file systems. They belong to several communities. Implement MAC/MLS policies to control file sharing. Tainting module to trace contamination. 15/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
20 Tainting Module 16/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
21 Tainting Module 16/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
22 Tainting Module 16/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
23 Tainting Module 16/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
24 Communication and Control VMs Protect and monitor information flows. 1 Firewall VMs; 2 VPN VMs; 3 IDS VMs. Communities can be isolated. Anti-spoofing to authenticate file requests. 17/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
25 Assurance VMs Protect integrity of critical VMs. They exploit virtual machine introspection. The Assurance VM can freeze the execution of a VM. 18/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
26 Virtual Machine Introspection Virtual Machine Introspection: Standford University. visibility: access a VM s state from a lower level; robustness: consistency checks applied from a distinct VM. 19/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
27 Infrastructure VMs 20/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
28 Infrastructure VMs They can: Configure and manage the overlays. Cooperate to monitor the overall infrastructure. Update the topology of the virtual overlays. Create/kill or migrate VMs. Configure a VM during the boot-up phase. Retrieve information about the VMs (resource usage). 21/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
29 Architecture 22/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
30 Architecture 22/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
31 Architecture 22/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
32 Architecture 22/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
33 Community Users run their applications in Applications VMs: each Application VM is paired with a global level; a community = APP VMs with the same global level; A community is composed of users and applications with the same security and reliability requirements. The number of communities reflects the distinct classes of users. A community is a collaborative environment where sharing of information does nor result in a loss of security or reliability. 23/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
34 Community 24/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
35 Community 24/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
36 Community 24/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
37 Virtual Community Network (VCN) An overlay, or virtual community network (VCN), is introduced for each community. A VCN includes: 1 the set of Application VMs of a community; 2 further VMs to manage the resources and interactions among communities (Infrastructure VMs, Assurance VMs,...). A VCN is an overlay network (a network of VMs). 25/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
38 Virtual Community Network 26/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
39 Virtual Community Network 26/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
40 Virtual Community Network 26/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
41 Virtual Community Network 26/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
42 Current Prototype The prototype is based on Xen and Linux OS. Patches to File System and Community VMs Linux kernel. Community and File System VMs run SELinux: 1 to support DAC/MAC/MLS policies; 2 to enforce the security policy in a centralized way. Vinci exploits NFSv3 service to handle file requests. File System VMs exploit a Tainting kernel module. 27/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
43 Threat Model The infrastructure is a private network centrally managed. VMMs, Infrastructure VMs and Assurance VMs belong to the Trusted Computing Base. Application VMs are untrusted: spoofed packets. Communications among physical nodes cannot be spoofed. 28/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
44 Results and Future Works Limitations Current limitations of the prototype: No File System encryption. Managing and configuring a node to support virtualization, with several customized OSes, is a challenging task. VM migration on request (not dynamic). Security policies are static. 29/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
45 Results Results and Future Works Virtual Interacting Network CommunIty (Vinci): Definition of parallel overlays: simplify management and sharing of a private ICT infrastructure; increase the robustness: specialized VMs apply security checks. Concept of community: set of users with similar requirements. VM templates: tailor each VM configuration by avoiding useless functionalities; smaller software; more robust. 30/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
46 Future Works Results and Future Works File System encryption. Finer-grained security policy: user-id and NFS client-id: 1 protection domain is a subset of the VM s domain; 2 client side authentication (certificate). Dynamic VM migration: to reduce communication delay; fault/error. Support for flexible security policies. Remote attestation. 31/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
47 Questions? Results and Future Works Thank you! 32/32 Fabrizio Baiardi, Daniele Sgandurra Secure Sharing of an ICT Infrastructure Through Vinci
Towards High Assurance Networks of Virtual Machines
Towards High Assurance Networks of Virtual Machines Fabrizio Baiardi 1 Daniele Sgandurra 2 1 Polo G. Marconi - La Spezia, University of Pisa, Italy 2 Department of Computer Science, University of Pisa,
More informationBuilding Trustworthy Intrusion Detection Through Virtual Machine Introspection
Building Trustworthy Intrusion Detection Through Fabrizio Baiardi 1 Daniele Sgandurra 2 1 Polo G. Marconi - La Spezia, University of Pisa 2 Department of Computer Science, University of Pisa IAS Conference,
More informationVirtual Machine Security
Virtual Machine Security CSE443 - Spring 2012 Introduction to Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ 1 Operating System Quandary Q: What is the primary goal
More informationTRESCCA Trustworthy Embedded Systems for Secure Cloud Computing
TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing IoT Week 2014, 2014 06 17 Ignacio García Wellness Telecom Outline Welcome Motivation Objectives TRESCCA client platform SW framework for
More informationThe next step in IT security after Snowden
The next step in IT security after Snowden Prof. Dr. (TU NN) Norbert Pohlmann Institute for Internet Security - if(is) Westphalian University of Applied Sciences Gelsenkirchen, Germany www.internet-sicherheit.de
More informationDesigning Windows Server 2008 Network and Applications Infrastructure
Designing Windows Server 2008 Network and Applications Infrastructure Course No. 6435B - 5 Days Instructor-led, Hands-on Introduction This five-day course will provide students with an understanding of
More informationPRAGATHI TECHNOLOGIES BTM Marathahalli Ph:
PRAGATHI TECHNOLOGIES BTM Marathahalli Ph: 97420-95494 Course 20413C: Designing and Implementing a Server Infrastructure Course Outline Module 1: Planning Server Upgrade and Migration This module explains
More informationOperating system hardening
Operating system Comp Sci 3600 Security Outline 1 2 3 4 5 6 What is OS? Hardening process that includes planning, ation, uration, update, and maintenance of the operating system and the key applications
More informationXen and CloudStack. Ewan Mellor. Director, Engineering, Open-source Cloud Platforms Citrix Systems
Xen and CloudStack Ewan Mellor Director, Engineering, Open-source Cloud Platforms Citrix Systems Agenda What is CloudStack? Move to the Apache Foundation CloudStack architecture on Xen The future for CloudStack
More informationChapter 5 C. Virtual machines
Chapter 5 C Virtual machines Virtual Machines Host computer emulates guest operating system and machine resources Improved isolation of multiple guests Avoids security and reliability problems Aids sharing
More informationVMware vsphere 6.5: Install, Configure, Manage (5 Days)
www.peaklearningllc.com VMware vsphere 6.5: Install, Configure, Manage (5 Days) Introduction This five-day course features intensive hands-on training that focuses on installing, configuring, and managing
More information[VMICMV6.5]: VMware vsphere: Install, Configure, Manage [V6.5]
[VMICMV6.5]: VMware vsphere: Install, Configure, Manage [V6.5] Length Delivery Method : 5 Days : Instructor-led (Classroom) Course Overview This five-day course features intensive hands-on training that
More informationA QUICK INTRODUCTION TO THE NFV SEC WG. Igor Faynberg, Cable Labs Chairman ETSI NFV SEC WG
A QUICK INTRODUCTION TO THE NFV SEC WG Igor Faynberg, Cable Labs Chairman ETSI NFV SEC WG 1 The NFV SEC Working Group Misson The NFV SEC Working Group comprises computer. network, and Cloud security experts
More informationSecuring your Virtualized Datacenter. Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008
Securing your Virtualized Datacenter Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008 Agenda VMware Virtualization Technology How Virtualization Affects Datacenter Security Keys to
More informationNested Virtualization and Server Consolidation
Nested Virtualization and Server Consolidation Vara Varavithya Department of Electrical Engineering, KMUTNB varavithya@gmail.com 1 Outline Virtualization & Background Nested Virtualization Hybrid-Nested
More informationDesigning and Implementing a Server Infrastructure
Designing and Implementing a Server Infrastructure Duration: 5 Days Course Code: 20413 About this course Get hands-on instruction and practice planning, designing and deploying a physical and logical Windows
More informationTPM v.s. Embedded Board. James Y
TPM v.s. Embedded Board James Y What Is A Trusted Platform Module? (TPM 1.2) TPM 1.2 on the Enano-8523 that: How Safe is your INFORMATION? Protects secrets from attackers Performs cryptographic functions
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 1 Operating System Quandary Q: What is the primary goal of
More informationTable of Contents 1.1. Introduction. Overview of vsphere Integrated Containers 1.2
Table of Contents Introduction Overview of vsphere Integrated Containers 1.1 1.2 2 Overview of vsphere Integrated Containers This document provides an overview of VMware vsphere Integrated Containers.
More informationPlatform Operations Concept for zseries Linux with z/vm
Platform Operations Concept for zseries with z/vm Art Olbert care, Inc AOlbert@linuxcare.com 415-354-4346 PAGE 1 OPERATIONS CONCEPT Operations Concept defines the process, roles, and approach to effectively
More informationTerra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)
Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006) Trusted Computing Hardware What can you do if you have
More informationMCSE Server Infrastructure. This Training Program prepares and enables learners to Pass Microsoft MCSE: Server Infrastructure exams
MCSE Server Infrastructure This Training Program prepares and enables learners to Pass Microsoft MCSE: Server Infrastructure exams 1. MCSE: Server Infrastructure / Exam 70-413 (Designing and Implementing
More informationCS 356 Operating System Security. Fall 2013
CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database
More informationVirtualization. Application Application Application. MCSN - N. Tonellotto - Distributed Enabling Platforms OPERATING SYSTEM OPERATING SYSTEM
Virtualization lication lication lication lication lication lication OPERATING SYSTEM OPERATING SYSTEM VIRTUALIZATION 1 Basic Idea Observation Hardware resources are typically under-utilized Hardware resources
More informationVMware vsphere: Install, Configure, Manage plus Optimize and Scale- V 6.5. VMware vsphere 6.5 VMware vcenter 6.5 VMware ESXi 6.
VMware vsphere V 6.5 VMware vsphere: Install, Configure, Manage plus Optimize and Scale- V 6.5 vsphere VMware vsphere 6.5 VMware vcenter 6.5 VMware ESXi 6.5 VMware vsphere vcenter ESXi ESXi VMware vcenter
More informationNFV SEC TUTORIAL. Igor Faynberg, CableLabs Chairman, NFV Security WG
NFV SEC TUTORIAL Igor Faynberg, CableLabs Chairman, NFV Security WG 1 The NFV SEC Working Group Mission The NFV SEC Working Group comprises Computing, Networking and Cloud security experts representing
More informationTERRA. Boneh. A virtual machine-based platform for trusted computing. Presented by: David Rager November 10, 2004
TERRA Authored by: Garfinkel,, Pfaff, Chow, Rosenblum,, and Boneh A virtual machine-based platform for trusted computing Presented by: David Rager November 10, 2004 Why there exists a need Commodity OS
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 Operating System Quandary Q: What is the primary goal of system
More informationThe Road to a Secure, Compliant Cloud
The Road to a Secure, Compliant Cloud The Road to a Secure, Compliant Cloud Build a trusted infrastructure with a solution stack from Intel, IBM Cloud SoftLayer,* VMware,* and HyTrust Technology innovation
More informationVMware - VMware vsphere: Install, Configure, Manage [V6.7]
VMware - VMware vsphere: Install, Configure, Manage [V6.7] Code: Length: URL: EDU-VSICM67 5 days View Online This five-day course features intensive hands-on training that focuses on installing, configuring,
More informationAn overview of virtual machine architecture
An overview of virtual machine architecture Outline History Standardized System Components Virtual Machine Basics Process VMs System VMs Virtualizing Process Summary and Taxonomy History In ancient times:
More informationIntel Cloud Builder Guide: Cloud Design and Deployment on Intel Platforms
EXECUTIVE SUMMARY Intel Cloud Builder Guide Intel Xeon Processor-based Servers Novell* Cloud Manager Intel Cloud Builder Guide: Cloud Design and Deployment on Intel Platforms Novell* Cloud Manager Intel
More informationOS Security IV: Virtualization and Trusted Computing
1 OS Security IV: Virtualization and Trusted Computing Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab2 More questions? 3 Virtual machine monitor +-----------+----------------+-------------+
More informationSecurity for the Xen Hypervisor Status Quo & Perspective 2006
Security for the Xen Hypervisor Status Quo & Perspective 2006 Reiner Sailer Xen Summit 2006 IBM T J Watson Research Center 1/17/2006 1. Access Control Module 2. Virtual Trusted Platform Module 2 IBM T
More informationDetail the learning environment, remote access labs and course timings
Course Duration: 4 days Course Description This course has been designed as an Introduction to VMware for IT Professionals, but assumes that some labs have already been developed, with time always at a
More informationDesigning and Implementing a Server 2012 Infrastructure
Designing and Implementing a Server 2012 Infrastructure Course 20413C 5 Days Instructor-led, Hands-on Introduction This 5-day instructor-led course provides you with the skills and knowledge needed to
More informationIoT It s All About Security
IoT It s All About Security Colin Walls colin_walls@mentor.com Android is a trademark of Google Inc. Use of this trademark is subject to Google Permissions. Linux is the registered trademark of Linus Torvalds
More informationHardened Security in the Cloud Bob Doud, Sr. Director Marketing March, 2018
Hardened Security in the Cloud Bob Doud, Sr. Director Marketing March, 2018 1 Cloud Computing is Growing at an Astounding Rate Many compelling reasons for business to move to the cloud Cost, uptime, easy-expansion,
More informationSECURITY ARCHITECTURES CARSTEN WEINHOLD
Department of Computer Science Institute of System Architecture, Operating Systems Group SECURITY ARCHITECTURES CARSTEN WEINHOLD MOTIVATION Common observations: Complex software has security bugs Users
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 Operating System Quandary Q: What is the primary goal of system
More informationTopics in Systems and Program Security
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Topics in Systems and
More informationVirtual Machine Systems
Virtual Machine Systems Question Can a small operating system simulate the hardware of some machine so that Another operating system can run in that simulated hardware? More than one instance of that operating
More informationOperating System Security, Continued CS 136 Computer Security Peter Reiher January 29, 2008
Operating System Security, Continued CS 136 Computer Security Peter Reiher January 29, 2008 Page 1 Outline Designing secure operating systems Assuring OS security TPM and trusted computing Page 2 Desired
More informationVMware Overview VMware Infrastructure 3: Install and Configure Rev C Copyright 2007 VMware, Inc. All rights reserved.
VMware Overview Kontakt: jens.soeldner@netlogix.de 1-1 You Are Here Virtual Infrastructure VMware Overview ESX Server Installation ESX Server Installation Networking Networking Storage Storage ESX Server
More informationINFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD
Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD OVERVIEW Fundamental
More informationLast time. Security Policies and Models. Trusted Operating System Design. Bell La-Padula and Biba Security Models Information Flow Control
Last time Security Policies and Models Bell La-Padula and Biba Security Models Information Flow Control Trusted Operating System Design Design Elements Security Features 10-1 This time Trusted Operating
More informationVirtual Security Gateway Overview
This chapter contains the following sections: Information About the Cisco Virtual Security Gateway, page 1 Cisco Virtual Security Gateway Configuration for the Network, page 10 Feature History for Overview,
More informationHypervisor Security First Published On: Last Updated On:
First Published On: 02-22-2017 Last Updated On: 05-03-2018 1 Table of Contents 1. Secure Design 1.1.Secure Design 1.2.Security Development Lifecycle 1.3.ESXi and Trusted Platform Module 2.0 (TPM) FAQ 2.
More informationGoogle on BeyondCorp: Empowering employees with security for the cloud era
SESSION ID: EXP-F02 Google on BeyondCorp: Empowering employees with security for the cloud era Jennifer Lin Director, Product Management, Security & Privacy Google Cloud What is BeyondCorp? Enterprise
More informationSECURITY PLATFORM FOR HEALTHCARE PROVIDERS
SECURITY PLATFORM FOR HEALTHCARE PROVIDERS Hundreds of hospitals, clinics and healthcare networks across the globe prevent successful cyberattacks with our Next-Generation Security Platform. Palo Alto
More informationDESIGNING AND IMPLEMENTING A SERVER INFRASTRUCTURE
Education and Support for SharePoint, Office 365 and Azure www.combined-knowledge.com COURSE OUTLINE DESIGNING AND IMPLEMENTING A SERVER INFRASTRUCTURE Microsoft Course Code 20413 About this course Get
More informationAdvanced Systems Security: Securing Commercial Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationCloud Computing Chapter 2
Cloud Computing Chapter 2 1/17/2012 Agenda Composability Infrastructure Platforms Virtual Appliances Communication Protocol Applications Connecting to Cloud Composability Applications build in the cloud
More information70-247: Configuring and Deploying a Private Cloud with System Center 2012
70-247: Configuring and Deploying a Private Cloud with System Center 2012 Module 01 - Understanding the Private Cloud Lesson 1: Understanding the Private Cloud Cloud Comparisons Comparing the Private and
More informationSpring 2017 :: CSE 506. Introduction to. Virtual Machines. Nima Honarmand
Introduction to Virtual Machines Nima Honarmand Virtual Machines & Hypervisors Virtual Machine: an abstraction of a complete compute environment through the combined virtualization of the processor, memory,
More informationSAFEGUARDING YOUR VIRTUALIZED RESOURCES ON THE CLOUD. May 2012
SAFEGUARDING YOUR VIRTUALIZED RESOURCES ON THE CLOUD May 2012 THE ECONOMICS OF THE DATA CENTER Physical Server Installed Base (Millions) Logical Server Installed Base (Millions) Complexity and Operating
More informationAbout Us. Innovating proven technology for practical security solutions
Rethink Security About Us Innovating proven technology for practical security solutions Virtualization Security Application Security Platform Security Cross Domain Security Desktop Consolidation Case Study
More informationDawn Song
1 Virtual Machines & Security Dawn Song dawnsong@cs.berkeley.edu Virtual Machines VM: Execution environment that gives the illusion of a real machine VMM/Hypervisor: host software which provides this capability
More information70-414: Implementing an Advanced Server Infrastructure Course 01 - Creating the Virtualization Infrastructure
70-414: Implementing an Advanced Server Infrastructure Course 01 - Creating the Virtualization Infrastructure Slide 1 Creating the Virtualization Infrastructure Slide 2 Introducing Microsoft System Center
More informationInternet Security: Firewall
Internet Security: Firewall What is a Firewall firewall = wall to protect against fire propagation More like a moat around a medieval castle restricts entry to carefully controlled points restricts exits
More informationCisco Designing the Cisco Cloud (CLDDES) Download Full version :
Cisco 300-465 Designing the Cisco Cloud (CLDDES) Download Full version : http://killexams.com/pass4sure/exam-detail/300-465 out from the VM. F. Operates by allocating disk storage space in a flexible manner
More informationW11 Hyper-V security. Jesper Krogh.
W11 Hyper-V security Jesper Krogh jesper_krogh@dell.com Jesper Krogh Speaker intro Senior Solution architect at Dell Responsible for Microsoft offerings and solutions within Denmark Specialities witin:
More informationSecure VFX in the Cloud. Microsoft Azure
Secure VFX in the Cloud Burst rendering, storage, and key management Microsoft Azure Joel Sloss, Microsoft Board of Directors, CDSA Agenda No premise for On-Premises Is it safe? On Being Internet-connected
More informationSTRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview
STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking
More informationCreating a Practical Security Architecture Based on sel4
Creating a Practical Security Architecture Based on sel4 Xinming (Simon) Ou University of South Florida (many slides borrowed/adapted from my student Daniel Wang) 1 Questions for sel4 Community Is there
More informationImplementing Microsoft Azure Infrastructure Solutions
Implementing Microsoft Azure Infrastructure Solutions OD20533C; On-Demand, Video-based Course Description This course is intended for IT professionals who are familiar with managing on-premises IT deployments
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 3.1: OS Security Basics of secure design Endadul Hoque Slide Acknowledgment Contents are based on slides from Ninghui Li (Purdue), John Mitchell (Stanford), Dan Boneh (Stanford)
More informationCIS 21 Final Study Guide. Final covers ch. 1-20, except for 17. Need to know:
CIS 21 Final Study Guide Final covers ch. 1-20, except for 17. Need to know: I. Amdahl's Law II. Moore s Law III. Processes and Threading A. What is a process? B. What is a thread? C. Modes (kernel mode,
More informationGetting Started with AWS Security
Getting Started with AWS Security Tomas Clemente Sanchez Senior Consultant Security, Risk and Compliance September 21st 2017 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Move
More informationCloud Native Security. OpenShift Commons Briefing
Cloud Native Security OpenShift Commons Briefing Amir Sharif Co-Founder amir@aporeto.com Cloud Native Applications Challenge Security Change Frequency x 10x 100x 1,000x Legacy (Pets) Servers VMs Cloud
More informationStatement of Compliance Cloud Platform
Bidder Name Statement of Compliance Cloud Platform S. No. Functional Requirements of Virtual Private Cloud and Hybrid Cloud Platform Cloud services 1 Cloud services for both Windows hyper-v and Vmware
More informationAdvanced Systems Security: Principles
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationIntroduction to Device Trust Architecture
Introduction to Device Trust Architecture July 2018 www.globalplatform.org 2018 GlobalPlatform, Inc. THE TECHNOLOGY The Device Trust Architecture is a security framework which shows how GlobalPlatform
More informationSymantec Endpoint Protection Family Feature Comparison
Symantec Endpoint Protection Family Feature Comparison SEP SBE SEP Cloud SEP Cloud SEP 14.2 Device Protection Laptop, Laptop Laptop, Tablet Laptop Tablet & & Smartphone Smartphone Meter Per Device Per
More informationSecuring Microservice Interactions in Openstack and Kubernetes
Securing Microservice Interactions in Openstack and Kubernetes Yoshio Turner & Jayanth Gummaraju Co- Founders @ Banyan https://www.banyanops.com Banyan Founded in the middle of 2015 In San Francisco, CA
More information[MS20533]: Implementing Microsoft Azure Infrastructure Solutions
[MS20533]: Implementing Microsoft Azure Infrastructure Solutions Length : 5 Days Audience(s) : IT Professionals Level : 300 Technology : Microsoft Products Delivery Method : Instructor-led (Classroom)
More informationINSTALLATION RUNBOOK FOR. VNF (virtual firewall) 15.1X49-D30.3. Liberty. Application Type: vsrx Version: MOS Version: 8.0. OpenStack Version:
INSTALLATION RUNBOOK FOR Juniper vsrx Application Type: vsrx Version: VNF (virtual firewall) 15.1X49-D30.3 MOS Version: 8.0 OpenStack Version: Liberty 1 Introduction 1.1 Target Audience 2 Application Overview
More informationvcenter Server Installation and Setup Modified on 11 MAY 2018 VMware vsphere 6.7 vcenter Server 6.7
vcenter Server Installation and Setup Modified on 11 MAY 2018 VMware vsphere 6.7 vcenter Server 6.7 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationMicrosoft Certified Solutions Expert (MCSE)
Microsoft Certified Solutions Expert (MCSE) Installing and Configuring Windows Server 2012 (70-410) Module 1: Deploying and Managing Windows Server 2012 Windows Server 2012 Overview Overview of Windows
More informationScalable Architectural Support for Trusted Software
Scalable Architectural Support for Trusted Software David Champagne and Ruby B. Lee Princeton University Secure Processor Design 11/02/2017 Dimitrios Skarlatos Motivation Apps handle sensitive/secret information
More informationCisco ACI vcenter Plugin
This chapter contains the following sections: About Cisco ACI with VMware vsphere Web Client, page 1 Getting Started with, page 2 Features and Limitations, page 7 GUI, page 12 Performing ACI Object Configurations,
More informationWhat s in Installing and Configuring Windows Server 2012 (70-410):
What s in Installing and Configuring Windows Server 2012 (70-410): The course provides skills and knowledge necessary to implement a core Windows Server 2012 infrastructure in an existing enterprise environment.
More informationThe failure of Operating Systems,
The failure of Operating Systems, and how we can fix it. Glauber Costa Lead Software Engineer August 30th, 2012 Linuxcon Opening Notes I'll be doing Hypervisors vs Containers here. But: 2 2 Opening Notes
More informationBackground. IBM sold expensive mainframes to large organizations. Monitor sits between one or more OSes and HW
Virtual Machines Background IBM sold expensive mainframes to large organizations Some wanted to run different OSes at the same time (because applications were developed on old OSes) Solution: IBM developed
More informationOverview of System Virtualization: The most powerful platform for program analysis and system security. Zhiqiang Lin
CS 6V81-05: System Security and Malicious Code Analysis Overview of System Virtualization: The most powerful platform for program analysis and system security Zhiqiang Lin Department of Computer Science
More informationLINUX Virtualization. Running other code under LINUX
LINUX Virtualization Running other code under LINUX Environment Virtualization Citrix/MetaFrame Virtual desktop under Windows NT. aka Windows Remote Desktop Protocol VNC, Dameware virtual console. XWindows
More informationLive Migration of Virtualized Edge Networks: Analytical Modeling and Performance Evaluation
Live Migration of Virtualized Edge Networks: Analytical Modeling and Performance Evaluation Walter Cerroni, Franco Callegati DEI University of Bologna, Italy Outline Motivations Virtualized edge networks
More informationToday s workforce is Mobile. Cloud and SaaSbased. are being deployed and used faster than ever. Most applications are Web-based apps
Today s workforce is Mobile Most applications are Web-based apps Cloud and SaaSbased applications are being deployed and used faster than ever Hybrid Cloud is the new normal. % plan to migrate >50% of
More informationAdvanced Systems Security: Virtual Machine Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationCourse Modules for CCSE R77 (Check Point Certified Security Expert) Training Online
Course Modules for CCSE R77 (Check Point Certified Security Expert) Training Online 1 Introduction to Check Point Technology A) Check Point Security Management Architecture(SMART) Smart Console Security
More informationPsycoTrace: Virtual and Transparent Monitoring of a Process Self
PsycoTrace: Virtual and Transparent Monitoring of a Process Self Fabrizio Baiardi, Dario Maggiari Polo G. Marconi, La Spezia Università di Pisa, Italy {baiardi, maggiari}@di.unipi.it Daniele Sgandurra,
More informationCPS 510 final exam, 4/27/2015
CPS 510 final exam, 4/27/2015 Your name please: This exam has 25 questions worth 12 points each. For each question, please give the best answer you can in a few sentences or bullets using the lingo of
More informationA Global Operating System «from the Things to the Clouds»
GRUPPO TELECOM ITALIA EAI International Conference on Software Defined Wireless Networks and Cognitive Technologies for IoT Rome, 26th October 2015 A Global Operating System «from the Things to the Clouds»
More informationSupporting Fine-Grained Network Functions through Intel DPDK
Supporting Fine-Grained Network Functions through Intel DPDK Ivano Cerrato, Mauro Annarumma, Fulvio Risso - Politecnico di Torino, Italy EWSDN 2014, September 1st 2014 This project is co-funded by the
More informationMulti-tenancy Virtualization Challenges & Solutions. Daniel J Walsh Mr SELinux, Red Hat Date
Multi-tenancy Virtualization Challenges & Solutions Daniel J Walsh Mr SELinux, Red Hat Date 06.28.12 What is Cloud? What is IaaS? IaaS = Infrastructure-as-a-Service What is PaaS? PaaS = Platform-as-a-Service
More informationTable of Contents 1.1. Overview. Containers, Docker, Registries vsphere Integrated Containers Engine
Table of Contents Overview Containers, Docker, Registries vsphere Integrated Containers Engine Management Portal Registry Roles and Personas 1.1 1.1.1 1.1.2 1.1.2.1 1.1.2.2 1.1.2.3 1.1.2.4 2 Overview of
More informationIntel, OpenStack, & Trust in the Open Cloud. Intel Introduction
Intel, OpenStack, & Trust in the Open Cloud Intel Introduction 1 Intel enables OpenStack Cloud Deployments 2 Intel Contributions to OpenStack Telemetry (Ceilometer) Object Store (Swift) Erasure Code Metrics
More informationExam : Implementing a Cloud Based Infrastructure
Exam 70-414: Implementing a Cloud Based Infrastructure Course Overview This course teaches students about creating the virtualization infrastructure, planning and deploying virtual machines, monitoring,
More informationCSE 237B Fall 2009 Virtualization, Security and RTOS. Rajesh Gupta Computer Science and Engineering University of California, San Diego.
CSE 237B Fall 2009 Virtualization, Security and RTOS Rajesh Gupta Computer Science and Engineering University of California, San Diego. Overview What is virtualization? Types of virtualization and VMs
More informationDocument Number: rev D Intuitive Surgical, Inc. OnSite Overview. for the da Vinci Xi and da Vinci Si Surgical System.
OnSite Overview for the da Vinci Xi and da Vinci Si Surgical System Page 1 Table of Contents 1. OnSite for the da Vinci Xi and Si System Overview... 3 2. Requirements... 5 3. Detailed Hardware, Software
More information