受信云计算的安全隐私和数据保护

1、Nov.8, 2010Kai Hwang, USC1 Prof. Kai Hwang, University of Southern CaliforniaKeynote Address, International Conference on Parallel and Distributed Computing and Systems (PDCS 2010), Marina Del Rey, CA. Nov. 8, 2010 Cloud PlatformsCloud Platforms over Datacentersover Datacenters Cloud Infrastructure

2、and Services Cloud Infrastructure and Services Reputation-based Trust Management Reputation-based Trust Management Data Coloring and Software Watermarking Data Coloring and Software Watermarking Cloud Support of The Internet of Things Cloud Support of The Internet of Things Nov.8, 2010Kai Hwang, USC

3、2Handy Tools We Use over the Evolutional Periods In History Is it safe to play with your computer, when you are naked and vulnerable ? Nov.8, 2010Kai Hwang, USC3Top 10 Technologies for 2010Nov.8, 2010Kai Hwang, USC4Web 2.0, Clouds, and Internet of ThingsHPC: HPC: High-High-Performance Performance Co

4、mputingComputingHTC: HTC: High-High-Throughput Throughput ComputingComputingP2P: P2P: Peer to PeerPeer to PeerMPP: MPP: Massively Parallel Massively Parallel ProcessorsProcessorsSource: K. Hwang, G. Fox, and J. Dongarra, Distributed Systems and Cloud Computing, Morgan Kaufmann, 2011 (in press to app

5、ear)Nov.8, 2010Kai Hwang, USC5Public, Private and Hybrid CloudsSource: Distributed Systems and Cloud Computing, 2Nov.8, 2010Kai Hwang, USC6Cloud Computing as A Service 9Nov.8, 2010Kai Hwang, USC7Cloud Providers, Services and Security MeasuresCloud Providers, Services and Security MeasuresKai Hwang a

6、nd Deyi Li,Kai Hwang and Deyi Li, “Trusted Cloud Computing with Secure Resources Trusted Cloud Computing with Secure Resources and Data Coloringand Data Coloring”, , IEEE Internet Computing,IEEE Internet Computing, Sept. 2010 Sept. 2010 Nov.8, 2010Kai Hwang, USC8Amazon Virtual Private Cloud VPC (htt

7、p:/ ) Nov.8, 2010Kai Hwang, USC9vSphere 4 : An OS for Cloud Platform Nov.8, 2010Kai Hwang, USC10Cloud Services StackNetworkCloud ServicesCo-LocationCloud ServicesCompute & StorageCloud ServicesPlatformCloud ServicesApplicationCloud ServicesNov.8, 2010Kai Hwang, USC11Top 8 Cloud Computing Compani

8、es Nov.8, 2010Kai Hwang, USC12Marc Benioff, Founder of S1986 graduated from USC 1999 started 2003-05 appointed chairman of US Presidential IT Advisory Committee 2009 announced F platform for cloud business computingA SaaS and PaaS Cloud ProviderNov.8, 2010Kai Hwang, USC1313XEx XEx XEx Protecting dat

9、acenters must first secure cloud resources and uphold user Protecting datacenters must first secure cloud resources and uphold user privacy and data integrity. privacy and data integrity. Trust overlay networks could be applied to build reputation systems for Trust overlay networks could be applied

10、to build reputation systems for establishing the trust among interactive datacenters. establishing the trust among interactive datacenters. A watermarking technique is suggested to protect shared data objects and A watermarking technique is suggested to protect shared data objects and massively dist

11、ributed software modules. massively distributed software modules. These techniques safeguard user authentication and tighten the data These techniques safeguard user authentication and tighten the data access-control in public clouds. access-control in public clouds. The new approach could be more c

12、ost-effective than using the traditional The new approach could be more cost-effective than using the traditional encryption and firewalls to secure the clouds. encryption and firewalls to secure the clouds. Security and Trust CrisisSecurity and Trust Crisis in Cloud Computingin Cloud ComputingNov.8

13、, 2010Kai Hwang, USC14Physical InfrastructureTrusted Zones for VM InsulationTenant #2APPOSAPPOSVirtual InfrastructurePhysical InfrastructureCloud ProviderAPPOSAPPOSVirtual InfrastructureTenant #1Insulate information from cloud providers employeesInsulate information from other tenantsInsulate infras

14、tructure from Malware, Trojans and cybercriminalsSegregate and control user accessControl and isolate VM in the virtual infrastructureFederate identities with public cloudsIdentity federationVirtual network securityAccess MgmtCybercrime intelligenceStrong authenticationData loss preventionEncryption

15、 & key mgmtTokenizationEnable end to end view of security events and compliance across infrastructuresSecurity Info. & Event MgmtGRCAnti-malwareNov.8, 2010Kai Hwang, USC15March 11, 2009Prof. Kai Hwang, USCData Security and Copyright Protection in A Trusted Cloud Platform Source: Reference 3,

16、 4Nov.8, 2010Kai Hwang, USC16Security Protection Mechanisms for Public Clouds16MechanismBrief DescriptionTrust delegation and NegotiationCross certificates must be used to delegate trust across different PKI domains. Trust negotiation among different CSPs demands resolution of policy conflicts. Worm

17、 containment and DDoS DefenseInternet worm containment and distributed defense against DDoS attacks are necessary to secure all datacenters and cloud platforms .Reputation System OverResource SitesReputation system could be built with P2P technology. One can build a hierarchy of reputation systems f

18、rom datacenters to distributed file systems . Fine-grain access controlThis refers to fine-grain access control at the file or object level. This adds up the security protection beyond firewalls and intrusion detection systems . Collusive Piracy preventionPiracy prevention achieved with peer collusi

19、on detection and content poisoning techniques . Nov.8, 2010Kai Hwang, USC17Cloud Service Models and Their Security DemandsCloud computing will not be accepted by common users unless the trust and dependability issues are resolved satisfactorily 1.Nov.8, 2010Kai Hwang, USC18Trust Management for Prote

20、cting Cloud Resources and Safeguard Datacenter Operations 3 Source: 4Nov.8, 2010Kai Hwang, USC19PowerTrust Built over A Trust Overlay NetworkR. Zhou and K. Hwang, “PowerTrust : A scalable and robust reputation system for structured P2P networks”, IEEE-TPDS, May 2007Look-ahead Random WalkDistributed

21、Ranking Modulevn.v3v2v1Global Reputation Scores VRegular Random WalkInitial ReputationAggregationReputation UpdatingLocal Trust ScoresPowerNodesTrust Overlay NetworkNov.8, 2010Kai Hwang, USC20Distributed Defense against DDoS Attacks over Multiple Network Domains (Chen, Hwang, and Ku, IEEE Trans. on

22、Parallel and Distributed Systems, Dec. 2007 )Nov.8, 2010Kai Hwang, USC21Data Coloring via Watermarking Data Coloring via Watermarking Nov.8, 2010Kai Hwang, USC22Color Matching Color Matching To Authenticate Data To Authenticate Data Owners and Cloud Service ProvidersOwners and Cloud Service Provider

23、sNov.8, 2010Kai Hwang, USC23The Internet of Things InternetCloudsInternet of Things (IOT)The InternetSmart EarthSmart Earth: An IBM DreamNov.8, 2010Kai Hwang, USC24Opportunities of IOT in 3 DimensionsNov.8, 2010Kai Hwang, USC25 Architecture of The Internet of Things Merchandise TrackingEnvironment P

24、rotectionIntelligent SearchTele-medicineIntelligent TrafficCloud Computing PlatformSmart HomeMobile Telecom NetworkThe InternetInformationNetwork RFID RFID LabelSensor NetworkSensor NodesGPS Road MapperSensing LayerNetwork LayerApplication LayerNov.8, 2010Kai Hwang, USC26Supply Chain Management supp

25、orted by the Internet of Things. ( http:/)Nov.8, 2010Kai Hwang, USC27Smart Power GridNov.8, 2010Kai Hwang, USC28Mobility Support and Security Measures for Mobile Cloud ComputingCloud Service ModelsMobility Support and Data Protection MethodsHardware and Software Measures for Cloud Security Infrastru

26、cture Cloud (The IaaS Model) Special air interfaces Mobile API design File/Log access control Data coloring Hardware/software root of trust, Provisioning of virtual machines, Software watermarking Host-based firewalls and IDSPlatform Cloud (The PaaSModel) Wireless PKI , User authentication, Copyrigh

27、t protection Disaster recovery Network-based firewalls and IDS Trust overlay network Reputation system OS patch managementNov.8, 2010Kai Hwang, USC29Service-Oriented Cloud of Clouds (Intercloud or Mashup)Cloud of clouds - from Raw Data to Wisdom. SS = Sensor service, fs = filter servicesNov.8, 2010K

28、ai Hwang, USC30Conclusions: Computing clouds are changing the whole IT , service industry, and global Computing clouds are changing the whole IT , service industry, and global economy. Clearly, cloud computing demands ubiquity, efficiency, security, economy. Clearly, cloud computing demands ubiquity

29、, efficiency, security, and trustworthiness.and trustworthiness. Cloud computing has become a common practice in business, government, education, and entertainment leveraging 50 millions of servers globallyglobally installed at thousands of datacenters today. nPrivate clouds will become widespread in addition to using a few public clouds, that are under heavy competition among Google, MS, Amazon, Intel, EMC, IBM, SGI, VMWare, S, etc.nEffective trust management, guaranteed security, user privacy, data integrity, mobility