Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Title
Copyright
About ApressOpen
Dedication
Contents at a Glance
Contents
About the Authors
About the Technical Reviewers
Acknowledgments
Foreword
Introduction
Chapter 1: Cloud Computing Basics
Defining the Cloud
The Cloud’s Essential Characteristics
The Cloud Service Models
The Cloud Deployment Models
The Cloud Value Proposition
Historical Context
Traditional Three-Tier Architecture
Software Evolution: From Stovepipes to Service Networks
The Cloud as the New Way of Doing IT
Security as a Service
New Enterprise Security Boundaries
A Roadmap for Security in the Cloud
Summary
Chapter 2: The Trusted Cloud: Addressing Security and Compliance
Security Considerations for the Cloud
Cloud Security, Trust, and Assurance
Trends Affecting Data Center Security
Security and Compliance Challenges
Trusted Clouds
Trusted Computing Infrastructure
Trusted Cloud Usage Models
The Boot Integrity Usage Model
The Trusted Virtual Machine Launch Usage Model
The Data Protection Usage Model
The Run-time Integrity and Attestation Usage Model
Trusted Cloud Value Proposition for Cloud Tenants
The Advantages of Cloud Services on a Trusted Computing Chain
Summary
Chapter 3: Platform Boot Integrity: Foundation for Trusted Compute Pools
The Building blocks for Trusted Clouds
Platform Boot Integrity
Roots of Trust–RTM, RTR, and RTS in the Intel TXT Platform
Measured Boot Process
Attestation
Trusted Compute Pools
TCP Principles of Operation
Pool Creation
Workload Placement
Workload Migration
Compliance Reporting for a Workload/Cloud Service
Solution Reference Architecture for the TCP
Hardware Layer
Operating System / Hypervisor Layer
Virtualization/Cloud Management and Verification/Attestation Layer
Security Management Layer
Reference Implementation: The Taiwan Stock Exchange Case Study
Solution Architecture for TWSE
Trusted Compute Pool Use Case Instantiation
Remote Attestation with HyTrust
Use Case Example: Creating Trusted Compute Pools and Workload Migration
Integrated and Extended Security and Platform Trust with McAfee ePO
Summary
Chapter 4: Attestation: Proving Trustability
Attestation
Integrity Measurement Architecture
Policy Reduced Integrity Measurement Architecture
Semantic Remote Attestation
The Attestation Process
Remote Attestation Protocol
Flow for Integrity Measurement
A First Commercial Attestation Implementation: The Intel Trust Attestation Platform
Mt. Wilson Platform
Mt. Wilson Architecture
The Mt. Wilson Attestation Process
Security of Mt. Wilson
Mt. Wilson Trust, Whitelisting, and Management APIs
Mt. Wilson APIs
The API Request Specification
API Response
Mt. Wilson API Usage
Deploying Mt. Wilson
Mt. Wilson Programming Examples
Summary
Chapter 5: Boundary Control in the Cloud: Geo-Tagging and Asset Tagging
Geolocation
Geo-fencing
Asset Tagging
Trusted Compute Pools Usage with Geo-Tagging
Stage 1: Platform Attestation and Safe Hypervisor Launch
Stage 2: Trust-Based Secure Migration
Stage 3: Trust- and Geolocation-Based Secure Migration
Adding Geo-Tagging to the Trusted Compute Pools Solution
Hardware Layer (Servers)
Hypervisor and Operating System Layer
Virtualization, Cloud Management, and the Verification and Attestation Layer
Security Management Layer
Provisioning and Lifecycle Management for Geo-Tags
Geo-Tag Workflow and Lifecycle
Tag Creation
Tag Whitelisting
Tag Provisioning
Validation and Invalidation of Asset Tags and Geo-Tags
Attestation of Geo-Tags
Architecture for Geo-Tag Provisioning
Tag Provisioning Service
Tag Provisioning Agent
Tag Management Service and Management Tool
Attestation Service
Geo-Tag Provisioning Process
Push Model
Pull Model
Reference Implementation
Step 1
Step 2
Step 3
Step 4
Summary
Chapter 6: Network Security in the Cloud
The Cloud Network
Network Security Components
Load Balancers
Intrusion Detection Devices
Application Delivery Controllers
End-to-End Security in a Cloud
Network security: End-to-End security: Firewalls
Network security: End-to-End security: VLANs
End-to-End Security for Site-to-Site VPNs
Network security:End-to-End security: Hypervisors and Virtual Machines
Software-Defined Security in the Cloud
OpenStack
OpenStack Network Security
Network Security Capabilities and Examples
Summary
Chapter 7: Identity Management and Control for Clouds
Identity Challenges
Identity Usages
Identity Modification
Identity Revocation
Identity Management System Requirements
Basic User Control Properties
Key Requirements for an Identity Management Solution
Accountability
Notification
Anonymity
Data Minimization
Attribute Security
Attribute Privacy
Identity Representations and Case Studies
PKI Certificates
Security and Privacy Discussion
Identity Federation
Single Sign-On
Intel Identity Technologies
Hardware Support
Summary
Chapter 8: Trusted Virtual Machines: Ensuring the Integrity of Virtual Machines in the Cloud
Requirements for Trusted Virtual Machines
Virtual Machine Images
The Open Virtualization Format (OVF)
A Conceptual Architecture for Trusted Virtual Machines
Mystery Hill (MH) Client
Mystery Hill Key Management and Policy Server (KMS)
Mystery Hill Plug-in
Trust Attestation Server
Workflows for Trusted Virtual Machines
Deploying Trusted Virtual Machines with OpenStack
Summary
Chapter 9: A Reference Design for Secure Cloud Bursting
Cloud Bursting Usage Models
An Explanation of Cloud Bursting
Data Center Deployment Models
Trusted Hybrid Clouds
Cloud Bursting Reference Architecture
Secure Environment Built Around Best Practices
Cloud Management
Cloud Identity and Access Management
Separation of Cloud Resources, Traffic, and Data
Vulnerability and Patch Management
Compliance
Network Topology and Considerations
Security Design Considerations
Hypervisor Hardening
Firewalls and Network separation
Management Network Firewalling
Virtual Networking
Anti-Virus Software
Cloud Management Security
Practical Considerations for Virtual Machine Migration
Summary
Index
← Prev
Back
Next →
← Prev
Back
Next →