| Description |
1 online resource (xxvi, 212 pages) : illustrations |
| Series |
The expert's voice in Internet security |
| Contents |
Ch. 1 Cloud Computing Basics -- Defining the Cloud -- The Cloud's Essential Characteristics -- The Cloud Service Models -- The Cloud Deployment Models -- The Cloud Value Proposition -- Historical Context -- Traditional Three-Tier Architecture -- Software Evolution: From Stovepipes to Service Networks -- The Cloud as the New Way of Doing IT -- Security as a Service -- New Enterprise Security Boundaries -- A Roadmap for Security in the Cloud -- Summary -- ch. 2 The Trusted Cloud: Addressing Security and Compliance -- Security Considerations for the Cloud -- Cloud Security, Trust, and Assurance -- Trends Affecting Data Center Security -- Security and Compliance Challenges -- Trusted Clouds -- Trusted Computing Infrastructure -- Trusted Cloud Usage Models -- The Boot Integrity Usage Model -- The Trusted Virtual Machine Launch Usage Model -- The Data Protection Usage Model -- The Run-time Integrity and Attestation Usage Model -- Trusted Cloud Value Proposition for Cloud Tenants -- The Advantages of Cloud Services on a Trusted Computing Chain -- Summary -- ch. 3 Platform Boot Integrity: Foundation for Trusted Compute Pools -- The Building blocks for Trusted Clouds -- Platform Boot Integrity -- Roots of Trust -- RTM, RTR, and RTS in the Intel TXT Platform -- Measured Boot Process -- Attestation -- Trusted Compute Pools -- TCP Principles of Operation -- Pool Creation -- Workload Placement -- Workload Migration -- Compliance Reporting for a Workload/Cloud Service -- Solution Reference Architecture for the TCP -- Hardware Layer -- Operating System / Hypervisor Layer -- Virtualization/Cloud Management and Verification/Attestation Layer -- Security Management Layer -- Reference Implementation: The Taiwan Stock Exchange Case Study -- Solution Architecture for TWSE -- Trusted Compute Pool Use Case Instantiation -- Remote Attestation with HyTrust -- Use Case Example: Creating Trusted Compute Pools and Workload Migration -- Integrated and Extended Security and Platform Trust with McAfee ePO -- Summary -- ch. 4 Attestation: Proving Trustability -- Attestation -- Integrity Measurement Architecture -- Policy Reduced Integrity Measurement Architecture -- Semantic Remote Attestation -- The Attestation Process -- Remote Attestation Protocol -- Flow for Integrity Measurement -- A First Commercial Attestation Implementation: The Intel Trust Attestation Platform -- Mt. Wilson Platform -- Mt. Wilson Architecture -- The Mt. Wilson Attestation Process -- Security of Mt. Wilson -- Mt. Wilson Trust, Whitelisting, and Management APIs -- Mt. Wilson APIs -- The API Request Specification -- API Response -- Mt. Wilson API Usage -- Deploying Mt. Wilson -- Mt. Wilson Programming Examples -- Summary -- ch. 5 Boundary Control in the Cloud: Geo-Tagging and Asset Tagging -- Geolocation -- Geo-fencing -- Asset Tagging -- Trusted Compute Pools Usage with Geo-Tagging -- Stage 1 Platform Attestation and Safe Hypervisor Launch -- Stage 2 Trust-Based Secure Migration -- Stage 3 Trust- and Geolocation-Based Secure Migration -- Adding Geo-Tagging to the Trusted Compute Pools Solution -- Hardware Layer (Servers) -- Hypervisor and Operating System Layer -- Virtualization, Cloud Management, and the Verification and Attestation Layer -- Security Management Layer -- Provisioning and Lifecycle Management for Geo-Tags -- Geo-Tag Workflow and Lifecycle -- Tag Creation -- Tag Whitelisting -- Tag Provisioning -- Validation and Invalidation of Asset Tags and Geo-Tags -- Attestation of Geo-Tags -- Architecture for Geo-Tag Provisioning -- Tag Provisioning Service -- Tag Provisioning Agent -- Tag Management Service and Management Tool -- Attestation Service -- Geo-Tag Provisioning Process -- Push Model -- Pull Model -- Reference Implementation -- Step 1 -- Step 2 -- Step 3 -- Step 4 -- Summary -- ch. 6 Network Security in the Cloud -- The Cloud Network -- Network Security Components -- Load Balancers -- Intrusion Detection Devices -- Application Delivery Controllers -- End-to-End Security in a Cloud -- Network security: End-to-End security: Firewalls -- Network security: End-to-End security: VLANs -- End-to-End Security for Site-to-Site VPNs -- Network security:End-to-End security: Hypervisors and Virtual Machines -- Software-Defined Security in the Cloud -- OpenStack -- OpenStack Network Security -- Network Security Capabilities and Examples -- Summary -- ch. 7 Identity Management and Control for Clouds -- Identity Challenges -- Identity Usages -- Identity Modification -- Identity Revocation -- Identity Management System Requirements -- Basic User Control Properties -- Key Requirements for an Identity Management Solution -- Accountability -- Notification -- Anonymity -- Data Minimization -- Attribute Security -- Attribute Privacy -- Identity Representations and Case Studies -- PKI Certificates -- Security and Privacy Discussion -- Identity Federation -- Single Sign-On -- Intel Identity Technologies -- Hardware Support -- Summary -- ch. 8 Trusted Virtual Machines: Ensuring the Integrity of Virtual Machines in the Cloud -- Requirements for Trusted Virtual Machines -- Virtual Machine Images -- The Open Virtualization Format (OVF) -- A Conceptual Architecture for Trusted Virtual Machines -- Mystery Hill (MH) Client -- Mystery Hill Key Management and Policy Server (KMS) -- Mystery Hill Plug-in -- Trust Attestation Server -- Workflows for Trusted Virtual Machines -- Deploying Trusted Virtual Machines with OpenStack -- Summary -- ch. 9 A Reference Design for Secure Cloud Bursting -- Cloud Bursting Usage Models -- An Explanation of Cloud Bursting -- Data Center Deployment Models -- Trusted Hybrid Clouds -- Cloud Bursting Reference Architecture -- Secure Environment Built Around Best Practices -- Cloud Management -- Cloud Identity and Access Management -- Separation of Cloud Resources, Traffic, and Data -- Vulnerability and Patch Management -- Compliance -- Network Topology and Considerations -- Security Design Considerations -- Hypervisor Hardening -- Firewalls and Network separation -- Management Network Firewalling -- Virtual Networking -- Anti-Virus Software -- Cloud Management Security -- Practical Considerations for Virtual Machine Migration -- Summary |
| Summary |
The goal of the book is to gather together all the relevant security technologies for servers and clients and show through case studies (from the Intel Cloud Builder efforts) how the technologies can work together to provide a strong end-to-end Cloud Security Infrastructure. This book provides a comprehensive look at the various facets of Cloud Security; infrastructure, network, services, Compliance and users. It will provide real world case studies to articulate the real and perceived risks and challenges in deploying and managing services in a cloud infrastructure from a Security perspective |
| Analysis |
computerwetenschappen |
|
computer sciences |
|
gegevensbeheer |
|
data management |
|
Information and Communication Technology (General) |
|
Informatie- en communicatietechnologie (algemeen) |
| Bibliography |
Includes bibliographical references and index |
| Notes |
English |
|
Online resource; title from PDF title page (SpringerLink, viewed March 31, 2014) |
| In |
Springer eBooks |
| Subject |
Cloud computing -- Security measures
|
|
Data encryption (Computer science)
|
|
Computer science.
|
|
Data encryption (Computer science)
|
| Form |
Electronic book
|
| Author |
Castro-Leon, Enrique, author
|
| ISBN |
9781430261469 |
|
1430261463 |
|
1430261455 |
|
9781430261452 |
|
