ACM SAC 2011 Tutorial Proposal: Cloud Computing Security: From Fundamentals to Advanced Access Control
Presenters:
Dongwan Shin, Ph.D. Associate Professor Department of Computer Science and Engineering New Mexico Tech 801 Leroy Place Socorro, NM, USA 87801 doshin@nmt.edu 575-835-6459 (voice) 575-835-5587 (fax)
William Claycomb, Ph.D. Member of Technical Staff Sandia National Laboratories MS 0823, PO Box 5800 Albuquerque, NM, USA wrclayc@sandia.gov 505-284-9949 (voice) 575-284-5619 (fax)
Title: Cloud Computing Security: From Fundamentals to Advanced Access Control
Duration: Half-day (3 hours)
Abstract: Cloud computing is a paradigm rapidly being embraced as a solution for cost-savings, scalability, and collaboration. While a multitude of applications and services are available commercially for cloud-based solutions, research in this area has yet to fully embrace the full spectrum of potential challenges facing cloud computing. This tutorial aims to provide researchers with a fundamental understanding of cloud computing security, with the goals of identifying a broad range of potential research topics, and inspiring a new surge in research to address current issues. We will also discuss real implementations of research-oriented cloud computing systems, including configuration options, hardware issues, challenges, and solutions.
Motivation: Cloud computing is one of the fastest growing paradigms in applied computing. Both researchers and practitioners have a keen interest in securing cloud systems from attacks and unauthorized use. Unfortunately, cloud computing systems are quite complex, with components related to virtualization, data storage, load balancing, and administration. Each component exposes risks that could be exploited by potential attackers. A review of these fundamental risks, coupled with implementation examples, and followed by a discussion of more advanced topics such as forensics and access control will be a great benefit to those interested in learning more about cloud computing security, as well as those already researching the topic.
Target Audience: We target a broad audience, from researchers to practitioners, from academia, industry, and government. We have tailored the presentation to be of interest to those with little understanding of cloud security, as well as to those who are already researching cloud security topics.
Outline:
Section 1: Fundamentals of cloud and cloud security. (Duration: 1 hr)
Summary: Fundamentals will begin with a basic overview of cloud computing architecture and service models. Next, we will discuss current cloud computing service providers, and discuss similarities and differences among them. To compliment the academic and industrial topics, we will then discuss governmental approaches to cloud computing, such as the U.S. Government’s FedRAMP program. Finally, we will give a detailed analysis of the top threats to cloud computing, which frames the security focus of the remainder of the tutorial.
Subtopics:
o Architectures and service models
o Service providers
o Government efforts in cloud computing
o Threats to cloud computing
Relevant literature:
Cloud Security Alliance, “Top Threats to Cloud Computing V1.0”, http://www.cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf, March 2010.
“Federal Risk and Authorization Management Program (FedRAMP)” http://www.cio.gov/pages.cfm/page/Federal-Risk-and-Authorization-Management-Program-FedRAMP
Section 2: Implementation details (Duration: 45 min)
Summary: This section will contain an actual cloud computing implementation, focusing specifically on configuration features specific to security-related concerns. Additional discussion will center on architectural differences between cloud systems implemented for different purposes. Finally, we will discuss successes and failures involved in creating a cloud system for research purposes, based on actual results from implementations at the Secure Computing Lab at New Mexico Tech, the Institute for Cyber Security at UT San Antonio, and U.S. National Laboratories.
Subtopics:
o Building a cloud system for research purposes
o Implementation challenges
o Successes and failures
Section 3: Advanced Security (Duration: 45 min)
Summary: This section builds on the foundations of the previous sections to describe advanced security topics, such as forensics and access control. Forensics is a challenging issue for cloud systems, given the exhaustive use of computing resources and distributed architecture. Access control is another key aspect, as cloud systems often host a variety of different applications for users across political as well as geographic boundaries. We conclude with a brief discussion of security issues facing cloud computing today, as well as potential security research topics for the future.
Subtopics:
o Forensics
o Injecting RBAC to IaaS
o Pressing issues facing cloud security today
Relevant literature:
Dan Lin and Anna Squicciarini, “Data Protection Models for Service Provisioning in the Cloud”, ACM SACMAT, 2010.
Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage. “Hey, You, Get Off of My Cloud!”, ACM CCS, 2009
Expected background:
The audience should have a basic understand of the concepts of cloud computing. Based on the audience experience at the actual event, we can tailor the subject matter as necessary. However, we don’t want to exclude anyone simply because they haven’t previously studied cloud computing security. Experienced researchers can not only enhance the first two sessions, but will also benefit from the material presented in the third session, and may find opportunities for future collaboration.
Biographical sketch:
Dongwan Shin, Ph.D. Associate Professor Department of Computer Science and Engineering New Mexico Tech 801 Leroy Place Socorro, NM, USA 87801 doshin@nmt.edu
Dr. Dongwan Shin is an Associate Professor in the Computer Science and Engineering Department at New Mexico Tech. He is the founder of the Secure Computing Lab, and has over 40 publications in journals and conference proceedings. His research interests are access control, digital identity and privacy management, wireless sensor and mobile computing, and distributed and cloud computing. He received his Ph.D. from the University of North Carolina at Charlotte in 2004.
William Claycomb, Ph.D. Member of Technical Staff Sandia National Laboratories MS 0823, PO Box 5800 Albuquerque, NM, USA wrclayc@sandia.gov
Dr. William Claycomb is a Member of Technical Staff at Sandia National Laboratories. His primary research interests are malware analysis and detection, distributed and cloud computing, information security, and mobile and wireless computing. Dr. Claycomb has been at Sandia since 2003, and received his Ph.D. from New Mexico Tech in 2009.
Relevant Experience:
Dr. Shin has taught both undergraduate and graduate courses in access control and cloud computing.
Additionally, Dr. Shin and Dr. Claycomb have co-chaired IEEE workshops on cloud computing applications (CloudApp 2010) and trusted collaboration (TrustCol 2009-2010). They are presenting a tutorial on cloud computing security at the ACM Conference on Computer and Communications Security (ACM CCS) in October, 2010.
Publications:
Dongwan Shin and Hakan Akkan. "Domain-based Virtualized Resource Management in Cloud Computing.” TrustCol 2010, October 2010.
Victor Echeverria, Lorie M. Liebrock, and Dongwan Shin. "Permission Management System: Permission as a Service in Cloud Computing," CloudApp 2010, Seoul, South Korea, July, 2010.
http://www.acm.org/conferences/sac/sac2011/T5.pdf
12:04 PM
FutureMan
