BuildingtheInfrastructureforCloudSecurity资源-CSDN文库

需积分: 10 177 浏览量 2017-01-15 18:16:09 上传评论收藏 8.37MB PDF 举报

资源推荐

资源详情

资源评论

Shelve in

Networking/Security

User level:

Intermediate–Advanced

BOOKS FOR PROFESSIONALS BY PROFESSIONALS

Building the Infrastructure

for Cloud Security

For cloud users and providers alike, security is an everyday concern, yet

there are very few books covering cloud security as a main subject. This

book will help address this information gap from an Information Technology

solution and usage-centric view of cloud infrastructure security. The book

highlights the fundamental technology components necessary to build

and enable trusted clouds. Here also is an explanation of the security and

compliance challenges organizations face as they migrate mission-critical

applications to the cloud, and how trusted clouds, that have their integrity

rooted in hardware, can address these challenges.

This book provides:

• Use cases and solution reference architectures to enable infrastructure

integrity and the creation of trusted pools leveraging Intel Trusted

Execution Technology (TXT).

• Trusted geo-location management in the cloud, enabling workload and

data location compliance and boundary control usages in the cloud.

• OpenStack-based reference architecture of tenant-controlled virtual

machine and workload protection in the cloud.

• A reference design to enable secure hybrid clouds for a cloud bursting

use case, providing infrastructure visibility and control to organizations.

“A valuable guide to the next generation of cloud security and

hardware based root of trust. More than an explanation of the

what and how, is the explanation of why. And why you can’t

afford to ignore it!”

—Vince Lubsey, Vice President, Product Development, Virtustream Inc.

Yeluri

Castro-Leon

9781430 261452

53999

ISBN 978-1-4302-6145-2

Contents at a Glance

About the Authors �� xv

About the Technical Reviewers �� xvii

Acknowledgments �� xix

Foreword �� xxi

Introduction �� xxiii

Chapter 1: Cloud Computing Basics ■ �� 1

Chapter 2: The Trusted Cloud: Addressing Security ■

and Compliance �� 19

Chapter 3: Platform Boot Integrity: Foundation for Trusted ■

Compute Pools �� 37

Chapter 4: Attestation: Proving Trustability ■ �� 65

Chapter 5: Boundary Control in the Cloud: Geo-Tagging ■

and Asset Tagging �� 93

Chapter 6: Network Security in the Cloud ■ �� 123

Chapter 7: Identity Management and Control for Clouds ■ �� 141

Chapter 8: Trusted Virtual Machines: Ensuring the Integrity ■

of Virtual Machines in the Cloud �� 161

Chapter 9: A Reference Design for Secure Cloud Bursting ■ �� 179

Index �� 211

xxiii

Introduction

Security is an ever-present consideration for applications and data in the cloud. It is a

concern for executives trying to come up with criteria for migrating an application, for

marketing organizations in trying to position the company in a good light as enlightened

technology adopters, for application architects attempting to build a safe foundation and

operations sta making sure bad guys don’t have a eld day. It does not matter whether an

application is a candidate for migration to the cloud or it already runs using cloud-based

components. It does not even matter that an application has managed to run for years in

the cloud without a major breach: an unblemished record does not entitle an organization

to claim to be home free in matters of security; its executives are acutely aware that resting

on their laurels regardless of an unblemished record is an invitation to disaster; and

certainly past performance is no predictor for future gains.

Irrespective of whom you ask, security is arguably the biggest inhibitor for the

broader adoption of cloud computing. Many organizations will need to apply best

practices security standards that set a much higher bar than that for on-premise systems,

in order to dislodge that incumbent on-premise alternative. e migration or adoption of

cloud services then can provide an advantage, in that rms can design, from the ground

up, their new cloud-based infrastructures with security “baked-in;” this is in contrast to

the piecemeal and “after the fact” or “bolted-on” nature of security seen in most data

centers today. But even a baked-in approach has its nuances, as we shall see in Chapter 1.

Cloud service providers are hard at work building a secure infrastructure as the foundation

for enabling multi-tenancy and providing the instrumentation, visibility, and control that

organizations demand. ey are beginning to treat security as an integration concern to be

addressed as a service like performance, power consumption, and uptime. is provides

a exibility and granularity wherein solution architects design in as much security as

their particular situation demands: security for a nancial services industry (FSI) or an

enterprise resource planning (ERP) application will be dierent from security for a bunch

of product brochures, yet they both may use storage services from the same provider,

which demands a high level of integrity, condentiality, and protection.

Some practices—for instance, using resources in internal private clouds as opposed

to public, third-party hosted clouds—while conferring some tactical advantages do

not address fundamental security issues, such as perimeter walls made of virtual Swiss

cheese where data can pass through anytime. We would like to propose a dierent

approach: to anchor a security infrastructure in the silicon that runs the volume servers in

almost every data center. However, end users running mobile applications don’t see the

servers. What we’ll do is dene a logical chain of trust rooted in hardware, in a manner

not unlike a geometry system built out of a small set of axioms. We use the hardware

to ensure the integrity of the rmware: BIOS code running in the chipset and rmware

■ IntroduCtIon

xxiv

taking care of the server’s housekeeping functions. is provides a solid platform on

which to run software: the hypervisor environment and operating systems. Each software

component is “measured” initially and veried against a “known good” with the root

of trust anchored in the hardware trust chain, thereby providing a trusted platform to

launch applications.

We assume that readers are already familiar with cloud technology and are

interested in a deeper exploration of security aspects. We’ll cover some cloud technology

principles, primarily with the purpose of establishing a vocabulary from which to build a

discussion of security topics (oered here with no tutorial intent). Our goal is to discuss

the principles of cloud security, the challenges companies face as they move into the

cloud, and the infrastructure requirements to address security requirements. e content

is intended for a technical audience and provides architectural, design, and code samples

as needed to show how to provision and deploy trusted clouds. While documentation

for low-level technology components such as trusted platform modules and the

basics of secure boot is not dicult to nd from vendor specications, the contextual

perspective—a usage-centric approach describing how the dierent components are

integrated into trusted virtualized platforms—has been missing from the literature. is

book is a rst attempt at lling this gap through actual proof of concept implementations

and a few initial commercial implementations. e implementation of secure platforms is

an emerging and fast evolving issue. is is not a denitive treatment by a long measure,

and trying to compile one at this early juncture would be unrealistic. Timeliness is a

more pressing consideration, and the authors hope that this material will stimulate the

curiosity of the reader and encourage the community to replicate the results, leading to

new deployments and, in the process, advancing the state of the art.

ere are three key trends impacting security in the enterprise and cloud

data centers:

e evolution of IT architectures• . is is pertinent especially with

the adoption of virtualization and now cloud computing.

Multi-tenancy and consolidation are driving signicant

operational eciencies, enabling multiple lines of business

and tenants to share the infrastructure. is consolidation and

co-tenancy provide a new dimension and attack vector.

How do you ensure the same level of security and control

in an infrastructure that is not owned and operated by

you? Outsourcing, cross-business, and cross-supply chain

collaboration are breaking through the perimeter of traditional

security models. ese new models are blurring the distinction

between data “inside” an organization and that which exists

“outside” of those boundaries. e data itself is the new perimeter.

剩余239页未读，继续阅读

评论收藏

内容反馈

blue2014sky

粉丝: 1
资源: 17

Building the Infrastructure for Cloud Security

AW.Building.a.Future-Proof.Cloud.Infrastructure.013662409X.epub

Cloud Native Python_Packt Publishing(2017).pdf

Security Automation with Ansible 2

Exam Ref 70-535 Architecting Microsoft Azure Solutions

Learn Ansible - Fundamentals of Ansible 2.x 1st 2018 pdf

Amazon Web Services in Action(Manning,2015)

AWS.Administration.Guide.17821

OpenStack Networking Essentials

Building.VMware.Software-Defined.Data.Centers.epub

AWS.System.Administration

软件测试相关论文-英文原文82篇

Linux: Powerful Server Administration

雷蛇PUBG鼠标宏-雷蛇鼠标驱动

Synaptics病毒专杀工具

WishRecy数据恢复软件

软件测试实战项目(Web项目)

双闭环直流调速系统仿真

Windows 10系统连接共享打印机报错0x00000709、0x0000007c、0x0000011b.zip

VMware Workstation Pro 安装包

DLL文件修复软件（强力修复）Repair.exe

windows update 病毒

最新资源