Cover Image

Building the Infrastructure for Cloud Security : A Solutions View.

Bibliographic Details
Main Author: Yeluri, Raghuram.
Other Authors: Castro-Leon, Enrique.
Format: eBook
Language:English
Published: Berkeley, CA : Apress L. P., 2014.
Edition:1st ed.
Subjects:
Electronic books.
Online Access:Click to View
LEADER 08695nam a22004213i 4500
001 EBC6422525
003 MiAaPQ
005 20231204023215.0
006 m o d |
007 cr cnu||||||||
008 231204s2014 xx o ||||0 eng d
020 |a 9781430261469  |q (electronic bk.) 
020 |z 9781430261452 
035 |a (MiAaPQ)EBC6422525 
035 |a (Au-PeEL)EBL6422525 
035 |a (OCoLC)876598475 
040 |a MiAaPQ  |b eng  |e rda  |e pn  |c MiAaPQ  |d MiAaPQ 
050 4 |a QA75.5-76.95 
100 1 |a Yeluri, Raghuram. 
245 1 0 |a Building the Infrastructure for Cloud Security :  |b A Solutions View. 
250 |a 1st ed. 
264 1 |a Berkeley, CA :  |b Apress L. P.,  |c 2014. 
264 4 |c Ã2014. 
300 |a 1 online resource (240 pages) 
336 |a text  |b txt  |2 rdacontent 
337 |a computer  |b c  |2 rdamedia 
338 |a online resource  |b cr  |2 rdacarrier 
505 0 |a Intro -- Contents at a Glance -- Contents -- About the Authors -- About the Technical Reviewers -- Acknowledgments -- Foreword -- Introduction -- Chapter 1: Cloud Computing Basics -- Defining the Cloud -- The Cloud's Essential Characteristics -- The Cloud Service Models -- The Cloud Deployment Models -- The Cloud Value Proposition -- Historical Context -- Traditional Three-Tier Architecture -- Software Evolution: From Stovepipes to Service Networks -- The Cloud as the New Way of Doing IT -- Security as a Service -- New Enterprise Security Boundaries -- A Roadmap for Security in the Cloud -- Summary -- Chapter 2: The Trusted Cloud: Addressing Security and Compliance -- Security Considerations for the Cloud -- Cloud Security, Trust, and Assurance -- Trends Affecting Data Center Security -- Security and Compliance Challenges -- Trusted Clouds -- Trusted Computing Infrastructure -- Trusted Cloud Usage Models -- The Boot Integrity Usage Model -- Understanding the Value of Platform Boot Integrity -- The Trusted Virtual Machine Launch Usage Model -- The Data Protection Usage Model -- The Run-time Integrity and Attestation Usage Model -- Trusted Cloud Value Proposition for Cloud Tenants -- The Advantages of Cloud Services on a Trusted Computing Chain -- Summary -- Chapter 3: Platform Boot Integrity: Foundation for Trusted Compute Pools -- The Building blocks for Trusted Clouds -- Platform Boot Integrity -- Roots of Trust -RTM, RTR, and RTS in the Intel TXT Platform -- Measured Boot Process -- Attestation -- Trusted Compute Pools -- TCP Principles of Operation -- Pool Creation -- Workload Placement -- Workload Migration -- Compliance Reporting for a Workload/Cloud Service -- Solution Reference Architecture for the TCP -- Hardware Layer -- Operating System / Hypervisor Layer -- Virtualization/Cloud Management and Verification/Attestation Layer. 
505 8 |a Security Management Layer -- VM/Workload Policy Management -- GRC Tools-Compliance in the Cloud -- Reference Implementation: The Taiwan Stock Exchange Case Study -- Solution Architecture for TWSE -- Trusted Compute Pool Use Case Instantiation -- Remote Attestation with HyTrust -- Use Case Example: Creating Trusted Compute Pools and Workload Migration -- Integrated and Extended Security and Platform Trust with McAfee ePO -- Summary -- Chapter 4: Attestation: Proving Trustability -- Attestation -- Integrity Measurement Architecture -- Policy Reduced Integrity Measurement Architecture -- Semantic Remote Attestation -- The Attestation Process -- Remote Attestation Protocol -- Flow for Integrity Measurement -- A First Commercial Attestation Implementation: The Intel Trust Attestation Platform -- Mt. Wilson Platform -- Mt. Wilson Architecture -- The Mt. Wilson Attestation Process -- Attestation Identity Key Provisioning -- Host Registration and Attestation Identity Key Certificate Provisioning -- Requesting Platform Trust -- Security of Mt. Wilson -- Mt. Wilson Trust, Whitelisting, and Management APIs -- Mt. Wilson APIs -- The API Request Specification -- API Response -- Mt. Wilson API Usage -- Deploying Mt. Wilson -- Mt. Wilson Programming Examples -- API Client Registration Process -- Whitelisting and Host Registration -- Verify Trust: Trust Attestation -- Summary -- Chapter 5: Boundary Control in the Cloud: Geo-Tagging and Asset Tagging -- Geolocation -- Geo-fencing -- Asset Tagging -- Trusted Compute Pools Usage with Geo-Tagging -- Stage 1: Platform Attestation and Safe Hypervisor Launch -- Stage 2: Trust-Based Secure Migration -- Stage 3: Trust- and Geolocation-Based Secure Migration -- Adding Geo-Tagging to the Trusted Compute Pools Solution -- Hardware Layer (Servers) -- Hypervisor and Operating System Layer. 
505 8 |a Virtualization, Cloud Management, and the Verification and Attestation Layer -- Security Management Layer -- Provisioning and Lifecycle Management for Geo-Tags -- Geo-Tag Workflow and Lifecycle -- Tag Creation -- Tag Whitelisting -- Tag Provisioning -- Tag selection -- Tag deployment -- Validation and Invalidation of Asset Tags and Geo-Tags -- Attestation of Geo-Tags -- Architecture for Geo-Tag Provisioning -- Tag Provisioning Service -- Tag Provisioning Agent -- Tag Management Service and Management Tool -- Attestation Service -- Geo-Tag Provisioning Process -- Push Model -- Pull Model -- Reference Implementation -- Step 1 -- Step 2 -- Step 3 -- Step 4 -- Summary -- Chapter 6: Network Security in the Cloud -- The Cloud Network -- Network Security Components -- Load Balancers -- Intrusion Detection Devices -- Application Delivery Controllers -- End-to-End Security in a Cloud -- Network security: End-to-End security: Firewalls -- Network security: End-to-End security: VLANs -- End-to-End Security for Site-to-Site VPN s -- Network security:End-to-End security: Hypervisors and Virtual Machines -- Hypervisor Security -- Virtual Machine Guest Security -- Software-Defined Security in the Cloud -- OpenStack -- OpenStack Network Security -- Network Security Capabilities and Examples -- Summary -- Chapter 7: Identity Management and Control for Clouds -- Identity Challenges -- Identity Usages -- Identity Modification -- Identity Revocation -- Identity Management System Requirements -- Basic User Control Properties -- Key Requirements for an Identity Management Solution -- Accountability -- Notification -- Anonymity -- Data Minimization -- Attribute Security -- Attribute Privacy -- Identity Representations and Case Studies -- PKI Certificates -- Security and Privacy Discussion -- Limitations -- Identity Federation -- Single Sign-On. 
505 8 |a Intel Identity Technologies -- Hardware Support -- Virtualization Technology (VT) -- Intel Identity Protection Technology (IPT) -- Intel Security Engine -- Cloud Identity Solutions -- Summary -- Chapter 8: Trusted Virtual Machines: Ensuring the Integrity of Virtual Machines in the Cloud -- Requirements for Trusted Virtual Machines -- Virtual Machine Images -- The Open Virtualization Format (OVF) -- A Conceptual Architecture for Trusted Virtual Machines -- Mystery Hill (MH) Client -- Mystery Hill Key Management and Policy Server (KMS) -- Mystery Hill Plug-in -- Trust Attestation Server -- Workflows for Trusted Virtual Machines -- Deploying Trusted Virtual Machines with OpenStack -- Summary -- Chapter 9: A Reference Design for Secure Cloud Bursting -- Cloud Bursting Usage Models -- An Explanation of Cloud Bursting -- Architectural Considerations for Cloud Bursting -- Data Center Deployment Models -- Trusted Hybrid Clouds -- Cloud Bursting Reference Architecture -- Secure Environment Built Around Best Practices -- Cloud Management -- Cloud Identity and Access Management -- Separation of Cloud Resources, Traffic, and Data -- Vulnerability and Patch Management -- Compliance -- Network Topology and Considerations -- Security Design Considerations -- Hypervisor Hardening -- Firewalls and Network separation -- Management Network Firewalling -- Virtual Networking -- Anti-Virus Software -- Cloud Management Security -- Security Controls -- Governance, Risk, and Compliance (GRC) -- Practical Considerations for Virtual Machine Migration -- Summary -- Index. 
588 |a Description based on publisher supplied metadata and other sources. 
590 |a Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2023. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries.  
655 4 |a Electronic books. 
700 1 |a Castro-Leon, Enrique. 
776 0 8 |i Print version:  |a Yeluri, Raghuram  |t Building the Infrastructure for Cloud Security  |d Berkeley, CA : Apress L. P.,c2014  |z 9781430261452 
797 2 |a ProQuest (Firm) 
856 4 0 |u https://ebookcentral.proquest.com/lib/matrademy/detail.action?docID=6422525  |z Click to View 

Similar Items