Cover Image

Building the Infrastructure for Cloud Security : A Solutions View.

Bibliographic Details
Main Author: Yeluri, Raghuram.
Other Authors: Castro-Leon, Enrique.
Format: eBook
Language:English
Published: Berkeley, CA : Apress L. P., 2014.
Edition:1st ed.
Subjects:
Electronic books.
Online Access:Click to View
Table of Contents:
  • Intro
  • Contents at a Glance
  • Contents
  • About the Authors
  • About the Technical Reviewers
  • Acknowledgments
  • Foreword
  • Introduction
  • Chapter 1: Cloud Computing Basics
  • Defining the Cloud
  • The Cloud's Essential Characteristics
  • The Cloud Service Models
  • The Cloud Deployment Models
  • The Cloud Value Proposition
  • Historical Context
  • Traditional Three-Tier Architecture
  • Software Evolution: From Stovepipes to Service Networks
  • The Cloud as the New Way of Doing IT
  • Security as a Service
  • New Enterprise Security Boundaries
  • A Roadmap for Security in the Cloud
  • Summary
  • Chapter 2: The Trusted Cloud: Addressing Security and Compliance
  • Security Considerations for the Cloud
  • Cloud Security, Trust, and Assurance
  • Trends Affecting Data Center Security
  • Security and Compliance Challenges
  • Trusted Clouds
  • Trusted Computing Infrastructure
  • Trusted Cloud Usage Models
  • The Boot Integrity Usage Model
  • Understanding the Value of Platform Boot Integrity
  • The Trusted Virtual Machine Launch Usage Model
  • The Data Protection Usage Model
  • The Run-time Integrity and Attestation Usage Model
  • Trusted Cloud Value Proposition for Cloud Tenants
  • The Advantages of Cloud Services on a Trusted Computing Chain
  • Summary
  • Chapter 3: Platform Boot Integrity: Foundation for Trusted Compute Pools
  • The Building blocks for Trusted Clouds
  • Platform Boot Integrity
  • Roots of Trust -RTM, RTR, and RTS in the Intel TXT Platform
  • Measured Boot Process
  • Attestation
  • Trusted Compute Pools
  • TCP Principles of Operation
  • Pool Creation
  • Workload Placement
  • Workload Migration
  • Compliance Reporting for a Workload/Cloud Service
  • Solution Reference Architecture for the TCP
  • Hardware Layer
  • Operating System / Hypervisor Layer
  • Virtualization/Cloud Management and Verification/Attestation Layer.
  • Security Management Layer
  • VM/Workload Policy Management
  • GRC Tools-Compliance in the Cloud
  • Reference Implementation: The Taiwan Stock Exchange Case Study
  • Solution Architecture for TWSE
  • Trusted Compute Pool Use Case Instantiation
  • Remote Attestation with HyTrust
  • Use Case Example: Creating Trusted Compute Pools and Workload Migration
  • Integrated and Extended Security and Platform Trust with McAfee ePO
  • Summary
  • Chapter 4: Attestation: Proving Trustability
  • Attestation
  • Integrity Measurement Architecture
  • Policy Reduced Integrity Measurement Architecture
  • Semantic Remote Attestation
  • The Attestation Process
  • Remote Attestation Protocol
  • Flow for Integrity Measurement
  • A First Commercial Attestation Implementation: The Intel Trust Attestation Platform
  • Mt. Wilson Platform
  • Mt. Wilson Architecture
  • The Mt. Wilson Attestation Process
  • Attestation Identity Key Provisioning
  • Host Registration and Attestation Identity Key Certificate Provisioning
  • Requesting Platform Trust
  • Security of Mt. Wilson
  • Mt. Wilson Trust, Whitelisting, and Management APIs
  • Mt. Wilson APIs
  • The API Request Specification
  • API Response
  • Mt. Wilson API Usage
  • Deploying Mt. Wilson
  • Mt. Wilson Programming Examples
  • API Client Registration Process
  • Whitelisting and Host Registration
  • Verify Trust: Trust Attestation
  • Summary
  • Chapter 5: Boundary Control in the Cloud: Geo-Tagging and Asset Tagging
  • Geolocation
  • Geo-fencing
  • Asset Tagging
  • Trusted Compute Pools Usage with Geo-Tagging
  • Stage 1: Platform Attestation and Safe Hypervisor Launch
  • Stage 2: Trust-Based Secure Migration
  • Stage 3: Trust- and Geolocation-Based Secure Migration
  • Adding Geo-Tagging to the Trusted Compute Pools Solution
  • Hardware Layer (Servers)
  • Hypervisor and Operating System Layer.
  • Virtualization, Cloud Management, and the Verification and Attestation Layer
  • Security Management Layer
  • Provisioning and Lifecycle Management for Geo-Tags
  • Geo-Tag Workflow and Lifecycle
  • Tag Creation
  • Tag Whitelisting
  • Tag Provisioning
  • Tag selection
  • Tag deployment
  • Validation and Invalidation of Asset Tags and Geo-Tags
  • Attestation of Geo-Tags
  • Architecture for Geo-Tag Provisioning
  • Tag Provisioning Service
  • Tag Provisioning Agent
  • Tag Management Service and Management Tool
  • Attestation Service
  • Geo-Tag Provisioning Process
  • Push Model
  • Pull Model
  • Reference Implementation
  • Step 1
  • Step 2
  • Step 3
  • Step 4
  • Summary
  • Chapter 6: Network Security in the Cloud
  • The Cloud Network
  • Network Security Components
  • Load Balancers
  • Intrusion Detection Devices
  • Application Delivery Controllers
  • End-to-End Security in a Cloud
  • Network security: End-to-End security: Firewalls
  • Network security: End-to-End security: VLANs
  • End-to-End Security for Site-to-Site VPN s
  • Network security:End-to-End security: Hypervisors and Virtual Machines
  • Hypervisor Security
  • Virtual Machine Guest Security
  • Software-Defined Security in the Cloud
  • OpenStack
  • OpenStack Network Security
  • Network Security Capabilities and Examples
  • Summary
  • Chapter 7: Identity Management and Control for Clouds
  • Identity Challenges
  • Identity Usages
  • Identity Modification
  • Identity Revocation
  • Identity Management System Requirements
  • Basic User Control Properties
  • Key Requirements for an Identity Management Solution
  • Accountability
  • Notification
  • Anonymity
  • Data Minimization
  • Attribute Security
  • Attribute Privacy
  • Identity Representations and Case Studies
  • PKI Certificates
  • Security and Privacy Discussion
  • Limitations
  • Identity Federation
  • Single Sign-On.
  • Intel Identity Technologies
  • Hardware Support
  • Virtualization Technology (VT)
  • Intel Identity Protection Technology (IPT)
  • Intel Security Engine
  • Cloud Identity Solutions
  • Summary
  • Chapter 8: Trusted Virtual Machines: Ensuring the Integrity of Virtual Machines in the Cloud
  • Requirements for Trusted Virtual Machines
  • Virtual Machine Images
  • The Open Virtualization Format (OVF)
  • A Conceptual Architecture for Trusted Virtual Machines
  • Mystery Hill (MH) Client
  • Mystery Hill Key Management and Policy Server (KMS)
  • Mystery Hill Plug-in
  • Trust Attestation Server
  • Workflows for Trusted Virtual Machines
  • Deploying Trusted Virtual Machines with OpenStack
  • Summary
  • Chapter 9: A Reference Design for Secure Cloud Bursting
  • Cloud Bursting Usage Models
  • An Explanation of Cloud Bursting
  • Architectural Considerations for Cloud Bursting
  • Data Center Deployment Models
  • Trusted Hybrid Clouds
  • Cloud Bursting Reference Architecture
  • Secure Environment Built Around Best Practices
  • Cloud Management
  • Cloud Identity and Access Management
  • Separation of Cloud Resources, Traffic, and Data
  • Vulnerability and Patch Management
  • Compliance
  • Network Topology and Considerations
  • Security Design Considerations
  • Hypervisor Hardening
  • Firewalls and Network separation
  • Management Network Firewalling
  • Virtual Networking
  • Anti-Virus Software
  • Cloud Management Security
  • Security Controls
  • Governance, Risk, and Compliance (GRC)
  • Practical Considerations for Virtual Machine Migration
  • Summary
  • Index.

Similar Items