Menu
Home
Log in / Register
 
Home arrow Computer Science arrow Building the Infrastructure for Cloud Security
Next >
Building the Infrastructure for Cloud Security - Raghu Yeluri




Chapter 1 Cloud Computing BasicsDefining the CloudThe Cloud's Essential CharacteristicsThe Cloud Service ModelsThe Cloud Deployment ModelsThe Cloud Value PropositionHistorical ContextTraditional Three-Tier ArchitectureSoftware Evolution: From Stovepipes to Service NetworksThe Cloud as the New Way of Doing ITSecurity as a ServiceNew Enterprise Security BoundariesA Roadmap for Security in the CloudSummaryChapter 2 The Trusted Cloud: Addressing Security and ComplianceSecurity Considerations for the CloudCloud Security, Trust, and AssuranceTrends Affecting Data Center SecuritySecurity and Compliance ChallengesTrusted CloudsTrusted Computing InfrastructureTrusted Cloud Usage ModelsThe Boot Integrity Usage ModelUnderstanding the Value of Platform Boot IntegrityThe Trusted Virtual Machine Launch Usage ModelThe Data Protection Usage ModelThe Run-time Integrity and Attestation Usage ModelTrusted Cloud Value Proposition for Cloud TenantsThe Advantages of Cloud Services on a Trusted Computing ChainSummaryChapter 3 Platform Boot Integrity: Foundation for Trusted Compute PoolsThe Building blocks for Trusted CloudsPlatform Boot IntegrityRoots of Trust–RTM, RTR, and RTS in the Intel TXT PlatformMeasured Boot ProcessAttestationTrusted Compute PoolsTCP Principles of OperationPool CreationWorkload PlacementWorkload MigrationCompliance Reporting for a Workload/Cloud ServiceSolution Reference Architecture for the TCPHardware LayerOperating System / Hypervisor LayerVirtualization/Cloud Management and Verification/Attestation LayerSecurity Management LayerVM/Workload Policy ManagementGRC Tools—Compliance in the CloudReference Implementation: The Taiwan Stock Exchange Case StudySolution Architecture for TWSETrusted Compute Pool Use Case InstantiationRemote Attestation with HyTrustUse Case Example: Creating Trusted Compute Pools and Workload MigrationIntegrated and Extended Security and Platform Trust with McAfee ePOIntel TXT Principles of OperationSummaryChapter 4 Attestation: Proving TrustabilityAttestationIntegrity Measurement ArchitecturePolicy Reduced Integrity Measurement ArchitectureSemantic Remote AttestationThe Attestation ProcessRemote Attestation ProtocolFlow for Integrity MeasurementA First Commercial Attestation Implementation: The Intel Trust Attestation PlatformMt. Wilson PlatformMt. Wilson ArchitectureThe Mt. Wilson Attestation ProcessAttestation Identity Key ProvisioningHost Registration and Attestation Identity Key Certificate ProvisioningRequesting Platform TrustSecurity of Mt. WilsonMt. Wilson Trust, Whitelisting, and Management APIsMt. Wilson APIsThe API Request SpecificationAPI ResponseMt. Wilson API UsageDeploying Mt. WilsonMt. Wilson Programming ExamplesAPI Client Registration ProcessWhitelisting and Host RegistrationVerify Trust: Trust AttestationSummaryChapter 5 Boundary Control in the Cloud: Geo-Tagging and Asset TaggingGeolocationGeo-fencingAsset TaggingTrusted Compute Pools Usage with Geo-TaggingStage 1: Platform Attestation and Safe Hypervisor LaunchStage 2: Trust-Based Secure MigrationStage 3: Trustand Geolocation-Based Secure MigrationAdding Geo-Tagging to the Trusted Compute Pools SolutionHardware Layer (Servers)Hypervisor and Operating System LayerVirtualization, Cloud Management, and the Verification and Attestation LayerSecurity Management LayerProvisioning and Lifecycle Management for Geo-TagsGeo-Tag Workflow and LifecycleTag CreationTag WhitelistingTag ProvisioningTag selectionTag deploymentValidation and Invalidation of Asset Tags and Geo-TagsAttestation of Geo-TagsArchitecture for Geo-Tag ProvisioningTag Provisioning ServiceTag Provisioning AgentTag Management Service and Management ToolAttestation ServiceGeo-Tag Provisioning ProcessPush ModelPull ModelReference ImplementationStep 1Step 2Step 3Step 4SummaryChapter 6 Network Security in the CloudThe Cloud NetworkNetwork Security ComponentsLoad BalancersIntrusion Detection DevicesApplication Delivery ControllersEnd-to-End Security in a CloudNetwork security: End-to-End security: FirewallsNetwork security: End-to-End security: VLANsEnd-to-End Security for Site-to-Site VPNsNetwork security:End-to-End security: Hypervisors and Virtual MachinesHypervisor SecurityVirtual Machine Guest SecuritySoftware-Defined Security in the CloudOpenStackOpenStack Network SecurityNetwork Security Capabilities and ExamplesSummaryChapter 7 Identity Management and Control for CloudsIdentity ChallengesIdentity UsagesIdentity ModificationIdentity RevocationIdentity Management System RequirementsBasic User Control PropertiesKey Requirements for an Identity Management SolutionAccountabilityNotificationAnonymityData MinimizationAttribute SecurityAttribute PrivacyIdentity Representations and Case StudiesPKI CertificatesSecurity and Privacy DiscussionLimitationsIdentity FederationSingle Sign-OnIntel Identity TechnologiesHardware SupportVirtualization Technology (VT)Intel Identity Protection Technology (IPT)Intel Security EngineCloud Identity SolutionsSummaryChapter 8 Trusted Virtual Machines: Ensuring the Integrity of Virtual Machines in the CloudRequirements for Trusted Virtual MachinesVirtual Machine ImagesThe Open Virtualization Format (OVF)A Conceptual Architecture for Trusted Virtual MachinesMystery Hill (MH) ClientMystery Hill Key Management and Policy Server (KMS)Mystery Hill Plug-inTrust Attestation ServerWorkflows for Trusted Virtual MachinesDeploying Trusted Virtual Machines with OpenStackSummaryChapter 9 A Reference Design for Secure Cloud BurstingCloud Bursting Usage ModelsAn Explanation of Cloud BurstingArchitectural Considerations for Cloud BurstingData Center Deployment ModelsTrusted Hybrid CloudsCloud Bursting Reference ArchitectureSecure Environment Built Around Best PracticesCloud ManagementCloud Identity and Access ManagementSeparation of Cloud Resources, Traffic, and DataVulnerability and Patch ManagementComplianceNetwork Topology and ConsiderationsSecurity Design ConsiderationsHypervisor HardeningFirewalls and Network separationManagement Network FirewallingVirtual NetworkingAnti-Virus SoftwareCloud Management SecuritySecurity ControlsGovernance, Risk, and Compliance (GRC)Practical Considerations for Virtual Machine MigrationSummary
 
Found a mistake? Please highlight the word and press Shift + Enter  
Next >
 
Subjects
Accounting
Business & Finance
Communication
Computer Science
Economics
Education
Engineering
Environment
Geography
Health
History
Language & Literature
Law
Management
Marketing
Philosophy
Political science
Psychology
Religion
Sociology
Travel