Building the Infrastructure for Cloud Security : : A Solutions View.
Saved in:
: | |
---|---|
TeilnehmendeR: | |
Place / Publishing House: | Berkeley, CA : : Apress L. P.,, 2014. Ã2014. |
Year of Publication: | 2014 |
Edition: | 1st ed. |
Language: | English |
Online Access: | |
Physical Description: | 1 online resource (240 pages) |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
LEADER | 08691nam a22004213i 4500 | ||
---|---|---|---|
001 | 5006422525 | ||
003 | MiAaPQ | ||
005 | 20240229073837.0 | ||
006 | m o d | | ||
007 | cr cnu|||||||| | ||
008 | 240229s2014 xx o ||||0 eng d | ||
020 | |a 9781430261469 |q (electronic bk.) | ||
020 | |z 9781430261452 | ||
035 | |a (MiAaPQ)5006422525 | ||
035 | |a (Au-PeEL)EBL6422525 | ||
035 | |a (OCoLC)876598475 | ||
040 | |a MiAaPQ |b eng |e rda |e pn |c MiAaPQ |d MiAaPQ | ||
050 | 4 | |a QA75.5-76.95 | |
100 | 1 | |a Yeluri, Raghuram. | |
245 | 1 | 0 | |a Building the Infrastructure for Cloud Security : |b A Solutions View. |
250 | |a 1st ed. | ||
264 | 1 | |a Berkeley, CA : |b Apress L. P., |c 2014. | |
264 | 4 | |c Ã2014. | |
300 | |a 1 online resource (240 pages) | ||
336 | |a text |b txt |2 rdacontent | ||
337 | |a computer |b c |2 rdamedia | ||
338 | |a online resource |b cr |2 rdacarrier | ||
505 | 0 | |a Intro -- Contents at a Glance -- Contents -- About the Authors -- About the Technical Reviewers -- Acknowledgments -- Foreword -- Introduction -- Chapter 1: Cloud Computing Basics -- Defining the Cloud -- The Cloud's Essential Characteristics -- The Cloud Service Models -- The Cloud Deployment Models -- The Cloud Value Proposition -- Historical Context -- Traditional Three-Tier Architecture -- Software Evolution: From Stovepipes to Service Networks -- The Cloud as the New Way of Doing IT -- Security as a Service -- New Enterprise Security Boundaries -- A Roadmap for Security in the Cloud -- Summary -- Chapter 2: The Trusted Cloud: Addressing Security and Compliance -- Security Considerations for the Cloud -- Cloud Security, Trust, and Assurance -- Trends Affecting Data Center Security -- Security and Compliance Challenges -- Trusted Clouds -- Trusted Computing Infrastructure -- Trusted Cloud Usage Models -- The Boot Integrity Usage Model -- Understanding the Value of Platform Boot Integrity -- The Trusted Virtual Machine Launch Usage Model -- The Data Protection Usage Model -- The Run-time Integrity and Attestation Usage Model -- Trusted Cloud Value Proposition for Cloud Tenants -- The Advantages of Cloud Services on a Trusted Computing Chain -- Summary -- Chapter 3: Platform Boot Integrity: Foundation for Trusted Compute Pools -- The Building blocks for Trusted Clouds -- Platform Boot Integrity -- Roots of Trust -RTM, RTR, and RTS in the Intel TXT Platform -- Measured Boot Process -- Attestation -- Trusted Compute Pools -- TCP Principles of Operation -- Pool Creation -- Workload Placement -- Workload Migration -- Compliance Reporting for a Workload/Cloud Service -- Solution Reference Architecture for the TCP -- Hardware Layer -- Operating System / Hypervisor Layer -- Virtualization/Cloud Management and Verification/Attestation Layer. | |
505 | 8 | |a Security Management Layer -- VM/Workload Policy Management -- GRC Tools-Compliance in the Cloud -- Reference Implementation: The Taiwan Stock Exchange Case Study -- Solution Architecture for TWSE -- Trusted Compute Pool Use Case Instantiation -- Remote Attestation with HyTrust -- Use Case Example: Creating Trusted Compute Pools and Workload Migration -- Integrated and Extended Security and Platform Trust with McAfee ePO -- Summary -- Chapter 4: Attestation: Proving Trustability -- Attestation -- Integrity Measurement Architecture -- Policy Reduced Integrity Measurement Architecture -- Semantic Remote Attestation -- The Attestation Process -- Remote Attestation Protocol -- Flow for Integrity Measurement -- A First Commercial Attestation Implementation: The Intel Trust Attestation Platform -- Mt. Wilson Platform -- Mt. Wilson Architecture -- The Mt. Wilson Attestation Process -- Attestation Identity Key Provisioning -- Host Registration and Attestation Identity Key Certificate Provisioning -- Requesting Platform Trust -- Security of Mt. Wilson -- Mt. Wilson Trust, Whitelisting, and Management APIs -- Mt. Wilson APIs -- The API Request Specification -- API Response -- Mt. Wilson API Usage -- Deploying Mt. Wilson -- Mt. Wilson Programming Examples -- API Client Registration Process -- Whitelisting and Host Registration -- Verify Trust: Trust Attestation -- Summary -- Chapter 5: Boundary Control in the Cloud: Geo-Tagging and Asset Tagging -- Geolocation -- Geo-fencing -- Asset Tagging -- Trusted Compute Pools Usage with Geo-Tagging -- Stage 1: Platform Attestation and Safe Hypervisor Launch -- Stage 2: Trust-Based Secure Migration -- Stage 3: Trust- and Geolocation-Based Secure Migration -- Adding Geo-Tagging to the Trusted Compute Pools Solution -- Hardware Layer (Servers) -- Hypervisor and Operating System Layer. | |
505 | 8 | |a Virtualization, Cloud Management, and the Verification and Attestation Layer -- Security Management Layer -- Provisioning and Lifecycle Management for Geo-Tags -- Geo-Tag Workflow and Lifecycle -- Tag Creation -- Tag Whitelisting -- Tag Provisioning -- Tag selection -- Tag deployment -- Validation and Invalidation of Asset Tags and Geo-Tags -- Attestation of Geo-Tags -- Architecture for Geo-Tag Provisioning -- Tag Provisioning Service -- Tag Provisioning Agent -- Tag Management Service and Management Tool -- Attestation Service -- Geo-Tag Provisioning Process -- Push Model -- Pull Model -- Reference Implementation -- Step 1 -- Step 2 -- Step 3 -- Step 4 -- Summary -- Chapter 6: Network Security in the Cloud -- The Cloud Network -- Network Security Components -- Load Balancers -- Intrusion Detection Devices -- Application Delivery Controllers -- End-to-End Security in a Cloud -- Network security: End-to-End security: Firewalls -- Network security: End-to-End security: VLANs -- End-to-End Security for Site-to-Site VPN s -- Network security:End-to-End security: Hypervisors and Virtual Machines -- Hypervisor Security -- Virtual Machine Guest Security -- Software-Defined Security in the Cloud -- OpenStack -- OpenStack Network Security -- Network Security Capabilities and Examples -- Summary -- Chapter 7: Identity Management and Control for Clouds -- Identity Challenges -- Identity Usages -- Identity Modification -- Identity Revocation -- Identity Management System Requirements -- Basic User Control Properties -- Key Requirements for an Identity Management Solution -- Accountability -- Notification -- Anonymity -- Data Minimization -- Attribute Security -- Attribute Privacy -- Identity Representations and Case Studies -- PKI Certificates -- Security and Privacy Discussion -- Limitations -- Identity Federation -- Single Sign-On. | |
505 | 8 | |a Intel Identity Technologies -- Hardware Support -- Virtualization Technology (VT) -- Intel Identity Protection Technology (IPT) -- Intel Security Engine -- Cloud Identity Solutions -- Summary -- Chapter 8: Trusted Virtual Machines: Ensuring the Integrity of Virtual Machines in the Cloud -- Requirements for Trusted Virtual Machines -- Virtual Machine Images -- The Open Virtualization Format (OVF) -- A Conceptual Architecture for Trusted Virtual Machines -- Mystery Hill (MH) Client -- Mystery Hill Key Management and Policy Server (KMS) -- Mystery Hill Plug-in -- Trust Attestation Server -- Workflows for Trusted Virtual Machines -- Deploying Trusted Virtual Machines with OpenStack -- Summary -- Chapter 9: A Reference Design for Secure Cloud Bursting -- Cloud Bursting Usage Models -- An Explanation of Cloud Bursting -- Architectural Considerations for Cloud Bursting -- Data Center Deployment Models -- Trusted Hybrid Clouds -- Cloud Bursting Reference Architecture -- Secure Environment Built Around Best Practices -- Cloud Management -- Cloud Identity and Access Management -- Separation of Cloud Resources, Traffic, and Data -- Vulnerability and Patch Management -- Compliance -- Network Topology and Considerations -- Security Design Considerations -- Hypervisor Hardening -- Firewalls and Network separation -- Management Network Firewalling -- Virtual Networking -- Anti-Virus Software -- Cloud Management Security -- Security Controls -- Governance, Risk, and Compliance (GRC) -- Practical Considerations for Virtual Machine Migration -- Summary -- Index. | |
588 | |a Description based on publisher supplied metadata and other sources. | ||
590 | |a Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2024. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries. | ||
655 | 4 | |a Electronic books. | |
700 | 1 | |a Castro-Leon, Enrique. | |
776 | 0 | 8 | |i Print version: |a Yeluri, Raghuram |t Building the Infrastructure for Cloud Security |d Berkeley, CA : Apress L. P.,c2014 |z 9781430261452 |
797 | 2 | |a ProQuest (Firm) | |
856 | 4 | 0 | |u https://ebookcentral.proquest.com/lib/oeawat/detail.action?docID=6422525 |z Click to View |