Building Trust and Compliance in the Cloud for Services

2012 Annual SRII Global Conference Pub Date : 2012-07-24 DOI:10.1109/SRII.2012.49

Raghu Yeluri, E. Castro-Leon, R. Harmon, James Greene

{"title":"Building Trust and Compliance in the Cloud for Services","authors":"Raghu Yeluri, E. Castro-Leon, R. Harmon, James Greene","doi":"10.1109/SRII.2012.49","DOIUrl":null,"url":null,"abstract":"Security is a key barrier to the broader adoption of cloud computing. The real and perceived risks of providing, accessing and controlling services in multitenant cloud environments can slow or preclude the migration to services by IT organizations. In a non-virtualized environment, the separation provided by physical infrastructure is assumed to provide a level of protection for applications and data. In the cloud, this traditional physical isolation between applications no longer exists. Cloud infrastructure is multi-tenant, with multiple applications utilizing a shared common physical infrastructure. This provides the benefit of much more efficient resource utilization. However, because the physical barriers between applications have been eliminated, it is important to establish compensating security controls to minimize the potential for malware to spread through the cloud. Newer types of malware threats, such as rootkit attacks, can be increasingly difficult to detect using traditional antivirus products. These threats use various methods of concealment to remain undetected as they infect key system components such as hypervisors and drivers. This increases the likelihood that the malware can operate in the background, spread through a cloud environment, and cause greater damage over time. This paper explores challenges in deploying and managing services in a cloud infrastructure from a security perspective, and as an example, discusses work that Intel is doing with partners and the software vendor ecosystem to enable a security enhanced platform and solutions with security anchored and rooted in hardware and firmware to increase visibility and control in the cloud.","PeriodicalId":110778,"journal":{"name":"2012 Annual SRII Global Conference","volume":"62 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-07-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"15","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 Annual SRII Global Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SRII.2012.49","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 15

Abstract

Security is a key barrier to the broader adoption of cloud computing. The real and perceived risks of providing, accessing and controlling services in multitenant cloud environments can slow or preclude the migration to services by IT organizations. In a non-virtualized environment, the separation provided by physical infrastructure is assumed to provide a level of protection for applications and data. In the cloud, this traditional physical isolation between applications no longer exists. Cloud infrastructure is multi-tenant, with multiple applications utilizing a shared common physical infrastructure. This provides the benefit of much more efficient resource utilization. However, because the physical barriers between applications have been eliminated, it is important to establish compensating security controls to minimize the potential for malware to spread through the cloud. Newer types of malware threats, such as rootkit attacks, can be increasingly difficult to detect using traditional antivirus products. These threats use various methods of concealment to remain undetected as they infect key system components such as hypervisors and drivers. This increases the likelihood that the malware can operate in the background, spread through a cloud environment, and cause greater damage over time. This paper explores challenges in deploying and managing services in a cloud infrastructure from a security perspective, and as an example, discusses work that Intel is doing with partners and the software vendor ecosystem to enable a security enhanced platform and solutions with security anchored and rooted in hardware and firmware to increase visibility and control in the cloud.

查看原文本刊更多论文

在云服务中建立信任和合规性

安全性是云计算广泛应用的一个关键障碍。在多租户云环境中提供、访问和控制服务的实际风险和感知风险可能会减缓或阻碍IT组织向服务的迁移。在非虚拟化环境中，假定物理基础设施提供的分离为应用程序和数据提供一定程度的保护。在云中，应用程序之间的这种传统物理隔离已不复存在。云基础设施是多租户的，多个应用程序利用共享的公共物理基础设施。这提供了更有效地利用资源的好处。但是，由于应用程序之间的物理障碍已经消除，因此建立补偿安全性控制以最大限度地减少恶意软件通过云传播的可能性非常重要。新类型的恶意软件威胁，如rootkit攻击，越来越难以使用传统的防病毒产品检测到。这些威胁使用各种隐藏方法，在感染管理程序和驱动程序等关键系统组件时不被检测到。这增加了恶意软件在后台运行的可能性，通过云环境传播，并随着时间的推移造成更大的损害。本文从安全的角度探讨了在云基础设施中部署和管理服务的挑战，并作为一个例子，讨论了英特尔正在与合作伙伴和软件供应商生态系统一起开展的工作，以实现安全增强平台和解决方案，安全锚定并植根于硬件和固件，以提高云中的可见性和控制。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2012 Annual SRII Global Conference

自引率

0.00%

发文量