Secure Cloud Computing
Sushil Jajodia ┬╖ Krishna Kant ┬╖ Pierangela Samarati ┬╖ Anoop Singhal ┬╖ Vipin Swarup ┬╖ Cliff Wang
рдЬрд╛рдиреЗ реирежрезрек ┬╖ Springer Science & Business Media
рез.режstar
рдПрдХ рдкрд░реАрдХреНрд╖рдгreport
рдИ-рдкреБрд╕реНрддрдХ
343
рдкреЗрдЬ
reportрд░реЗрдЯрд┐рдВрдЧ рдЖрдгрд┐ рдкрд░реАрдХреНрд╖рдгреЗ рдпрд╛рдВрдЪреА рдкрдбрддрд╛рд│рдгреА рдХреЗрд▓реЗрд▓реА рдирд╛рд╣реА ┬ардЕрдзрд┐рдХ рдЬрд╛рдгреВрди рдШреНрдпрд╛
рдпрд╛ рдИ-рдкреБрд╕реНрддрдХрд╛рд╡рд┐рд╖рдпреА
This book presents a range of cloud computing security challenges and promising solution paths. The first two chapters focus on practical considerations of cloud computing. In Chapter 1, Chandramouli, Iorga, and Chokani describe the evolution of cloud computing and the current state of practice, followed by the challenges of cryptographic key management in the cloud. In Chapter 2, Chen and Sion present a dollar cost model of cloud computing and explore the economic viability of cloud computing with and without security mechanisms involving cryptographic mechanisms. The next two chapters address security issues of the cloud infrastructure. In Chapter 3, Szefer and Lee describe a hardware-enhanced security architecture that protects the confidentiality and integrity of a virtual machineтАЩs memory from an untrusted or malicious hypervisor. In Chapter 4, Tsugawa et al. discuss the security issues introduced when Software-Defined Networking (SDN) is deployed within and across clouds. Chapters 5-9 focus on the protection of data stored in the cloud. In Chapter 5, Wang et al. present two storage isolation schemes that enable cloud users with high security requirements to verify that their disk storage is isolated from some or all other users, without any cooperation from cloud service providers. In Chapter 6, De Capitani di Vimercati, Foresti, and Samarati describe emerging approaches for protecting data stored externally and for enforcing fine-grained and selective accesses on them, and illustrate how the combination of these approaches can introduce new privacy risks. In Chapter 7, Le, Kant, and Jajodia explore data access challenges in collaborative enterprise computing environments where multiple parties formulate their own authorization rules, and discuss the problems of rule consistency, enforcement, and dynamic updates. In Chapter 8, Smith et al. address key challenges to the practical realization of a system that supports query execution over remote encrypted data without exposing decryption keys or plaintext at the server. In Chapter 9, Sun et al. provide an overview of secure search techniques over encrypted data, and then elaborate on a scheme that can achieve privacy-preserving multi-keyword text search. The next three chapters focus on the secure deployment of computations to the cloud. In Chapter 10, Oktay el al. present a risk-based approach for workload partitioning in hybrid clouds that selectively outsources data and computation based on their level of sensitivity. The chapter also describes a vulnerability assessment framework for cloud computing environments. In Chapter 11, Albanese et al. present a solution for deploying a mission in the cloud while minimizing the missionтАЩs exposure to known vulnerabilities, and a cost-effective approach to harden the computational resources selected to support the mission. In Chapter 12, Kontaxis et al. describe a system that generates computational decoys to introduce uncertainty and deceive adversaries as to which data and computation is legitimate. The last section of the book addresses issues related to security monitoring and system resilience. In Chapter 13, Zhou presents a secure, provenance-based capability that captures dependencies between system states, tracks state changes over time, and that answers attribution questions about the existence, or change, of a systemтАЩs state at a given time. In Chapter 14, Wu et al. present a monitoring capability for multicore architectures that runs monitoring threads concurrently with user or kernel code to constantly check for security violations. Finally, in Chapter 15, Hasan Cam describes how to manage the risk and resilience of cyber-physical systems by employing controllability and observability techniques for linear and non-linear systems.
рд░реЗрдЯрд┐рдВрдЧ рдЖрдгрд┐ рдкреБрдирд░рд╛рд╡рд▓реЛрдХрдиреЗ
рез.реж
рдПрдХ рдкрд░реАрдХреНрд╖рдг
рдпрд╛ рдИ-рдкреБрд╕реНрддрдХрд▓рд╛ рд░реЗрдЯрд┐рдВрдЧ рджреНрдпрд╛
рддреБрдореНрд╣рд╛рд▓рд╛ рдХрд╛рдп рд╡рд╛рдЯрддреЗ рддреЗ рдЖрдореНрд╣рд╛рд▓рд╛ рд╕рд╛рдВрдЧрд╛.
рд╡рд╛рдЪрди рдорд╛рд╣рд┐рддреА
рд╕реНрдорд╛рд░реНрдЯрдлреЛрди рдЖрдгрд┐ рдЯреЕрдмрд▓реЗрдЯ
Android рдЖрдгрд┐ iPad/iPhone рд╕рд╛рдареА Google Play рдмреБрдХ рдЕтАНреЕрдк рдЗрдВрд╕реНтАНрдЯреЙрд▓ рдХрд░рд╛. рд╣реЗ рддреБрдордЪреНтАНрдпрд╛ рдЦрд╛рддреНтАНрдпрд╛рдиреЗ рдЖрдкреЛрдЖрдк рд╕рд┐рдВрдХ рд╣реЛрддреЗ рдЖрдгрд┐ рддреБрдореНтАНрд╣реА рдЬреЗрдереЗ рдХреБрдареЗ рдЕрд╕рд╛рд▓ рддреЗрдереВрди рддреБрдореНтАНрд╣рд╛рд▓рд╛ рдСрдирд▓рд╛рдЗрди рдХрд┐рдВрд╡рд╛ рдСрдлрд▓рд╛рдЗрди рд╡рд╛рдЪрдгреНтАНрдпрд╛рдЪреА рдЕрдиреБрдорддреА рджреЗрддреЗ.
рд▓реЕрдкрдЯреЙрдк рдЖрдгрд┐ рдХреЙрдВрдкреНрдпреБрдЯрд░
рддреБрдореНрд╣реА рддреБрдордЪреНрдпрд╛ рдХрд╛рдБрдкреНрдпреБрдЯрд░рдЪрд╛ рд╡реЗрдм рдмреНрд░рд╛рдЙрдЭрд░ рд╡рд╛рдкрд░реВрди Google Play рд╡рд░ рдЦрд░реЗрджреА рдХреЗрд▓реЗрд▓реА рдСрдбрд┐рдУрдмреБрдХ рдРрдХреВ рд╢рдХрддрд╛.
рдИрд╡рд╛рдЪрдХ рдЖрдгрд┐ рдЗрддрд░ рдбрд┐рд╡реНрд╣рд╛рдЗрд╕реЗрд╕
Kobo eReaders рд╕рд╛рд░рдЦреНрдпрд╛ рдИ-рдЗрдВрдХ рдбрд┐рд╡реНтАНрд╣рд╛рдЗрд╕рд╡рд░ рд╡рд╛рдЪрдгреНтАНрдпрд╛рд╕рд╛рдареА, рддреБрдореНрд╣реА рдПрдЦрд╛рджреА рдлрд╛рдЗрд▓ рдбрд╛рдЙрдирд▓реЛрдб рдХрд░реВрди рддреА рддреБрдордЪреНтАНрдпрд╛ рдбрд┐рд╡реНтАНрд╣рд╛рдЗрд╕рд╡рд░ рдЯреНрд░рд╛рдиреНрд╕рдлрд░ рдХрд░рдгреЗ рдЖрд╡рд╢реНрдпрдХ рдЖрд╣реЗ. рд╕рдкреЛрд░реНрдЯ рдЕрд╕рд▓реЗрд▓реНрдпрд╛ eReaders рд╡рд░ рдлрд╛рдЗрд▓ рдЯреНрд░рд╛рдиреНрд╕рдлрд░ рдХрд░рдгреНрдпрд╛рд╕рд╛рдареА, рдорджрдд рдХреЗрдВрджреНрд░ рдордзреАрд▓ рддрдкрд╢реАрд▓рд╡рд╛рд░ рд╕реВрдЪрдирд╛ рдлреЙрд▓реЛ рдХрд░рд╛.
