Presentation on Cloud Security at CERIAS/Purdue University

CERIAS LogoOn March 24, 2009 I gave a presentation (pdf) on Cloud Security at the 10th Annual CERIAS SymposiumCERIAS is located at Purdue University and stands for Center for Education and Research in Information Assurance and Security.  A nicely written summary of the presentations and Q&A was posted by the folks at Purdue.

My presentation was part of a panel on "Security in the Cloud" that was very well attended. It consisted of four brief presentations, followed by an hour or so with Q&A. Fortunately, I won't have to type in my notes here now, because the folks at Purdue transcribed the discussion on Twitter. Here's the twitter link.  And there is a cohesive summary at the following link.  Fascinating how one could have followed along from just about anywhere in the world!


Comments:

Hi Christoph,

I attended the panel and enjoyed your presentation, think you provided a nice intro on the whole topic and the role of security.

You mentioned mandatory access control as part of possible cloud security mechanisms. Do you think cloud computing could become a fertile environment for technologies found in Orange Book B (or above) categories, such as MAC? These technologies can provide solutions to many of the problems we face in today's systems but haven't become popular because (in part) of the complexity experienced to manage them.

Regards,

Gaspar

Posted by Gaspar on April 04, 2009 at 06:51 AM PDT #

Hi Gaspar,

Yes, I expect MAC will play a prominent role in securing virtualized environments. It already does in the context of Trusted Extensions. With type enforcement it can be used to protect systems even against system administrators, a major step forward in providing trustworthy computing environments. But as you noted, the configuration complexity needs to be addressed well. I think we'll see fixed configurations for common minimized services fairly soon (think of a virtual appliance that's a hardened web server on SELinux), but it will take a while till we have flexible use of MAC for new services in that context.

Posted by Christoph Schuba on April 07, 2009 at 06:33 PM PDT #

Post a Comment:
  • HTML Syntax: NOT allowed
About

user9159837

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today