Security Of Fpga Accelerated Cloud Computing Environments

This book addresses security of FPGA-accelerated cloud computing environments. It presents a comprehensive review of the state-of-the-art in security threats as well as defenses. The book further presents design principles to help in the evaluation and designs of cloud-based FPGA deployments which are secure from information leaks and potential attacks.

With growing interest in computer security and the protection of the code and data which execute on commodity computers, the amount of hardware security features in today's processors has increased significantly over the recent years. No longer of just academic interest, security features inside processors have been embraced by industry as well, with a number of commercial secure processor architectures available today. This book aims to give readers insights into the principles behind the design of academic and commercial secure processor architectures. Secure processor architecture research is concerned with exploring and designing hardware features inside computer processors, features which can help protect confidentiality and integrity of the code and data executing on the processor. Unlike traditional processor architecture research that focuses on performance, efficiency, and energy as the first-order design objectives, secure processor architecture design has security as the first-order design objective (while still keeping the others as important design aspects that need to be considered). This book aims to present the different challenges of secure processor architecture design to graduate students interested in research on architecture and hardware security and computer architects working in industry interested in adding security features to their designs. It aims to educate readers about how the different challenges have been solved in the past and what are the best practices, i.e., the principles, for design of new secure processor architectures. Based on the careful review of past work by many computer architects and security researchers, readers also will come to know the five basic principles needed for secure processor architecture design. The book also presents existing research challenges and potential new research directions. Finally, this book presents numerous design suggestions, as well as discusses pitfalls and fallacies that designers should avoid.

This book presents a range of cloud computing security challenges and promising solution paths. The first two chapters focus on practical considerations of cloud computing. In Chapter 1, Chandramouli, Iorga, and Chokani describe the evolution of cloud computing and the current state of practice, followed by the challenges of cryptographic key management in the cloud. In Chapter 2, Chen and Sion present a dollar cost model of cloud computing and explore the economic viability of cloud computing with and without security mechanisms involving cryptographic mechanisms. The next two chapters address security issues of the cloud infrastructure. In Chapter 3, Szefer and Lee describe a hardware-enhanced security architecture that protects the confidentiality and integrity of a virtual machine’s memory from an untrusted or malicious hypervisor. In Chapter 4, Tsugawa et al. discuss the security issues introduced when Software-Defined Networking (SDN) is deployed within and across clouds. Chapters 5-9 focus on the protection of data stored in the cloud. In Chapter 5, Wang et al. present two storage isolation schemes that enable cloud users with high security requirements to verify that their disk storage is isolated from some or all other users, without any cooperation from cloud service providers. In Chapter 6, De Capitani di Vimercati, Foresti, and Samarati describe emerging approaches for protecting data stored externally and for enforcing fine-grained and selective accesses on them, and illustrate how the combination of these approaches can introduce new privacy risks. In Chapter 7, Le, Kant, and Jajodia explore data access challenges in collaborative enterprise computing environments where multiple parties formulate their own authorization rules, and discuss the problems of rule consistency, enforcement, and dynamic updates. In Chapter 8, Smith et al. address key challenges to the practical realization of a system that supports query execution over remote encrypted data without exposing decryption keys or plaintext at the server. In Chapter 9, Sun et al. provide an overview of secure search techniques over encrypted data, and then elaborate on a scheme that can achieve privacy-preserving multi-keyword text search. The next three chapters focus on the secure deployment of computations to the cloud. In Chapter 10, Oktay el al. present a risk-based approach for workload partitioning in hybrid clouds that selectively outsources data and computation based on their level of sensitivity. The chapter also describes a vulnerability assessment framework for cloud computing environments. In Chapter 11, Albanese et al. present a solution for deploying a mission in the cloud while minimizing the mission’s exposure to known vulnerabilities, and a cost-effective approach to harden the computational resources selected to support the mission. In Chapter 12, Kontaxis et al. describe a system that generates computational decoys to introduce uncertainty and deceive adversaries as to which data and computation is legitimate. The last section of the book addresses issues related to security monitoring and system resilience. In Chapter 13, Zhou presents a secure, provenance-based capability that captures dependencies between system states, tracks state changes over time, and that answers attribution questions about the existence, or change, of a system’s state at a given time. In Chapter 14, Wu et al. present a monitoring capability for multicore architectures that runs monitoring threads concurrently with user or kernel code to constantly check for security violations. Finally, in Chapter 15, Hasan Cam describes how to manage the risk and resilience of cyber-physical systems by employing controllability and observability techniques for linear and non-linear systems.

"This book provides a theoretical and academic description of Cloud security issues, methods, tools and trends for developing secure software for Cloud services and applications"--Provided by publisher.

Emerging as an effective alternative to organization-based information systems, cloud computing has been adopted by many businesses around the world. Despite the increased popularity, there remain concerns about the security of data in the cloud since users have become accustomed to having control over their hardware and software. Security, Trust, and Regulatory Aspects of Cloud Computing in Business Environments compiles the research and views of cloud computing from various individuals around the world. Detailing cloud security, regulatory and industry compliance, and trust building in the cloud, this book is an essential reference source for practitioners, professionals, and researchers worldwide, as well as business managers interested in an assembled collection of solutions provided by a variety of cloud users.

This book provides readers with an overview of Cloud Computing, starting with historical background on mainframe computers and early networking protocols, leading to current concerns such as hardware and systems security, performance, emerging areas of IoT, Edge Computing etc. Readers will benefit from the in-depth discussion of cloud computing usage and the underlying architectures. The authors explain carefully the “why’s and how’s” of Cloud Computing, so engineers will find this book an invaluable source of information to the topic. This second edition includes new material on Cloud Computing Security, Threat Vectors and Trust Models, as well as best practices for a using dynamic cloud infrastructure, and cloud operations management. Several new examples and analysis of cloud security have been added, including edge computing with IoT devices.

Cloud computing is an emerging discipline that is changing the way corporate computing is and will be done in the future. Cloud computing is demonstrating its potential to transform the way IT-based services are delivered to organisations. There is little, if any, argument about the clear advantages of the cloud and its adoption can and will create substantial business benefits through reduced capital expenditure and increased business agility. However, there is one overwhelming question that is still hindering the adaption of the cloud: Is cloud computing secure? The most simple answer could be ‘Yes’, if one approaches the cloud in the right way with the correct checks and balances to ensure all necessary security and risk management measures are covered as the consequences of getting your cloud security strategy wrong could be more serious and may severely damage the reputation of organisations.

This book constitutes the refereed proceedings of the Second International Conference on Intelligent, Secure, and Dependable Systems in Distributed and Cloud Environments, ISDDC 2018, held in Vancouver, BC, Canada, in November 2018. The 10 full papers were carefully reviewed and selected from 28 submissions. This book also contains the abstracts of two keynote talks and one tutorial. The contributions included in this proceedings cover many aspects of theory and application of effective and efficient paradigms, approaches, and tools for building, maintaining, and managing secure and dependable systems and infrastructures, such as botnet detection, secure cloud computing and cryptosystems, IoT security, sensor and social network security, behavioral systems and data science, and mobile computing.