Security and Privacy in Cloud Computing

Department of Computer Science at Johns Hopkins University
CS 600.412. Spring 2010
For the 2011 course page, please click here.

Instructor

Ragib Hasan
324NEB
Department of Computer Science
Johns Hopkins University
rhasan7 AT jhu DOT edu

Office Hours : Monday 4 pm - 5 pm

Time

Monday 3.00 pm - 3.50 pm

Place

Shaffer 202

News

02/08: Snow day, no class

01/25: First day of class

01/21: Course webpage launched

 


[Description]       [Schedule]        [Evaluation]       [Policy]

Course Description

This course focuses on the security and privacy issues in Cloud Computing systems. While the cloud computing paradigm gains more popularity, there are many unresolved issues related to confidentiality, integrity, and availability of data and computations involving a cloud. In this course, we will examine cloud computing models, look into the threat model and security issues related to data and computation outsourcing, and explore practical applications of secure cloud computing.

Since cloud computing is a very young field, we will mainly study the cutting edge research published in recent conferences.

 

Course Topics

  1. Definition of Cloud computing (NIST)
  2. Cloud computing models
  3. Secure data outsourcing
  4. Secure computation outsourcing
  5. Proof of data possession / retrievability
  6. Virtual machine security
  7. Trusted computing technology and clouds
  8. Cloud-centric regulatory compliance issues and mechanisms
  9. Business and security risk models
  10. Applications of secure cloud computing
 

Evaluation

Based on paper reviews

 

Schedule

01/25 - Lecture 1: A Walk in the Clouds: Overview of Cloud Computing [pptx] [pdf]

Further reading : [Above the Clouds: A Berkeley View of Cloud Computing] [pdf]

 

02/01 - Lecture 2: Attacks, Vulnerabilities, and Enemies: Modeling threats in a cloud [pptx] [pdf]

Further Reading: [The STRIDE threat model]

 

02/08 Snow day

 

02/15 - Lecture 3: Topology Attacks on Clouds. [pptx] [pdf]

Review: Thomas Ristenpart, Eran Tromer, Hovav Shacham, Stefan Savage, Hey, You, Get Off of My Cloud! Exploring Information Leakage in Third-Party Compute Clouds, proc. ACM Conference on Computer and Communications Security (CCS) 2009, 199--212, ACM, 2009. [pdf]

 
02/22- No class
 
03/01- Lecture 4: Proofs of Data Possession and Retrievability (Guest lecture by Prof. Randal Burns) [pdf]

Review : Giuseppe Ateniese, Randal Burns, Reza Curtmola, Joseph Herring, Lea Kissner, Zachary Peterson and Dawn Song, Provable data possession at untrusted stores, ACM Conference on Computer and Communications Security (CCS) 2007. [pdf]

 

03/08- Lecture 5: How to secure clouds? Hardware, CloudNet, and Private Virtualization based approaches [pptx] [pdf]

Review: Santos et al., Towards Trusted Cloud Computing, USENIX HotCloud 2009 [pdf] [slides]

Read: Wood et al., The Case for Enterprise-Ready Virtual Private Clouds [pdf] [slides]

Read: Krautheim, Private Virtual Infrastructure for Cloud Computing [pdf] [slides]

 
03/15- No class - Spring Vacation
 

03/22- Lecture 6: Verifying Computations in Clouds [pptx] [pdf]

Review: Du et al., RunTest: Assuring Integrity of Dataflow Processing in Cloud Computing Infrastructures, AsiaCCS 2010. [pdf]

Optional Reading: Wei et al., SecureMR: A Service Integrity Assurance Framework for MapReduce, ACSAC 2009. [pdf]

 

 

03/29- Lecture 7: Cloud Forensics [pptx] [pdf]

Review: Lu et al., Secure Provenance: The Essential Bread and Butter of Data Forensics in Cloud Computing, AsiaCCS 2010. [pdf]

 

04/05- Lecture 8: Verifiability of Data in clouds.

Review: Wang et al. Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing , ESORICS 2009. [pdf]

 

04/12- Lecture 9: Availability and Integrity in Clouds

Review: Bowers et al., HAIL: a high-availability and integrity layer for cloud storage, CCS 2009. [pdf]

 

04/19- Lecture 10: Securing MapReduce

Review: Roy et al., Airavat: Security and Privacy for MapReduce, NSDI 2010. [pdf] [alternate_link]

 

04/26 - Lecture 11: Wrapping up: Summary of what we learned

(No papers to review.)

 

Ethics Policy

The students must comply with the Department of Computer Science Integrity Code, as described here.

 

Cloud Image credit: Wikimedia commons under Creative Commons Attribution ShareAlike licence