Security and Privacy in Cloud Computing |
| Department of Computer and Information Sciences at UAB | CS 491/691/791 Fall 2011 |
|
Instructor Ragib Hasan
Department of Computer and Information Sciences
University of Alabama at Birmingham
ragib at cis.uab.edu
Office Hours :Tue 12.30-1.15 pm | Time Tue-Thu 11am-12.15pm Place CH 430 | News - 8/15: Course Webpage launched.
| |
|
|
Course Description This course focuses on the security and privacy issues in Cloud Computing systems. While the cloud computing paradigm gains more popularity, there are many unresolved issues related to confidentiality, integrity, and availability of data and computations involving a cloud. In this course, we will examine cloud computing models, look into the threat model and security issues related to data and computation outsourcing, and explore practical applications of secure cloud computing. Since cloud computing is a very young field, we will mainly study the cutting edge research published in recent conferences. |
| |
Course Topics - Definition of Cloud computing (NIST)
- Cloud computing models
- Secure data outsourcing
- Secure computation outsourcing
- Proof of data possession / retrievability
- Virtual machine security
- Trusted computing technology and clouds
- Cloud-centric regulatory compliance issues and mechanisms
- Business and security risk models
- Applications of secure cloud computing
|
| |
EvaluationStudents will be evaluated based on weekly paper reviews, term project, and class/discussion participation. The weight-distribution will be as follows: Weekly paper reviews: 50% Term project: 40% Class/discussion participation: 10% |
| |
Schedule |
08/16 - Lecture 1: A Walk in the Clouds: Overview of Cloud Computing [pptx] Further reading : [Above the Clouds: A Berkeley View of Cloud Computing] [pdf] |
| |
08/18 - Lecture 2: Security basics [pptx]
|
Week 2: Attacks |
08/23 - Lecture 3: Attacks and Attack Surfaces in a Cloud [pptx]
Review Assignment #1: Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds, Ristenpart et al., CCS 2009. [pdf] (due 08/25) |
| |
| 08/25 - Lecture 4: Topology Attacks on a Cloud [pptx] |
|
| 08/30 - Project overview and group meeting Review Assignment #2: Santos et al., Towards Trusted Cloud Computing, USENIX HotCloud 2009 [pdf] (due 10 am 9/01 (hard deadline)) |
| |
09/01 - Lecture 5: Trustworthy Cloud Infrastructures [pptx]
|
|
09/06 - Lecture 6: Secure Data Outsourcing [pptx]
Review Assignment #3: Giuseppe Ateniese, Randal Burns, Reza Curtmola, Joseph Herring, Lea Kissner, Zachary Peterson and Dawn Song, Provable data possession at untrusted stores, ACM Conference on Computer and Communications Security (CCS) 2007 [pdf] (due 10 am 9/8 (hard deadline)) |
| |
09/08 - Lecture 7: Secure Data Outsourcing: Provable Data Possession [pdf]
|
|
09/13 - Lecture 8: Secure Data Outsourcing: Proof of Retrieveability [pptx]
Review Assignment #4: Bowers et al., HAIL: a high-availability and integrity layer for cloud storage, CCS 2009. [pdf] (due 10 am 9/15 (hard deadline)) Project: 1-page proposal due. |
| |
09/15 - Lecture 9: Secure Data Outsourcing: Integrity with availability [pptx]
|
|
09/20 - Lecture 10 - Verifying Computations in Clouds [pptx]
Review Assignment #5: Du et al., RunTest: Assuring Integrity of Dataflow Processing in Cloud Computing Infrastructures, AsiaCCS 2010. [pdf] (Due 10 am 9/22 (hard deadline)) |
| |
09/22 - Lecture 11 - Verifying Computations in Clouds: Runtime Attestation [pptx]
|
|
09/27 - Lecture 12 - Cloud Forensics [pptx]
Review Assignment #6: Lu et al., Secure Provenance: The Essential Bread and Butter of Data Forensics in Cloud Computing, AsiaCCS 2010. [pdf] |
| |
09/29 - Lecture 13 - Cloud Forensics: Trustworthy Cloud Provenance (shifted to next class)
|
| |
10/04 - Lecture 13 - Cloud Forensics + Lecture 14: Malware in the Cloud Review Assignment #7: Oberheide et al., CloudAV: N-Version Antivirus in the Network Cloud, USENIX Security 2008 [html] (due 10/07, note the 1 day extension) |
| |
10/06 - Lecture 15 - Malware: Antivirus as a Cloud-based Service [pptx]
|
|
10/11 - Lecture 16 - Privacy in Clouds [pptx]
Review Assignment #8: Roy et al., Airavat: Security and Privacy for MapReduce, NSDI 2010 [pdf] (due 10/12) |
| |
| 10/13 - Fall Break |
| |
10/18 - Project Status Meetings Review Assignment #9: Han Liu, A New Form of DOS Attack in a Cloud and Its Avoidance Mechanism, ACM Cloud Computing Security Workshop 2010 [pdf] (Due 10/20 6 pm) |
| |
| 10/20 - Lecture 17 - The Enemy Within: Attacking Cloud Availability. |
| |
10/25 - Lecture 18 - Remote Assessment of Fault Tolerance and Availability Review Assignment #10: Kevin D. Bowers, Marten van Dijk, Ari Juels, Alina Oprea and Ronald L. Rivest. How to Tell if Your Cloud Files Are Vulnerable to Drive Crashes. [pdf] (Due 10/25, 10 am) |
| |
| 10/27 - Class Activity: Cloud Computing Seminar by Prof. Thain from Notre-Dame |
| |
11/1 - Lecture 19 - CCSW Papers: Verifiable Resource Accounting Review Assignment #11: All your clouds are belong to us: security analysis of cloud management interfaces, ACM CCSW 2011. [pdf] (Due 10 am 11/03 (hard deadline)) |
| |
| 11/3 - Lecture 20 - Cloud Management Security |
| |
11/8 - Lecture 21 - Trusted Platform-as-a-Service Review Assignment #12: Do You Know Where Your Cloud Files Are?, ACM CCSW 2011. [pdf] (Due 10 am 11/10 (hard deadline)) |
| |
| 11/10 - Lecture 22 - Cloud file geolocation |
| |
11/15 - Lecture 23 - Solving cloud integrity problem with existing cryptographic tools Review Assignment #13: Fraudulent use of cloud resources, Idziorek et al., ACM CCSW 2011
(Due 11/18 5 pm (note the 1 day extension) [pdf] (from ACM DL, can be downloaded from inside the department network) |
| |
| 11/17 - Lecture 24 - Detecting fraudulent cloud resource consumption |
| |
| 11/22 - Lecture 25 - Putting it all together: A high level view of Cloud Security Landscape |
| |
| 11/24 - Thanksgiving break |
| |
11/29 Project Presentation / Demos Butler and Rhodes Dey and Uptain Ferguson and Weber |
| |
12/1 Project Presentation / Demos Foust and Turner Frees and Liu Sotiropoulos and Thapaliya |
| |
| 12/2 Term papers due (5 pm, hard deadline) |
| |
Ethics Policy The students must comply with the Department of Computer Science Integrity Code. |
| |
