Contents
Chapter 1: Cloud Computing Basics
The Cloud’s Essential Characteristics
Traditional Three-Tier Architecture
Software Evolution: From Stovepipes to Service Networks
The Cloud as the New Way of Doing IT
New Enterprise Security Boundaries
A Roadmap for Security in the Cloud
Chapter 2: The Trusted Cloud: Addressing Security and Compliance
Security Considerations for the Cloud
Cloud Security, Trust, and Assurance
Trends Affecting Data Center Security
Security and Compliance Challenges
Trusted Computing Infrastructure
The Boot Integrity Usage Model
The Trusted Virtual Machine Launch Usage Model
The Data Protection Usage Model
The Run-time Integrity and Attestation Usage Model
Trusted Cloud Value Proposition for Cloud Tenants
The Advantages of Cloud Services on a Trusted Computing Chain
Chapter 3: Platform Boot Integrity: Foundation for Trusted Compute Pools
The Building blocks for Trusted Clouds
Roots of Trust–RTM, RTR, and RTS in the Intel TXT Platform
Compliance Reporting for a Workload/Cloud Service
Solution Reference Architecture for the TCP
Operating System / Hypervisor Layer
Virtualization/Cloud Management and Verification/Attestation Layer
Reference Implementation: The Taiwan Stock Exchange Case Study
Solution Architecture for TWSE
Trusted Compute Pool Use Case Instantiation
Remote Attestation with HyTrust
Use Case Example: Creating Trusted Compute Pools and Workload Migration
Integrated and Extended Security and Platform Trust with McAfee ePO
Chapter 4: Attestation: Proving Trustability
Integrity Measurement Architecture
Policy Reduced Integrity Measurement Architecture
Flow for Integrity Measurement
A First Commercial Attestation Implementation: The Intel Trust Attestation Platform
The Mt. Wilson Attestation Process
Mt. Wilson Trust, Whitelisting, and Management APIs
Mt. Wilson Programming Examples
Chapter 5: Boundary Control in the Cloud: Geo-Tagging and Asset Tagging
Trusted Compute Pools Usage with Geo-Tagging
Stage 1: Platform Attestation and Safe Hypervisor Launch
Stage 2: Trust-Based Secure Migration
Stage 3: Trust- and Geolocation-Based Secure Migration
Adding Geo-Tagging to the Trusted Compute Pools Solution
Hypervisor and Operating System Layer
Virtualization, Cloud Management, and the Verification and Attestation Layer
Provisioning and Lifecycle Management for Geo-Tags
Geo-Tag Workflow and Lifecycle
Validation and Invalidation of Asset Tags and Geo-Tags
Architecture for Geo-Tag Provisioning
Tag Management Service and Management Tool
Chapter 6: Network Security in the Cloud
Application Delivery Controllers
End-to-End Security in a Cloud
Network security: End-to-End security: Firewalls
Network security: End-to-End security: VLANs
End-to-End Security for Site-to-Site VPNs
Network security:End-to-End security: Hypervisors and Virtual Machines
Software-Defined Security in the Cloud
Network Security Capabilities and Examples
Chapter 7: Identity Management and Control for Clouds
Identity Management System Requirements
Key Requirements for an Identity Management Solution
Identity Representations and Case Studies
Security and Privacy Discussion
Chapter 8: Trusted Virtual Machines: Ensuring the Integrity of Virtual Machines in the Cloud
Requirements for Trusted Virtual Machines
The Open Virtualization Format (OVF)
A Conceptual Architecture for Trusted Virtual Machines
Mystery Hill Key Management and Policy Server (KMS)
Workflows for Trusted Virtual Machines
Deploying Trusted Virtual Machines with OpenStack
Chapter 9: A Reference Design for Secure Cloud Bursting
An Explanation of Cloud Bursting
Cloud Bursting Reference Architecture
Secure Environment Built Around Best Practices
Cloud Identity and Access Management
Separation of Cloud Resources, Traffic, and Data
Vulnerability and Patch Management
Network Topology and Considerations
Security Design Considerations
Firewalls and Network separation
Management Network Firewalling