相關主題
商品描述
This book also discusses a learning-based proactive security auditing system, which extracts probabilistic dependencies between runtime events and applies such dependencies to proactively audit and prevent security violations resulting from critical events. Finally, this book elaborates the design and implementation of a middleware as a pluggable interface to OpenStack for intercepting and verifying the legitimacy of user requests at runtime.
Many companies nowadays leverage cloud services for conducting major business operations (e.g., Web service, inventory management, customer service, etc.). However, the fear of losing control and governance still persists due to the inherent lack of transparency and trust in clouds. The complex design and implementation of cloud infrastructures may cause numerous vulnerabilities and misconfigurations, while the unique properties of clouds (elastic, self-service, multi-tenancy) can bring novel security challenges. In this book, the authors discuss how state-of-the-art security auditing solutions may help increase cloud tenants' trust in the service providers by providing assurance on the compliance with the applicable laws, regulations, policies, and standards. This book introduces the latest research results on both traditional retroactive auditing and novel (runtime and proactive) auditing techniques to serve different stakeholders in the cloud. This book covers security threats from different cloud abstraction levels and discusses a wide-range of security properties related to cloud-specific standards (e.g., Cloud Control Matrix (CCM) and ISO 27017). It also elaborates on the integration of security auditing solutions into real world cloud management platforms (e.g., OpenStack, Amazon AWS and Google GCP).
This book targets industrial scientists, who are working on cloud or security-related topics, as well as security practitioners, administrators, cloud providers and operators.Researchers and advanced-level students studying and working in computer science, practically in cloud security will also be interested in this book.
商品描述(中文翻譯)
本書提供了最新雲端安全審計相關研究的全面回顧,並從結構的角度討論雲端基礎設施的審計,重點關注虛擬化相關的安全性質以及多個控制層之間的一致性。它提出了一個離線自動化框架,用於審計在 OpenStack 管理的雲端中,跨越覆蓋層和第二層的虛擬網路之間的一致隔離,考慮到兩個雲層的視角。還涵蓋了一個針對雲端的運行時安全審計框架,特別關注用戶層,包括常見的訪問控制和身份驗證機制,例如 RBAC、ABAC 和 SSO。
本書還討論了一個基於學習的主動安全審計系統,該系統提取運行時事件之間的概率依賴關係,並將這些依賴關係應用於主動審計和防止由關鍵事件引起的安全違規。最後,本書詳細闡述了一個中介軟體的設計和實現,作為一個可插拔的接口,用於 OpenStack,以在運行時攔截和驗證用戶請求的合法性。
如今,許多公司利用雲端服務進行主要業務操作(例如,網路服務、庫存管理、客戶服務等)。然而,由於雲端固有的缺乏透明度和信任,對於失去控制和治理的恐懼仍然存在。雲端基礎設施的複雜設計和實現可能導致許多漏洞和錯誤配置,而雲端的獨特特性(彈性、自助服務、多租戶)則可能帶來新的安全挑戰。在本書中,作者討論了最先進的安全審計解決方案如何通過提供對適用法律、法規、政策和標準的合規性保證,來增強雲端租戶對服務提供商的信任。本書介紹了最新的研究成果,涵蓋傳統的追溯性審計和新穎的(運行時和主動)審計技術,以服務於雲端中的不同利益相關者。本書涵蓋了來自不同雲端抽象層級的安全威脅,並討論了與雲端特定標準(例如,雲控制矩陣 (CCM) 和 ISO 27017)相關的廣泛安全性質。它還詳細闡述了將安全審計解決方案整合到現實世界雲端管理平台(例如,OpenStack、Amazon AWS 和 Google GCP)中的過程。
本書的目標讀者是從事雲端或安全相關主題的工業科學家,以及安全實踐者、管理員、雲端提供商和運營商。研究人員和在計算機科學領域學習和工作的高級學生,特別是在雲端安全方面,也會對本書感興趣。
作者簡介
Taous Madi is currently an Experienced Researcher at Ericsson Canada. She holds a Ph.D. in Information Systems Engineering from Concordia University, Montreal. Previously, she finished her M.Sc. in mobile computing from the University of Science and Technology Houari Boumedien (USTHB), Algiers. Her research interests include cloud computing, network function virtualization security, software-defined networking security, internet of things security, machine learning and formal methods.
Yushun Wang completed his MASc in Information System Security from Concordia University. Previously, he worked as a customer network support engineer, Ericsson (China) for 12 years. He is currently working as a developer at Above Security Canada.
Azadeh Tabiban is currently a Ph.D. student at Concordia Institute for Information Systems Engineering (CIISE). She obtained her Master's degree in Information Systems Security from Concordia University, where she contributed to several research projects on cloud security auditing. Her research interest focuses on the development of more accountable and transparent virtualized environments; particularly on cloud and NFV provenance, intrusion detection, proactive auditing and secure virtualization in untrusted cloud infrastructures.
Momen Oqaily is currently working toward the Ph.D. degree in information and systems engineering at the Concordia Institute for Information Systems Engineering, Concordia University, Montreal, QC, Canada. He received his B.S. degree in network engineering and security and the master's degree in Information Systems Engineering. His research interests include privacy and cloud computing security auditing.
Amir Alimohammadifar completed his BSc in Information Technology in 2010. He received his first master's in Information Technology, communication and computer networks from Sharif University of Technology, 2012, and his second master's in Information Systems Security from Concordia University. He is currently working as a security DevOps engineer at Gameloft Canada.
Yosr Jarraya is currently a researcher in security at Ericsson. Before that, she had a two-year MITACS postdoctoral fellowship with the company. She was previously Research Associate and Postdoctoral Fellow at Concordia University, Montreal. She received a Ph.D. in Electrical and Computer Engineering from Concordia University. She is the co-author of more than 30 research papers on topics including cloud security, network and software security, formal verification and SDN.
Makan Pourzandi is a research leader at Ericsson, Canada. He received his Ph.D. degree in Computer Science from the University of Lyon I Claude Bernard, France and a M.Sc. in parallel computing from École Normale Supérieure de Lyon, France. He has more than 20 years of experience in the fields of cyber security, Telecom and distributed systems. He co-authored a book on software security published by Springer on 2015 and is the co-inventor of 19 granted US patents. He has published more than 65 research papers in peer-reviewed scientific journals and conferences.
Lingyu Wang is a Professor at the Concordia Institute for Information Systems Engineering (CIISE) at Concordia University, Montreal, Canada. He holds the NSERC/Ericsson Senior Industrial Research Chair in SDN/NFV Security. He received his Ph.D. degree in Information Technology in 2006 from George Mason University. His research interests include cloud computing security, SDN/NFV security, security metrics, software security, and privacy. He has co-authored five books, two patents, and over 120 refereed conference and journal articles at reputable venues including TOPS, TIFS, TDSC, TMC, JCS, S&P, CCS, NDSS, ESORICS, PETS, ICDT, etc.
Mourad Debbabi is a Full Professor at the Concordia Institute for Information Systems Engineering and Associate Dean Research and Graduate Studies at the Faculty of Engineering and Computer Science. He holds the NSERC/Hydro-Québec Thales Senior Industrial Research Chair in Smart Grid Security and the Concordia Research Chair Tier I in Information Systems Security. Dr. Debbabi holds Ph.D. and M.Sc. degrees in computer science from Paris-XI Orsay, University, France. He published three books and more than 260 peer-reviewed research articles in international journals and conferences on cyber security, cyber forensics, privacy, cryptographic protocols, threat intelligence generation, malware analysis, reverse engineering, specification and verification of safety-critical systems, smart grid, programming languages and type theory.
作者簡介(中文翻譯)
Suryadipta Majumdar 目前是紐約州立大學奧爾巴尼分校資訊安全與數位取證系的助理教授。Suryadipta 在加拿大康考迪亞大學獲得雲安全審計的博士學位。他的研究主要集中在雲安全、軟體定義網路 (SDN) 安全和物聯網 (IoT) 安全。
Taous Madi 目前是愛立信加拿大的資深研究員。她在蒙特利爾的康考迪亞大學獲得資訊系統工程的博士學位。之前,她在阿爾及利亞的霍阿里·布梅迪恩科技大學 (USTHB) 完成了移動計算的碩士學位。她的研究興趣包括雲計算、網路功能虛擬化安全、軟體定義網路安全、物聯網安全、機器學習和形式方法。
Yushun Wang 在康考迪亞大學獲得資訊系統安全的碩士學位。之前,他在愛立信 (中國) 擔任客戶網路支援工程師 12 年。目前,他在 Above Security Canada 擔任開發人員。
Azadeh Tabiban 目前是康考迪亞資訊系統工程研究所 (CIISE) 的博士生。她在康考迪亞大學獲得資訊系統安全的碩士學位,並參與了多個雲安全審計的研究項目。她的研究興趣集中在開發更具責任感和透明度的虛擬化環境,特別是在雲和 NFV 的來源追蹤、入侵檢測、主動審計和不受信任的雲基礎設施中的安全虛擬化。
Momen Oqaily 目前在康考迪亞大學的資訊系統工程研究所攻讀資訊與系統工程的博士學位。他獲得了網路工程與安全的學士學位以及資訊系統工程的碩士學位。他的研究興趣包括隱私和雲計算安全審計。
Amir Alimohammadifar 於 2010 年完成資訊科技的學士學位。他在 2012 年獲得了第一個碩士學位,專攻資訊科技、通訊和計算機網路,來自沙里夫科技大學,並在康考迪亞大學獲得第二個碩士學位,專攻資訊系統安全。目前,他在 Gameloft Canada 擔任安全 DevOps 工程師。
Yosr Jarraya 目前是愛立信的安全研究員。在此之前,她曾在該公司擔任兩年的 MITACS 博士後研究員。她曾是康考迪亞大學的研究助理和博士後研究員。她在康考迪亞大學獲得電氣與計算機工程的博士學位。她是超過 30 篇研究論文的共同作者,主題包括雲安全、網路和軟體安全、形式驗證和 SDN。
Makan Pourzandi 是愛立信加拿大的研究領導者。他在法國里昂一號克勞德·伯納大學獲得計算機科學的博士學位,並在法國里昂高等師範學校獲得平行計算的碩士學位。他在網路安全、電信和分散式系統領域擁有超過 20 年的經驗。他是 2015 年由 Springer 出版的軟體安全書籍的共同作者,並且是 19 項美國專利的共同發明人。他在同行評審的科學期刊和會議上發表了超過 65 篇研究論文。
Lingyu Wang 是康考迪亞大學資訊系統工程研究所 (CIISE) 的教授。他擔任 NSERC/Ericsson SDN/NFV 安全的高級產業研究主席。他於 2006 年在喬治梅森大學獲得資訊科技的博士學位。他的研究興趣包括雲計算安全、SDN/NFV 安全、安全度量、軟體安全和隱私。他共同撰寫了五本書籍、兩項專利,以及在 TOPS、TIFS、TDSC、TMC、JCS、S&P、CCS、NDSS、ESORICS、PETS、ICDT 等知名場刊上發表的超過 120 篇經過審核的會議和期刊文章。
Mourad Debbabi 是康考迪亞大學資訊系統工程研究所的全職教授,並擔任工程與計算機科學學院的研究與研究生院副院長。他擔任 NSERC/Hydro-Québec Thales 智慧電網安全的高級產業研究主席,以及康考迪亞資訊系統安全的 Tier I 研究主席。Debbabi 博士在法國巴黎 XI 奧爾塞大學獲得計算機科學的博士和碩士學位。他出版了三本書籍和超過 260 篇在國際期刊和會議上經過同行評審的研究文章,主題涵蓋網路安全、網路取證、隱私、密碼協議、威脅情報生成、惡意軟體分析、逆向工程、安全關鍵系統的規範與驗證、智慧電網、程式語言和類型理論。
