Security and Privacy in Cloud Computing |
|||
Department of Computer Science at Johns Hopkins University |
CS 600.412. Spring 2010 For the 2011 course page, please click here. |
||
InstructorRagib Hasan |
TimeMonday 3.00 pm - 3.50 pm PlaceShaffer 202 |
News02/08: Snow day, no class 01/25: First day of class 01/21: Course webpage launched
|
![]() |
Course DescriptionThis course focuses on the security and privacy issues in Cloud Computing systems. While the cloud computing paradigm gains more popularity, there are many unresolved issues related to confidentiality, integrity, and availability of data and computations involving a cloud. In this course, we will examine cloud computing models, look into the threat model and security issues related to data and computation outsourcing, and explore practical applications of secure cloud computing. Since cloud computing is a very young field, we will mainly study the cutting edge research published in recent conferences. |
|||
Course Topics
|
|||
EvaluationBased on paper reviews |
|||
Schedule |
|||
01/25 - Lecture 1: A Walk in the Clouds: Overview of Cloud Computing [pptx] [pdf] Further reading : [Above the Clouds: A Berkeley View of Cloud Computing] [pdf] |
|||
02/01 - Lecture 2: Attacks, Vulnerabilities, and Enemies: Modeling threats in a cloud [pptx] [pdf] Further Reading: [The STRIDE threat model] |
|||
02/08 Snow day |
|||
02/15 - Lecture 3: Topology Attacks on Clouds. [pptx] [pdf] Review: Thomas Ristenpart, Eran Tromer, Hovav Shacham, Stefan Savage, Hey, You, Get Off of My Cloud! Exploring Information Leakage in Third-Party Compute Clouds, proc. ACM Conference on Computer and Communications Security (CCS) 2009, 199--212, ACM, 2009. [pdf] |
|||
02/22- No class | |||
03/01- Lecture 4: Proofs of Data Possession and Retrievability (Guest lecture by Prof. Randal Burns)
[pdf]
Review : Giuseppe Ateniese, Randal Burns, Reza Curtmola, Joseph Herring, Lea Kissner, Zachary Peterson and Dawn Song, Provable data possession at untrusted stores, ACM Conference on Computer and Communications Security (CCS) 2007. [pdf] |
|||
03/08- Lecture 5: How to secure clouds? Hardware, CloudNet, and Private Virtualization based approaches [pptx] [pdf] Review: Santos et al., Towards Trusted Cloud Computing, USENIX HotCloud 2009 [pdf] [slides] Read: Wood et al., The Case for Enterprise-Ready Virtual Private Clouds [pdf] [slides] Read: Krautheim, Private Virtual Infrastructure for Cloud Computing [pdf] [slides] |
|||
03/15- No class - Spring Vacation | |||
03/22- Lecture 6: Verifying Computations in Clouds [pptx] [pdf] Review: Du et al., RunTest: Assuring Integrity of Dataflow Processing in Cloud Computing Infrastructures, AsiaCCS 2010. [pdf] Optional Reading: Wei et al., SecureMR: A Service Integrity Assurance Framework for MapReduce, ACSAC 2009. [pdf]
|
|||
03/29- Lecture 7: Cloud Forensics [pptx] [pdf] Review: Lu et al., Secure Provenance: The Essential Bread and Butter of Data Forensics in Cloud Computing, AsiaCCS 2010. [pdf] |
|||
04/05- Lecture 8: Verifiability of Data in clouds. Review: Wang et al. Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing , ESORICS 2009. [pdf] |
|||
04/12- Lecture 9: Availability and Integrity in Clouds Review: Bowers et al., HAIL: a high-availability and integrity layer for cloud storage, CCS 2009. [pdf] |
|||
04/19- Lecture 10: Securing MapReduce Review: Roy et al., Airavat: Security and Privacy for MapReduce, NSDI 2010. [pdf] [alternate_link] |
|||
04/26 - Lecture 11: Wrapping up: Summary of what we learned (No papers to review.) |
|||
Ethics PolicyThe students must comply with the Department of Computer Science Integrity Code, as described here. |
|||
Cloud Image credit: Wikimedia commons under Creative Commons Attribution ShareAlike licence