CC2025- CLOUD SECURITY

UNIT I - SECURITY CONCEPTS (10 Hours)

Confidentiality, privacy, integrity, authentication, non-repudiation, availability, access control,
defence in depth, least privilege, how these concepts apply in the cloud, what these concepts
mean and their importance in PaaS, IaaS and SaaS. e.g. User authentication in the cloud;
Cryptographic Systems- Symmetric cryptography, stream ciphers, block ciphers, modes of
operation, public-key cryptography, hashing, digital signatures, public-key infrastructures, key
management, X.509 certificates, OpenSSL.
UNIT II - MULTI-TENANCY ISSUES (9 Hours)
Isolation of users/VMs from each other. How the cloud provider can provide this; Virtualization
System Security Issues- e.g. ESX and ESXi Security, ESX file system security, storage
considerations, backup and recovery; Virtualization SystemVulnerabilitiesManagement console
vulnerabilities, management server vulnerabilities, administrative VM vulnerabilities, guest VM
vulnerabilities, hypervisor vulnerabilities, hypervisor escape vulnerabilities, configuration issues,
malware(botnets etc).
UNIT III - VIRTUALIZATION SYSTEM-SPECIFIC ATTACKS (7 Hours)
Guest hopping, attacks on the VM (delete the VM, attack on the control of the VM,code or file
injection into the virtualized file structure), VM migration attack,hyperjacking.
UNIT IV - TECHNOLOGIES FOR VIRTUALIZATION-BASED SECURITY
ENHANCEMENT (9 Hours)
IBM security virtual server protection, virtualization-based sandboxing; Storage Security-
HIDPS, log management, Data Loss Prevention. Location of the Perimeter.
UNIT V - LEGAL AND COMPLIANCE ISSUES (10 Hours)
Responsibility, ownership of data, right to penetration test, local law where data isheld,
examination of modern Security Standards (eg PCIDSS), how standards deal with cloud services
and virtualization, compliance for the cloud provider vs. compliance for the customer.
PRACTICAL - (30 Hours)
REFERENCES
1. Tim Mather, Subra Kumaraswamy, ShahedLatif, “Cloud Security and Privacy: AnEnterprise
Perspective on Risks and
Compliance” O'Reilly Media; 1 edition[ISBN: 0596802765], 2009.
2. Ronald L. Krutz, Russell Dean Vines, “Cloud Security” [ISBN: 0470589876],2010.
3. John Rittinghouse, James Ransome, “Cloud Computing” CRC Press; 1 edition[ISBN:
1439806802], 2009.
4. J.R. ("Vic") Winkler, “Securing the Cloud” Syngress [ISBN: 1597495921] 2011.
5. Cloud Security Alliance, “Security Guidance for Critical Areas of Focus in CloudComputing”
2009.
6. Vmware “VMware Security Hardening Guide” White Paper, June 2011 .
7. Cloud Security Alliance 2010, “Top Threats to Cloud Computing” Microsoft 2013.
8. Timothy Grance; Wayne Jansen;NIST “Guidelines on Security and Privacy inPublic Cloud
Computing”, 2011.
9. Evelyn Brown NIST “Guide to Security for Full Virtualization Technologies”,2011.
10. Peter Mell, Timothy Grance, NIST “The NIST Definition of Cloud Computing ”, 2011.
11. William Hau, Rudolph Araujo et al “How Virtualization Affects PCI
DSS”,www.foundstone.com.
12. Chenxi Wang “Compliance with Clouds: Caveat Emptor”,www.forrester.com/2010.
CS2159-ADVANCED DISTRIBUTED SYSTEMS
UNIT IDISTRIBUTED SYSTEMS 9 hours
Introduction to Distributed Systems - Characterization of Distributed Systems - Distributed
Architectural Models - Remote Invocation - Request-Reply Protocols - RPC - RMI - Group
Communication - Coordination in Group Communication - Ordered Multicast - Time Ordering -
Physical Clock Synchronization - Logical Time and Logical Clocks.
UNIT IIDISTRIBUTED SECRUITY AND TRANSACTIONS 9 hours
Introduction - Overview of security techniques - Cryptographic algorithms – Digital signatures -
Cryptography pragmatics - Flat and nested distributed transactions - Atomic commit protocols -
Concurrency control in distributed transactions - Distributed deadlocks - Transaction recovery
UNIT III DISTRIBUTED MUTUAL EXCLUSION ALGORITHMS 9 hours
Introduction - Lamport's algorithm - RicartAgrawala algorithms - Singhal's dynamic information
structure algorithm - Lodha and Kshemkalyani's fair mutual exclusion algorithms - Quorum
based algorithm - Mackawa's algorithms - Token based algorithms - Roymaond's tree based
algorithms
UNIT IVDEADLOCK DETECTION IN DISTRIBUTION SYSTEMS 9 hours
System Model - Models of deadlocks - Knapp's classsificatipon of distributed deadlock detection
algorithms - Mitchell & Merritt's algorithm for the single resource model - ChandyMisra Haas
slgorithm for the AND & OR Model - Kshemkalyanisinghal algorithm for P out of Q model -
Global predicate detection
UNIT V ADVANCED IN DISTRIBUTED SYSTEMS 9 hours
Authentication in distributed systems - Protocols based on symmetric cryptosystems - Protocols
based on asymmetric cryptosystems - Password-based authentication -Authentication protocol
failures - Self-stabilization - Peer-to-peer computing and overlay graphs - Unstructured overlays
- Chord distributed hash table - Content addressable networks (CAN) - Tapestry - Some other
challenges in P2P system design - Tradeoffs between table storage and route lengths - Graph
structures of complex networks - Internet graphs - Generalized random graph networks - Small
world networks - Scale-free networks - Evolving networks.
TOTAL -45 HRS
REFERENCES
1. George Coulouris, Jean Dollimore, Tim Kindberg, “Distributed Systems
Concepts and Design”, Fifth Edition, Pearson Education Asia, 2012.
2. Ajay D. Kshemkalyani, MukeshSinghal, "Distributed Computing: Principles,
Algorithms, and Systems", Cambridge University Press, 2008
3. Liu, "Distributed Computing: Principles and Applications", Pearson Education , 2004
UNIT IDISTRIBUTED SYSTEMS 9 hours
Introduction to Distributed Systems - Characterization of Distributed Systems - Distributed
Architectural Models - Remote Invocation - Request-Reply Protocols - RPC - RMI - Group
Communication - Coordination in Group Communication - Ordered Multicast - Time Ordering -
Physical Clock Synchronization - Logical Time and Logical Clocks.

PART-A

1. Define distributed systems?

2. Give examples of distributed systems.

3. .List the Limitations of distributed system.

4. What is the difference between RMI and RPC?

5. What is meant by group communication?

6. Define Request reply protocols.

7. What is Remote Procedure Call?

8. What is Remote Method Invocation?

9. What is a clock?

10. Define logical clock.

11. Distinguish between physical clock and Logical clocks.

PART-B

1. List out the characteristics of performance of DS

2. Describe java RMI and explain it with suitable program.
3. Describe group communication with neat sketch.
4. Explain in detail about Remote Procedure call.
5. Explain about synchronization of physical clock.