Issues 2012: Cloud Computing Workshop

Chair: Dr. Harvey H. Rubinovitz

In recent months, the interest in Cloud Computing has increased. While Cloud Computing has a number of benefits, there are also issues that one should be aware of before enlisting its use. Cloud Computing presents a number of security concerns due to the nature of the Cloud, including the following: data protection, identity management, authentication and authorization standards, policy management, and virtualization process implementation. Infrastructures for the Cloud may be built on servers using different types of technologies, including different methods of virtualization that have risks associated with their use.

Tradeoffs between cost, functionality, and security also need to be considered. Are the cost savings on hardware and easier management of Cloud systems worth the changes to the overall level of security? Are the current defenses such as firewalls and security applications ready for Cloud Computing? Are there any issues with our current security tools when applied to Cloud Computing? What about the concerns of malicious software and the effects it can have within the Cloud? What about the contractual agreements between users of the Cloud and the Cloud provider. Is one's data protected to the same degree as it was without placing it on a Cloud? What guarantees does the user have about how their data is protected? How is liability for a data breach handled in a Cloud scenario? Are typical outsourcing agreements sufficient to address the issue?

This workshop will focus on Cloud Computing security, how users of Cloud systems can be educated to maintain the security posture of their systems, and how to improve the state of the art of Cloud Computing. The workshop will also look at the need to facilitate research and development of the next generation of Cloud Computing security standards and tools to assist in the creation of better, more secure systems.

Participants in previous workshops agree that the workshops have provided a useful and exciting forum to exchange ideas, opinions, and concerns. Due to community interest in Cloud Computing security and the rapidly evolving technologies, this year's workshop should generate much discussion.

Pre-registration is required as there is a registration fee to cover the cost of the workshop, lunch, and snack. Position papers are encouraged. To submit a paper, contact Harvey Rubinovitz, Workshop Chair, The MITRE Corporation, M/S S145, 202 Burlington Road, Bedford, Massachusetts 01730; (781)-271-3076; hhr@mitre.org. The paper deadline is October 1st. If you are interested in attending please check off the appropriate box on the conference registration form and add in the Cloud Computing Workshop (CCW) fee. Lunch will be included as part of the workshop fee.

AGENDA

Look Ma No Hands - Automating Security the RightScale Way
Patrick McClory, RightScale

Insider Threats in the Cloud
Bill Claycomb, CERT Insider Threat Center, Software Engineering Institute, Carnegie Mellon University

Secure Virtualization Infrastructure
John McDermott, Naval Research Lab

Privacy Enforcement for Untrusted Cloud Applications
Emil Stefanov, University of California

Unified Policy Management in Cloud
Hassan Takabi, Laboratory for Education and Research on Security Assured Information Systems (LERSAIS), University of Pittsburgh

Additional ACSA Events:
NSPW – New Security Paradigms Workshop
LASER – Learning from Authoritative Security Experiment Results