T6. Cloud Security and Privacy

[This is a full day session.]

As enterprises are rapidly adopting cloud-computing technology to streamline software production, save money, and achieve flexibility, adaptability and scalability in their services, security has become a fundamental concern. The reason is that cloud computing provides new vectors of attacks that can affect a company’s infrastructure, communication networks, data, and services. The Cloud Security and Privacy course prepares the audience by teaching different security algorithms for cloud computing and by showing strengths and weaknesses of different cloud approaches. This course also covers a broad range of topics around privacy and security issues and approaches related to cloud computing, including trust, risk and legal aspects.

Prerequisites:

• No specific prerequisite is required.

Outline:

1. Trust, Privacy and Security of Cloud Computing (1 hour)

   1. Background information overview on cloud computing and the relationship between privacy, security and trust

   2. Occurrence of security, trust and privacy issues of cloud computing

   3. Ways to address security, trust and privacy issues

2. Audits and Laws of Cloud Computing (1 hour)

   1. Data access in the cloud

   2. Different Forensics challenges for legal access to data in a cloud computing environment

   3. Discussion about questions raised by the legal access enforcement

3. Cloud Audit (1 hour)

   1. Overview of the use of cloud audits to reduce cloud security problems

   2. “Security Audit as a Service” (SAS) architecture

4. Security and Integrity (1 hour)

   1. Security infrastructure for dynamically provisioned cloud infrastructure Service

   2. Conceptual issues, basic requirements, and suggestions for provisioning dynamically configured access control service in the cloud

5. Risk Considerations in Cloud Computing (1 hour)

   1. Overview of the applicability to cloud computing environments

   2. Best practices for mitigating information security risks within and enterprise

6. Enterprise Information Risk Management in Cloud Computing (1 hour)

   1. Decision making and developments in trusted infrastructures

   2. Practical examples

   3. Explicit policies to govern user behavior to ensure confidentiality and availability

About the Instructor:

Dr. Paolina Centonze is a professor in the Computer Science Department at Iona College in New Rochelle, New York. Her areas of research include Language-based Security and Mobile Computing. Dr. Centonze is also actively collaborating with researchers at IBM’s Thomas J. Watson Research Center, Yorktown Heights, New York in the area of Mobile Program Analysis for Security. She has published extensively in the area of Cyber Security, and has led the creation of the Cyber Security programs at Iona College. She advises and works with graduate students for their Master of Science theses and research work. Before joining Iona College, Dr. Centonze was a researcher at IBM's Thomas J. Watson Research Center, Yorktown Heights, New York. She is a co-author of many scientific publications and a co-inventor of 9 patents and 12 patent applications.

Dr. Centonze received her Ph.D. in Mathematics and M.S. degree in Computer Science from the New York University Polytechnic School of Engineering, Brooklyn, New York, and her B.S. degree in Computer Science from St. John's University, Queens, New York. Her official Web page is at http://www.iona.edu/Academics/School-of-Arts-Science/Departments/Computer-Science/Faculty-Staff/Paolina-Centonze.aspx