#REQUEST.pageInfo.pagedescription#

Site Navigation

COMP9035 - Cloud Security

banner1
Title:Cloud Security
Long Title:Cloud Security
Module Code:COMP9035
 
Credits: 5
NFQ Level:Expert
Field of Study: Computer Science
Valid From: Semester 1 - 2017/18 ( September 2017 )
Module Delivered in 3 programme(s)
Module Coordinator: TIM HORGAN
Module Author: Andrew Byrne
Module Description: If a cloud computing system is not secure, then as a concept it is doomed to fail. This module addresses the security issues that pertain to cloud computing as well as best practices, tools and approaches to ensure that the virtualised infrastructure, data and applications are protected.
Learning Outcomes
On successful completion of this module the learner will be able to:
LO1 Critically assess emerging threats and security issues pertinent to virtual environments.
LO2 Understand the evolving legal, compliance and privacy issues arising from cloud computing.
LO3 Evaluate the main vulnerabilities of a virtualised system and how these could be leveraged to launch attacks and methods to implement a secure virtualised system.
LO4 Evaluate tools and protocols for identity management and access control.
LO5 Discuss how cryptography in cloud computing allows secure access to data hosted by cloud providers.
Pre-requisite learning
Module Recommendations
This is prior learning (or a practical skill) that is strongly recommended before enrolment in this module. You may enrol in this module if you have not acquired the recommended learning but you will have considerable difficulty in passing (i.e. achieving the learning outcomes of) the module. While the prior learning is expressed as named CIT module(s) it also allows for learning (in another module or modules) which is equivalent to the learning specified in the named module(s).
No recommendations listed
Incompatible Modules
These are modules which have learning outcomes that are too similar to the learning outcomes of this module. You may not earn additional credit for the same learning and therefore you may not enrol in this module if you have successfully completed any modules in the incompatible list.
No incompatible modules listed
Co-requisite Modules
No Co-requisite modules listed
Requirements
This is prior learning (or a practical skill) that is mandatory before enrolment in this module is allowed. You may not enrol on this module if you have not acquired the learning specified in this section.
No requirements listed
Co-requisites
No Co Requisites listed
 

Module Content & Assessment

Indicative Content
Security Concepts
Confidentiality, integrity, availability, authentication & access control, defense in depth, least privilege, evolving threat landscape for cloud, security for PaaS, IaaS and SaaS, security for containers (e.g. Docker)
Legal and Compliance Issues
Responsibility, data ownership, privacy legislation (e.g. EU GDPR), regulated industries (e.g. healthcare, financial), compliance in the cloud (provider vs. customer), SLAs.
Audit and Assessment
Auditing the cloud, internal vs. external assessments, standards, penetration testing
Infrastructure Security
Change and patch management processes, trusted cloud computing platform, roots of trust in hardware (e.g. TPM, SGX), business continuity, disaster recovery
Virtualisation System Security
ESXi security, cloud storage considerations, backup and recovery, SIEM, virtual network security architectures, network segmentation, traffic isolation, multi-tenancy considerations, operating securely in an insecure environment.
Virtualization System-Specific Attacks
Guest hopping, attacks on VMs and containers, VM escape, VM migration attack, side channel attacks, hyperjacking, malware.
Virtualization System Vulnerabilities
Management console vulnerabilities, management server vulnerabilities, administrative VM vulnerabilities, guest VM vulnerabilities, hypervisor vulnerabilities, hypervisor escape vulnerabilities, configuration issues, malware (botnets etc).
Identity and Access Management
IAM Architecture, IAM Standards, Federated Identities, Authentication and Authorisation.
Cryptographic Systems
Symmetric cryptography, stream ciphers, block ciphers, modes of operation, public-key cryptography, hashing, digital signatures, public-key infrastructures, key management, SSL/X.509 certificates, OpenSSL. New directions in Cryptography (Identity Based Encryption, Attribute Based Encryption, Post Quantum Computing Considerations)
Assessment Breakdown%
Course Work100.00%
Course Work
Assessment Type Assessment Description Outcome addressed % of total Assessment Date
Essay Critical analysis on security and compliance challenges in Cloud based systems. 1,2 40.0 Week 8
Project Case Study on security aspects relating to the protection of workloads, infrastructure, applications and data in virtualised environments. 1,3,4,5 60.0 Sem End
No End of Module Formal Examination
Reassessment Requirement
Coursework Only
This module is reassessed solely on the basis of re-submitted coursework. There is no repeat written examination.

The institute reserves the right to alter the nature and timings of assessment

 

Module Workload

Workload: Full Time
Workload Type Workload Description Hours Frequency Average Weekly Learner Workload
Lecture Lecture delivering content. 2.0 Every Week 2.00
Lab Lab supporting content. 1.0 Every Week 1.00
Independent & Directed Learning (Non-contact) Independent learning. 4.0 Every Week 4.00
Total Hours 7.00
Total Weekly Learner Workload 7.00
Total Weekly Contact Hours 3.00
Workload: Part Time
Workload Type Workload Description Hours Frequency Average Weekly Learner Workload
Lecture Lecture delivering content. 2.0 Every Week 2.00
Lab Lab supporting content. 1.0 Every Week 1.00
Independent & Directed Learning (Non-contact) Independent learning. 4.0 Every Week 4.00
Total Hours 7.00
Total Weekly Learner Workload 7.00
Total Weekly Contact Hours 3.00
 

Module Resources

Recommended Book Resources
  • Dave Shackleford 2012, Virtualization Security: Protecting Virtualized Environments, Sybex [ISBN: 1118288122]
Supplementary Book Resources
  • Tim Mather, Subra Kumaraswamy, Shahed Latif 2009, Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance, O'Reilly Media [ISBN: 0596802765]
  • Ronald L. Krutz, Russell Dean Vines 2010, Cloud Security, Wiley [ISBN: 0470589876]
  • J.R. ("Vic") Winkler 2011, Securing the Cloud, Syngress [ISBN: 1597495921]
  • Davi Ottenheimer, Matthew Wallace 2012, Securing the Virtual Environment, Wiley [ISBN: 1118155483]
  • Davi Ottenheimer, Matthew Wallace 2012, Securing the Virtual Environment, Wiley [ISBN: 1118155483]
Supplementary Article/Paper Resources
  • Cloud Security Alliance 2009, Security Guidance for Critical Areas of Focus in Cloud Computing
  • Cloud Security Alliance 2014, The Notorious Nine: Cloud Computing Top Threats
  • ENISA 2015, Security Framework for Governmental Clouds
  • ENISA 2015, ENISA Threat Landscape
  • NIST 2011, Guidelines on Security and Privacy in Public Cloud Computing
  • NIST 2011, Guide to Security for Full Virtualization Technologies
  • NIST 2013, Security and Privacy Controls for Federal Information Systems and Organizations
Other Resources
 

Module Delivered in

Programme Code Programme Semester Delivery
CR_KCLDC_9 Master of Science in Cloud Computing 2 Mandatory
CR_KINSE_9 Master of Science in Information Security 1 Elective
CR_KINSY_9 Postgraduate Diploma in Science in Information Security 1 Elective

Cork Institute of Technology
Rossa Avenue, Bishopstown, Cork

Tel: 021-4326100     Fax: 021-4545343
Email: help@cit.edu.ie