Course #380-13-FXVA-1

Cloud Computing Security

Dates: Nov-07-2012 - Nov-08-2012


AFCEA Headquarters (Map)
4400 Fair Lakes Court
Fairfax, VA 22033

Hours: 8:30am-4:30pm

Early Bird Rates In Effect through 10/07/2012!

$800 $700 Government AFCEA Member
$900 $800 Government Non Member
$1,100 $1,000 Non-Government AFCEA Member
               Non-Government Non Member

This course qualifies for Continuing Education Units.
Note: This course has been confirmed for the scheduled dates.

Course Description:

Included in course materials: Dr. Caloyannides' book "Computer Privacy and Forensics"

Cloud Computing Security Topics to be discussed

(These are in addition to the larger issues on protecting networks and workstations)

  • First of all, what is to be in the “cloud”?
    • Data storage
    • Application software
  • Security concerns depend on “which kind of cloud”?
    • Private cloud (lives within secured customer facilities) Public cloud (vendor provided; may be in a foreign country)
    • Hybrid
  • Security (especially for this customer) has many independent dimensions, all of which must be satisfied
    • Confidentiality (easily fixed with potent encryption). Concern: Secure Key Distribution
      • Issue: CIC needs to see even if not explicitly listed as an authorized recipient. This is the equivalent of crypts and slugs of DO traffic, and CIC workarounds.Data segregation for compartmented data. (Physical or encryption-based segregation)
      • Data segregation for multi-level security. Lower levels must be unaware of the existence of higher levels and the data in such higher levels.
    • Integrity of data and applications
      • Access control to prevent unauthorized data manipulation or insertion, malware, etc.
    • Availability where and when needed. This is a huge issue when you become dependent on a third party (in the case of a public “cloud”). Fixes:
      • Redundant cloudsRedundant telecom lines. (Must be true redundancy; leasing lines from two telecom vendors is pointless when one such vendor piggybacks on the other vendor’s fiber optic lines).
      • Must be scalable so as to accommodate large bursts of usage when needed.
    •  Prevention of Traffic Analysis. If using a public cloud, third parties could make inferences from traffic volume and times (easily fixed by using bogus traffic when no real traffic exists).Accountability. Who did what and when. Important to CIC and OS.Cloud security management. Need to train a cadre of customer people in it.
      • Who selects and buys (or builds) application software? Who debugs it? What process will be in place to report bugs? How about reporting a “wish list” of desired new features?
    • Security must not be vendor-specific so that customer does not become hostage to that vendor. Since security information must be shared across many vendors, security should rely on crypto keys and NOT on algorithms (security by obscurity is a bad idea).Customer-business continuity issues in the event of outages due to any reason.
      • Backup plans, and backups to backups
      • Data recovery must be assured under all conditions
  • Unique requirements for this customer must be met during system design, not as an afterthought.
    • How will undercover employees access the cloud without compromising their cover?
      • Various types of cover have their own unique needs and constraints
    • Must think of and eliminate all possible single points of failure to the cloud-using architecture. MUST exercise those contingency plans regularly, just like fire drills.
      • Intentional (malicious) attackAccidental failureAct of God (hurricane, solar flares, etc.)
      • War (EMP attack in particular).
    • Aim for Survivability, not for perfection. The system will “hiccup” on occasion, but such hiccups must not cause an outage but a graceful degradation in performance.
      • Anticipate possible problems with a lot of “what if…” planning sessions.
        • Do not use “security” people for this, as their mind set is usually to prevent a recurrence of last year’s war. Use people with a hacker’s mentality for such exercises.
          • What if all cloud vendors used went bankrupt?What if the communications lines got congested during a national emergency and the cloud is unuseably slow?What if the sysadmin was compromised?What if a solar flare wiped out power distribution to the facility housing the cloud(s)?What if the public cloud’s owner was bought out by a foreign company?What if the public cloud is migrated to a foreign country by its owner?
          • What if..

Shortly after the 9/11 tragedy, US Today quoted government sources alleging that terrorists have been using the Internet to communicate covertly with each other, even hiding messages in pornographic web pages. Indeed, the Internet can easily facilitate worldwide covert communications using any one of a multitude of means such as steganographically hiding any message, including graphics and imagery, in web pages, in Usenet newsgroup postings, in spam emails, etc. Unlike the microdot of World War II fame, today’s networks offer a vast collection of ways for individuals to communicate covertly. There is even a very reputable academic discipline, “Covert Channels”, with its own yearly conference and very reputable academics furthering new techniques for establishing covert communications across networks.

  • Is steganography really detectable, as some claim? (Some is, but most isn’t). How can terrorists get around steganalysis (means for detecting steganographically hidden messages)? (Lots of ways). What are the many ways whereby terrorists can use the Internet to communicate covertly with each other right under the nose of US law enforcement? Do Internet Cafes and library Internet terminals provide ways to anonymize terrorists over the Internet? (Yes, they do, and this is unlikely to change). Does the rapid proliferation of Wi-Fi “hotspots” worldwide provide ways for terrorists to become anonymous over the Internet? (It does). How does “war driving” and “war chalking” facilitate covert terrorist communications? Can other global networks, such as ATM terminals, airline reservations, and others, be used for covert communications? (They can.) Can all of these avenues be closed to terrorists? (They cannot). Given all of the foregoing, what could be indicators of suspects’ likely usage of covert channels through the Internet? How can such indicators be detected remotely and unobtrusively?
  • What forensic techniques can be used on suspected terrorists’ computers and service providers’ records to confirm covert communications?


1. To provide attendees with detailed information about the numerous ways that the Internet can be used by terrorists, (and also by narcotraffickers and others) to communicate in a manner that totally defeats any large scale interception efforts.

2. To provide attendees with detailed information about ways whereby US officials can themselves use the Internet to communicate in a manner that will defeat hostile foreign efforts to intercept such communications.

3. To provide attendees with detailed information on ways whereby the use of personal computers by US officials can negate hostile foreign computer forensics, whether or not such computers are connected to the Internet.


1. US officials tasked with identifying terrorist communications to the extent this can be done.
2. US officials whose official capacity makes them likely targets of adversaries who would have an interest in these officials use of their computers (official or personal).
3. US officials whose official capacity requires them to communicate through the Internet and through other commercial networks in a manner which is not alerting to foreign adversaries nor interceptable by them.



A. Offline use of computers

a) What computer forensics can do, how and why.
b) How to defeat computer forensics.

B. Communicating over the Internet in an undetectable manner.

a) The shortcomings of current interception practices.
b) Specific ways of using the Internet to communicate despite hostile interception efforts.
c) Possible advanced approaches to identifying terrorist communications over the Internet.
d) Extending the above to commercial networks other than the Internet.

Course Coordinator and Lecturer
Dr. Michael Caloyannides

Dr. Michael Caloyannides is Chief Scientist for Ideal Innovations, Inc., the second fastest growing company in the Washington, D.C. metro area, which provides technological and operational support to U.S. forces.  He earned his PhD in electrical engineering, applied mathematics and philosophy from Caltech in '72. He has worked at the highest technical levels in Industry (15 years), Academia, and Government (14 years); additionally he has consulted for numerous US corporations as well as for NASA. He is the author of a book, "Computer Privacy and Forensics" published by Artech House, has just finished writing another on "Effective Personal Computer Encryption" for John Wiley Publishers, and has numerous other technical publications.

Directions to AFCEA Headquarters     Restaurants Near AFCEA     AFCEA Travel Info