Syllabus Security and Privacy in Cloud - (CCS362) UNIT I FUNDAMENTALS OF CLOUD SECURITY CONCEPTS Overview of cloud security- Security Services - Confidentiality, Integrity, Authentication, Nonrepudiation, Access Control - Basic of cryptography - Conventional and public-key cryptography, hash functions, authentication and digital signatures. (Chapter - 1) UNIT II SECURITY DESIGN AND ARCHITECTURE FOR CLOUD Security design principles for Cloud Computing - Comprehensive data protection - End-to-end access control - Common attack vectors and threats - Network and Storage - Secure Isolation Strategies - Virtualization strategies - Inter-tenant network segmentation strategies - Data Protection strategies: Data retention, deletion and archiving procedures for tenant data, Encryption, Data Redaction, Tokenization, Obfuscation, PKI and Key. (Chapter - 2) UNIT III ACCESS CONTROL AND IDENTITY MANAGEMENT Access control requirements for Cloud infrastructure - User Identification - Authentication and Authorization - Roles-based Access Control - Multi-factor authentication - Single Sign-on, Identity Federation - Identity providers and service consumers - Storage and network access control options - OS Hardening and minimization - Verified and measured boot - Intruder Detection and prevention. (Chapter - 3) UNIT IV CLOUD SECURITY DESIGN PATTERNS Introduction to Design Patterns, Cloud bursting, Geo-tagging, Secure Cloud Interfaces, Cloud Resource Access Control, Secure On-Premise Internet Access, Secure External Cloud. (Chapter - 4) UNIT V MONITORING, AUDITING AND MANAGEMENT Proactive activity monitoring - Incident Response, Monitoring for unauthorized access, malicious traffic, abuse of system privileges - Events and alerts - Auditing - Record generation, Reporting and Management, Tamper-proofing audit logs, Quality of Services, Secure Management, User management, Identity management, Security Information and Event Management. (Chapter - 5)