LSEC - Leaders in Security

Security Virtualization, Virtualization Security and Cloud Computing Issues 2009 Revisited

26-Jan-2010

Have you ever been Hyperjacked ? Recently found a Botnet in your Cloud?

Last year, LSEC organized a seminar on some of the Security aspects of Virtualization and Cloud Computing. During that seminar, an outline was presented on current threats, potential solutions and future evolutions. The current business drive on virtualization and cloud computing and the evolution of threats in the cloud, make this topic more than ever important for businesses, organisations and administrations working on or towards Virtualization.


Not yet aware about Hyperjacking, or you don’t know how to run Botnets in the Cloud? We plan to revisit some of the potential threats posed by the use of Hypervisors, Virtual Machines on multiple OS or even running a variety of Virtual Machines on a multitude of physical servers, Did you realize that physically moving a VM from one machine to another, is actually done in the clear?
How easy would it be within your organization to walk in with a USB-stick running a VM, copying all of the VM’s active and re-running their states somewhere else to find out your weaknesses?
How do you realize patch management in VM’s that have been online for a while, but could resurface with potential threats in them? How do you plan to control your ICT-environment, with this Virtual environment? What are your rights when a government enforcement groups hijacks your physical and virtual machines? The challenges are omnivalent and complex. Solutions are non-existent, or just barely surfacing.

Next to that, we also plan to investigate what opportunities Virtualization bring to the world of Security. In this case, as a means to an end. Using Virtual Security Appliances, but also Security solutions in your Virtual Machines, Hypervisors and ensuring their activities run secure - are topics that will be addressed.


Finally, we want to open the discussion on a local basis on the protection of activities in the cloud. What are your challenges in terms of Security? Business people can and will move company data outside of the company’s premises, but the controls can probably not always go along. There will be an increasing challenge to your security, with an increased need for security measures and control. But how can you ensure that no breaches have happened? What about concerns over data ownership, regulations and privacy concerns. Do you require stronger SLA’s? Will you be able to enforce those, if your data is residing abroad? The opportunity of Cloud Computing is there, but the discussion has only just begun.

Preliminary Program

13.00 : Welcome Coffee & Registration
13.30 : Introduction & Opening Notes by Ulrich Seldeslachts
13.40 : Overview of the current challenges on Cloud Computing and Security of Virtualization. Conclusions and ideas from the ENISA Working Group on Cloud Computing and Virtualization, by Phlippe Massonent, CETIC
14.30 : Update on Security Issues related to Virtualization and Cloud Computing, by Johan Celis, IBM Security Solutions Architect
15.20 : Coffee Break
15.40 : Security Challenges In Virtual Environments and how to address them, by Jeroen De Corel, Check Point Security Software, Security Engineer Belux
16.30 : Advantages and Security considerations when publishing applications on mobile devices from out of a cloud, by Gert Vanhaeght, Syscon
17.00 :  Legal Challenges in Cloud Computing, by Maarten Truyens, DLA Piper

About Maarten Truyens : Maarten Truyens is a qualified lawyer registered with the bar of Brussels (Belgium) and practices information technology law at DLA Piper Brussels. He specialises in the fields of e-commerce, IT contracting, data protection, telecom, consumer protection, outsourcing and new technologies. His practice includes clients in both the public and the private sector, in Belgium and abroad. In the domain of open source, he advises both startup companies and multinationals on issues such as dual licensing, open core licensing and the assessment of derivative works in the context of GPL software.

He is a contributing editor of the international Journal for Internet Law (Wolters Kluwer) and is also a regular speaker on seminars regarding ICT law, IT security (identity theft, internet crime), open source, privacy, electronic document management and corporate governance. He regularly participates in both national and international projects investigating the impact of new IT and telecommunications law. He was involved in a European study on the future of the legal framework for the information society (see http://www.euinternetlaw.eu) and another study on technology transfer (see http://www.eutechnologytransfer.eu), both for the European Commission.

Recent books and articles written or co-authored by Maarten Truyens include “Monitoring and analysis of technology transfer and intellectual property regimes and their use” (published in 2009); “Legal issues in technology transfer”, the European Association of Research Managers & Administrators, October 2009; “Standardisation in the European ICT sector: official procedures at the verge of being overhauled” (Shidler Journal of Law, Commerce & Technology, July 2009); “A balanced approach to open source” (IT Professional nr. 44, 9 April 2008); “Long awaited opinion on the use of search engines” (BNA International World Data Protection Report, April 2008); “The Swift Case” (Privacy Advisor, 2007); “The law and security” (Data News ICT Guide 2007) and “Rules for electronic commerce” (Informatie (NL), 2006).

Recent seminars include “Publishing vs patenting”, EIROforum Technology Transfer Conference organised by the European Commission, November 2009; “Legal developments in open source in the US and the EU”, iTechLaw conference for IT Lawyers, November 2009; “Open Source” (ADM, 2008); “How Liable Are You for Identity Theft?”, (RSA Security Conference 2007); “Legal aspects of electronic document management” (Kluwer, 2005-2007); “Legal aspects of IT systems” (University of Antwerp Management School, 2006) and “Instant Messaging: Legal aspects” (Microsoft, 2006).

Before joining DLA Piper Belgium in 2005, Maarten worked as an IT consultant, in areas such as transactional high-volume websites, database publishing, multimedia and business automation. This hands-on experience with e-commerce matters, from both a technical and managerial point of view, has rendered him invaluable technical information, which he now combines with his legal knowledge. His clients value his active technical knowledge of internet-related technologies and protocols, programming languages, databases and Web 2.0 programming frameworks. Having witnessed the internet revolution from the inside, he is acquainted with the benefits and pitfalls of e-commerce transactions and on-line business models.

17.50 : Some solutions in managing Security on Virtual Machines, by Peter van Eeckhout, McAfee IT Security and Compliance Solutions
18.40 : Reception and Close of Seminar

Other subjects to be discussed :
Security challenges of Hypervisors and Virtualization broken down.
Some solutions for better improving your Virtual Machines, your Virtualization environment and your Hypervisors.
Business and legal challenges posed by Cloud Computing.
The local debate on the future of Security and Control in the space of Virtualization and Cloud Computing.

Practical Details

LSEC Security Virtualization, Virtualization Security and Cloud Computing Issues 2009 Revisited

Leuven, Auditorium Kasteel Arenberg, KU Leuven, Kasteelpark Arenberg - 3001 Heverlee
Tuesday, January 26th, 2010 - from 13h - 18h seminar with exhibition and panel discussions.

Grotere kaart weergeven

Grotere kaart weergeven
Registration :
- You are welcome to register on this website if you haven’t done before and fill in your personal and company details.
- Afer registering on the website, or logging in on the homepage (scroll down to the fill in form) return to this page and push the subscribe button
- Too difficult? no problem, just send us email with your contact details to virtual2 at lsec.be

Attendance Fee :
- This seminar is part of LSEC’s awareness program and free to attend for anyone bringing along a colleague or a friend. Send us the email you’ve forwarded to your colleague or friend, and you and him (her) will be able to attend for free
- Alternatively you can support our activities by paying a small fee to support our catering and facilities of 150 € (excl VAT)
- We do have a cancellation policy that requires you to pay a fee of 150 € (excl VAT) if you have not cancelled at least 24 hours prior to the event.

The LSEC team is looking forward welcoming you January 26th.