1 Defining, Securing, and Standardizing Cloud Computing Lee Badger and Chris Johnson Sep. 28, 2010
2 Outline 1 2 Brief review of clouds. few security issues in the cloud. - virtualization 3 SCP 4 Introduction to Standards cceleration to Jumpstart doption of Cloud Computing (SJCC). Note: ny mention of a vendor or product is NOT an endorsement or recommendation. 2
3 1 Brief review of clouds. 3
4 Cloud Computing Computers in a network, providing service. Users with network access. Convenient remote computer rental.... In any quantity. Feels local. technical or business innovation?
5 Working Cloud Definition (1 of 3) 5 Key Characteristics 1 2 On-demand self service $ renting takes minutes Ubiquitous network access 4 $( $ ( Elasticity Jan Feb Mar = rent it in any quantity Dec Jan ) ) 5 Resource pooling anywhere / any device reduces cost 3 Metered use = off off on conserve resources 5
6 Working Cloud Definition (1 of 3) 5 Key Characteristics 1 2 On-demand self service $ renting takes minutes Ubiquitous network access 4 $( $ ( Elasticity Jan Feb Mar = rent it in any quantity Dec Jan ) ) 5 Resource pooling anywhere / any device reduces cost 3 Metered use = conserve resources off off on where is my workload? 6
7 Working Cloud Definition (2 of 3) 3 Deployment Models Cloud Provider Cloud Customer 1 Software as a Service (SaaS) dmin control Total control pplication e.g., mail Middleware e.g.,.net Operating System Hardware Limited dmin control No control 2 Platform as a Service (PaaS) dmin control Total control pplication Middleware Operating System Hardware Limited programmability No control 3 Infrastructure as a Service (IaaS) No control dmin control pplication Middleware Operating System Hypervisor Hardware Total control No control 7
8 Working Cloud Definition (3 of 3) 4 Delivery Models Cloud Provider Infrastructure Cloud Customer Data Center 1 Private 2 Community management 3 Public 4 Hybrid 8
9 2 few security issues in the cloud. - virtualization 9
10 What is Security? Traditionally, approximately: confidentiality: your data not leaked integrity: your data or system not corrupted availability: your system keeps running What does this mean in the cloud? without user physical control Some issues with dynamically changing infrastructure key management virtualization 10
11 Some Traditional Ideas Subject Low Reference Monitor Object Low SubjectHigh 1) non-bypassable 2) protected from tampering 3) simple ObjectHigh Bell/Lapadule (BLP) model no read up no write down Biba integrity model inverse of BLP rules Clark/Wilson integrity invariant maintenance via transactions Basic modeling approach: secure initial state security-preserving state transition security-preserving state transition security-preserving state transition... credit: nderson report from early 1970 s (reference monitor).
12 Clouds Might Contain Reference Monitors (but it s a different situation) Queriess, Cmds Queriess, Cmds reports reports Users Logical IaaS Cloud rchitecture Cloud Manager DOS Legend DOS - Data Object Storage PLS Persistent Local Storage CM Computer Manager... network WN LN Cluster Manager 1 PLS Cluster PLS... Manager 2 Cluster Manager N PLS CM 1 CM 2... CM N... Computer CM N CM 1 CM 2... CM N Manager (CM) J credit: this figure inspired by the Eucalyptus system  and the Ubuntu Enterprise Cloud . CM 1... vm 1 hypervisor vm 2... vm N 12
13 Hardware Virtualization applications OS, e.g., Linux VM applications OS, e.g., Win32 VM VMM hardware... simple picture! But implementation is complex. Virtual Machines (VMs) can be: suspended/copied/moved/lost/recovered.
14 Hardware Virtualization (Box View) 1 2 dom0 Guest OS Guest OS VMM HW type 1 Para-virtualization Guest OS I/O VMM Host OS HW type 2 Guest OS VMM dom0 Guest OS Guest OS VMM HW type 1 Full virtualization Guest OS I/O VMM Host OS HW type 2 Guest OS VMM 3 Terminology Guest OS : runs only on VMM Host OS : runs only on HW Domain : virtual machine on VMM Hypervisor : virtual machine monitor 4 x86 CPU mode ring 3 ring 2 ring 1 ring 0 Issue: Deprivileging ring 3 ring 0 Guest OS (kernel) Guest OS (kernel) VMM ring 3 ring 1 ring 0
15 Making x86 Virtualizable Using Binary Translation Guest OS kernel in ring 1 Running Basic blocks C B 2 Copy a newlyencountered basic block to the cache. ret C jmp Translation Cache (also in memory) B call instruction instruction SGDT instruction instruction call instruction instruction instruction instruction instruction instruction instruction call Guest OS kernel in ring 1 (if needed) VMM ring 0 1 Identify the next block by scanning instructions for a jump/call/etc (that ends a basic block). 3 Binary translate any prohibited instruction into a sequence that emulates it safely. 4 Run/rerun translated block at full speed. Technique used by VMware, in 1999.
16 Making x86 Virtualizable Using Extra Hardware Floating Point Data 17 rithmetic 26 Compare 14 Transcendental 8 Constants 7 Control 20 State management 2 SIMD 94 MMX 47 SSE 62 SSE2 69 SSE3 13 SSSE3 32 SSE Intel 64 General Purpose Data transfer 32 rithmetic 18 Logical 4 Shift/rotate 9 Bit/byte 23 Control transfer 31 String 18 I/O 8 Enter/leave 2 Flag control 11 Segment register 5 Misc VT-x Extensions 12 Safe mode 1 Intel version of x86-64 contains ~595 instructions. Hardware extensions make the instruction set virtualizable System bit mode 10
17 Original structure CPU mode ring 3 ring 2 ring 1 ring 0 Intel Virtual Machine Extensions (VMX) Host OS Host OS Host OS Host OS Host OS ring 3 Host OS ring 0 Legacy software runs in the expected rings, hopefully unaware. there is no software-visible bit indicates VMX non-root operation, Intel 64 manual. VMX non-root Deprivileged (very configurable). CPU State transitions Ring 0 VMXON VMXOFF VMXLUNCH VMXRESUME VMM VMX root VMXCLL side effects Many instructions cause faultlike VM exits: interrupts I/O events page table management privileged instructions, etc. VMM handles faults VM exit rate determines performance ddress translation is complex
18 How Complex is Virtualization? legend Source Lines Of Code 55,000,000 Debian Linux Operating system Virtualization system 35,000,000 20,000,000 15,000,000 Windows 95 Windows 2k Windows NT Red Hat Linux 3,000,000 1,000,000 60, Windows 3.1 VirtualBox Xen Qemu Bochs Kaffe VMM code counts generated using David. Wheeler's SLOCCount tool. Windows estimate from Bruce Schneier Linux estimates from Gonzalez-Barahona et al., and David Wheeler
19 Cloud Computing Security Lack of Visibility number of issues: complexity loss of (user) control network dependance multi-tenancy browser-dependence key management trusted platform module automated management compliance... 19
20 3 SCP 20
21 Is there a common thread among these Issues & Challenges? Lack of visibility into the cloud Lack of concrete evidence regarding the security of the cloud environment leads to varying degrees of fear, uncertainty and doubt Risk: We can t understand what we can t see Control and visibility varies depending on the delivery and deployment model Operating on Faith: Trusting absent proof or material evidence 21
22 What is needed? - Trust, But Verify bility to express security requirements Means of ensuring and reporting compliance Technical evidence that demonstrates how requirements are being met Metadata about the compliance report and technical evidence collected Common, uniform representations that foster interoperability across security products Security utomation Technical Evidence and rtifacts ctionable Information Organizational Knowledge 22
23 Role of Security utomation Express Security Requirements extensible Configuration Checklist Description Format (XCCDF) Standard XML for specifying checklists and for reporting results of checklist evaluation uthor checklists to assess hypervisors, guest operating systems and applications hosted in the cloud 23
24 Role of Security utomation Common, uniform representations that foster interoperability across security products Common Configuration Enumeration Common Vulnerabilities and Exposures Common Platform Enumeration 24
25 Role of Security utomation ssess and Report ssessment Details Open Vulnerability and ssessment Language Used to assess low-level machine state ble to provide detailed assessment results Language expresses the technical details for evaluating security settings 25
26 Future Scope of Security utomation Program Security utomation Expose and understand the nuances of these domains and activities within cloud computing environments Security utomation specifications are required in each domain/activity area to ensure true interoperability across the IT security landscape. Security utomation Domains Security utomation ctivities Legend
27 dditional Thoughts on utomation in the Cloud Temporal dimension is important Persistence Short duration State changes Cloud Resource Provisioning Cycles Monitoring change over the life of a cloud object Latency Object is gone before you even knew it was there Latency in assessment and results reporting 27
28 dditional Thoughts on utomation in the Cloud May require some new thinking on how we describe assets and systems Composition of ssets Clusters Hypervisor and VMs Vendor publication of well-documented PIs that allow us to evaluate security state and automated security checklist guidance 28
29 4 Introduction to Standards cceleration to Jumpstart doption of Cloud Computing (SJCC). Lee Badger Tim Grance Dawn Leaf 29
30 Important Cloud Computing Requirements interoperability: clouds work together portability: workloads can move around security: customer workloads protected (to the extent possible) Well-formulated standards could help, but they take time to evolve. 30
31 Short Term Standards Effort Until standards mature: What is needed is a process to test important cloud system requirements --- will provide that. SJCC Portable Interoperable Secure (as possible) Standards cceleration to Jumpstart doption of Cloud Computing 31
32 Use Cases Use Case: a description of how groups of users and their resources may interact with one or more cloud computing systems to achieve specific goals. Goal abstract use case Step 1 Step 2 Step a Step b Step I Step j OR OR... add concrete details case study 32
33 Use Cases Use Case: a description of how groups of users and their resources may interact with one or more cloud computing systems to achieve specific goals. Goal abstract use case Step 1 Step 2 Step a Step b Step I Step j OR OR... add concrete details case study Example: Parent $ Bank $ Student 33
34 Use Case Use Case: a description of how groups of users and their resources may interact with one or more systems to achieve specific goals. ctors: the active entities Goals: what the use case tries to achieve ssumptions: conditions assumed true Success Scenario 1 (name, IaaS, PaaS, SaaS) stepby-step narrative of what happens to achieve the use case goal Failure Conditions: what might go wrong Failure Handling: how to deal with known failures Success Scenario 2 (name, IaaS, PaaS, SaaS) nother narrative Failure Conditions: what might go wrong Failure Handling: how to deal with known failures... Credit: any source that inspired us We are using the approach of. Cockburn, slightly customized Cockburn: scope of application
35 SJCC Flow Cloud Standards Portal 1 Initial Use Cases Provided by Gov. 4 Success? Government-run Validation Exercises yes Use Cases Validated Specifications Reference Implementations 2 Legacy specifications Identified by Gov. Spec 1 Spec 2 Spec n Test 1 Test 2 Test n Proposed Specifications Reference Implementations 3 Generate Test cases specifications, use cases: provide insight on how clouds can work reference implementations: enable validation exercises continuously growing portal: new content added over time publically available: anyone can access 35
36 Use Case SP For now, a simple taxonomy 22 use cases more on the way uthors: Jeff Voas, Ramaswamy Chandramouli, Robert Patt-Corner, Robert Bohn, Tom Karygiannis, Tim Grance, Lee Badger. Credit: various use cases inspired by mazon, the Eucalyptus project, the DMTF, SNI, the libcloud project, and by Gaithersburg MD May 2010 use case workshop participants.
37 References  mazon Web Services, aws.amazon.com.  Eucalyptus: Technical Report on an Elastic Utility Computing rchitecture Linking Your Programs to Useful Systems, UCSB Computer Science Technical Report Number  IDC Enterprise Panel, ugust 2008 n=244  Interoperable Clouds, White Paper from the Open Cloud Standards Incubator, Distributed Management Task Force, Version 1.0, DMTF Informational, Nov. 11, 2009, DSP-IS0101  libcloud,  Open Virtualization Format Specification, DMTF Document Number DSP0243, Version 1.0, Feb. 22,  Cloud Storage Use Cases, Storage Network Industry ssociation, Version 0.5 rev 0, June 8,  Starting mazon EC2 with Mac OS X. Robert Sosinski. /starting-amazon-ec2-with-mac-os-x/  The Eucalyptus Open-source Cloud-computing System, D. Nurmi, R. Wolski, C. Grzegorcyk, G. Obertelli, S. Soman, L. Youseff, D. Zagorodnov, in Proceedings of Cloud Computing and Its pplications, Oct  Ubuntu Enterprise Cloud rchitecture, S. Wardley, E. Goyer and N. Barcet, Technical White Paper, 2009, 37
38 Backup 38
39 VMM Implementation Quality Should Not be ssumed In 2007, Tavis Ormandy subjected 6 virtualization systems to guided random testing of their invalid instruction handling and I/O emulation. Bochs QEMU VMWare Xen nonymous 1 nonymous 2 178k SLOC 373k SLOC 910k SLOC ll of the systems failed the tests, most with arbitrary execution failures. Device emulation was a particular area of vulnerability. For details, see: taviso.decsystem.org/virtsec.pdf Reference: n Empirical Study into the Security Exposures to Host of Hostile Virtualized Environments, by Travis Ormandy. taviso.decsystem.org/virtsec.pdf Code counts generated using David. Wheeler's SLOCCount tool.
Special Publication 800-146 DRAFT Cloud Computing Synopsis and Recommendations Recommendations of the National Institute of Standards and Technology Lee Badger Tim Grance Robert Patt-Corner Jeff Voas NIST
Special Publication 800-125 Guide to Security for Full Virtualization Technologies Recommendations of the National Institute of Standards and Technology Karen Scarfone Murugiah Souppaya Paul Hoffman NIST
Contents Introduction...1 Overview of x86 Virtualization...2 CPU Virtualization...3 The Challenges of x86 Hardware Virtualization...3 Technique 1 - Full Virtualization using Binary Translation...4 Technique
Standard: Version: 2.0 Date: June 2011 Author: PCI Data Security Standard (PCI DSS) Virtualization Special Interest Group PCI Security Standards Council Information Supplement: PCI DSS Virtualization Guidelines
Cloud Service Level Agreement Standardisation Guidelines Brussels 24/06/2014 1 Table of Contents Preamble... 4 1. Principles for the development of Service Level Agreement Standards for Cloud Computing...
The Critical Security Controls for Effective Cyber Defense Version 5.0 1 Introduction... 3 CSC 1: Inventory of Authorized and Unauthorized Devices... 8 CSC 2: Inventory of Authorized and Unauthorized Software...
EINDHOVEN UNIVERSITY OF TECHNOLOGY Department of Mathematics and Computing Science MASTER S THESIS Cryptography as a service in a cloud computing environment Hugo a.w. Ideler Eindhoven, December 2012 Supervisors:
Hardware Support for Efficient Virtualization John Fisher-Ogden University of California, San Diego Abstract Virtual machines have been used since the 1960 s in creative ways. From multiplexing expensive
Breaking Up is Hard to Do: Security and Functionality in a Commodity Hypervisor Patrick Colp, Mihir Nanavati, Jun Zhu, William Aiello, George Coker, Tim Deegan, Peter Loscocco, and Andrew Warfield Department
Microsoft System Center 2012 R2 Why Microsoft? For Virtualizing & Managing SharePoint July 2014 v1.0 2014 Microsoft Corporation. All rights reserved. This document is provided as-is. Information and views
Institute of Parallel and Distributed Systems University of Stuttgart Universitätsstraße 38 D 70569 Stuttgart Diplomarbeit Nr. 3242 Data security in multi-tenant environments in the cloud Tim Waizenegger
The Incremental Advantage: MIGRATE TRADITIONAL APPLICATIONS FROM YOUR ON-PREMISES VMWARE ENVIRONMENT TO THE HYBRID CLOUD IN FIVE STEPS CONTENTS Introduction..................... 2 Five Steps to the Hybrid
A Survey on Virtual Machine Security Jenni Susan Reuben Helsinki University of Technology email@example.com Abstract Virtualization plays a major role in helping the organizations to reduce the operational
A Comparison and Critique of Eucalyptus, OpenNebula and Nimbus Peter Sempolinski and Douglas Thain University of Notre Dame Abstract Eucalyptus, OpenNebula and Nimbus are three major open-source cloud-computing
Eight Things Your Business Analysts Need to Know A Practical Approach to Recognizing and Improving Competencies An ESI International White Paper (877) 766-3337 www.esi-intl.com Table of Contents Abstract...3
En vue de l'obtention du DOCTORAT DE L'UNIVERSITÉ DE TOULOUSE Délivré par : Institut National Polytechnique de Toulouse (INP Toulouse) Discipline ou spécialité : Réseaux, Télécommunications, Systèmes et
Anatomy of a Database System Joseph M. Hellerstein and Michael Stonebraker 1 Introduction Database Management Systems (DBMSs) are complex, mission-critical pieces of software. Today s DBMSs are based on
Special Publication 800-145 The NIST Definition of Cloud Computing Recommendations of the National Institute of Standards and Technology Peter Mell Timothy Grance NIST Special Publication 800-145 The NIST
OPEN DATA CENTER ALLIANCE MASTER USAGE Model: Scale-Out Storage Rev. 1.0 Table of Contents Legal Notice...3 Executive Summary...4 Purpose...5 Understanding the Scale-Out Storage Model...6 Common Scale-Out
Special Publication 800-95 (Draft) Guide to Secure Web Services Recommendations of the National Institute of Standards and Technology Anoop Singhal Theodore Winograd Karen Scarfone NIST Special Publication
General Principles of Software Validation; Final Guidance for Industry and FDA Staff Document issued on: January 11, 2002 This document supersedes the draft document, "General Principles of Software Validation,
Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds Thomas Ristenpart Eran Tromer Hovav Shacham Stefan Savage Dept. of Computer Science and Engineering University
Convergence of Social, Mobile and Cloud: 7 Steps to Ensure Success June, 2013 Contents Executive Overview...4 Business Innovation & Transformation...5 Roadmap for Social, Mobile and Cloud Solutions...7
Managed Workplace 2012 Setup Guide On Premise See All. Manage All. Service All. www.levelplatforms.com TABLE OF CONTENTS Welcome... vii About this Document... viii Where To Get More Help... viii Contact
Best Practices and Recommendations for Scale-up Deployments of SAP HANA on VMware vsphere DEPLOYMENT AND TECHNICAL CONSIDERATIONS GUIDE Table of Contents Introduction...................................................................
Basic System Administration ESX Server 3.0 and VirtualCenter 2.0 Basic System Administration Revision: 20090213 Item: VI-ENG-Q206-219 You can find the most up-to-date technical documentation at: http://www.vmware.com/support/pubs