Realizing Trusted Clouds

Transcription

1 Realizing Trusted Clouds with Trusted Computing and SCAP SICS Security Seminar April 08, 2014 Mudassar Aslam (Researcher,PhD Student) Security LAB (SEC Lab) 1

2 Outline Cloud Computing Trusted Clouds Cloud Audit & Certification Problems in existing approaches Solutions Challenges and Summary [SEC Lab] 2 /39

3 Cloud Computing + Cost Effective + Dynamic + Resource Elasticity [SEC Lab] 3 /39 - Security - Technical - Legal - Operational -...

4 Lack of Visibility Cloud Infrastructure managed by the CSP cannot see the internal details Data Security/Location Identity & Access Management Cloud Platform Integrity (applications and their settings) Result: Cannot Trust Cloud Service [SEC Lab] 4 /39

5 Lack of Visibility Cloud Infrastructure managed by the CSP cannot see the internal details Data Security/Location Identity & Access Management Cloud Platform Integrity (applications and their settings) Result: Cannot Trust Cloud Service [SEC Lab] 5 /39

6 Lack of Visibility Transparency Cloud Infrastructure managed by the CSP cannot see the internal details Data Security/Location Identity & Access Management Cloud Platform Integrity (applications and their settings) Result: Cannot Trust Cloud Service [SEC Lab] 6 /39

7 What is a Correct Platform? Correct Software Stack BIOS, Bootloader, OS, Applications, etc. Correct Configuration of every software SE Linux enforcing, Firewall config., etc. What is a Secure Platform Configuration Different for different scenarios Examples: Payment Card Industry -> PCI DSS Health Insurance Portability and Accountability Act -> HIPAA Federal Information Security Management Act -> FISMA many others... [SEC Lab] 7 /39

8 Audit & Certification Audit by a Trusted Third Party Evaluation of implemented security controls (e.g. NIST SP A in FISMA) Compared against defined Security Requirements (e.g. NIST SP in FISMA) Certification given to the organization Example: Federal Risk and Authorization Management Program (FedRAMP) Cloud : Federal Agencies (Govt. Dept.) Cloud Provider: Any Public Provider (e.g. Amazon) Trusted Third Party: FedRAMP approved 3PAOs [SEC Lab] 8 /39

9 Shortcomings of existing approaches Scheduled over months (quarterly, biannual, etc) Incomplete (only a subset is verified) Vulnerable to new exploits [SEC Lab] 9 /39

10 Audit & Certification Frequent & Random Scheduled over months (quarterly, biannual, etc) Incomplete (only a subset is verified) Vulnerable to new exploits [SEC Lab] 10 /39

11 Audit & Certification Frequent & Random Platform Level Certification Scheduled over months (quarterly, biannual, etc) Incomplete (only a subset is verified) Vulnerable to new exploits [SEC Lab] 11 /39

12 Audit & Certification Frequent & Random Platform Level Certification Continuous Vulnerability management Scheduled over months (quarterly, biannual, etc) Incomplete (only a subset is verified) Vulnerable to new exploits [SEC Lab] 12 /39

13 Cloud Security Alliance CSA STAR Continuous will be based on a continuous auditing & assessment of relevant security properties CSA STAR Continuous is currently under development and the target date of delivery is 2015 Source: [SEC Lab] 13 /39

14 Cloud Security Alliance CSA STAR Continuous will be based on a continuous auditing & assessment of relevant security properties CSA STAR Continuous is currently under development and the target date of delivery is 2015 Source: [SEC Lab] 14 /39

15 Cloud Security Alliance CSA STAR Continuous will be based on a continuous auditing & assessment of relevant security properties CSA STAR Continuous is currently under development and the target date of delivery is 2015 Source: [SEC Lab] 15 /39

16 Towards Solutions Summing up the requirements Trustworthy (IaaS) Cloud -> Integrity of Cloud Platform -> Check Correctness of the Platform -> Software Stack + Software Configuration Solution properties Automated Assessment Continuous audit -> Platform Certification Remote Platforms Automated Security Assessment & Auditing of Remote Platforms (ASArP) [SEC Lab] 16 /39

17 Approach Verify the Software Stack Integrity (i.e. only approved/known software) Remotely Certify the Correctness of a Remote Platform Verify that every software is Configured correctly [SEC Lab] 17 /39

18 Remote Platform Verification A three phase remote platform verification, assessment and certification solution Phase-I: Traditional Remote Attestation Phase-II: Assess platform for known vulnerabilities Phase-III: Check software configurations [SEC Lab] 18 /39

19 Phase-I : Software Stack Integrity Hash(SW) Software Vendor Reference Measurements Database Trusted Remote Verifier ( R V ) Attestation Request (N) + Bindkey Request Target Platform ( T P ) CompareHash(SW) Mgt ST Local Reference Measurements DB CompareHash(SW) Integrity Report(TPM_Quote, IML) + Bindkey(PublicKey, CertifyInfo) Hypervisor Hardware/CPU TPM Comlementary Whitelist (drivers, lib, proprietary sw ) [SEC Lab] 19 /39

20 Phase-II : Vulnerability Analysis - Security Labs - S/W Vendors - Researchers Security Advisory Public Vulnerability Database (CPE, CVE, CVSS, CCSS) Remote Verifier ( R V ) SW Vulnerability Status(CPE) Policy Software_CVSS Step 2 Local Vulnerability Database Step 1 CPE based Software List TCG based Software List [SEC Lab] 20 /39

21 Phase-II : Vulnerability Analysis - Security Labs - S/W Vendors - Researchers Security Advisory Public Vulnerability Database (CPE, CVE, CVSS, CCSS) Remote Verifier ( R V ) Policy SCAP Security Content Automation Protocol SW Vulnerability Status(CPE) CPE Common Platform Enumeration CVE Common Software_CVSS Vulnerability Exposure CVSS Common Vulnerability Scoring System Local Vulnerability XCCDF Database Extensible Configuration Checklist Description Format Step 2 Step 1 CPE based Software List TCG based Software List [SEC Lab] 21 /39

22 Phase-II : Vulnerability Analysis - Security Labs - S/W Vendors - Researchers Security Advisory Public Vulnerability Database (CPE, CVE, CVSS, CCSS) Remote Verifier ( R V ) SW Vulnerability Status(CPE) Policy Software_CVSS Step 2 Local Vulnerability Database Step 1 CPE based Software List TCG based Software List [SEC Lab] 22 /39

23 Phase-II : Vulnerability Analysis - Security Labs - S/W Vendors - Researchers Security Advisory Public Vulnerability Database (CPE, CVE, CVSS, CCSS) Remote Verifier ( R V ) Policy SCAP Security Content Automation Protocol SW Vulnerability Status(CPE) CPE Common Platform Enumeration CVE Common Software_CVSS Vulnerability Exposure CVSS Common Vulnerability Scoring System Local Vulnerability XCCDF Database Extensible Configuration Checklist Description Format Step 2 Step 1 CPE based Software List TCG based Software List [SEC Lab] 23 /39

24 Phase-III : Configuration Compliance - Industry Standard - Govt Defined Config Trusted Remote Verifier Recommended Configurations (software, hypervisor, OS) Request Configuration Analysis(xccdf) Target Platform ( T P ) Mgt ST Hypervisor signed report xccdf checklist Config Analysis (Mgt, Hypervisor) ST Config Policy Signed bindkey (compliance_report) Hardware/CPU TPM TPM Sign (bind key) compliance report [SEC Lab] 24 /39

25 Phase-III : Configuration Compliance - Industry Standard - Govt Defined Config Trusted Remote Verifier Recommended Configurations (software, hypervisor, OS) Request Configuration Analysis(xccdf) Target Platform ( T P ) Mgt ST Hypervisor signed report xccdf checklist Config Analysis (Mgt, Hypervisor) ST Config Policy Signed bindkey (compliance_report) Hardware/CPU TPM TPM Sign (bind key) compliance report [SEC Lab] 25 /39

26 Phase-III : Configuration Compliance - Industry Standard - Govt Defined Config Trusted Remote Verifier Recommended Configurations (software, hypervisor, OS) Request Configuration Analysis(xccdf) Target Platform ( T P ) Mgt ST Hypervisor signed report xccdf checklist Config Analysis (Mgt, Hypervisor) ST Config Policy Signed bindkey (compliance_report) Hardware/CPU TPM TPM Sign (bind key) compliance report [SEC Lab] 26 /39

27 ASArP: Automated Security Assessment & Audit of Remote Platforms Software WFN including SHA1 Software Vendor Reference Measurements Database - Security Labs - S/W Vendors - Researchers Security Advisory Public Vulnerability Database (CPE, CVE, CVSS, CCSS) Local Admin - Industry Standard - Govt Defined Config Remote Verifier (Auditor, Platform Certification Authority, etc.) Phase I Software Stack Integrity Mgt ST ST: SCAP Tool Recommended Platform Configurations Local Vulnerability Database Policy Internet Hypervisor Hardware/CPU TPM Certified Local Reference Measurements DB Comlementary Whitelist (drivers, lib, proprietary sw ) Target Platform Phase II Software Stack Vulnerability Assessment Phase III Software Configuration Compliance Trusted Aslam, Mudassar and Gehrmann, Christian and Björkman, Mats (2013), Continuous Security Evaluation and Auditing of Remote Platforms by Combining Trusted Computing and Security Automation Techniques. In: The 6th International Conference on Security of Information and Networks, November 26-28, 2013, Aksaray/Turkey [SEC Lab] /39

28 ASArP: Automated Security Assessment & Audit of Remote Platforms Software WFN including SHA1 Software Vendor - Industry Standard - Govt Defined Config Recommended Platform Configurations Reference Measurements Database - Security Labs - S/W Vendors - Researchers Security Advisory Remote Verifier (Auditor, Platform Certification Authority, etc.) Local Vulnerability Database Public Vulnerability Database (CPE, CVE, CVSS, CCSS) Policy Phase I Software Stack Integrity Internet Certified { } Local Admin TT ID Mgt ST P d ID Profile PK_Bind Time Hypervisor Sign TTP Hardware/CPU ST: SCAP Tool TPM Local Reference Measurements DB Comlementary Whitelist (drivers, lib, proprietary sw ) Target Platform Phase II Software Stack Vulnerability Assessment Phase III Software Configuration Compliance Trusted Aslam, Mudassar and Gehrmann, Christian and Björkman, Mats (2013), Continuous Security Evaluation and Auditing of Remote Platforms by Combining Trusted Computing and Security Automation Techniques. In: The 6th International Conference on Security of Information and Networks, November 26-28, 2013, Aksaray/Turkey [SEC Lab] /39

29 Platform Certificate (uses) Aslam, Mudassar and Gehrmann, Christian and Rasmusson, Lars and Björkman, Mats (2012), Securely Launching Virtual Machines on Trustworthy Platforms in a Public Cloud. In: International Conference on Cloud Computing and Services Science, CLOSER 2012, April 2012, Porto, Portugal. Paladi, Nicolae and Gehrmann, Christian and Aslam, Mudassar and Morenius, Fredric (2013), Trusted Launch of Virtual Machine Instances in Public IaaS Environments. In: 15th Annual International Conference on Information Security and Cryptology, Nov 2012, Seoul, Korea Aslam, Mudassar and Gehrmann, Christian and Björkman, Mats (2012) Security and Trust Preserving Migrations in Public Clouds. In: The 2nd IEEE International Symposium on Trust and Security in Cloud Computing, in conjunction with IEEE TrustCom-12, June 2012, Liverpool, UK. { } TT ID P d ID Profile PK_Bind Time Sign TTP [SEC Lab] 29 /39

30 Platform Certificate (uses) Aslam, Mudassar and Gehrmann, Christian and Rasmusson, Lars and Björkman, Mats (2012), Securely Launching Virtual Machines on Trustworthy Platforms in a Public Cloud. In: International Conference on Cloud Computing and Services Science, CLOSER 2012, April 2012, Porto, Portugal. Paladi, Nicolae and Gehrmann, Christian and Aslam, Mudassar and Morenius, Fredric (2013), Trusted Launch of Virtual Machine Instances in Public IaaS Environments. In: 15th Annual International Conference on Information Security and Cryptology, Nov 2012, Seoul, Korea Aslam, Mudassar and Gehrmann, Christian and Björkman, Mats (2012) Security and Trust Preserving Migrations in Public Clouds. In: The 2nd IEEE International Symposium on Trust and Security in Cloud Computing, in conjunction with IEEE TrustCom-12, June 2012, Liverpool, UK. { } TT ID P d ID Profile PK_Bind Time Sign TTP [SEC Lab] 30 /39

31 ASArP: Automated Security Assessment & Audit of Remote Platforms Software WFN including SHA1 Software Vendor Reference Measurements Database - Security Labs - S/W Vendors - Researchers Security Advisory Public Vulnerability Database (CPE, CVE, CVSS, CCSS) Local Admin - Industry Standard - Govt Defined Config Remote Verifier (Auditor, Platform Certification Authority, etc.) Phase I Software Stack Integrity Mgt ST ST: SCAP Tool Recommended Platform Configurations Local Vulnerability Database Policy Internet Hypervisor Hardware/CPU TPM Certified Local Reference Measurements DB Comlementary Whitelist (drivers, lib, proprietary sw ) Target Platform Phase II Software Stack Vulnerability Assessment Phase III Software Configuration Compliance TPM Chip Trusted TCG Compliant BIOS GRUB-IMA Aslam, Mudassar and Gehrmann, Christian and Björkman, Mats (2013), Continuous Security Evaluation and Auditing of Linux IMA Remote Platforms by Combining Trusted Computing and Security Automation Techniques. TrouSerS In: The 6th International Conference on Security of Information and Networks, November 26-28, 2013, Aksaray/Turkey [SEC Lab] /39

32 ASArP: Automated Security Assessment & Audit of Remote Platforms Software WFN including SHA1 Software Vendor - Industry Standard - Govt Defined Config Reference Measurements Database MongoDB cve-search - Security Labs - S/W Vendors - Researchers Security Advisory Remote Verifier (Auditor, Platform Certification Authority, etc.) Public Vulnerability Database (CPE, CVE, CVSS, CCSS) Phase I Software Stack Integrity Mgt ST Local Admin ST: SCAP Tool Recommended Platform Configurations Local Vulnerability Database Policy Internet Hypervisor Hardware/CPU TPM Certified Local Reference Measurements DB Comlementary Whitelist (drivers, lib, proprietary sw ) Target Platform Phase II Software Stack Vulnerability Assessment Phase III Software Configuration Compliance TPM Chip Trusted TCG Compliant BIOS GRUB-IMA Aslam, Mudassar and Gehrmann, Christian and Björkman, Mats (2013), Continuous Security Evaluation and Auditing of Linux IMA Remote Platforms by Combining Trusted Computing and Security Automation Techniques. TrouSerS In: The 6th International Conference on Security of Information and Networks, November 26-28, 2013, Aksaray/Turkey [SEC Lab] /39

33 ASArP: Automated Security Assessment & Audit of Remote Platforms Software WFN including SHA1 Software Vendor - Industry Standard - Govt Defined Config Reference Measurements Database MongoDB cve-search - Security Labs - S/W Vendors - Researchers Security Advisory Remote Verifier (Auditor, Platform Certification Authority, etc.) Public Vulnerability Database (CPE, CVE, CVSS, CCSS) Phase I Software Stack Integrity Mgt ST Local Admin ST: SCAP Tool Recommended Platform Configurations Local Vulnerability Database Policy Internet Hypervisor Hardware/CPU TPM Certified Local Reference Measurements DB Comlementary Whitelist (drivers, lib, proprietary sw ) Target Platform Enhanced Phase II Software Stack Vulnerability Assessment SCAP Editor Phase III Software Configuration Compliance TPM Chip Trusted (escape) TCG Compliant BIOS GRUB-IMA Aslam, Mudassar and Gehrmann, Christian and Björkman, Mats (2013), Continuous Security Evaluation and Auditing of Linux IMA Remote Platforms by Combining Trusted Computing and Security Automation Techniques. TrouSerS In: The 6th International Conference on Security of Information and Networks, November 26-28, 2013, Aksaray/Turkey [SEC Lab] /39

34 ASArP: Automated Security Assessment & Audit of Remote Platforms Software WFN including SHA1 Software Vendor - Industry Standard - Govt Defined Config Reference Measurements Database MongoDB cve-search - Security Labs - S/W Vendors - Researchers Security Advisory Remote Verifier (Auditor, Platform Certification Authority, etc.) Public Vulnerability Database (CPE, CVE, CVSS, CCSS) Open SCAP (oscap) Phase I Software Stack Integrity Mgt ST Local Admin ST: SCAP Tool Recommended Platform Configurations Local Vulnerability Database Policy Internet Hypervisor Hardware/CPU TPM Certified Local Reference Measurements DB Comlementary Whitelist (drivers, lib, proprietary sw ) Target Platform Enhanced Phase II Software Stack Vulnerability Assessment SCAP Editor Phase III Software Configuration Compliance TPM Chip Trusted (escape) TCG Compliant BIOS GRUB-IMA Aslam, Mudassar and Gehrmann, Christian and Björkman, Mats (2013), Continuous Security Evaluation and Auditing of Linux IMA Remote Platforms by Combining Trusted Computing and Security Automation Techniques. TrouSerS In: The 6th International Conference on Security of Information and Networks, November 26-28, 2013, Aksaray/Turkey [SEC Lab] /39

35 ASArP: Automated Security Assessment & Audit of Remote Platforms Software WFN including SHA1 Software Vendor - Industry Standard - Govt Defined Config Reference Measurements Database MongoDB cve-search - Security Labs - S/W Vendors - Researchers Security Advisory Remote Verifier (Auditor, Platform Certification Authority, etc.) Public Vulnerability Database (CPE, CVE, CVSS, CCSS) Open SCAP (oscap) Phase I Software Stack Integrity Mgt ST Local Admin ST: SCAP Tool Recommended Platform Configurations Local Vulnerability Database Policy Internet Hypervisor Hardware/CPU TPM Certified Local Reference Measurements DB Comlementary Whitelist (drivers, lib, proprietary sw ) Target Platform Enhanced Phase II Software Stack Vulnerability Assessment SCAP Editor Phase III Software Configuration Compliance TPM Chip Trusted (escape) TCG Compliant BIOS GRUB-IMA Aslam, Mudassar and Gehrmann, Christian and Björkman, Mats (2013), Continuous Security Evaluation and Auditing of Linux IMA Remote Platforms by Combining Trusted Computing and Security Automation Techniques. TrouSerS In: The 6th International Conference on Security of Information and Networks, November 26-28, 2013, Aksaray/Turkey [SEC Lab] /39

36 Configuration Compliance [SEC Lab] 36 /39

37 Performance results [SEC Lab] 37 /39

38 Achievements (in general) Trusted Cloud Platforms Platform Level Certification CSA STAR Continuous Implementation Proposal TCG-SCAP Synergy Use of SCAP promises better ways to interpret TPM integrity reports to assess the platform security status Use of TPM promises better assurances about SCAP analysis and its results [SEC Lab] 38 /39

39 Challenges and Summary TCG Integrity Report does not map directly to the SCAP framework no standard implementation/deployment exist Sealing anything to the runtime state is not practical current proposals only use BIOS+IPL OS is hard to handle -> not handled [SEC Lab] 39 /39

40 Questions 40