Seed4C: A Cloud Security Infrastructure validated on Grid 5000

Transcription

1 Seed4C: A Cloud Security Infrastructure validated on Grid 5000 E. Caron 1, A. Lefray 1, B. Marquet 2, and J. Rouzaud-Cornabas 1 1 Université de Lyon. LIP Laboratory. UMR CNRS - ENS Lyon - INRIA - UCBL 5668, France 2 Alcatel-Lucent Bell Labs, France Abstract. The value of secure elements to protect software execution on a personal computer or on a server is not to be demonstrated. Nowadays, the emergence of Cloud computing has led to a growing number of use case scenarios where one has to deal, not with a single computer but rather with a group of connected computers. In this case the challenge is not only to secure the software running on one single machine, but rather to manage and guarantee the security of a group of computers seen as a single entity. The main idea is to evolve from a security in the Cloud to security of the Cloud with cooperative point of enforcement for security. Seed4C 3 value proposition of cooperative points of security enforcement is proposed under the concept of Network of Secure Elements (NoSEs). 1 Introduction The efficiency of secure elements to protect software execution on a personal computer or on a server is not to be demonstrated. For example, the trusted computing group developed the specification of the trusted platform module (TPM) a secure crypto-processor which provides secure storage for cryptographic keys. The TPM is used to verify the validity of the software running on a computer, or to make sure that only a particular software stack can access a stored secret. The Cloud security challenge is not only to secure the software running on one single machine, but rather to manage and guarantee the security of a group or cluster of computers seen as a single entity. NoSEs are made of individual secure elements attached to physical machines, users or network appliances and possibly pre-provisioned with initial secret keys. They can establish security associations, communicate together to setup a trusted network of physical and/or virtual machines and propagate security conditions centrally defined to a group of machines. NoSEs can also be used to improve the security of distributed computing, not only by making sure that only trusted nodes can take part of the computing game, but also by certifying the integrity of the results returned by each one of them. Secure elements located in user appliances (such as a mobile handset) 3 Seed4C is a EUREKA Celtic Cluster project with French funding from DGCIS (Direction Générale de la Compétitivité, de l Industrie et des Services)

2 featuring a user interface can be part of NoSEs and help secure server side operations using two-factor authentication. The project will study the impact of NoSEs upon the different layers of the architecture, from hardware to service in order to define how the trust can be propagated from the lower layers to the upper ones. 2 Seed4C Project As said above the project aims at defining a new approach for providing security of the Cloud. We identify three main challenges to be addressed within the project to realize this vision. Secure Elements in a Cloud Platform The first one is how to distribute Secure Elements to provide added value to platform and services. Figure 1 shows implication at each level of the 3-layers models for the Cloud. Fig. 1: Global view of the secure architecture In general, the three layers (SaaS, PaaS and IaaS) should be viewed as independent since they could be managed by different entities required for serving multiple client organizations (tenants). Thus, the proposed architecture must address multi-tenancy requirements. In order to guarantee a set of security objectives (i.e. a security mission) for each layer in a multi-tenant environment, the only approach is to provide 1) network isolation with secure load balancing and 2) in-depth protection that uses multiple Mandatory Access Controls (MAC) to protect the different levels of the system. Indeed to avoid data leaks to third parties, two solutions are necessary 1) a secure load balancing supporting the required security missions for preventing unsecure allocation of the resources and 2) in-depth MAC protection preventing those risks for all the different levels of the system.

3 Each layer requires independent security missions that have to be enforced by the proposed architecture of distributed SEs. In practice, the distributed SEs provide security services enabling the required security missions to be satisfied. One of the challenges is to be able to adjust several and maybe conflicting security missions with efficient management, security assurance and monitoring. Conflicts can exist first inside a layer (security missions requested by diverse tenants are conflicting) and second between layers (for example, the administrator of the IaaS do not support the security missions requested by the upper layers). The objectives are 1) to enforce as much as possible the required security missions by consistent security policies deployed at each layer and 2) to cope with those conflicts mainly through efficient feedback and measurements. In order to deal with those objectives, the project will provide efficient management, security assurance and monitoring of the different layers for easing the usage of the distributed SEs. This will involve the study of the different layers from hardware to services in order to define how the trust of the low level layers can benefit to upper layers, as well as the additional requirements. The layer structure proposed will include Trusted Infrastructure, Trusted Platform and Trusted Service. For each layer, management, security assurance and monitoring functions are required and are connected to offer an in-depth security solution. On the infrastructure side, the environment constraints will be investigated to identify the way SEs could be integrated on various kind of devices (routers/firewall/servers/disk bays) as well as hypervisor or database engines. Network of Secure Elements The second challenge is to address secure load balancing and communication between SEs and from SEs to embedding machines. Fig. 2: Interactions between security components Figure 2 shows load balancing of application within Cloud infrastructures. The challenge encompasses three major issues: 1) Moving applications into an other virtual machine on the same physical machine with a SE. 2) Moving ap-

4 plications into an other physical machine with a SE embedded. 3) Moving applications to another physical machine without SE. To address those issues, a communication between SEs (composing the NoSEs) needs to be studied. This will be integrated in the Inner middleware. This middleware will address communication between SE and SE to embedding machine. Moreover, this challenge includes the life cycle management of SEs. Traceability and Privacy The third challenge is how to address policies execution (focusing on identity and privacy), traceability and, at the end, assurance of services. This challenge is illustrated Figure 3. Fig. 3: Traces Components This challenges focus on how the secure elements will be interface with external software components executed on the network. This will include the interface with policy definition systems, identity and access control components or management servers. The project will focus on tools and methods for the collection and tracing of different types of privacy-related information. These new tools will exploit the local traces and provide the desired supervision services like privacy monitoring, data life cycle management, privacy audit, breach tracking, anomaly detection, traceability, etc. These tools and methodology will rely on a validated and meaningful collection of security, privacy and trust metrics & measurements which will allow increasing the transparency of these issues between the Cloud Service Provider and Cloud Service Users. 3 Secure Cloud for HPC and Big Data workloads Seed4C have many use cases. The HPC (High Performance Computing) and big data workloads is one of them. The context of this one is an environment where several enterprises are participating in a collaborative research. This collaborative research addresses shared but also confidential results and documents of each enterprise. Also, within the enterprise, every employee is not allowed to

5 access data and process form the project even if this is the part of the enterprise. Each enterprise could access its own data and also shared data with other enterprises. For a project, there are intensive computation on large sets of data and it requires secure link to access some information shared among several sites and experimentation. Moreover, as the resources can be federated from different providers, the security must be global to the federation. With the increasing usage of Big Data, the data protection, processing, transfer and sharing are priorities for next generation secured Cloud. In this project, we plan to provide computing resources by using Cloud resources. The HPC requires a lot of computing resources. Thus, we need secured layer to communicate (the dedicated network) with computing resources and to allow communication between trusted resources. The middleware which sends computing requests to all components of the platform, must be safe. Moreover, the information managed by the middleware (users information, Cloud authentication information, requests information, input data, output data, etc.) should be protected. Furthermore, in general, HPC applications deal with a large amount of data. Different kinds of data management must be considered as data migration, data persistency or data sharing. The management of computing request, data migration and computing will make the scenario. 4 Seed4C and Grid 5000 Fig. 4: Seed4C on Grid 5000 The Seed4C demonstrator will be made on Grid Our use-case will be to deploy the diet middleware connected to multiple Clouds. An example of deployed platform on top of Grid 5000 is presented Figure 4. The purpose is

6 to present a demo that spans over multiple sites and which runs at the same time several applications that need a lot of computation and storage (HPC and Big Data). Moreover, as we plan to provide end-to-end security, the demo will include secure devices such as mobile terminals that run outside of Grid 5000 network. 5 Related Work [3] surveys the risks brought by multitenancy in cloud platforms. we can cite [2] too where IBM shows that the security based on virtualization is not sufficient. They offer a solution to secure bridged the semantic gap into the operating system semantics. An agent is deployed from a security VM into guest VMs. PIGA [1] gives a solution to secure an operating system at the process layer, that mean at the VM layer too through PIGA-virt. These solutions enables security services for fast changing cloud platform as for OpenNebula in the paper. Moreover many companies provide different level of security for Cloud platform as Symantec, Fujitsu, NaviSite, etc. 6 Conclusion The aim of the Seed4C is to provide an end-to-end secure Cloud infrastructure briefly introduced in this paper. The Seed4C project will be validate on Grid 5000 and will contribute to Grid Thus, we will work on automation scripts to deploy multiple clouds on multiple sites. We plan to give a way to create secure (virtual) networks on top of Grid Moreover we will provide feedback on how to deploy applications and run services on top of a Cloud running on Grid We will provide feedback on Cloud (computing, storage and network) scalability on top of Grid We will collaborate with other projects 4 working on Clouds on top of Grid 5000 and will interact with the technical staff of Grid Moreover, we will be able to provide experiment traces based on real world workloads. References 1. Z. Afoulki, A. Bousquet, J. Briffaut, J. Rouzaud-Cornabas, and C. Toinard. Mac protection of the opennebula cloud environment. In High Performance Computing and Simulation (HPCS), 2012 International Conference on, pages IEEE, M. Christodorescu, R. Sailer, D.L. Schales, D. Sgandurra, and D. Zamboni. Cloud security is not (just) virtualization security: a short paper. In Proceedings of the 2009 ACM workshop on Cloud computing security, pages ACM, Luis Rodero-Merino, Luis M. Vaquero, Eddy Caron, Adrian Muresan, and Frédéric Desprez. Building safe paas clouds: A survey on security in multitenant software platforms. Computer and Security, Contact us if you are interested to collaborate with this project.