Seed4C: Secured Embedded Element and Data privacy for Cloud federation

Transcription

1 Seed4C: Secured Embedded Element and Data privacy for Cloud federation Eddy Caron, Sylvain Gault, Arnaud Lefray, Jonathan Rouzaud-Cornabas, Guillaume Verger, Yulin Zhang and The Seed4C consortium WG Avalon February, 12th. 2015

2 Seed4C [UGB April, 16th. 2013] 2 Cloud Computing

3 What s about Security in this new distributed world Target breach the attackers siphoned 40 million credit and debit cards from Target's point-of-sale (POS) systems 70 million additional stolen information customers Seed4C [UGB April, 16th. 2013] 3

4 Heartbleed bug 900 social insurance numbers stolen from Canada Revenue Agency Mumsnet - which says it has 1.5 million registered members - said that it believed that the cyber thieves may have obtained passwords and personal messages before it patched its site. Seed4C [UGB April, 16th. 2013] 4

5 Bring better security in Cloud Seed4C [UGB April, 16th. 2013] 5

6 What is missing to bring cloud to better security? Securing isolated machine cannot be enough to address security of cloud / virtualized infrastructures. Virtualization is not security! M. Christodorescu, R. Sailer, D. L. Schales, D. Sgandurra, and D. Zamboni. Cloud security is not (just) virtualization security. In Proc. of the 2009 ACM workshop on Cloud computing security Seed4C [UGB April, 16th. 2013] 6

7 What is missing to bring cloud to better security? Securing isolated machine cannot be enough to address security of cloud / virtualized infrastructures. The challenge is not only to secure the software running on a single machine, but rather to manage and guarantee the security of a cluster of computers seen as a single entity. Also the centralized security servers will not be efficient A new type of approach is required taking into account the specific cloud architecture Seed4C [UGB April, 16th. 2013] 7

8 The Seed4C Project Seed4C [UGB April, 16th. 2013] 8

9 Seed4C Project members A Celtic+ Project Start date: Apr 2012 End date: Dec 2014 Members: 4 countries, 17 partners 3 core skills and experience Security technologies Infrastructures / Cloud Assurance Seed4C [UGB April, 16th. 2013] 9

10 A new vision of Cloud Security Seed4C [UGB April, 16th. 2013] 10

11 Main focus The value proposition of secure elements to protect software execution is not to be demonstrated Emergence of cloud computing has led to a growing number of use scenarios where one has to deal, not with a single machine, but rather a group of connected machines. The project will deal with the concept of Network of Secure Elements (NoSE) Seed4C [UGB April, 16th. 2013] 11

12 Secure Element Enhanced (SEE) SEE Definition Provides a Trusted Computing Base installed on a Cloud element (physical computer, Virtual Element, Rich Element, smartphone...) Is a set of trusted components, including hardware, firmware and/or software components Manages several kinds of security components to protect each Cloud level Supports user interactions to improve the security Provides feedback and evidence of the security Seed4C [UGB April, 16th. 2013] 12

13 SEE Architecture SEE with three kinds of security components (Network, MAC/ Formal, TE/SE) : improve the security of a Virtual / Rich Element Seed4C [UGB April, 16th. 2013] 13

14 Advantages of SEE Supports the flexibility and the agnostic nature of the Cloud Improves the security of existing technologies such as Trusted Element/ Secure Element : protection of the interfaces between the TE/SE and the VE/ RE (i.e. VM/OS) Improves the security of patrimonial systems (Windows, Unix,...) Provides an in-depth protection of Cloud environments (host/node, VMs, application, network,...) Versatile : SEE adjusts the security (crypto/protection) to the capabilities of the hosts/nodes Security assurance with or without a dedicated hardware Seed4C [UGB April, 16th. 2013] 14

15 State of the art Virtualization Xen/KVM do not protect the VMs : security into the VMs (Dom0, DomU) fails (e.g. demonstrated by the french security challenge) since the host is not secure any domu VM can make a escalation of privileges dom0 can be compromised from the host (even with signatures of all the resources) Security at the host level first All the industrial/research approaches (e.g. IBM, NSA svirt,...) satisfy this necessity Security between the VMs (properties between the VMs) Security extended to the over levels (in-depth protection) Security inside a VM (properties inside a VM) Security inside a software/service/application (properties inside an application e.g. a Java application) of a VM Seed4C [UGB April, 16th. 2013] 15

16 Network of Secure Elements NoSE are made of individuals secure elements attached to computers, User or network appliance and possibly pre-provisionned with initial secret keys (Seed) They can establish security association, communicate together to setup a trusted network of computers and propagate security conditions centrally defined to a group of machine The project will study the impact of NoSE upon the different layers of the architecture, from hardware to services in order to define how the trust can be propagated from the lower layers to the upper ones Seed4C [UGB April, 16th. 2013] 16

17 How to distribute Secure Elements in IaaS and provide added value to PaaS and SaaS? N 1 Seed4C [UGB April, 16th. 2013] 17

18 Secure load balancing and middleware N 2 Seed4C [UGB April, 16th. 2013] 18

19 Policies execution and assurance N 3 At an upper level, the definition and implementation of security and a c c e s s c o n t r o l, p r i va c y a n d identities policies involving secured elements will be specified, as well as the upper middleware. Assurance Services Policies Policy execution Protected execution Applications VM 1.1 SE 1 Hypervisor 1 Hardware 1 TPM1? Seed4C [UGB April, 16th. 2013] Server 1 19

20 Security- Aware Models for Clouds Sam4C Seed4C [UGB April, 16th. 2013] 20

21 Security Objectives of Cloud Applications Motivation [Sandhu'10]: Need to develop models, methodologies and architectures for decentralized dynamic management of security and assurance policies Contribution: Provide a Cloud application model and the associated security policy to design security- aware scheduling/provisioning algorithms (Decision Step). Long- term objective: Exploit security- aware models to provide automatic security deployment and configuration in Clouds (Distribution & Projection Step). Seed4C [UGB April, 16th. 2013] 21

22 Three- Step Management Workflow Decision: Input: Application model with security objectives Output: Mapping decisions Security rules Distribution: Input: Mapping + Security rules Output: Distributed sub- rules Projection: Input: A sub- rule Output: Security mechanism configuration Seed4C [UGB April, 16th. 2013] 22

23 Security- Aware Model Seed4C [UGB April, 16th. 2013] 23

24 Cloud Federation Management DIET Seed4C [UGB April, 16th. 2013] 24

25 Cloud Management with DIET RAISON D ÊTRE Corba Client Master Agent! MANAGE A FEDERATION MA MA OF CLOUDS MA MA MA How can we build a Local Agent middleware that makes it easy LA Server front end LA for the end user? LA Context: Development of a LA toolbox for deploying application services providers with a hierarchical architecture for scalability Validation: Large validation over Grid Interoperability: DIET is compliant with the Grid- RPC DIET use case: The Decrypthon project DIET was selected by IBM

26 Achievements on DIET Security enforcement Secured communications between: Agents, ServerDaemons and Clients Security metric study to improve the scheduling Cloud enforcement - Cloud support OpenStack support (with isolation) OpenStack vs OpenNebula comparison study Visualization enforcement VizDiet with security support Display in real- time DIET cartography Virtual Machines in cloud User- friendly

27 Achievements on Cloud Management with DIET Multi- Cloud Management Instantiation and destruction of VMs Modules to manage DIET services in Virtual Machines Building services Deployment of services in Virtual Machines Puppet Services running on demand Algorithms New Scheduler Simulations and Validation

28 Seed4C The Demonstrator Seed4C [UGB April, 16th. 2013] 28

29 WP5: Demonstrator

30 Achieved Work on WP5: The demonstrator T5.1 T5.2 Describe implementation of one (or several uses cases) to be demonstrated Deployment and execution of the demonstrator on the platform Objectives - Definition of the demonstrators - Implementation of the demonstrators - Deployment and execution of the demonstrators on the platform (supporting the whole SEED4C process) 30

31 Task 5.2: Deployment & execution of the demonstrator on the platform Seed4C Architecture T5.2.1 Sam4C T5.2.2 DIET T5.2.3 SPS T5.2.4 OpenStack Cloud Federation T5.2.5 SEE T5.2.6 NoSEE T5.2.7 Assurance Module

32 Task 5.2: Deployment & execution of the demonstrator on the platform T5.2.1 Sam4C Sam4C Modeler - Single Cloud - Direct connexion with SPS (RMI protocol) - Cloud Federation - Connexion through DIET Sam4C Modeler - Add contexts physical correspondance file (i.e context.conf) Sam4C Scheduler - Grid 5000 physical nodes templates - Integrate the templates into the placement algorithms - Sort SEE properties, that is decide which SEE a property belongs to (in order to send it later on). - Generate policy.conf and context.conf files. Sam4C Scheduler

33 Task 5.2: Deployment & execution of the demonstrator on the platform T5.2.2 DIET Security enforcement Secured communications between: Agents, ServerDaemons and Clients Security metric study to improve the scheduling Cloud enforcement - Cloud support OpenStack support (with isolation) OpenStack vs OpenNebula comparison study

34 Task 5.2: Deployment & execution of the demonstrator on the platform T5.2.4 OpenStack define Sam4C Model input ROOT Controller Seed4C API Extension Nova API Seed4C Scheduler Extension Nova Scheduler input output Local security Model Seed4C Infra model extends Nova DB Infrastructure model OpenStack Seed4C agent Extension Nova Compute VM Compute puppet agent

35 Task 5.2: Deployment & execution of the demonstrator on the platform T5.2.5 SPS CM P CM P Op urc es CMP: Cloud Management Platform SPS: Secure Provisioning and Scheduling Nim bus Re sou r ces SPS la SPS enn ebu Re so SPS Secure Provisioning and Scheduling (SPS) Get the necessary infrastructure information of Cloud (OpenStack) and send them to Sam4C- Scheduler, Deploy the application model with the security properties, Communicate with SEEs to configure them and return their information to Sam4C, Store and index SEE information in OpenStack database. DIET

36 Task 5.2: Deployment & execution of the demonstrator on the platform T5.2.5 SEE SEE = Java application (run as a service) One SEE is installed on each host and on each VM Start on boot (via an init script) SEE receives security properties from Sam4C SEE enforces security with SSM configuration Supported distributions: CentOS 6 64 bits, CentOS 7 64 bits Debian 32 bits PI 5 PI 4 SEE

37 Task 5.2: Deployment & execution of the demonstrator on the platform T5.2.5 SEE SSM Plugins Iptables Openvpn PAM SELinux SSH DPM SESM Oscap PI 4 PI 4 SEE

38 Task 5.2: Deployment & execution of the demonstrator on the platform T5.2.6 NoSEE NoSE DEMO SETUP User T1 User T Tenant1 AP1 Client Tenant2 AP2 Client Tenant Network router/switch Tenant Network(s) NoSE Admin Server1 NOSE ADMIN WEB SERVER Server TestAPP Server TestAPP SE1 HYPERVISOR SESM Master VM INTERNAL VLAN SE2 HYPERVISOR SESM VM2 INTERNAL VLAN SESM VM SE HYPERVISOR INTERNAL VLAN Nose Network router/switch NOSE Admin Web Client { } Internal Internal Internal vswitch vswitch vswitch Tenant ADMIN Web Client { } NoSE Network NoSE Admin Tenant(s) Admin

39 Task 5.2: Deployment & execution of the demonstrator on the platform T5.2.7 Assurance Module Assurance Monitoring AMT AVT AAE MA VM1 SEE ACE VM2 SEE ACE B M B M Measurement Framework

40 Task 5.2: Deployment & execution of the demonstrator on the platform Seed4C Demonstrator Scenario Interface 1: Send Application model Interface 2: Get infra/image information Interface 3: Create image; Launch VMs Interface 4: Register SEE Interface 5: Configure SEE RI 2 Sam4C Modeler RI 1 PI 1 Sam4C Scheduler RI 3 PI 2 PI 3 SPS Legend: Required interface Provided interface RI 5 PI 5 SEE RI 4 PI 4

41 Task 5.2: Deployment & execution of the demonstrator on the platform Seed4C Cloud Federation Architecture

42 WP5: Demonstrator Achieved work summary OpenStack Seed4C version git clone Seed4C_Demonstrator.git Seed4C_Demonstrator SEE code git clone Sam4C code Sam4C is available on Inria Forge DIET code Available on the DIET website (or debian package) DIET 2.9 (Seed4C release) in march 2015 SESM code SESM Master, SESM Slaves, NOSEAdministation / TenantAdministration APP And SESM STUB Stored accordingly in internals Configuration Management repositories (Gemalto) 5 videos from demos are available

43 User WP5: Demonstrator Achieved work summary Sam4C Modeling Mapping Split Engine Application model User Infrastructure model SPS OpenStack Cloud Manager ( DIET ) Cloud Infrastructure ( OpenStack ) User Sam4C Scheduler Middleware VM VM VM VM Application Application Application SEE Application Application Application SEE Application Application Application SEE Application Application Application SEE SE SE SSM SSM SE SE SSM SSM SE SE SSM SSM SE SE SSM SSM SSM SSM Seed4C Hypervisor SSM SSM Seed4C Hypervisor SEE SE SE Hardware SEE SE SE Hardware Host 1 Host 2 Network of Secure Elements (NoSE ) and Network of Secure Element Extended (NoSEE) NoSE Admin

44 Seed4C The Movies! And now 44