Security of Information Systems hosted in Clouds: SLA Definition and Enforcement in a Dynamic Environment Christine Morin Inria Joint work with Louis Rilling (DGA-MI), Anna Giannakou (Inria), Jean-Louis Pazat (Insa Rennes) Myriads project-team, IRISA / Inria Rennes - Bretagne Atlantique
Myriads Research Activities: Design and Implementation of Autonomous Distributed Systems Distributed clouds Security monitoring in clouds Resource and application management in IaaS & PaaS clouds SLA Green cloud computing 2
Incentive to Host Information Systems in Clouds Resources on demand Acquire and release resources according to the needs Large pool of resources Virtually infinite amount of resources Pay as you go pricing model Pay only for what you use 3
IaaS Cloud VM migration VM 1 VM 2 VM 3 VM 4 VM 6 VM 5 VM creation/destruction Portal 4 User
Hosting Information Systems in IaaS Clouds 5
Clouds: a Target of Choice for Attackers 6
Models of Attacker External to the datacenter (network access only) VM (from another tenant) inside the datacenter Corrupted VM in the virtual infrastructure Malicious datacenter operator (hypervisor, switch) 7
Security as a Service Needed More and more organizations host their information system in clouds Lack of security monitoring services offered by providers to their customers 8
Security Monitoring of a Traditional Information System 9
Security Monitoring of Information Systems Hosted in Clouds 10
Security Monitoring in Clouds What kind of SLAs for security monitoring? How to configure security monitoring services according to SLAs? How to limit the cost of security monitoring for customers and providers? How to cope with the dynamic nature of virtual infrastructure? How much control can be given to tenants on the security monitoring services? 11
Definition of Measurable SLA Terms 12
From SLAs to Security Monitoring Setup Accuracy Size, complexity, and required capacity of the set of rules Probes location Detection delay Priority of client s rules in a shared component Load/capacity of detection components Location of detection components Performance degradation Capacity borrowed from production components 13
Dynamic Events in Clouds Servers added or removed in cloud physical infrastructure VM creation, destruction, migration in tenant virtual infrastructure Evolving set of services in virtual infrastructures Fluctuating traffic load 14
Dynamic Events Impact Security Monitoring Security monitoring involves components outside the tenant virtual infrastructures VM introspection, IDS Several components in different locations need to be reconfigured when the virtual infrastructure is evolving IDS, firewall, log collectors Impossible to manually reconfigure the security monitoring components when facing frequent changes Self-adaptable security monitoring needed 15
Requirements for Security Monitoring in Clouds Self-adaptation Scalability Customization Isolation Cost minimization Security 16
On-going Work: SAIDS Self-adaptable Intrusion Detection Framework Designed in the context of Anna Giannakou s PhD thesis started in March 2014 Prototype experimented on G5K OpenStack IaaS, OpenvSwitch for virtual networks, Snort NIDS Internet rule update manager adaptation driver 3 3 Remote connection Presented later this afternoon Rule server Virtual Switch rule repo lids mirrored traffic rule repo lids Virtual Switch mirrored traffic Management Network Adaptation Manager 2 VM info SLA info 17 Web Email DNS Infrastructure Monitoring Probe Compute node Compute node 1 Networking Compute Cloud Controller
Future Work Self-adaptable security monitoring framework Several kinds of IDS, distributed IDS Other components: firewall, collector, aggregator Security monitoring SLA management DSL for SLA definition Dimensioning/(re-)configuring security monitoring in large multi-tenant systems for SLA enforcement 18