Cloud Terminal: Secure Access to Sensitive Applications from Untrusted Systems

Similar documents
Desktop Virtualization. The back-end

Uni-directional Trusted Path: Transaction Confirmation on Just One Device

Technical Brief. Userful Multiplatform Desktop Virtualization Software

Splitting Interfaces: Making Trust Between Applications and Operating Systems Configurable

Lecture Embedded System Security Dynamic Root of Trust and Trusted Execution

SierraVMI Sizing Guide

Sharp Remote Device Manager (SRDM) Server Software Setup Guide

Visualization Cluster Getting Started

VMware Virtual Desktop Infrastructure (VDI) - The Best Strategy for Managing Desktop Environments Mike Coleman, VMware (mcoleman@vmware.

KVM: Kernel-based Virtualization Driver

Hardware, Languages, and Architectures for Defense Against Hostile Operating Systems (DHOSA)

inforouter V8.0 Server & Client Requirements

IOS110. Virtualization 5/27/2014 1

Outline: Operating Systems

Gigabyte Management Console User s Guide (For ASPEED AST 2400 Chipset)

TheraDoc v4.6.1 Hardware and Software Requirements

Hardware-Assisted Workspace Virtualization RingCube vdesk on Intel Core vpro Processors

Servervirualisierung mit Citrix XenServer

HOMEROOM SERVER INSTALLATION & NETWORK CONFIGURATION GUIDE

NetSupport Manager v11

Windows Server Virtualization & The Windows Hypervisor

LOCKSS on LINUX. CentOS6 Installation Manual 08/22/2013

Publish Cisco VXC Manager GUI as Microsoft RDS Remote App

Private Cloud Migration

Intel vpro. Technology-based PCs SETUP & CONFIGURATION GUIDE FOR

Xen Cloud Platform 0.1 User Security

Application-Centric WLAN. Rob Mellencamp

RED HAT ENTERPRISE VIRTUALIZATION

CHAPTER 2 THEORETICAL FOUNDATION

Repeater. BrowserStack Local. browserstack.com 1. BrowserStack Local makes a REST call using the user s access key to browserstack.

LoadRunner and Performance Center v11.52 Technical Awareness Webinar Training

What s New with VMware Virtual Infrastructure

Desktop virtualization using SaaS Architecture

Trusteer Rapport Virtual Implementation Scenarios

Virtualization System Security

Discovering Computers

LabStats 5 System Requirements

Chapter 17. Transport-Level Security

RED HAT ENTERPRISE VIRTUALIZATION 3.0

JOB ORIENTED VMWARE TRAINING INSTITUTE IN CHENNAI

Benchmarking the Performance of XenDesktop Virtual DeskTop Infrastructure (VDI) Platform

RED HAT ENTERPRISE VIRTUALIZATION 3.0

Trusted VM Snapshots in Untrusted Cloud Infrastructures

CSE543 Computer and Network Security Module: Cloud Computing

NAS 249 Virtual Machine Configuration with VirtualBox

Virtualised MikroTik

Server and Storage Sizing Guide for Windows 7 TECHNICAL NOTES

Week Overview. Installing Linux Linux on your Desktop Virtualization Basic Linux system administration

A M D DA S 1. 0 For the Manageability, Virtualization and Security of Embedded Solutions

Review from last time. CS 537 Lecture 3 OS Structure. OS structure. What you should learn from this lecture

Oracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data

ViPNet ThinClient 3.3. Quick Start

Interacting with Users

Smart Server Manager v1.2 Best Practices. Smart Server Manager v1.2 Best Practices Guide

Microkernels, virtualization, exokernels. Tutorial 1 CSC469

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

SSL Inspection Step-by-Step Guide. June 6, 2016

Remote access to enterprise PCs

Securing sensitive data at Rest ProtectFile, ProtectDb and ProtectV. Nadav Elkabets Presale Consultant

Cloud Optimize Your IT

Intel Identity Protection Technology Enabling improved user-friendly strong authentication in VASCO's latest generation solutions

7 Things You Need to Know about Virtual Mobile Infrastructure

Virtual Computing and VMWare. Module 4

Virtual Machine Monitors. Dr. Marc E. Fiuczynski Research Scholar Princeton University

DISTRIBUTED SYSTEMS [COMP9243] Lecture 9a: Cloud Computing WHAT IS CLOUD COMPUTING? 2

Product Description. Licenses Notice. Introduction TC-200

The QEMU/KVM Hypervisor

Web-Based Data Backup Solutions

Installation Guide for Pulse on Windows Server 2012

MaaS360 Mobile Enterprise Gateway

Virtualization. Pradipta De

Tech Throwdown: Invincea FreeSpace vs. Micro-Virtualization

Desktop Consolidation. Stéphane Verdy, CTO Devon IT

Hypervisor Software and Virtual Machines. Professor Howard Burpee SMCC Computer Technology Dept.

Implementing Security on virtualized network storage environment

What s New. Remote Support For Any Environment.

Backup & Disaster Recovery Appliance User Guide

Virtualization. Types of Interfaces

ServerPronto Cloud User Guide

MaaS360 Mobile Enterprise Gateway

Guardian: Hypervisor as Security Foothold for Personal Computers

Unicorn: Two-Factor Attestation for Data Security

Here is a demonstration of the Aqua Accelerated Protocol (AAP) software see the Aqua Connect YouTube Channel

RDM+ Remote Desktop for Android. Getting Started Guide

Data Centers and Cloud Computing

Securing Network Input via a Trusted Input Proxy

Zadara Storage Cloud A

KVM Architecture Overview

Red Hat VDI. David Simmons

CDH installation & Application Test Report

VDI Without Compromise with SimpliVity OmniStack and Citrix XenDesktop

13.1 Backup virtual machines running on VMware ESXi / ESX Server

FPGAs for Trusted Cloud Computing

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into

RED HAT ENTERPRISE VIRTUALIZATION FOR SERVERS: COMPETITIVE FEATURES

Computer Science. About PaaS Security. Donghoon Kim Henry E. Schaffer Mladen A. Vouk

ISERink Installation Guide

Windows Server 2008 R2 Hyper V. Public FAQ

LBSEC.

VMware View 4 with PCoIP I N F O R M AT I O N G U I D E

Transcription:

Cloud Terminal: Secure Access to Sensitive Applications from Untrusted Systems Lorenzo Martignoni, Pongsin Poosankam, y Matei Zaharia, Jun Han, y Stephen McCamant, Dawn Song, Vern Paxson, Adrian Perrig, y Scott Shenker, and Ion Stoica UC Berkeley and y CMU

Challenge Goal: protect sensitive information in applications Confidentiality and integrity Problem: client-size software stack Complexity! bugs User-administered! out of date, mis-configured Malware can be present at any level

Vision Sample application: online banking Quickly switch your PC to a secure operation mode Application provides a normal GUI But, information security does not depend on primary OS or its software Even if commodity OS is compromised by malware

Property Existing Approaches Red / Green VMs Perapp VMs Browser OS (Chrome) VDI & Thin Clients Flicker Installable w/existing OS 8 8 8 4 4 Attestation 8 8 8 8 4 Fine-grained isolation 8 4 4 8 4 No trust in host OS 4 4 8 8 4 User interface any any browser any 8 Mgmt. effort med. high low low low TCB size (LOC) >1M >1M >1M >1M 250 + app logic

Property Existing Approaches Red / Green VMs Perapp VMs Browser OS (Chrome) VDI & Thin Clients Flicker Cloud Terminal Installable w/existing OS 8 8 8 4 4 4 Attestation 8 8 8 8 4 4 Fine-grained isolation 8 4 4 8 4 4 No trust in host OS 4 4 8 8 4 4 User interface any any browser any 8 any Mgmt. effort med. high low low low low TCB size 250 + >1M >1M >1M >1M (LOC) app logic 22K

Architecture

Secure Thin Terminal (STT)

Microvisor Minimal hypervisor, does not support multiple general VMs Uses hardware virtualization (Intel VT) Intercepts PS/2 keyboard and mouse Redirects frame buffer when Cloud Terminal is active

Startup and attestation Microvisor starts from a running untrusted OS Intel TXT with dynamic root of trust Code derived from Flicker CPU atomically hashes the microvisor, stores hash in TPM Generate key pair kept by microvisor (but lost on reboot)

Cloud Terminal client Lightweight implementation of RFB (VNC) protocol When active, takes complete control of mouse, keyboard, and display Transport security based on SSL Reverse password to demonstrate authenticity

Untrusted user-space helper Runs as an unprivileged process inside commodity OS Active when the Cloud Terminal is Communicates with microvisor via hypercalls Relays encrypted data Across network to CRE To disk for persistence Cannot access or modify plaintext data

STT installation Case 1: pre-installed Corporate-provided laptop Out-of-the box consumer device Case 2: install on existing machine Verification service performs remote attestation User confirms a random nonce via an out-of-band (telephone) channel

Cloud Rendering Engine (CRE)

CRE approach In provider-administered data center Each user application runs in a VM with a standard VNC server Dispatcher relays connections to application VMs VMs run standard (e.g. Linux) applications In a stripped-down environment

CRE scalability Share identical memory pages copy-on-write (up to 61% savings) Share base disk image Remove software not needed for desired application Disable periodic timer interrupts

CRE security Each VM has its own virtual network and firewall white-list Resource usage is capped Limited user environment I.e, kiosk mode VM has no more authority than its user

Session walk-through (1) secure attention key (2) reverse password (3) select application STT (4) transport security setup User (7) user auth. within remote UI Secure Storage reverse password master key (5) attestation using TPM (6) start remote UI session CRE (8) access application app keys

User experience

Evaluation: client TCB Component Lines of Code Microvisor 7:7K Terminal client 3:0K Crypto (PolarSSL) 5:5K Attestation (Flicker) 5:7K Total 21:9K

Evaluation: applications Document editing: AbiWord MS Word.doc compatible Document viewing: Evince (PDF) Online banking: Firefox + Wells Fargo Secure email: Firefox + Gmail

Evaluation: performance 16 core, 64GB server, 670 mi from client Simultaneous clients replay recorded usage App. Activity Baseline STT (ms) Network Usage (ms) with # of clients = (bytes) 150 200 300 inbound outbnd Edit Launch 2; 844 2; 208 2; 441 2; 553 487; 047 3; 888 Type a key 30 53 50 54 1; 607 346 Move mouse 32 49 59 51 480 138 PDF Launch 1; 699 2; 093 2; 147 2; 493 483; 219 2; 040 Scroll 114 1; 270 1; 380 1; 704 352; 358 5; 497 Bank Launch 6; 911 2; 319 2; 563 490; 149 4; 680 New page 1; 183 2; 610 2; 661 415; 732 10; 939 Gmail Launch 6; 936 2; 254 488; 367 3; 954 Display msg. 992 2; 254 318; 300 8; 416

Qualitative usability Display is 800x600, 8 bit color Suitable for a single application Could be improved with compression Typing latency feels usable Similar to SSH Scrolling feels sluggish Add optimization of block moves

Cost analysis A suitable server costs $1010/month Between 1.2 and 2.5 cents per user-hour Online banking: 5 cents per user per month Corporate application: $3 per employee per month (8 hours per day)

Summary Cloud Terminal: new architecture for secure remote applications Achieves sweet spot between security, trusted code size, and generality Near minimal client size for remote interaction Runs inexpensively using standard hardware http://bitblaze.cs.berkeley.edu/

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information