Self-service Cloud Computing



Similar documents
Self-service Cloud Computing

Self-service Cloud Computing

Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation

Virtual Switching Without a Hypervisor for a More Secure Cloud

Virtualization System Security

UNCLASSIFIED Version 1.0 May 2012

Module: Cloud Computing Security

CIT 668: System Architecture

Secure Cloud-Ready Data Centers Juniper Networks

Providing Flexible Security as a Service Model for Cloud Infrastructure

Enabling Technologies for Distributed and Cloud Computing

Virtual Machine Security

Data Centers and Cloud Computing

Enabling Technologies for Distributed Computing

POACHER TURNED GATEKEEPER: LESSONS LEARNED FROM EIGHT YEARS OF BREAKING HYPERVISORS. Rafal Wojtczuk

StACC: St Andrews Cloud Computing Co laboratory. A Performance Comparison of Clouds. Amazon EC2 and Ubuntu Enterprise Cloud

Clouds, Virtualization and Security or Look Out Below

Privacy Protection in Virtualized Multi-tenant Cloud: Software and Hardware Approaches

Security and Privacy in Public Clouds. David Lie Department of Electrical and Computer Engineering University of Toronto

VIRTUALIZATION INTROSPECTION SYSTEM ON KVM-BASED CLOUD COMPUTING PLATFORMS. Advisor: Software Security Lab.

Endpoint protection for physical and virtual desktops

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Security Considerations in Cloud Deployments Matthew Garrett

Endpoint protection for physical and virtual desktops

FACING SECURITY CHALLENGES

International Journal of Scientific & Engineering Research, Volume 5, Issue 1, January-2014 ISSN

Satish Mohan. Head Engineering. AMD Developer Conference, Bangalore

Cloud Terminal: Secure Access to Sensitive Applications from Untrusted Systems

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Virtual Machine Monitors. Dr. Marc E. Fiuczynski Research Scholar Princeton University

How to Secure Infrastructure Clouds with Trusted Computing Technologies

Hardware enhanced Security in Cloud Compu8ng. Cloud Compu8ng (Public IaaS)

Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor?

Computer Meteorology: Monitoring Compute Clouds

Guardian: Hypervisor as Security Foothold for Personal Computers

Virtualization. Jukka K. Nurminen

Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections

Software Execution Protection in the Cloud

Virtualization and Cloud Computing

KVM: A Hypervisor for All Seasons. Avi Kivity avi@qumranet.com

Trusted VM Snapshots in Untrusted Cloud Infrastructures

Effective End-to-End Cloud Security

REINFORCEMENT LEARNING TO REDUCE THE ATTACK SURFACE IN SELF SERVICE CLOUD COMPUTING BALAJI GANESULA. Bachelor of Technology in Computer Science

The future is in the management tools. Profoss 22/01/2008

Protecting Corporate Data from Mobile Threats. And the emerging role for microsd-based security Art Swift CEO, CUPP Computing

Data Centers and Cloud Computing. Data Centers. MGHPCC Data Center. Inside a Data Center

Where are Organizations Today? The Cloud. The Current and Future State of IT When, Where, and How To Leverage the Cloud. The Cloud and the Players

FileCloud Security FAQ

Cloud and Security (Cloud hacked via Cloud) Lukas Grunwald

Survey on virtual machine security

Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com

End to End Security do Endpoint ao Datacenter

Desktop Virtualization. The back-end

Top virtualization security risks and how to prevent them

Data Centers and Cloud Computing. Data Centers

Security Model for VM in Cloud

Virtual Machine Synchronization for High Availability Clusters

COS 318: Operating Systems. Virtual Machine Monitors

VDI Security for Better Protection and Performance

Comprehensive Security for Internet-of-Things Devices With ARM TrustZone

9/26/2011. What is Virtualization? What are the different types of virtualization.

A Survey on Virtual Machine Security

Network Security in Building Networks

Virtualization. Dr. Yingwu Zhu

<Insert Picture Here> Enabling Cloud Deployments with Oracle Virtualization

Chapter 5 Cloud Resource Virtualization

Stephen Coty Director, Threat Research

COS 318: Operating Systems. Virtual Machine Monitors

Research Challenges in Virtualization. Steven Hand Senior Architect, Citrix R&D Reader in Computer Systems, U. Cambridge

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Private cloud computing advances

Windows Server Virtualization & The Windows Hypervisor

Virtualization. Introduction to Virtualization Virtual Appliances Benefits to Virtualization Example Virtualization Products

Security technology of system virtualization platform

Deploying Business Virtual Appliances on Open Source Cloud Computing

Cloud Security and Data Protection

SPACK FIREWALL RESTRICTION WITH SECURITY IN CLOUD OVER THE VIRTUAL ENVIRONMENT

CUDA in the Cloud Enabling HPC Workloads in OpenStack With special thanks to Andrew Younge (Indiana Univ.) and Massimo Bernaschi (IAC-CNR)

Cloud security CS642: Computer Security Professor Ristenpart h9p:// rist at cs dot wisc dot edu University of Wisconsin CS 642

Basics in Energy Information (& Communication) Systems Virtualization / Virtual Machines

Module II. Internet Security. Chapter 7. Intrusion Detection. Web Security: Theory & Applications. School of Software, Sun Yat-sen University

How To Stop A Malicious Process From Running On A Hypervisor

SECURITY IN OPEN SOURCE VIRTUALIZATION

Operating Systems Virtualization mechanisms

VMware Software Defined Network. Dejan Grubić VMware Systems Engineer for Adriatic

Simplified Private Cloud Management

Distributed Block-level Storage Management for OpenStack

Networking for Caribbean Development

Before we can talk about virtualization security, we need to delineate the differences between the

Application Performance in the Cloud, and its Relationship to QoS

Outline. Introduction Virtualization Platform - Hypervisor High-level NAS Functions Applications Supported NAS models

Towards Trustworthy Clouds

CSE543 Computer and Network Security Module: Cloud Computing

vtpm: Virtualizing the Trusted Platform Module

Run-Time Deep Virtual Machine Introspection & Its Applications

2972 Linux Options and Best Practices for Scaleup Virtualization

WHITEPAPER INTRODUCTION TO CONTAINER SECURITY. Introduction to Container Security

Cloud Security Overview

1518 Best Practices in Virtualization & Cloud Security with Symantec

IaaS Cloud Architectures: Virtualized Data Centers to Federated Cloud Infrastructures

Transcription:

Self-service Cloud Computing Vinod Ganapathy vinodg@cs.rutgers.edu Department of Computer Science Rutgers University

2 The modern computing spectrum The Cloud Web browsers and other apps Smartphones and tablets

Security concerns are everywhere! Can I trust Gmail with my personal conversa;ons? Can I trust my browser with my saved passwords? Is that gaming app compromising my privacy? 3

Today s talk The Cloud Web browsers and other apps Smartphones and tablets 4

Self-service Cloud Computing Shakeel Butt Vinod Ganapathy H. Andres Lagar-Cavilla Abhinav Srivastava

What is the Cloud? A distributed compu;ng infrastructure, managed by 3 rd - par;es, with which we entrust our code and data. 6

What is the Cloud? A distributed compu;ng infrastructure, managed by 3 rd - par;es, with which we entrust our code and data. Comes in many flavours: *-aas Infrastructure-aaS, Platform-aaS, Software-aaS, Database-aaS, Storage-aaS, Security-aaS, Desktop-aaS, API-aaS, etc. Many economic benefits No hardware acquisition/maintainence costs Elasticity of resources Very affordable: a few /hour 7

By 2015, 90% of government agencies and large companies will use the cloud [Gartner, Market Trends: Application Development Software, Worldwide, 2012-2016, 2012] Many new companies & services rely exclusively on the cloud, e.g., Instagram, MIT/Harvard EdX [NYTimes, Active in Cloud, Amazon Reshapes Computing, Aug 28, 2012] 8

Virtualized cloud platforms Management VM (dom0) Work VM Work VM Work VM Hypervisor Hardware Examples: Amazon EC2, MicrosoN Azure, OpenStack, RackSpace Hos;ng 9

Embracing the cloud Lets do Cloud 10

Embracing the cloud Trust me with your code & data You have to trust us as well Client Cloud Provider Cloud operators Problem #1 Client code & data secrecy and integrity vulnerable to attack 11

Embracing the cloud Problem #1 Client code & data secrecy and integrity vulnerable to attack 12

Embracing the cloud I need customized malware detection and VM rollback For now just have checkpointing Client Cloud Provider Client Cloud Provider Problem #2 Clients must rely on provider to deploy customized services 13

Why do these problems arise? Management VM (dom0) Work VM Work VM Work VM Hypervisor Hardware 14

Example: Malware detection Client s VM Code Data 1 Management VM Checking daemon Process the page 2 3? Sec. Policy Hypervisor Resume guest Alert user [Example: Gibraltar - - Baliga, Ganapathy, INode, ACSAC 08] 15

Problem Clients must rely on provider to deploy customized services Client s VM Code Data 1 Management VM Checking daemon Process the page 2 3? Sec. Policy Hypervisor Resume guest Alert user 16

Problem Client code & data secrecy and integrity vulnerable to attack Client s VM Code Data Management VM Checking daemon Process the page 2 3? Sec. Policy 1 Hypervisor Malicious cloud operator Resume guest Alert user 17

Problem Client code & data secrecy and integrity vulnerable to attack Client s VM Code Hypervisor Data Management VM Checking daemon Process the page 2 Resume guest? Alert user Sec. Policy EXAMPLES: 3 CVE-2007-4993. Xen guest root escapes to dom0 via pygrub CVE- 2007-5497. Integer overflows in libext2fs in e2fsprogs. CVE- 2008-0923. 1 Directory traversal vulnerability in the shared folders feature for VMWare. CVE- 2008-1943. Buffer overflow in the backend of XenSource Xen paravirtualized frame buffer. CVE- 2008-2100. VMWare buffer overflows in VIX API let local users execute arbitrary code in host OS.. [AND MANY MORE] 18

Our solution SSC: Self-service cloud computing Management VM Client s VMs Hypervisor Hardware 19

Outline Disaggregation and new privilege model Technical challenges: Balancing provider s and client s goals Secure bootstrap of client s VMs Experimental evaluation Future directions and other projects 20

Duties of the management VM Manages and mul;plexes hardware resources Manages client virtual machines Management VM (Dom0) 21

Main technique used by SSC Disaggregate the management VM Per- Client Mgmt. VM (UDom0) Manages client s VMs Allows clients to deploy new services Solves problem #2 System- wide Mgmt. VM (SDom0) Manages hardware No access to clients VMs Solves problem #1 22

Embracing first principles Principle of separation of privilege Per- Client Mgmt. VM (UDom0) System- wide Mgmt. VM (SDom0) 23

Embracing first principles Principle of least privilege Per- Client Mgmt. VM (UDom0) System- wide Mgmt. VM (SDom0) 24

An SSC platform SDom0 UDom0 Client s meta- domain Service VM Work VM Work VM SSC Hypervisor Hardware Equipped with a Trusted Plaiorm Module (TPM) chip 25

SSC s privilege model Privileged opera;on Self-service hypervisor Is the request from client s Udom0? YES NO ALLOW Does requestor have privilege (e.g., client s service VM) YES NO ALLOW DENY 26

Key technical challenges 1. Providers want some control To enforce regulatory compliance (SLAs, etc.) Solution: Mutually-trusted service VMs 2. Building domains in a trustworthy fashion Sdom0 is not trusted Solution: the Domain Builder 3. Establishing secure channel with client Sdom0 controls all the hardware! Solution: Secure bootstrap protocol 27

Providers want some control NO data leaks or corruption NO illegal activities or botnet hosting Client Cloud Provider Udom0 and service VMs put clients in control of their VMs Sdom0 cannot inspect these VMs Malicious clients can misuse privilege Mutually-trusted service VMs 28

Trustworthy regulatory compliance SDom0 UDom0 Mutually - trusted Service VM Work VM Work VM SSC Hypervisor Hardware 29

Bootstrap: the Domain Builder SDom0 UDom0 Work VM Domain Builder Service VM SSC Hypervisor Hardware 30

Bootstrap: the Domain Builder Must SDom0 establish an encrypted communica;on channel Domain Builder UDom0 Work VM Service VM SSC Hypervisor Hardware 31

Secure bootstrap protocol Goal: Build Udom0, and establish an SSL channel with client Challenge: Sdom0 controls the network! Implication: Evil twin attack 32

An evil twin attack SDom0 UDom0 Udom0 Domain Builder SSC Hypervisor Hardware 33

1 Udom0 image, Enc (, ) Udom0 Domain Builder SSC Hypervisor Hardware 34

2 DomB builds domain Udom0 UDom0 Domain Builder SSC Hypervisor Hardware 35

3 DomB installs key, nonce Enc (, ) UDom0 Domain Builder SSC Hypervisor Hardware 36

4 Client gets TPM hashes UDom0 Domain Builder SSC Hypervisor Hardware 37

5 Udom0 sends to client UDom0 Domain Builder SSC Hypervisor Hardware 38

6 Client sends Udom0 SSL key Enc ( ) UDom0 Domain Builder SSC Hypervisor Hardware 39

7 SSL handshake and secure channel establishment UDom0 Domain Builder SSC Hypervisor Hardware 40

8 Can boot other VMs securely UDom0 Work VM VM image Domain Builder SSC Hypervisor Hardware Service VM 41

Client meta-domains Udom0 Mutually- trusted Service VMs Regulatory compliance Service VMs Storage services Firewall and IDS Computa;on Work VM Work VM Trustworthy metering Malware detec;on Work VM SSC hypervisor Hardware 42

Case studies: Service VMs Storage services: Encryption, Intrusion detection Security services: Kernel-level rootkit detection System-call-based intrusion detection Data anonymization service Checkpointing service Memory deduplication And compositions of these! 43

Goals Evaluation Measure overhead of SSC Dell PowerEdge R610 24 GB RAM 8 XEON cores with dual threads (2.3 GHz) Each VM has 2 vcpus and 2 GB RAM Results shown only for 2 service VMs Our ACM CCS 12 paper presents many more 44

Storage encryption service VM Sdom0 Client s work VM Backend Block device Frontend Block device 45

Storage encryption service VM Sdom0 Storage encryp;on service VM Client s work VM Backend Block device Frontend Block device Encryp;on Decryp;on Backend Block device Frontend Block device Plaiorm Unencrypted (MB/s) Encrypted (MB/s) Xen- legacy 81.72 71.90 Self- service 75.88 70.64 46

Checkpointing service VM Client s VM Checkpoint service Storage 47

Checkpointing service VM Client s VM Checkpoint service (Encryp;on) Encrypted Storage service Storage Plaiorm Unencrypted (sec) Encrypted (sec) Xen- legacy 1.840 11.419 Self- service 1.936 11.329 48

Related projects CloudVisor [SOSP 11] Protect client VM data from Dom0 using a thin, baremetal hypervisor Xen- Blanket [EuroSys 12] Allow clients to have their own Dom0s on commodity clouds using a thin shim Dom0 Client VM Nested Hypervisor Cloud Dom0 Client Dom0 Client VM XenBlanket CloudVisor Cloud Hypervisor 49

SSC is a cloud model that Improves security and privacy of client code and data Enhances client control over their VMs Imposes low run;me performance overheads Provides a rich source of problems for followup work J 50

Future vision for SSC Cloud app markets: Marketplaces of service VMs. Research problems: Ensuring trustworthiness of apps, enabling novel mutually-trusted apps, App permission models. Migration-awareness: Policies and mechanisms for VM migration in SSC. Research problems: Prevent exposure of cloud infrastructure details to competitors, TPM-based protocols that are migration-aware. 51

Other research projects 52

53 The Cloud The browser The smartphone

Smartphone rootkits New techniques to detect OS kernel- level malware Rootkits operate by maliciously modifying kernel code and data RESULTS: New techniques to detect dataoriented rootkits [ACSAC 08] Exploring the rootkit threat on smartphones [HotMobile 10] Security versus energy tradeoffs in detecting rootkits on mobile devices [MobiSys 11] 54

Securing Web browsers Studying informa;on leakage via 3 rd party browser addons Addons are untrusted, privileged code All major browsers support addons Can leak sensitive information RESULTS: Information flow tracking-enhanced browser [ACSAC 09] Static capability leak analysis for Mozilla Jetpack [ECOOP 12] New bugs found in Mozilla extensions 55

And many more The Cloud (and other software systems) [CCS08, ACSAC08a, ACSAC09a, RAID10, TDSC11, CCS12a, CCS12b, ANCS12] Security remediation using transactional programming Fast, memory-efficient network intrusion detection The browser (and the Web) [ACSAC08b, ACSAC09b, ECOOP12a, ECOOP12b] Secure mashup Web applications Integrating the Web and the cloud Isolation as a first-class JavaScript feature The smartphone (and other mobile devices) [UbiComp09, SACMAT09, HotMobile10, MobiSys11] Location privacy in mobile computing Secure remote access to enterprise file systems 56

Looking into the future 57

Active ongoing projects SSC++ Improving browser extension security Improving mobile app security 58

Collaborators and students And many other camera- shy folks! 59

Fast and memory-efficient NIDS Using ordered binary decision diagrams (OBDDs) to address ;me/space tradeoff in regexp matching Regexp matching a basic primitive in many NIDS and firewalls Fundamental time/space tradeoff: DFAs are fast but memory intensive NFAs are memory efficient but slow MAIN RESULT: Encoding NFAs using OBDDs Obtains NFA-like memory consumption with DFA-like speed [RAID 10, COMNET 11, ANCS 12] 61

Transactional introspection Security using transac;onal programming and machinery BENEFIT: Security remedia;on for free Enforcing authorization policies with stronger guarantees [CCS 08] Detecting data structure corruptions [RV 11] Sandboxing untrusted JavaScript code using transactions [ECOOP 12] 62

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information