Security and Integrity of a Distributed File Storage in a Virtual Environment



Similar documents
Chapter 11 Distributed File Systems. Distributed File Systems

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

How to Backup XenServer VM with VirtualIQ

Transparent Monitoring of a Process Self in a Virtual Environment

Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation

NSA Security-Enhanced Linux (SELinux)

CMPT 471 Networking II

KVM Security Comparison

Overview. Firewall Security. Perimeter Security Devices. Routers

Using the Flask Security Architecture to Facilitate Risk Adaptable Access Controls

Hypervisors. Introduction. Introduction. Introduction. Introduction. Introduction. Credits:

Virtual Machines and Security Paola Stone Martinez East Carolina University November, 2013.

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Virtual Machine Security

nanohub.org An Overview of Virtualization Techniques

Linux Distributed Security Module 1

Introduction to OpenStack

Providing Flexible Security as a Service Model for Cloud Infrastructure

SPACK FIREWALL RESTRICTION WITH SECURITY IN CLOUD OVER THE VIRTUAL ENVIRONMENT

Advanced Systems Security: Retrofitting Commercial Systems

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP

Additional Security Considerations and Controls for Virtual Private Networks

Configuring DHCP Snooping

CFCC: Covert Flows Confinement For VM Coalitions Ge Cheng, Hai Jin, Deqing Zou, Lei Shi, and Alex K. Ohoussou

An overwhelming majority of IaaS clouds leverage virtualization for their foundation.

Virtualization. Pradipta De

Chapter 14 Virtual Machines

Exploring Layer 2 Network Security in Virtualized Environments. Ronny L. Bull & Jeanna N. Matthews

Oracle Business Intelligence Enterprise Edition (OBIEE) Version with Quick Fix running on Oracle Enterprise Linux 4 update 5 x86_64

Basics of Internet Security

Securing Data in Oracle Database 12c

Securing Virtual Applications and Servers

RED HAT ENTERPRISE VIRTUALIZATION FOR SERVERS: COMPETITIVE FEATURES

Lecture 02b Cloud Computing II

Distributed System Monitoring and Failure Diagnosis using Cooperative Virtual Backdoors

Confinement Problem. The confinement problem Isolating entities. Example Problem. Server balances bank accounts for clients Server security issues:

Securing sensitive data at Rest ProtectFile, ProtectDb and ProtectV. Nadav Elkabets Presale Consultant

Basics of Virtualisation

Novel Systems. Extensible Networks

Customized Data Exchange Gateway (DEG) for Automated File Exchange across Networks

Full and Para Virtualization

FISMA / NIST REVISION 3 COMPLIANCE

Microkernels, virtualization, exokernels. Tutorial 1 CSC469

Virtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies

Virtualization for Cloud Computing

Desktop virtualization using SaaS Architecture

COS 318: Operating Systems. Virtual Machine Monitors

Open Directory. Apple s standards-based directory and network authentication services architecture. Features

VMware Security Briefing. Rob Randell, CISSP Senior Security Specialist SE

Network Security: From Firewalls to Internet Critters Some Issues for Discussion

Effective End-to-End Cloud Security

Chapter 8 A secure virtual web database environment

SSL VPN A look at UCD through the tunnel

Dynamic Resource allocation in Cloud

CS 695 Topics in Virtualization and Cloud Computing. More Introduction + Processor Virtualization

O2S2: Enhanced Object-based Virtualized Storage

Secure Private Cloud Architecture for Mobile Infrastructure as a Service

Securing Physical and Virtual IT Assets Without Hardware Firewalls or VLANs

Secure Virtual Machine Systems

Unmasking Virtualization Security. Eric A. Hibbard, CISSP, CISA Hitachi Data Systems

Satish Mohan. Head Engineering. AMD Developer Conference, Bangalore

Oracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data

Open Source, Scale-out clustered NAS using nfs-ganesha and GlusterFS

The Flask Security Architecture A Flexible Mandatory Access Control Mechanism For Use in Multiple Secure Systems

Virtualization and Cloud Computing

SECURITY PLATFORM FOR HEALTHCARE PROVIDERS

Virtualization. Jukka K. Nurminen

International Journal of Scientific & Engineering Research, Volume 5, Issue 1, January-2014 ISSN

New Security Perspective for Virtualized Platforms

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

UMHLABUYALINGANA MUNICIPALITY FIREWALL MANAGEMENT POLICY

The Art of Virtualization with Free Software

Exploring Layer 2 Network Security in Virtualized Environments. Ronny L. Bull & Jeanna N. Matthews

High-Performance Nested Virtualization With Hitachi Logical Partitioning Feature

Virtualization System Security

Virtualization. Types of Interfaces

How To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)

Securing Data in a RHEL SELinux Multi-Level Secure Environment

Secure Networks for Process Control

Securing Commercial Operating Systems

Security technology of system virtualization platform

Virtual Machine Monitors. Dr. Marc E. Fiuczynski Research Scholar Princeton University

Experiment # 6 Remote Access Services

VIRTUALIZATION INTROSPECTION SYSTEM ON KVM-BASED CLOUD COMPUTING PLATFORMS. Advisor: Software Security Lab.

Architecture. The DMZ is a portion of a network that separates a purely internal network from an external network.

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Cloud Security. One Size Does Not Fit All

Cloud Computing Governance & Security. Security Risks in the Cloud

Virtualisation security: Virtual machine monitoring and introspection

DOBUS And SBL Cloud Services Brochure

The Cloud in your office

A Survey on Virtual Machine Security

NETWORK EMULATION AND NETKIT

Virtualization. Introduction to Virtualization Virtual Appliances Benefits to Virtualization Example Virtualization Products

Virtualization Technologies (ENCS 691K Chapter 3)

Mitigating Information Security Risks of Virtualization Technologies

How To Set Up Egnyte For Netapp Sync For Netapp

Jukka Ylitalo Tik TKK, April 24, 2006

Safety measures in Linux

Transcription:

Security and Integrity of a Distributed File Storage in a Virtual Environment Gaspare Sala 1 Daniele Sgandurra 1 Fabrizio Baiardi 2 1 Department of Computer Science, University of Pisa, Italy 2 Polo G. Marconi - La Spezia, University of Pisa, Italy SISW Workskop, 2007 1/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa

Outline 1 Introduction Secure File Sharing Requirements 2 Proposed Solution: VSFS Overall Architecture Threat Model Implementation 3 Evaluation Performance 4 Conclusion Results and Future Works 2/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa

Secure File Sharing Applications with Distinct Trust Levels Secure file sharing among applications with distinct trust levels: Web Services. P2P applications. Users share their data only if they receive some assurance about the: Description Enforcement of the security policy that controls the sharing. 3/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa

Requirements MAC/MLS Policies To enable secure file sharing, we need an architecture that: Describes and enforces in a centralized way a security policy to handle file requests. Forces users to respect their roles when accessing files. Supports a large set of MAC or DAC policies. 4/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa

Requirements Distributed File System Client-server architecture to implement a distributed file system. Exports to the clients one or more directories of the shared file system. Applications access transparently remote shared files. Limitations of current solutions: untrusted client user credentials. 5/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa

Overall Architecture Virtualization Technology Software emulation of the hardware architecture: Virtual Machines (VMs). Benefits: 1 Confinement among the VMs. 2 Server consolidation: better resource utilization. 3 Centralized management: easier administration. Widespread usage. 6/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa

Overall Architecture Type I/II VMM 7/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa

Overall Architecture Virtual environment Secure File System We propose a software architecture for secure file sharing composed of: A network of multiple interconnected virtual machines. Three disjoint sets of VMs: 1 Application-VMs (APP-VMs): each APP-VM runs some application processes. 2 File System-VMs (FS-VMs): export file systems shared among the application processes. 3 Administrative-VMs (A-VMs): one for each node, to set up and manage VMs for assurance, routing and administrative tasks. 8/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa

Overall Architecture Architecture 9/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa

Overall Architecture Application VMs (APP-VMs) Run application processes. Are labeled with a security context. 10/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa

Overall Architecture File System VMs (FS-VMs) Export file systems. Implement MAC policies to control file sharing. 11/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa

Overall Architecture Administrative VMs (A-VMs) Protect FS-VM integrity against attacks. Implement anti-spoofing techniques to authenticate each file request before routing it. 12/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa

Threat Model Threat Model VMMs and A-VMs belong to the Trusted Computing Base. A malicious application may attacks other ones through shared files. Invalidate data integrity. Contamination through viruses. APP-VMs are untrusted: spoofed packets. Communications among the physical nodes cannot be forged or spoofed. Example: Service Provider using VMs. 13/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa

Implementation Current Prototype Patch to FS-VM Linux Kernel. The prototype is based on Xen. VSFS exploits NFSv3 service to handle file requests. FS-VMs run Security-Enhanced Linux (SELinux): 1 to support DAC/MAC policies; 2 to enforce the security policy in a centralized way. 14/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa

Implementation NFS Subject Changes to SELinux labeling and access rules: new subject corresponding to the NFS client; definition of all the operations it can invoke. the NFS server acts on behalf of NFS clients. VSFS: 1 Defines a distinct protection domain for each NFS client. 2 Dynamically pairs the NFS server process with the security context of the NFS client. Principle of least privilege. 15/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa

Implementation NFS Request Flow 16/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa

Implementation Assurance Virtual Machine Introspection: Standford University. Visibility: access FS-VM s state from a lower level. Robustness: protects FS-VM integrity from an A-VM. Anti-spoofing on the Xen virtual bridge: Static IP addresses bound to virtual interfaces. The AVM can freeze the execution of a VM. 17/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa

Performance IOzone We used the IOzone Filesystem Benchmark to run NFS performance tests. Read/Write test. Four cases depending on whether: APP-VM and FS-VM are on the same or different node. Security policy is enforced or disabled. 18/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa

Performance IOzone Read Performance Overhead is negligible 19/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa

Performance IOzone Write Performance Overhead is negligible 20/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa

Results and Future Works Limitations Current limitations of the prototype: No file system encryption. Assurance is limited to FS-VMs: attacks to APP-VMs are possible. Policy granularity is at the VM level. Security policy is static. 21/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa

Results and Future Works Results Enforcement of MAC policies on a shared storage: to protect files accessed by applications with distinct trust levels. Ability of securely identifying each APP-VM: reliable association of a security context to an APP-VM according to its trust level. High assurance of the FS-VM integrity. Negligible overhead. 22/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa

Results and Future Works Future Works Tainting: track data propagation among users and applications. File System encryption. Finer-grained security policy: user-id and NFS client-id. 1 Protection domain is a subset of the VM s domain. 2 Client side authentication. Master A-VM: controls and configures the whole network. Ex.: VM migration. Support for flexible security policies and MLS. 23/23 Gaspare Sala, Daniele Sgandurra, Fabrizio Baiardi University of Pisa

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information