How to Secure Infrastructure Clouds with Trusted Computing Technologies

Similar documents
How To Create A Trusted Cloud Computing Platform

Technical Brief Distributed Trusted Computing

Software Execution Protection in the Cloud

Secure Data Management in Trusted Computing

Realizing Trusted Clouds

A Virtualized Linux Integrity Subsystem for Trusted Cloud Computing

CSE543 Computer and Network Security Module: Cloud Computing

Building Blocks Towards a Trustworthy NFV Infrastructure

HW (Fat001) TPM. Figure 1. Computing Node

William Hery Research Professor, Computer Science and Engineering NYU-Poly

Appendix to; Assessing Systemic Risk to Cloud Computing Technology as Complex Interconnected Systems of Systems

Security Considerations in Cloud Deployments Matthew Garrett

Bypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken

Computer Science. About PaaS Security. Donghoon Kim Henry E. Schaffer Mladen A. Vouk

Planning, Provisioning and Deploying Enterprise Clouds with Oracle Enterprise Manager 12c Kevin Patterson, Principal Sales Consultant, Enterprise

Virtualization & Cloud Computing (2W-VnCC)

Security Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM)

Overview of Windows 10 Requirements for TPM, HVCI and SecureBoot

Patterns for Secure Boot and Secure Storage in Computer Systems

vtpm: Virtualizing the Trusted Platform Module

Lecture Overview. INF3510 Information Security Spring Lecture 4 Computer Security. Meaningless transport defences when endpoints are insecure

Module: Cloud Computing Security

Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory

Trustworthy Computing

Index. BIOS rootkit, 119 Broad network access, 107

Towards Trustworthy Clouds

Lecture Embedded System Security Dynamic Root of Trust and Trusted Execution

Cloud Security is a First Principle:

Sistemi Operativi e Reti. Cloud Computing

Comparing Open Source Private Cloud (IaaS) Platforms

NCTA Cloud Architecture

Lecture 2 Cloud Computing & Virtualization. Cloud Application Development (SE808, School of Software, Sun Yat-Sen University) Yabo (Arber) Xu

Security. Environments. Dave Shackleford. John Wiley &. Sons, Inc. s j}! '**»* t i j. l:i. in: i««;

A M D DA S 1. 0 For the Manageability, Virtualization and Security of Embedded Solutions


Cloud Security Overview

Storage and High Availability with Windows Server

Trusted VM Snapshots in Untrusted Cloud Infrastructures

UEFI Implications for Windows Server

Control your corner of the cloud.

Cloud Security and Data Protection

2) Xen Hypervisor 3) UEC

Virtualization System Security

University of Messina, Italy

McAfee Public Cloud Server Security Suite

Cloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive

Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation

Building More Reliable Cloud Services The CUMULUS Project

Before we can talk about virtualization security, we need to delineate the differences between the

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

Dell High Availability Solutions Guide for Microsoft Hyper-V

Vmware Training. Introduction

Course 6331A: Deploying and Managing Microsoft System Center Virtual Machine Manager

Acronis Backup & Recovery 11.5

Server Virtualization with Windows Server Hyper-V and System Center

What Is It? Business Architecture Research Challenges Bibliography. Cloud Computing. Research Challenges Overview. Carlos Eduardo Moreira dos Santos

Introduction to OpenStack

CLOUD COMPUTING. When It's smarter to rent than to buy

Implementing Hardware Roots of Trust: The Trusted Platform Module Comes of Age Sponsored by the Trusted Computing Group (TCG)

1 What is Cloud Computing? Cloud Infrastructures OpenStack Amazon EC CAMF Cloud Application Management

Acronym Term Description

Trusted Launch of Virtual Machine Instances in Public IaaS Environments

Session ID: Session Classification:

CA ARCserve Replication and High Availability Deployment Options for Hyper-V

Storage and High Availability with Windows Server 10971B; 4 Days, Instructor-led

Survey on virtual machine security

Deployment Options for Microsoft Hyper-V Server

T Mobile Cloud Computing Private Cloud & Assignment

Towards Trustworthy Architectures for Secure Cloud Servers and End-User Devices

Clodoaldo Barrera Chief Technical Strategist IBM System Storage. Making a successful transition to Software Defined Storage

Trusted Launch of Generic Virtual Machine Images in Public IaaS Environments

Protect Sensitive Data Using Encryption Technologies. Ravi Sankar Technology Evangelist Microsoft Corporation

VIRTUALIZATION INTROSPECTION SYSTEM ON KVM-BASED CLOUD COMPUTING PLATFORMS. Advisor: Software Security Lab.

Fundamentals of a Windows Server Infrastructure MOC 10967

Automating Big Data Benchmarking for Different Architectures with ALOJA

UNCLASSIFIED Version 1.0 May 2012

Course Outline: Course 6331: Deploying and Managing Microsoft System Center Virtual Machine Manager Learning Method: Instructor-led Classroom Learning

Intel Cloud Builder Guide to Cloud Design and Deployment on Intel Xeon Processor-based Platforms

Comparing Ganeti to other Private Cloud Platforms. Lance Albertson

Cloud Computing Security Requirements

On the security of Virtual Machine migration and related topics

Aircloak Analytics: Anonymized User Data without Data Loss

Microsoft s Advantages and Goals for Hyper-V for Server 2016

OVAL+TPM. A Case Study in Enterprise Trusted Computing. Ariel Segall. June 21, 2011

Computing Service Provision in P2P Clouds

Embedded Trusted Computing on ARM-based systems

Abstract. 1 Introduction

Private Virtual Infrastructure: A Model for Trustworthy Utility Cloud Computing UMBC Computer Science Technical Report Number TR-CS-10-04

TCG Based Approach for Secure Management of Virtualized Platforms State-of-the-art

Trusted Platforms for Homeland Security

INTRODUCTION TO CLOUD MANAGEMENT

10971B: Storage and High Availability with Windows Server

WIND RIVER SECURE ANDROID CAPABILITY

From 0 to Secure in 1 Minute APPSEC IL Moshe Ferber CCSK, CCSP

Trusted Virtual Infrastructure Bootstrapping for On Demand Services.

Citrix Training. Course: Citrix Training. Duration: 40 hours. Mode of Training: Classroom (Instructor-Led)

Inadequacies of Current Risk Controls for the Cloud

Elements to a Secure Environment Becoming Resilient Towards Modern Cyberthreats. Windows XP Support Has Ended Why It Concerns You

Accelerate OpenStack* Together. * OpenStack is a registered trademark of the OpenStack Foundation

Transcription:

How to Secure Infrastructure Clouds with Trusted Computing Technologies Nicolae Paladi Swedish Institute of Computer Science

2 Contents 1. Infrastructure-as-a-Service 2. Security challenges of IaaS 3. Trusted Computing and TPM 4. Trusted VM launch 5. InfraCloud 6. Future work

3 Infrastructure-as-a-Service A 'cloud computing' service model (NIST:2011): Provision processing, storage, networks. Deploy and run arbitrary software. No control over underlying cloud infrastructure. Control over OS, storage, deployed applications. Limited control of select networking components.

Infrastructure-as-a-Service architectural overview 4 OpenStack architectural overview https://wiki.openstack.org/wiki/architecturaloverview

Infrastructure-as-a-Service security issues 5 2011: Vulnerabilities in the AWS management console (XSS and XML wrapping attacks) OpenStack architectural overview https://wiki.openstack.org/wiki/architecturaloverview

Infrastructure-as-a-Service security issues 6 2011: Vulnerabilities in the AWS management console (XSS and XML wrapping attacks) 2012: Cross-VM Side Channels can be used to extract private keys. OpenStack architectural overview https://wiki.openstack.org/wiki/architecturaloverview

Infrastructure-as-a-Service security issues 7 2011: Vulnerabilities in the AWS management console (XSS and XML wrapping attacks) 2012: Cross-VM Side Channels can be used to extract private keys 2012: Rackspace s dirty disks OpenStack architectural overview https://wiki.openstack.org/wiki/architecturaloverview

Can we help it? 8

9 Introducing the TPM Trusted platform module v1.2 as specified by TCG. v2.0 is currently under review. Tamper-evident. 16+ PCRs for volatile storage. Four operations: Signing / Binding / Sealing / Sealed-sign.

10 Introducing the TPM: output Produces integrity measurements of the firmware at boot time. Can produce integrity measurements of the loaded kernel modules (sample below).

11 Introducing the TPM: usage Microsoft BitLocker Google Chromium OS Citrix XenServer Oracle s X- and T-Series Systems HP ProtectTools Others

12 Securing IaaS environments with trusted computing Virtualization security. Storage protection in IaaS environments. Computing security in IaaS environments. Remote host software integrity attestation. Runtime host software integrity attestation. Encryption key management in IaaS environments.

Computing security in IaaS environments: Problem Setting Consumer is able to deploy and run arbitrary software, which can include operating systems and applications. 13 Client can launch VMs for sensitive computations. Trusted VM launch the correct VM is launched in a IaaS platform on a host with a known software stack verified to not have been modified by malicious actors. IaaS security with trusted computing. How do we ensure a trusted VM launch in an untrusted IaaS environment?

14 Attack scenario 1 Scheduler (S) Remote attacker (A r ) A r could schedule the VM instance to be launched on a compromised host Trusted Compute Host (CH) Compute Host (CH) Client (C) Hardware Hardware Hardware

15 Attack scenario 2 Scheduler (S) Remote attacker (A r ) Client (C) A r could compromise the VM image prior to launch Trusted Compute Host (CH) Hardware Compute Host (CH) Hardware Compute Host (CH) Hardware

16 Trusted VM launch protocol Ensure VM image launched on a trusted host. Ensure communication with VM launched on a trusted CH rather than a random VM. Compute host to verify the integrity VM image to be launched. Minimum implementation footprint on the IaaS codebase. Transparent view of the secure launch procedures.

Protocol: birds-eye view 3. (S) 1. 2. 4. 5. 6. CH CH CH Client (C) HW HW HW + TPM

18 Prototype implementation OpenStack cluster deployed on 3 nodes (TPM-equipped) Code extensions: Changes OpenStack launch procedure. Implementation of an OpenStack TPM communication glue. Implementation of a TTP (interpretation of attestation info) Implementation of client-side functionality (token generation, trusted launch verification).

19 Securing IaaS with InfraCloud: The project Ongoing project in collaboration between Region Skåne, Ericsson Research and SICS. Aim: proof of concept design and deployment of one of the region s medical journaling systems in a hardened and trustworthy IaaS environment. Prototype implementation based on earlier research, as well as solutions to newly identified challenges.

20 Securing IaaS with InfraCloud: The challenges Numerous new research challenges have been identified already in the early stages of the project: Storage protection in untrusted IaaS environments. Verification and protection of a deployment s network configuration. Runtime VM instance protection (prevent memory dumping, cloning). Secure key handling mechanisms in untrusted IaaS deployments. Update and patch deployment on guest VM instances. Interpretation of TPM attestation data.

21 Conclusion Out-of-the-box public IaaS probably not acceptable for most organizations handling sensitive data. A comprehensive solution for data protection in public IaaS environments has not been found yet. SICS Secure Systems lab works with various aspects of guest protection in untrusted IaaS. Trusted Computing Technologies allow to address some of the issues with IaaS security. Participation in the InfraCloud project and practical application of protocols reveal multiple new research challenges.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information