slides-pptx - Max Planck Institute for Software Systems

mangledcobwebΛογισμικό & κατασκευή λογ/κού

14 Δεκ 2013 (πριν από 3 χρόνια και 10 μήνες)

71 εμφανίσεις

S

Max

Planck

Institute

for

Software Systems

Towards

trusted cloud computing


Nuno Santos
, Krishna P.
Gummadi
, and Rodrigo
Rodrigues

MPI
-
SWS

Cloud computing appealing but still
concerns

S
Many companies can reduce costs using CC services

S
But, customers still concerned about security of data

S
Data deployed to CC services can leak out

2

Nuno Santos, MPI
-
SWS

2009

Potential data leakage at the
provider site

Nuno Santos, MPI
-
SWS

3

S
Customer pay virtual machine
(VM) to compute data

S
E.g., Amazon EC2

S
Privileged user with access to
VM state can leak data

S
Accidentally or intentionally

Computation & data

Customer

Provider

Privileged

User

2009

Need solution to secure the
computation state

S
Encryption can secure communications and storage

S
But, encryption
per se

is ineffective for computation

S
Raw data kept in memory during computation

S
Provider benefits from providing a solution

4

Nuno Santos, MPI
-
SWS

2009

Trusted Cloud Computing Platform

S
Goal: Make computation of virtual machines confidential

S
Deployed by the service provider

S
Customer can verify that computation is confidential

5

Nuno Santos, MPI
-
SWS

2009

The threat model:

User with root privileges

S
Providers require staff with privileged access to the system

S
E.g., maintenance of software and workload

S
User with full privileges on any machine

S
Configure, install and run software, remotely reboot

S
Setup attacks to access VM state

6

Nuno Santos, MPI
-
SWS

2009

Rely on provider to secure the
hardware

S
Access to hardware can bypass any
sw
-
based protections

S
E.g., cold boot attacks

S
Leverage security protections deployed by providers

S
E.g., physical security perimeter, surveillance

S
These protections can mitigate hw
-
based attacks

7

Nuno Santos, MPI
-
SWS

2009

Model of elastic virtual machine
services

8

Service Provider

Nodes

Cloud

Manager

Launch & Access

VM

Nuno Santos, MPI
-
SWS

Customer

2009

Privileged

User

Access

components

Trusted computing techniques

are a good start

S
Trusted computing platforms

S
Remote party can identify the
software stack on host

S
Trusted Platform Module (TPM)

S
Secure boot

S
Remote attestation

9

TPM

Remote attestation

Nuno Santos, MPI
-
SWS

2009

Trusted

Computing

Platform

Trusted

Software

Our proposal:

Trusted Cloud Computing Platform

10

Nodes

Cloud

Manager

TPM

Trusted

VMM

Nuno

Santos, MPI
-
SWS

Service Provider

2009

Customer

S
Trusted VMM

S
Guarantee that
VMs

only run on nodes

S
With trusted VMM

S
Within security
perimeter

S
Secure launch &
migration

Launch

Migration

Issues with current
VMMs

S
No protection from privileged
user

S
E.g.,
XenAccess

S
Support operations that export
VM state

S
Migration, suspension, etc.

S
Large trusted computing base
(TCB)


11

Nuno Santos, MPI
-
SWS

2009

Node

Privileged
User



Challenges:

Secure memory management

S
Prevent guest VM inspection &
keep TCB small

S
Provide narrow interface for
launching, migration, etc.

S
Migration ensure destination is
trusted

S
Efficient

S
Possible research: limit TCB to
memory management

12

Nuno Santos, MPI
-
SWS

2009

Node

Privileged

User



Summary:

Trusted Cloud Computing Platform

S
Prevent inspection of computation state at the service
provider site

S
Allows customers to verify that computation is secure

S
Deployed with cooperation of the cloud provider


13

Nuno Santos, MPI
-
SWS

2009

Thanks! Questions?

Contact:

Nuno Santos

nuno.santos@mpi
-
sws.org

14

Nuno Santos, MPI
-
SWS

2009