BY Muhammad Kazim SUPERVISOR: Dr. Awais Shibli.  Introduction  Literature Survey  Problem Statement  OpenStack  Proposed Solution and Design  Major.

Slides:



Advertisements
Similar presentations
Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
Advertisements

Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.
Virtual Switching Without a Hypervisor for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton)
Virtualisation From the Bottom Up From storage to application.
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
Information Security and Cloud Computing Naresh K. Sehgal, Sohum Sohoni, Ying Xiong, David Fritz, Wira Mulia, and John M. Acken 1 NKS.
An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.
1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.
SDN in Openstack - A real-life implementation Leo Wong.
11 HDS TECHNOLOGY DEMONSTRATION Steve Sonnenberg May 12, 2014 © Hitachi Data Systems Corporation All Rights Reserved.
Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
Supervisor : Mr. Hadi Salimi Advanced Topics in Information Systems Mazandaran University of Science and Technology February 4, 2011 Survey on Cloud Computing.
Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,
Towards Application Security On Untrusted OS
Virtual Machine approach to Security Gautam Prasad and Sudeep Pradhan 10/05/2010 CS 239 UCLA.
B UILDING M ULTI - TIER W EB A PPLICATIONS IN V IRTUAL E NVIRONMENTS.
Virtual Machine Security Summer 2013 Presented by: Rostislav Pogrebinsky.
VIRTUALISATION OF HADOOP CLUSTERS Dr G Sudha Sadasivam Assistant Professor Department of CSE PSGCT.
5205 – IT Service Delivery and Support
Self-service Cloud Computing Shakeel Butt Department of Computer Science Rutgers University.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
Cloud Computing Why is it called the cloud?.
© 2010 IBM Corporation Cloudy with a chance of security Information security in virtual environments Johan Celis Security Solutions Architect EMEA IBM.
INTRODUCTION TO CLOUD COMPUTING CS 595 LECTURE 7 2/23/2015.
 Cloud computing  Workflow  Workflow lifecycle  Workflow design  Workflow tools : xcp, eucalyptus, open nebula.
H YPER S AFE : A L IGHTWEIGHT A PPROACH TO P ROVIDE L IFETIME H YPERVISOR C ONTROL -F LOW I NTEGRITY Self Protection for the Hypervisor.
Jakub Szefer, Eric Keller, Ruby B. Lee Jennifer Rexford Princeton University CCS October, 2011 報告人:張逸文.
Virtual machines image protection in Cloud computing
Guanhai Wang, Minglu Li and Chuliang Weng Shanghai Jiao Tong University, China. SVM09, Wuhan, China.
Ceph Storage in OpenStack Part 2 openstack-ch,
Improving Network I/O Virtualization for Cloud Computing.
Presented by: Sanketh Beerabbi University of Central Florida COP Cloud Computing.
Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash.
608D CloudStack 3.0 Omer Palo Readiness Specialist, WW Tech Support Readiness May 8, 2012.
Countering Kernel Rootkits with Lightweight Hook Protection Presented by: Hector M Lugo-Cordero, MS CAP 6135 March 24, 2011.
BY Muhammad Kazim SUPERVISOR: Dr. Awais Shibli.  Introduction  Literature Survey  Problem Statement  OpenStack  Proposed Solution and Design  Major.
1 CloudVS: Enabling Version Control for Virtual Machines in an Open- Source Cloud under Commodity Settings Chung-Pan Tang, Tsz-Yeung Wong, Patrick P. C.
Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.
Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.
Virtual Workspaces Kate Keahey Argonne National Laboratory.
Bart Miller – October 22 nd,  TCB & Threat Model  Xen Platform  Xoar Architecture Overview  Xoar Components  Design Goals  Results  Security.
COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.
November 19, 2008 CSC 682 Use of Virtualization to Thwart Malware Written by: Ryan Lehan Presented by: Ryan Lehan Directed By: Ryan Lehan Produced By:
Operating Systems Security
Security Vulnerabilities in A Virtual Environment
Vignesh Ravindran Sankarbala Manoharan. Infrastructure As A Service (IAAS) is a model that is used to deliver a platform virtualization environment with.
Challenge and Research in migration. Challenge in VM migration Resource management issues during migration inappropriate access control policies An inappropriate.
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Security aspects.
1 TCS Confidential. 2 Objective: In this session we will be able to learn  What is Openstack?  History  Capabilities  Openstack as IaaS  Advantages.
IMPROVEMENT OF COMPUTATIONAL ABILITIES IN COMPUTING ENVIRONMENTS WITH VIRTUALIZATION TECHNOLOGIES Abstract We illustrates the ways to improve abilities.
© 2012 Eucalyptus Systems, Inc. Cloud Computing Introduction Eucalyptus Education Services 2.
Virtual machines image protection in Cloud computing Muhammad Kazim (2011-NUST-MSCCS-23) Thesis Supervisor: Dr. Muhammad Awais Shibli G.E.C Members: Dr.
Computer Science Infrastructure Security for Virtual Cloud Computing Peng Ning 04/08/111BITS/ Financial Services Roundtable Supported by the US National.
Secure Offloading of Legacy IDSes Using Remote VM Introspection in Semi-trusted IaaS Clouds Kenichi Kourai Kazuki Juda Kyushu Institute of Technology.
OPENSTACK Presented by Jordan Howell and Katie Woods.
Md Baitul Al Sadi, Isaac J. Cushman, Lei Chen, Rami J. Haddad
Security on OpenStack 11/7/2013
Chapter 6: Securing the Cloud
Windows Server 2016 Secure IaaS Microsoft Build /1/2018 4:00 AM
Prepared by: Assistant prof. Aslamzai
OpenStack Ani Bicaku 18/04/ © (SG)² Konsortium.
Outline Virtualization Cloud Computing Microsoft Azure Platform
Cloud computing mechanisms
* Introduction to Cloud computing * Introduction to OpenStack * OpenStack Design & Architecture * Demonstration of OpenStack Cloud.
SCONE: Secure Linux Containers Environments with Intel SGX
Shielding applications from an untrusted cloud with Haven
Harrison Howell CSCE 824 Dr. Farkas
OpenStack for the Enterprise
Presentation transcript:

BY Muhammad Kazim SUPERVISOR: Dr. Awais Shibli

 Introduction  Literature Survey  Problem Statement  OpenStack  Proposed Solution and Design  Major Challenges  Roadmap  References

The core of Cloud services, Infrastructure- as-a-Service (IaaS) model provides the capability to provision;  Processing  Storage  Networks

 In Cloud computing, Virtualization is the basis of providing IaaS.  Virtualization is benefiting companies by reducing their operating costs and increasing the flexibility of their own infrastructures.

 Virtual machine (VM) is a software container that has its own OS, virtual CPU, RAM and behaves like a physical machine.  Cloud usually contains a large number of VMs.  Every 6 seconds a new VM in Cloud is born.

Literature Survey

Communication between Virtual Machines  Two VMs in the same network may communicate by covert channel.  Shared clipboard maybe used secretly for communication between VMs.  VM Escape attack ◦ Used by attacker to gain root privileges. J enni Susan Reuben, “A Survey on Virtual Machine Security”, TKK T Seminar on Network Security, 2007.

 Hypervisor is responsible for all the interaction between hardware and the virtual machines (VM’s).  A malicious Hypervisor can change any virtual machine code to run it in a way attacker wants, and can access or tamper all data in the VM.

 XEN the type-1 Hypervisor, contains a privileged VM called Dom0 along with guest VMs DomUs.  By compromising Dom0 boot process of the VM can get tampered as well as all guest virtual machines can be accessed including their memory, disk space and network traffic. Jinzhu Kong, “Protecting the confidentiality of virtual machines against untrusted host”, International Symposium on Intelligence Information Processing and Trusted Computing, Washington, DC, USA, 2010.

 VM state can be stored in a disk file to be restored later.  The compromised host or malicious VM may tamper saved state of virtual machine and when restored it may not function as desired. Jinzhu Kong, “Protecting the confidentiality of virtual machines against untrusted host”, International Symposium on Intelligence Information Processing and Trusted Computing, Washington, DC, USA, 2010.

 VM checkpoint is a feature that allows users to take snapshot of virtual machine image.  VM checkpoint may result in exposing sensitive information of VM state if anyone has access to snapshot of VM image.  Attacker may load his created checkpoint as VM to compromise the system. Mikhail I. Gofman, Ruiqi Luo, Ping Yang, Kartik Gopalan, “SPARC: A security and privacy aware Virtual Machine checkpointing mechanism”, Proceedings of the 10th annual ACM workshop on Privacy in the electronic society, New York, USA, 2011, pp

 Network DOS attacks  Creating too many guest VMs Attacker can create too many guest virtual machines to consume all resources of the system.  Destroying useful VMs and their data

 Proper isolation to prevent from inter VM communication.  Access control and Firewalls to prevent from DOS attacks.  Protocols designed to address specific VM attacks.  No unified solution exists!!

In order to secure virtual machines from infrastructure, hypervisor and virtualization level attacks, we intend to provide security mechanism for IaaS layer by proposing virtual machines encrypted execution based on the proposed security architecture.

 OpenStack is collection of open source technology that provides massively scalable open source cloud computing software.  Currently a large number of organizations around 87 different countries have deployed their Cloud on OpenStack.  OpenStack technology is written in Python with SDKs available for java and php developers by jcloud.

 Dashboard ("Horizon") provides a web front end to the other OpenStack services.  Compute ("Nova") stores and retrieves virtual disks ("images") and associated metadata in Image.  Network ("Quantum") provides virtual networking for Compute.  Block Storage ("Cinder") provides storage volumes for Compute.  Image ("Glance") provides catalog and repository for disk images.  All the services authenticate with Identity ("Keystone").

 Images are disk images which are templates for virtual machine file systems. The image service, Glance, is responsible for the storage and management of images within OpenStack.  Instances are the individual virtual machines running on physical compute nodes. The compute service, Nova, manages instances. Each instance is run from a copy of the base image.

 The image store fronted by the image service, Glance, has some number of predefined images.  To launch an instance the user selects an image, a flavor (resources) and optionally other attributes.

 QEMU Copy-on-write QEMU can use a base image which is read- only, and store all writes to the qcow2 image. Its major features include  Smaller images  AES encryption  zlib based compression  Support of multiple VM snapshots.

 Encryption will result in increase in image size and performance overhead on the Cloud system.  Key management is another major issue. Virtual Machine Size CPU CoresMemory Small12 GB Medium23.5 GB Large47 GB Extra Large814 GB

MileStonesDuration Preliminary study and ResearchDone Implementation 1. Python Development2 Weeks 2. OpenStack Configuration2 Weeks 3. Image encryption1 month 4. Loading, executing, storing encrypted image with VM instances 2 months 5. Key Management Policy implementation 1 month Performance Analysis and Evaluation 1 month Final Documentation1 month

[1] Shubhashis Sengupta, Vikrant Kaulgud, Vibhu Saujanya Sharma, “Cloud Computing Security - Trends and Research Directions”, IEEE World Congress on Services, Washington, DC, USA, [2] Jakub Szefer, Ruby B. Lee, “A Case for Hardware Protection of Guest VMs from Compromised Hypervisors in Cloud Computing”, 31st International Conference on Distributed Computing Systems Workshops, Washington, DC, USA, [3] Jinzhu Kong, “Protecting the confidentiality of virtual machines against untrusted host”, International Symposium on Intelligence Information Processing and Trusted Computing, Washington, DC, USA, [4] Farzad Sabahi, “Secure Virtualization for Cloud Environment Using Hypervisor-based Technology”, International Journal of Machine Learning and Computing vol. 2, no. 1, February 2012, pp [5] Jenni Susan Reuben, “A Survey on Virtual Machine Security”, TKK T Seminar on Network Security, 2007.

[6] Seongwook Jin, Jeongseob Ahn, Sanghoon Cha, and Jaehyuk Huh, “Architectural Support for Secure Virtualization under a Vulnerable Hypervisor”, Proceedings of the 44th Annual IEEE/ACM International Symposium on Microarchitecture, USA, [7] Ryan Shea, Jiangchuan Liu, “Understanding the Impact of Denial of Service on Virtual Machines”, IEEE 20 th International Workshop on Quality of Service (IWQoS), Burnaby, BC, Canada, [8] Wu Zhou, Peng Ning, Xiaolan Zhang, “Always up-to-date: scalable offline patching of VM images in a compute cloud”, Proceedings of the 26 th Annual Computer Security Applications Conference, New York, USA, 2010, pp [9] Trent Jaegar, Reiner Sailer, Yogesh Sreenivasan, “Managing the Risk of Covert Information Flows in Virtual Machine Systems”, Proceedings of the 12th ACM symposium on Access control models and technologies, New York, USA, pp , [10] Mikhail I. Gofman, Ruiqi Luo, Ping Yang, Kartik Gopalan, “SPARC: A security and privacy aware Virtual Machine checkpointing mechanism”, Proceedings of the 10th annual ACM workshop on Privacy in the electronic society, New York, USA, 2011, pp

[11] Zhi Wang, Xuxian Jiang, “HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity” IEEE Symposium on Security and Privacy, Oakland, CA, USA, 2010, pp [12] Mohamad Rezaei et al., “TCvisor: a Hypervisor Level Secure Storage”, TCvisor: a Hypervisor Level Secure Storage”, Internet Technology and Secured Transactions (ICITST), London, 2010, pp [13] Dan Pelleg, Muli Ben-Yehuda, Rick Harper, “Vigilant—Out-of-band Detection of Failures in Virtual Machines”, ACM SIGOPS Operating Systems Review, New York, NY, USA, Volume 42 Issue 1, 2008, pp [14] Sandra Rueda, Rogesh Sreenivasan, Trent Jaeger, “Flexible Security Configuration for Virtual Machines”, Proceedings of the 2nd ACM workshop on Computer Security Architectures, New York, NY, USA, 2008, pp [15] Koichi Onone, Yoshihiro Oyama, Akinori Yonezawa, “Control of System Calls from Outside of Virtual Machines”, Proceedings of the 2008 ACM symposium on Applied Computing, New York, NY, USA, 2008, pp

THANKYOU

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.