LADIS workshop (Oct 11, 2009) A Case for the Accountable Cloud Andreas Haeberlen MPI-SWS.

Slides:



Advertisements
Similar presentations
Test process essentials Riitta Viitamäki,
Advertisements

Lecture 4: Cloud Computing Security: a first look Xiaowei Yang (Duke University)
Byzantine Generals. Outline r Byzantine generals problem.
Tamper Evident Microprocessors Adam Waksman Simha Sethumadhavan Computer Architecture & Security Technologies Lab (CASTL) Department of Computer Science.
© 2010 Andreas Haeberlen 1 Accountable Virtual Machines OSDI (October 4, 2010) Andreas Haeberlen University of Pennsylvania Paarijaat Aditya Rodrigo Rodrigues.
1 The Case for Byzantine Fault Detection. 2 Challenge: Byzantine faults Distributed systems are subject to a variety of failures and attacks Hacker break-in.
Organisational policies
Digital Cash Present By Kevin, Hiren, Amit, Kai. What is Digital Cash?  A payment message bearing a digital signature which functions as a medium of.
A. Haeberlen Having your Cake and Eating it too: Routing Security with Privacy Protections 1 HotNets-X (November 15, 2011) Alexander Gurney * Andreas Haeberlen.
 Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
NSDI (April 24, 2009) © 2009 Andreas Haeberlen, MPI-SWS 1 NetReview: Detecting when interdomain routing goes wrong Andreas Haeberlen MPI-SWS / Rice Ioannis.
Presented By: Vinay Kumar.  At the time of invention, Internet was just accessible to a small group of pioneers who wanted to make the network work.
© 2006 Andreas Haeberlen, MPI-SWS 1 The Case for Byzantine Fault Detection Andreas Haeberlen MPI-SWS / Rice University Petr Kouznetsov MPI-SWS Peter Druschel.
Soft. Eng. II, Spr. 2002Dr Driss Kettani, from I. Sommerville1 CSC-3325: Chapter 9 Title : Reliability Reading: I. Sommerville, Chap. 16, 17 and 18.
Building and Programming the Cloud, Mysore, Jan Accountable distributed systems and the accountable cloud Peter Druschel joint work with Andreas.
Virtual Machine approach to Security Gautam Prasad and Sudeep Pradhan 10/05/2010 CS 239 UCLA.
1 © Wolfgang Pelz Design by Contract Design by Contract™ Based on material drawn from: Bertrand.
Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
Software Engineering Experimentation Software Engineering Specific Issues (Mostly CS as well) Jeff Offutt
Csci5233 Computer Security1 Bishop: Chapter 10 Key Management: Digital Signature.
Computer Science 340 Software Design & Testing Design By Contract.
Computer Programming and Basic Software Engineering 4. Basic Software Engineering 1 Writing a Good Program 4. Basic Software Engineering.
ATIF MEHMOOD MALIK KASHIF SIDDIQUE Improving dependability of Cloud Computing with Fault Tolerance and High Availability.
Cong Wang1, Qian Wang1, Kui Ren1 and Wenjing Lou2
University of Palestine software engineering department Testing of Software Systems Fundamentals of testing instructor: Tasneem Darwish.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
Software Project Management
Stamping out worms and other Internet pests Miguel Castro Microsoft Research.
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
NSDI (April 24, 2009) © 2009 Andreas Haeberlen, MPI-SWS 1 NetReview: Detecting when interdomain routing goes wrong Andreas Haeberlen MPI-SWS / Rice Ioannis.
Accountability Aditya Akella. Outline Accountable Virtual Machines Accountability in and via SDN.
Speaker: Meng-Ting Tsai Date:2010/11/16 Toward Publicly Auditable Secure Cloud Data Storage Services Cong Wang and Kui Ren..etc IEEE Communications Society.
Chapter 22 Developer testing Peter J. Lane. Testing can be difficult for developers to follow  Testing’s goal runs counter to the goals of the other.
Secure routing in wireless sensor network: attacks and countermeasures Presenter: Haiou Xiang Author: Chris Karlof, David Wagner Appeared at the First.
Presented by: Suparita Parakarn Kinzang Wangdi Research Report Presentation Computer Network Security.
1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development 3.
Stamping out worms and other Internet pests Miguel Castro Microsoft Research.
G53SEC 1 Reference Monitors Enforcement of Access Control.
Virtual Workspaces Kate Keahey Argonne National Laboratory.
Writing Systems Software in a Functional Language An Experience Report Iavor Diatchki, Thomas Hallgren, Mark Jones, Rebekah Leslie, Andrew Tolmach.
Hong Zhu Dept of Computing and Communication Technologies Oxford Brookes University Oxford, OX33 1HX, UK TOWARDS.
CS555Topic 251 Cryptography CS 555 Topic 25: Quantum Crpytography.
Slide B-1 Case 1 You have just received surprising information that requires your group to take a new approach right away. You know the group members are.
BFTW 3 workshop (Sep 22, 2009)© 2009 Andreas Haeberlen 1 The Fault Detection Problem Andreas Haeberlen MPI-SWS Petr Kuznetsov TU Berlin / Deutsche Telekom.
A. Haeberlen Fault Tolerance and the Five-Second Rule 1 HotOS XV (May 18, 2015) Ang Chen Hanjun Xiao Andreas Haeberlen Linh Thi Xuan Phan Department of.
SIGCOMM 2012 (August 16, 2012) Private and Verifiable Interdomain Routing Decisions Mingchen Zhao * Wenchao Zhou * Alexander Gurney * Andreas Haeberlen.
MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.
Cover Letter YOUTH CENTRAL – Cover Letters & Templates
Chapter 1: Fundamental of Testing Systems Testing & Evaluation (MNN1063)
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
CTC228 Nov Today... Catching up with group projects URLs and DNS Nmap Review for Test.
PeerReview: Practical Accountability for Distributed Systems SOSP 07.
SOSP 2007 © 2007 Andreas Haeberlen, MPI-SWS 1 Practical accountability for distributed systems Andreas Haeberlen MPI-SWS / Rice University Petr Kuznetsov.
Efficient software-based fault isolation Robert Wahbe, Steven Lucco, Thomas Anderson & Susan Graham Presented by: Stelian Coros.
1 Authenticated Key Exchange Rocky K. C. Chang 20 March 2007.
Requirements in the product life cycle Chapter 7.
Database Laboratory Regular Seminar TaeHoon Kim Article.
Problem: Internet diagnostics and forensics
Types for Programs and Proofs
EMTM 600 Software Development
Systems Analysis and Design
By Dunlap, King, Cinar, Basrai, Chen
Baisc Of Software Testing
System Testing.
Accountable Virtual Machines
Blockchains and Auditing
Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Presentation transcript:

LADIS workshop (Oct 11, 2009) A Case for the Accountable Cloud Andreas Haeberlen MPI-SWS

LADIS workshop (Oct 11, 2009) Outline 2 © 2009 Andreas Haeberlen ProblemSolutionCall for action

LADIS workshop (Oct 11, 2009) The benefits of cloud computing The cloud enables Alice to: obtain resources on demand pay only for what she actually uses benefit from economies of scale But... 3 © 2009 Andreas Haeberlen AliceBob Alice's customers

LADIS workshop (Oct 11, 2009) Problem: Split administrative domain Control and information about Alice's service are now split between Alice and Bob Alice cannot control cloud machines or observe their status  Alice must have a lot of trust in Bob Bob does not understand the details of Alice's software  Difficult to perform many administrative tasks 4 © 2009 Andreas Haeberlen Alice Bob Alice's customers ? ??? ????????

LADIS workshop (Oct 11, 2009) Problem: Split administrative domain What if there is a problem with the cloud? Misconfiguration Insufficient allocation of resources Hacker attack Data loss or unavailability Hardware malfunction... 5 © 2009 Andreas Haeberlen Alice Bob Alice's customers

LADIS workshop (Oct 11, 2009) Handling problems: Alice's perspective 6 © 2009 Andreas Haeberlen Alice Alice's customers ? ? ? ? ? ? ? ? Bob If something is wrong, how will I know? How can I tell if it's my software or the cloud? If it's the cloud, how can I convince Bob?

LADIS workshop (Oct 11, 2009) If something is wrong, how will I know? How can I tell if it's my software or the cloud? If it's the cloud, how can I convince Bob? Handling problems: Bob's perspective 7 © 2009 Andreas Haeberlen Alice Bob Alice's customers ? ? ???????? ??? If something is wrong, how will I know? How can I tell if it's the cloud or Alice's software? If it's Alice's software, how can I convince Alice?

LADIS workshop (Oct 11, 2009) Outline 8 © 2009 Andreas Haeberlen ProblemSolutionCall for action Split administrative domain

LADIS workshop (Oct 11, 2009) An idealized solution What if we had an oracle that Alice and Bob could ask about cloud problems? Completeness: If the cloud is faulty, the oracle will say so Accuracy: If the cloud is not faulty, the oracle will say so Verifiability: The oracle produces evidence that would convince a disinterested third party 9 © 2009 Andreas Haeberlen Alice Bob Alice's customers Oracle

LADIS workshop (Oct 11, 2009) The accountable cloud Idea: Make cloud accountable to Alice+Bob Cloud records its actions in a tamper-evident log Alice and Bob can audit the log and check for faults Use log to construct evidence that a fault does (not) exist Provides completeness, accuracy, verifiability Provable guarantees even if Alice and/or Bob are malicious! 10 © 2009 Andreas Haeberlen Alice Bob Alice's customers Tamper-evident log

LADIS workshop (Oct 11, 2009) Discussion Isn't this too pessimistic? Bob isn't malicious! Hacker attacks, software bugs, disgruntled employees, operator error,..., can have the same effect Difficult to come up with a more restrictive fault model Alice (or some other customer) could be malicious Shouldn't Bob use fault tolerance instead? Bob certainly should mask faults whenever possible But: Masking is never perfect; Alice still needs to check Why would a provider want to deploy this? Attractive to prospective customers Helps with handling angry support calls 11 © 2009 Andreas Haeberlen

LADIS workshop (Oct 11, 2009) Discussion: Guarantees Are these the right guarantees? Completeness: "No false negatives" Could be relaxed: e.g., probabilistic completeness Accuracy: "No false positives" Cannot be relaxed safely if the detection of a fault can have serious legal/financial consequences for Bob Verifiability: "Produce enough evidence to convince a third party" Could be relaxed: e.g., evidence only needs to convince a specific third party © 2009 Andreas Haeberlen 12

LADIS workshop (Oct 11, 2009) Outline 13 © 2009 Andreas Haeberlen ProblemSolutionCall for action Split administrative domain Make the cloud accountable

LADIS workshop (Oct 11, 2009) Is the technology ready? Cloud accountability should: Deliver provable guarantees Work for most cloud applications Require no changes to application code Cover a wide spectrum of properties Have a low overhead Can existing techniques deliver this? CATS, Repeat&Compare, AIP, PeerReview, NetReview, AudIt,... More research is needed! 14 © 2009 Andreas Haeberlen ? ? ?

LADIS workshop (Oct 11, 2009) Work in progress: AVM Goal: Provide accountability for arbitrary unmodified software Idea: Accountable virtual machine (AVM) Cloud records enough data to enable determinstic replay Alice can replay log with a known-good copy of the software Can audit any part of the original execution 15 © 2009 Andreas Haeberlen AliceBob Virtual machine

LADIS workshop (Oct 11, 2009) Summary Problem: Current cloud designs carry risks for both customers and providers Customer loses control over his computation and data Split administration  Difficult to detect+resolve problems Proposed solution: The accountable cloud Can verify correct operation, produce evidence Provable guarantees  solid foundation for both sides Discussion: Guarantees, fault model, incentives,... Lots of research opportunities 16 © 2009 Andreas Haeberlen Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.