 Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS.

Slides:

Advertisements

Similar presentations

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu

Advertisements

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.

Virtual Machine Technology Dr. Gregor von Laszewski Dr. Lizhe Wang.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

Information Security and Cloud Computing Naresh K. Sehgal, Sohum Sohoni, Ying Xiong, David Fritz, Wira Mulia, and John M. Acken 1 NKS.

Accountability in Hosted Virtual Networks Eric Keller, Ruby B. Lee, Jennifer Rexford Princeton University VISA 2009.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.

An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.

Virtualization in HPC Minesh Joshi CSC 469 Dr. Box Feb 1, 2012.

1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.

Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation Dane Brandon, Hardeep Uppal CSE551 University of Washington.

This paper states that one of the major problem to the adoption of cloud computing is that of security.  Existing cloud computing problem or concerns.

BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.

FI-WARE – Future Internet Core Platform FI-WARE Cloud Hosting July 2011 High-level description.

Towards Application Security On Untrusted OS

Securing Information Transfer in Distributed Computing Environments AbdulRahman A. Namankani.

Authors: Thomas Ristenpart, et at.

Presented by Sujit Tilak. Evolution of Client/Server Architecture Clients & Server on different computer systems Local Area Network for Server and Client.

M.A.Doman Model for enabling the delivery of computing as a SERVICE.

Virtualization for Cloud Computing

1 Bridging Clouds with CernVM: ATLAS/PanDA example Wenjing Wu

5205 – IT Service Delivery and Support

Virtualization: An Overview Brendan Lynch. Forms of virtualization In all cases virtualization is taking a physical component and simulating the interface.

Self-service Cloud Computing Shakeel Butt Department of Computer Science Rutgers University.

System Center 2012 Setup The components of system center App Controller Data Protection Manager Operations Manager Orchestrator Service.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Presentation to the Housing Technology Conference Tim Cowland- Senior Consultant 27 th February 2014 The Rise of the Housing Cloud.

Cloud Computing & Security Issues Prepared by: Hamoud Al-Shammari CS 6910 Summer, 2011 University of Colorado at Colorado Springs Engineering & Applied.

Department of Computer Science Engineering SRM University

Auditing Cloud Administrators Using Information Flow Tracking Afshar David ACM Scalable Trusted Computing.

Copyright © 2011 EMC Corporation. All Rights Reserved. MODULE – 6 VIRTUALIZED DATA CENTER – DESKTOP AND APPLICATION 1.

M.A.Doman Short video intro Model for enabling the delivery of computing as a SERVICE.

Cloud Computing & Amazon Web Services – EC2 Arpita Patel Software Engineer.

Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash.

| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.

Large Scale Sky Computing Applications with Nimbus Pierre Riteau Université de Rennes 1, IRISA INRIA Rennes – Bretagne Atlantique Rennes, France

COMS E Cloud Computing and Data Center Networking Sambit Sahu

Accountability in Hosted Virtual Networks Eric Keller, Ruby B. Lee, Jennifer Rexford Princeton University.

出處 :2010 2nd International Conference on Signal Processing Systems (ICSPS) 作者 :Zhidong Shen 、 Qiang Tong 演講者 : 碩研資管一甲吳俊逸.

Self-service Cloud Computing Presented by: Yu Bai (ybai181) Butt, S., Lagar-Cavilla, H. A., Srivastava, A., & Ganapathy, V. (2012, October). Self-service.

Virtual Workspaces Kate Keahey Argonne National Laboratory.

Bart Miller – October 22 nd,  TCB & Threat Model  Xen Platform  Xoar Architecture Overview  Xoar Components  Design Goals  Results  Security.

Synchronized Co-migration of Virtual Machines for IDS Offloading in Clouds Kenichi Kourai and Hisato Utsunomiya Kyushu Institute of Technology, Japan.

Improving Xen Security through Disaggregation Derek MurrayGrzegorz MilosSteven Hand.

Security Vulnerabilities in A Virtual Environment

| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.

Protection of Processes Security and privacy of data is challenging currently. Protecting information – Not limited to hardware. – Depends on innovation.

Challenge and Research in migration. Challenge in VM migration Resource management issues during migration inappropriate access control policies An inappropriate.

MICROSOFT AZURE ISV: CloudLink WEB SITE: LOCATION: Ottawa, Canada ORG SIZE: 35+ MICROSOFT AZURE ISV PROFILE:

Jaime Frey Computer Sciences Department University of Wisconsin-Madison Condor and Virtual Machines.

© ExplorNet’s Centers for Quality Teaching and Learning 1 Explain the purpose of Microsoft virtualization. Objective Course Weight 2%

© 2012 Eucalyptus Systems, Inc. Cloud Computing Introduction Eucalyptus Education Services 2.

Computer Science Infrastructure Security for Virtual Cloud Computing Peng Ning 04/08/111BITS/ Financial Services Roundtable Supported by the US National.

Secure Offloading of Legacy IDSes Using Remote VM Introspection in Semi-trusted IaaS Clouds Kenichi Kourai Kazuki Juda Kyushu Institute of Technology.

Chapter 6: Securing the Cloud

Breaking Up is Hard to Do

Windows Server 2016 Secure IaaS Microsoft Build /1/2018 4:00 AM

A SDN Attestation Approach

WLCG Collaboration Workshop;

Cloud Testing Shilpi Chugh.

Assignment #7 – Solutions

Sai Krishna Deepak Maram, CS 6410

Shielding applications from an untrusted cloud with Haven

Virtual Machine Migration for Secure Out-of-band Remote Management in Clouds T.Unoki, S.Futagami, K.Kourai (Kyushu Institute of Technology) OUT-OF-BAND.

Presentation transcript:

 Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS

Cloud computing appealing but still concerns  Many companies can reduce costs using CC services  But, customers still concerned about security of data  Data deployed to CC services can leak out 2Nuno Santos, MPI-SWS2009

Potential data leakage at the provider site Nuno Santos, MPI-SWS3  Customer pay virtual machine (VM) to compute data  E.g., Amazon EC2  Privileged user with access to VM state can leak data  Accidentally or intentionally Computation & data Customer Provider Privileged User 2009

Need solution to secure the computation state  Encryption can secure communications and storage  But, encryption per se is ineffective for computation  Raw data kept in memory during computation  Provider benefits from providing a solution 4Nuno Santos, MPI-SWS2009

Trusted Cloud Computing Platform  Goal: Make computation of virtual machines confidential  Deployed by the service provider  Customer can verify that computation is confidential 5Nuno Santos, MPI-SWS2009

The threat model: User with root privileges  Providers require staff with privileged access to the system  E.g., maintenance of software and workload  User with full privileges on any machine  Configure, install and run software, remotely reboot  Setup attacks to access VM state 6Nuno Santos, MPI-SWS2009

Rely on provider to secure the hardware  Access to hardware can bypass any sw-based protections  E.g., cold boot attacks  Leverage security protections deployed by providers  E.g., physical security perimeter, surveillance  These protections can mitigate hw-based attacks 7Nuno Santos, MPI-SWS2009

Model of elastic virtual machine services 8 Service Provider Nodes Cloud Manager Launch & Access VM Nuno Santos, MPI-SWS Customer 2009 Privileged User Access components

Trusted computing techniques are a good start  Trusted computing platforms  Remote party can identify the software stack on host  Trusted Platform Module (TPM)  Secure boot  Remote attestation 9 TPM Remote attestation Nuno Santos, MPI-SWS2009 Trusted Computing Platform Trusted Software

Our proposal: Trusted Cloud Computing Platform 10 Nodes Cloud Manager TPM Trusted VMM Nuno Santos, MPI-SWS Service Provider 2009 Customer  Trusted VMM  Guarantee that VMs only run on nodes  With trusted VMM  Within security perimeter  Secure launch & migration Launch Migration

Issues with current VMMs  No protection from privileged user  E.g., XenAccess  Support operations that export VM state  Migration, suspension, etc.  Large trusted computing base (TCB) 11Nuno Santos, MPI-SWS2009 Node Privileged User …

Challenges: Secure memory management  Prevent guest VM inspection & keep TCB small  Provide narrow interface for launching, migration, etc.  Migration ensure destination is trusted  Efficient  Possible research: limit TCB to memory management 12Nuno Santos, MPI-SWS2009 Node Privileged User …

Summary: Trusted Cloud Computing Platform  Prevent inspection of computation state at the service provider site  Allows customers to verify that computation is secure  Deployed with cooperation of the cloud provider 13Nuno Santos, MPI-SWS2009

Thanks! Questions? Contact: Nuno Santos 14Nuno Santos, MPI-SWS2009