Trusted End Host Monitors for Securing Cloud Datacenters Alan Shieh †‡ Srikanth Kandula ‡ Albert Greenberg ‡ †‡

Slides:

Advertisements

Similar presentations

A Flexible Cloud-Computing Platform Focus on solving business problems

Advertisements

System Center 2012 R2 Overview

Agile Infrastructure built on OpenStack Building The Next Generation Data Center with OpenStack John Griffith, Senior Software Engineer,

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

VMware Virtualization Last Update Copyright Kenneth M. Chipps Ph.D.

Alan Shieh Cornell University Srikanth Kandula Microsoft Research Emin Gün Sirer Cornell University Sidecar: Building Programmable Datacenter Networks.

Tunis, Tunisia, 28 April 2014 Business Values of Virtualization Mounir Ferjani, Senior Product Manager, Huawei Technologies 2.

Alan Shieh Cornell University Srikanth Kandula Albert Greenberg Changhoon Kim Bikas Saha Microsoft Research, Azure, Bing Sharing the Datacenter Network.

Course Name- CSc 8320 Advanced Operating Systems Instructor- Dr. Yanqing Zhang Presented By- Sunny Shakya Latest AOS techniques, applications and future.

-How To leverage Virtual Desktop for Manageability & Security -Desktop Computing “as a service” Andreas Tsangaris CTO, PERFORMANCE

Alan Shieh Cornell University Srikanth Kandula Albert Greenberg Changhoon Kim Microsoft Research Seawall: Performance Isolation for Cloud Datacenter Networks.

Security Issues in Elastic Clouds

BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.

What is Cloud Computing? o Cloud computing:- is a style of computing in which dynamically scalable and often virtualized resources are provided as a service.

Cloud Computing and Virtualization Sorav Bansal CloudCamp 2010 IIT Delhi.

Copyright 2009 Trend Micro Inc. Classification 11/3/10 1 Andy Dancer CTO – Trend Micro, EMEA Virtualisation and Cloud: New security for a new era.

Virtual Machine approach to Security Gautam Prasad and Sudeep Pradhan 10/05/2010 CS 239 UCLA.

Class 3: SDN Stack Theophilus Benson. Outline Background – Routing in ISP – Cloud Computing SDN application stack revisited Evolution of SDN – The end.

Agenda Who needs an Architect? Cloud and Security Key Security Differences in Private Cloud Cloud Security Challenges Secondary to Essential Characteristics.

5205 – IT Service Delivery and Support

Christopher Samson Senior Hosting Technology Specialist Microsoft.

Microsoft delivers a complete datacenter solution with Windows Server 2012 R2 out-of-the-box Cloud OS Development Management Identity Virtualization.

Adversaries in Clouds: Protecting Data in Cloud-Based Applications Nick Feamster Georgia Tech.

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

Desktop in the Clouds Using Virtualization to Extend Client Outreach and Protect Data.

Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.

3 STEPS TO SECURING YOUR HYPER-V INFRASTRUCTURE by Virtualization Evangelist David Davis.

How to protect your Virtual Datacenter Michiel van den Bos.

Data Center Network Redesign using SDN

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

© 2010 IBM Corporation Cloudy with a chance of security Information security in virtual environments Johan Celis Security Solutions Architect EMEA IBM.

Extreme Networks Confidential and Proprietary. © 2010 Extreme Networks Inc. All rights reserved.

Cloud Computing Saneel Bidaye uni-slb2181. What is Cloud Computing? Cloud Computing refers to both the applications delivered as services over the Internet.

Sharing the Data Center Network Alan Shieh, Srikanth Kandula, Albert Greenberg, Changhoon Kim, Bikas Saha Microsoft Research, Cornell University, Windows.

Microkernels, virtualization, exokernels Tutorial 1 – CSC469.

Introduction to VMware Virtualization

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

Network Plus Virtualization Concepts. Virtualization Overview Virtualization is the emulation of a computer environment called a Virtual Machine. A Hypervisor.

608D CloudStack 3.0 Omer Palo Readiness Specialist, WW Tech Support Readiness May 8, 2012.

COMS E Cloud Computing and Data Center Networking Sambit Sahu

Cloud Scale Performance & Diagnosability Comprehensive SDN Core Infrastructure Enhancements vRSS Remote Live Monitoring NIC Teaming Hyper-V Network.

VMware NSX and Micro-Segmentation

1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.

consumerization of IT new social & app patterns cloud computing data explosion.

Uwe Lüthy Solution Specialist, Core Infrastructure Microsoft Corporation Integrated System Management.

Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.

Improving Xen Security through Disaggregation Derek MurrayGrzegorz MilosSteven Hand.

Blue Lane Technologies Best of Breed IPS April 29, 2008 Interop 2008.

Ryan O’Hara Paul Ross Robbie Wright July Dynamic IT Enabling IT Pros and development across the IT lifecycle Unified and Virtualized Process-Led,Model-Driven.

Virtualization Vitalis Konopelec Technology Solution Professional Microsoft Slovakia s.r.o.

Hello Cloud… Mike Benkovich

1 EIT 4.1 Thinking Different: Data Centers and IoT Chris Crosby, CEO, Compass Datacenters.

Slide 1/20 "PerfSight: Performance Diagnosis for Software Dataplanes." Wu, Wenfei, Keqiang He, and Aditya Akella ACM ICM, Presented by: Ayush Patwari.

Windows Azure Pack Speaker Name Date. Internal slide only—do not show.

Level 300 Windows Server 2012 Networking Marin Franković, Visoko učilište Algebra.

Brian Lauge Pedersen Senior DataCenter Technology Specialist Microsoft Danmark.

New cloud services demand new security solutions. The evolving cloud landscape is paving the way for modern and more sophisticated technology. Among the.

1 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco Defense Orchestrator Effective security policy management made simple.

Deep Security and VMware NSX Advanced Security Framework for the Software-Defined Data Center Anand Patil National Sales Manager, SDDC CONFIDENTIAL1.

Chapter 6: Securing the Cloud

Introduction to VMware Virtualization

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING CLOUD COMPUTING

Breaking Up is Hard to Do

Windows Server 2016 Secure IaaS Microsoft Build /1/2018 4:00 AM

Next Generation Network Security using Software-Defined Networking

VMware NSX and Micro-Segmentation

NSX Data Center for Security

The Software-Defined Perimeter in Action

Presentation transcript:

Trusted End Host Monitors for Securing Cloud Datacenters Alan Shieh †‡ Srikanth Kandula ‡ Albert Greenberg ‡ †‡

Cloud workload is dynamic and hostile Traditional datacenters Infrastructure supports small # of internal clients – Software and topology change slowly – Can exploit natural network chokepoints – Feasible to audit app code Cloud datacenters Infrastructure is shared among many untrusted tenants – Rapidly changing config – Chokepoints torque network topology – Too many apps to audit! Need new approach Scaling requires more agility & flexibility Exploits more likely Exploits can use cloud resources to do more damage Attack other tenants External/internal DoS

Insight: Cloud datacenters can help! Cloud data centers tend to be: – Centrally controlled – Homogeneous hardware & software Clean slate feasible – Have strongly isolated, trusted functionality VMs, TPMs, management coprocessors Our approach: Trust end host monitors Push enforcement from network to end hosts – Distributed across many hosts – Runs in trusted layers

In-network enforcement OS Hypervisor Trusted component OS Hypervisor OS Hypervisor OS Hypervisor Allow to Deep Packet Inspection Appliance DoS protection Firewall

Trusted end host monitors Central Controller Trusted component Hypervisor Trusted NIC OS DoS protection Allow to Hypervisor Trusted NIC OS DoS protection Allow to Hypervisor Trusted NIC OS DoS protection Allow to Shutoff Trusted Alarm

Summary Cloud DCs have unique challenges & opportunities – Address, exploit these with trusted end host monitors Runs on commodity network & end host hardware – Simplifies controller design – Improves scalability – Reduces cost Status: Built prototype from VMs, trusted NIC (Intel AMT)