Secure Out-of-band Remote Management Using Encrypted Virtual Serial Consoles in IaaS Clouds Kenichi Kourai Tatsuya Kajiwara Kyushu Institute of Technology.

Slides:



Advertisements
Similar presentations
Ian Pratt SVP, Products Bromium Inc.
Advertisements

Virtual Switching Without a Hypervisor for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton)
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
Fast and Safe Performance Recovery on OS Reboot Kenichi Kourai Kyushu Institute of Technology.
Information Security and Cloud Computing Naresh K. Sehgal, Sohum Sohoni, Ying Xiong, David Fritz, Wira Mulia, and John M. Acken 1 NKS.
Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.
A Fast Rejuvenation Technique for Server Consolidation with Virtual Machines Kenichi Kourai Shigeru Chiba Tokyo Institute of Technology.
Bart Miller. Outline Definition and goals Paravirtualization System Architecture The Virtual Machine Interface Memory Management CPU Device I/O Network,
Computer Science HyperSentry: Enabling Stealthy In-context Measurement of Hypervisor Integrity Ahmed M. Azab, Peng Ning, Zhi Wang, Xuxian Jiang North Carolina.
Kenichi Kourai (Kyushu Institute of Technology) Takeshi Azumi (Tokyo Institute of Technology) Shigeru Chiba (Tokyo University) A Self-protection Mechanism.
Efficient VM Introspection in KVM and Performance Comparison with Xen
A Secure System-wide Process Scheduling across Virtual Machines Hidekazu Tadokoro (Tokyo Institute of Technology) Kenichi Kourai (Kyushu Institute of Technology)
Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.
TCP/IP Protocol Suite 1 Chapter 18 Upon completion you will be able to: Remote Login: Telnet Understand how TELNET works Understand the role of NVT in.
Fawaz Alsaadi Fahad Alsolmai.  Secure information sharing across different organizations is an emerging issue for collaborative software development,
Towards Application Security On Untrusted OS
Hosted VMM Architecture Advantages: –Installs and runs like an application –Portable – host OS does I/O access –Coexists with applications running on.
CacheMind: Fast Performance Recovery Using a Virtual Machine Monitor Kenichi Kourai Kyushu Institute of Technology, Japan.
Jiang Wang, Joint work with Angelos Stavrou and Anup Ghosh CSIS, George Mason University HyperCheck: a Hardware Assisted Integrity Monitor.
Cloud Usability Framework
Virtualization for Cloud Computing
Windows 7 Windows Server 2008 R2 VirtualizationVirtualization Heterogeneous Server Environment Inventory Linux, Unix & VMware Windows 7 & Server 2008.
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
Virtualization: An Overview Brendan Lynch. Forms of virtualization In all cases virtualization is taking a physical component and simulating the interface.
Course 201 – Administration, Content Inspection and SSL VPN
Virtual AMT for Unified Management of Physical and Virtual Desktops Kenichi Kourai Kouki Oozono Kyushu Institute of Technology.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
Zen and the Art of Virtualization Paul Barham, et al. University of Cambridge, Microsoft Research Cambridge Published by ACM SOSP’03 Presented by Tina.
Author : Jiang Wang, Angelos Stavrou, and Anup Ghosh Conference: RAID 2010 Advisor: Yuh-Jye Lee Reporter: Yi-Hsiang Yang
HyperSpector: Virtual Distributed Monitoring Environments for Secure Intrusion Detection Kenichi Kourai Shigeru Chiba Tokyo Institute of Technology.
Kenichi Kourai (Kyushu Institute of Technology) Takuya Nagata (Kyushu Institute of Technology) A Secure Framework for Monitoring Operating Systems Using.
Background - hardware User interface devices to system –Mainframe Text mode only Command-line (text mode) interface “Some” menus available (NOT a GUI)
Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash.
Zero-copy Migration for Lightweight Software Rejuvenation of Virtualized Systems Kenichi Kourai Hiroki Ooba Kyushu Institute of Technology.
Implementing a Port Knocking System in C Honors Thesis Defense by Matt Doyle.
1 Mail Saurus Reference:“Usable Encryption Enabled by AJAX” J.F. Ryan; B.L. Reid; Networking and Services, ICNS '06. Digital Object Identifier /ICNS
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.
Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.
 Virtual machine systems: simulators for multiple copies of a machine on itself.  Virtual machine (VM): the simulated machine.  Virtual machine monitor.
Dynamic and Secure Application Consolidation with Nested Virtualization and Library OS in Cloud Kouta Sannomiya and Kenichi Kourai (Kyushu Institute of.
1 Router Fundamentals (Ref. CCNA5 Introduction to Networks 2.1, 6.3)
SECURING SELF-VIRTUALIZING ETHERNET DEVICES IGOR SMOLYAR, MULI BEN-YEHUDA, AND DAN TSAFRIR PRESENTED BY LUREN WANG.
Operating Systems Security
| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.
Full and Para Virtualization
Routers 1st semester
CSE 451: Operating Systems Winter 2015 Module 25 Virtual Machine Monitors Mark Zbikowski Allen Center 476 © 2013 Gribble, Lazowska,
1 Information Security – Theory vs. Reality , Winter Lecture 12: Trusted computing architecture (cont.), Eran Tromer Slides credit:
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications.
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
Secure Offloading of Legacy IDSes Using Remote VM Introspection in Semi-trusted IaaS Clouds Kenichi Kourai Kazuki Juda Kyushu Institute of Technology.
Virtualization for Cloud Computing
Introduction to Virtualization
Hybrid Cloud Architecture for Software-as-a-Service Provider to Achieve Higher Privacy and Decrease Securiity Concerns about Cloud Computing P. Reinhold.
Kenichi Kourai Hiroki Ooba Kyushu Institute of Technology, Japan
Java Win32 native Java VM Linux OS ARM VM Runtime Windows OS
Shohei Miyama Kenichi Kourai Kyushu Institute of Technology, Japan
– Chapter 3 – Device Security (B)
Sho Kawahara and Kenichi Kourai Kyushu Institute of Technology, Japan
– Chapter 3 – Device Security (B)
I'm Kenichi Kourai from Kyushu Institute of Technology.
I'm Kenichi Kourai from Kyushu Institute of Technology.
Resource Cages: A New Abstraction of the Hypervisor for Performance Isolation Considering IDS Offloading Kenichi Kourai*, Sungho Arai**, Kousuke Nakamura*,
SCONE: Secure Linux Containers Environments with Intel SGX
CSE 451: Operating Systems Autumn Module 24 Virtual Machine Monitors
Virtual Machine Migration for Secure Out-of-band Remote Management in Clouds T.Unoki, S.Futagami, K.Kourai (Kyushu Institute of Technology) OUT-OF-BAND.
Consistent Offline Update of Suspended Virtual Machines in Clouds
Efficient Migration of Large-memory VMs Using Private Virtual Memory
Presentation transcript:

Secure Out-of-band Remote Management Using Encrypted Virtual Serial Consoles in IaaS Clouds Kenichi Kourai Tatsuya Kajiwara Kyushu Institute of Technology

IaaS Clouds  Provide users with virtual machines (VMs)  Users manage their systems through SSH  In-band remote management is usually used  A user connects an SSH client to an SSH server running in his VM  Not usable when a user failed network configurations SSH server SSH client user VM cloud firewall

Virtual Serial Console (VSC)  IaaS provides out-of-band remote management  An SSH server runs in the management VM  Access a user VM via a VSC  A VSC consists of a virtual serial device and a serial driver  A user can access his VM without relying on VM's network virtual serial device serial driver SSH server SSH client management VMuser VM VSC firewall

Untrusted Admins in IaaS  The management VM is not always trustworthy  Honest-but-curious admins take information that they can easily look at  Malicious admins act as inside attackers  Skill-less admins cause a vulnerable management VM to be penetrated by outside attackers management VMuser VM untrusted admins outside attackers

Attacks against Remote Management  Attackers can eavesdrop on inputs and outputs of out-of-band remote management  By modifying an SSH server in the management VM  Attack examples  Extract passwords from inputs to login prompts  Steal displayed secrets virtual serial device serial driver SSH server SSH client management VMuser VM

SCCrypt  Provide an encrypted VSC to prevent information leakage  Receive encrypted inputs from the management VM  Decrypt and send them to a user VM  Receive unencrypted outputs from a user VM  Encrypt and send them to the management VM virtual serial device serial driver SSH server SSH client management VMuser VM encrypted VSC decrypt encrypt encrypted inputs/outputs

Where to Encrypt/Decrypt?  Virtual serial device in the management VM?  The entire management VM is untrusted  Attackers can tamper with the virtual device  Serial driver in a user VM?  Modifying the existing device driver is not desirable  Users cannot use favorite OSes virtual serial device serial driver management VM user VM en-/de- crypt?

Leveraging the Trusted VMM  SCCrypt encrypts/decrypts data in the virtual machine monitor (VMM)  The integrity of the VMM can be guaranteed  At boot time: remote attestation with TPM  At runtime: HyperGuard [Rutkowska+ '08], HyperCheck [Wang+ '10], and HyperSentry [Azab+ '10] with SMM virtual serial device serial driver management VM user VM VMM encrypted VSC SCCrypt trusted authority

How to Identify Inputs/Outputs?  The traditional VMM does not recognize a virtual serial device or a serial driver  Cannot rely on information from the untrusted device in the management VM  Cannot obtain information from the unmodified driver in a user VM untrusted virtual serial device unmodified serial driver management VM user VM VMM SCCrypt ?

Tracking Device States  The VMM identifies inputs/outputs without the cooperation of the device or the driver  Track the state of a virtual serial device  From the interactions between the device and the driver  Extract only inputs/outputs  Based on the knowledge of the standard of serial devices virtual serial device serial driver management VM user VM VMM SCCrypt

Implementation  We have implemented SCCrypt in Xen and the OpenSSH 6.0p1 client  Support HVM guests  Emulate hardware as is  Support PV guests (see the paper)  Define interfaces suited for virtualization

Output Delivery  A serial driver writes data using OUT instruction  The VMM traps this instruction using Intel VT-x  It encrypts the written data using RC4  Only if the specified I/O port address is 3F8  A session key is exchanged for each connection virtual serial device serial driver management VM user VM VMM encrypt trap OUT SSH server SSH client

State Tracking  The VMM encrypts the written data if  The FIFO buffers are enabled  Neither in the divisor latch access nor loopback mode  Devisor latch access mode: set a baud rate  Loopback mode: test a device  It watches all the writes to recognize the context FIFO disabled divisor latch access mode looback mode FIFO enabled

Input Delivery  A serial driver reads data using IN instruction  The VMM traps this instruction  Receive input data from a virtual serial device  It decrypts input data using RC4  If the same conditions as in output delivery are satisfied virtual serial device serial driver management VM user VM VMM decrypt IN SSH server SSH client trap

Pending Outputs at Reconnection  An SSH client cannot decrypt pending outputs correctly at reconnection  Console outputs are stored in a virtual serial device  While an SSH client is not connected  Pending outputs are sent to the client at reconnection  Encrypted with an old session key virtual serial device management VM SSH server SSH client pending data encrypted with an old session key new session key ?

Re-encryption of Outputs  The VMM re-encrypts pending outputs  Restore unencrypted data with an old session key  Cannot 'decrypt' it  Reverse the encryption process in RC4  Encrypt the data with a new session key virtual serial device management VM VMM re-encrypt SSH server SSH client pending data old/new session keys !#$ A#$ AB$AB$ ABC !#$ !#C !BC!BC ABC decryptreverse

Experiments  We confirmed the effectiveness of SCCrypt  Response time in an SSH client  Throughput of console outputs  CPU utilization  We compared results between SCCrypt and vanilla Xen CPU: Intel Xeon E5630 Mem: 6 GB Net: Gigabit Ethernet OS: Linux SSH: OpenSSH 6.0p1 CPU: Intel Core i7 870 Mem: 4 GB Net: Gigabit Ethernet VMM: Xen client server vCPU: 8 Mem: 1 GB OS: Linux user VM vCPU: 8 Mem: 3 GB OS: Linux SSH: OpenSSH 5.9p1 management VM

Response Time (Input)  We measured the response time of inputs  An SSH client sent an input to an SSH server  It received an output caused by its remote echo  Result  2.9% shorter in SCCrypt  The reason was unclear

Throughput (Output)  We measured the throughput of outputs  We wrote large text to a VSC in a user VM  Result  5.6% higher in SCCrypt  The reason was unclear

CPU Utilization (Input)  We measured the CPU utilization under the keyboard auto-repeat at a client  Management VM: 0.8% point lower in SCCrypt  User VM: almost the same management VM user VM

CPU Utilization (Output)  We measured the CPU utilization under periodic write to a VSC from a user VM  Management VM: 1.3% points difference at most  User VM: almost the same management VM user VM

Related Work  FBCrypt [Egawa et al.'12]  Encrypt keyboard/mouse inputs and video outputs in out-of-band remote management using VNC  Strongly depend on VNC  Xoar [Colp et al.'11]  Run a virtual serial device in trusted Console VM  Console VM can be compromised via an SSH server  VMware vSphere  Run virtual devices and a VNC server in the VMM  The VMM can be compromised via the VNC server

Conclusion  SCCrypt for enabling secure out-of-band remote management in untrusted IaaS clouds  Provide encrypted VSCs  Inputs/outputs are securely decrypted/encrypted in the trusted VMM  Future work  Apply SCCrypt to other remote management systems using VSCs  E.g., web-based Ajaxterm

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.