By Jason Brazile, Remi Locherer, Ronnie Brunner, Netcetera, Switzerland
http://guide.jazoon.com/#/submissions/145
As Infrastructure as a Service (IaaS) offerings in the cloud become more compelling, new collaboration possibilities emerge. A large European agency wished to offer vast satellite imagery free of charge to users who develop good applications for it. Instead of sending data to developers, why not offer a dev environment in the cloud? This talk describes an automated trusted remote Java development sandbox hosted in the Amazon cloud that uses strong encryption for system authentication and file system services, Security-conscious users can trust that their application intellectual property won't be leaked while trusting neither the cloud provider nor the operators who deploy and maintain the cloud-based sandbox service running on top of it.
2. This talk… potential cases for…
• cloud storage & remote dev/test
• automated read-only system images
• not-too-inconvenient encryption everywhere
Not a takeaway…
• Pre-Snowden, but complies w/ 4 of 5 Schneier’s tips
http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance
|
3. Background:
ESA Study: 2009-2011
potential use-cases:
• …
• Cloud for free* data
access
• Cloud for remote
development
• …
(*)https://www.google.com/?q=ESA+Earth+Observation+Data+Policy
|
ESRIN/Contract Nr. 227700/09/I-SB final report (245 pages)
4. The CIOP case
• Big, free-ish, Data
• Distinct, proprietary,
software devs
• Slow test data
distribution to code
developers
• Devs nervous about
code leaking
Proprietary Algorithm A dev’d by X
Instead, lead the
users to the data
(in the cloud)
|
Proprietary Algorithm B dev’d by Y
5. But… Security…
• ESA less concerned about
hacking science data than
their end–users’ algorithms
and brand damage
• Data = not really sensitive
• Code = sensitive
• Soln can’t be too inconvenient
|
6. The Cloud Sandbox Prototype
NFS
user a
/home/a
X.509 derived
ssh key
/home/b
ldap
portal
catalog
/home/c
ESA/CIOP DMZ
/data
sandbox a
user b
Existing X.509 certs
nfs mount of encfs
encrypted /home/a
encfs sshd
ESA private net
sandbox b
encfs sshd
sandbox c
encfs sshd
user c
|
sandbox images
basically read-only
ldap config limits
user c to sandbox c
Admin
7. First Time Usage
ssh identity
automatically
derived from
user’s existing
X.509 certificate
|
Single encfs
passphrase can
decrypt both
1. user’s /home and
2. shared /validate
8. Daily Usage
ssh identity
automatically
derived from
user’s existing
X.509 certificate
ldap directory
centralized access
control to machines
and nfs mounts
|
Single encfs
passphrase can
decrypt both
1. user’s /home and
2. shared /validate