Recomendados
Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (20)
Semelhante a Lund security workshop_presentation
Semelhante a Lund security workshop_presentation (20)
Último
Último (20)
Lund security workshop_presentation
- 1. How to Secure Infrastructure Clouds with Trusted Computing Technologies Nicolae Paladi Swedish Institute of Computer Science
- 2. 2 Contents 1. Infrastructure-as-a-Service 2. Security challenges of IaaS 3. Trusted Computing and TPM 4. Trusted VM launch 5. InfraCloud 6. Future work
- 3. 3 Infrastructure-as-a-Service • A 'cloud computing' service model (NIST:2011): Provision processing, storage, networks. Deploy and run arbitrary software. No control over underlying cloud infrastructure. Control over OS, storage, deployed applications. Limited control of select networking components.
- 4. 4 Infrastructure-as-a-Service architectural overview OpenStack architectural overview https://wiki.openstack.org/wiki/ArchitecturalOverview
- 5. 5 Infrastructure-as-a-Service security issues 2011: Vulnerabilities in the AWS management console (XSS and XML wrapping attacks) OpenStack architectural overview https://wiki.openstack.org/wiki/ArchitecturalOverview
- 6. 6 Infrastructure-as-a-Service security issues 2011: Vulnerabilities in the AWS management console (XSS and XML wrapping attacks) 2012: Cross-VM Side Channels can be used to extract private keys. OpenStack architectural overview https://wiki.openstack.org/wiki/ArchitecturalOverview
- 7. 7 Infrastructure-as-a-Service security issues 2011: Vulnerabilities in the AWS management console (XSS and XML wrapping attacks) 2012: Cross-VM Side Channels can be used to extract private keys 2012: Rackspace’s “dirty disks” OpenStack architectural overview https://wiki.openstack.org/wiki/ArchitecturalOverview
- 8. 8 Can we help it?
- 9. 9 Introducing the TPM Trusted platform module v1.2 as specified by TCG. v2.0 is currently under review. Tamper-evident. 16+ PCRs for volatile storage. Four operations: Signing / Binding / Sealing / Sealed-sign.
- 10. 10 Introducing the TPM: output • Produces integrity measurements of the firmware at boot time. Can produce integrity measurements of the loaded kernel modules (sample below).
- 11. 11 Introducing the TPM: usage • Microsoft BitLocker • Google Chromium OS • Citrix XenServer • Oracle’s X- and T-Series Systems • HP ProtectTools • Others
- 12. 12 Securing IaaS environments with trusted computing • Virtualization security. • Storage protection in IaaS environments. • Computing security in IaaS environments. • Remote host software integrity attestation. • Runtime host software integrity attestation. • Encryption key management in IaaS environments.
- 13. 13 Computing security in IaaS environments: Problem Setting • “Consumer is able to deploy and run arbitrary software, which can include operating systems and applications.” Client can launch VMs for sensitive computations. Trusted VM launch – the correct VM is launched in a IaaS platform on a host with a known software stack verified to not have been modified by malicious actors. IaaS security with trusted computing. How do we ensure a trusted VM launch in an untrusted IaaS environment?
- 14. 14 Attack scenario 1 Remote attacker (Ar) Scheduler (S) Ar could schedule the VM instance to be launched on a compromised host Trusted Compute Compute Host Host (CH) (CH) Hardware Hardware Hardware Client (C)
- 15. 15 Attack scenario 2 Remote attacker (Ar) Scheduler (S) Trusted Compute Compute Compute Host Host Host (CH) (CH) (CH) Ar could compromise the VM image prior to Hardware Hardware Hardware launch Client (C)
- 16. 16 Trusted VM launch protocol • Ensure VM image launched on a trusted host. • Ensure communication with VM launched on a trusted CH rather than a random VM. • Compute host to verify the integrity VM image to be launched. • Minimum implementation footprint on the IaaS codebase. • Transparent view of the secure launch procedures.
- 17. Protocol: birds-eye view 3. (S) 1. 4. 5. 2. 6. CH CH CH HW HW HW + Client (C) TPM
- 18. 18 Prototype implementation • OpenStack cluster deployed on 3 nodes (TPM-equipped) • Code extensions: • Changes OpenStack launch procedure. • Implementation of an OpenStack–TPM communication “glue”. • Implementation of a TTP (interpretation of attestation info) • Implementation of client-side functionality (token generation, trusted launch verification).
- 19. 19 Securing IaaS with InfraCloud: The project • Ongoing project in collaboration between Region Skåne, Ericsson Research and SICS. • Aim: proof of concept design and deployment of one of the region’s medical journaling systems in a hardened and trustworthy IaaS environment. • Prototype implementation based on earlier research, as well as solutions to newly identified challenges.
- 20. 20 Securing IaaS with InfraCloud: The challenges Numerous new research challenges have been identified already in the early stages of the project: • Storage protection in untrusted IaaS environments. • Verification and protection of a deployment’s network configuration. • Runtime VM instance protection (prevent memory dumping, cloning). • Secure key handling mechanisms in untrusted IaaS deployments. • Update and patch deployment on guest VM instances. • Interpretation of TPM attestation data.
- 21. 21 Conclusion • Out-of-the-box public IaaS probably not acceptable for most organizations handling sensitive data. • A comprehensive solution for data protection in public IaaS environments has not been found yet. • SICS Secure Systems lab works with various aspects of guest protection in untrusted IaaS. • Trusted Computing Technologies allow to address some of the issues with IaaS security. • Participation in the InfraCloud project and practical application of protocols reveal multiple new research challenges.