Trusted Virtual Datacenter Radically simplified security management

25 

Loading....

Loading....

Loading....

Loading....

Loading....

Full text

(1)

© 2007 IBM Corporation

Trusted Virtual Datacenter –

Radically simplified security management

Stefan Berger, Ramón Cáceres, Dimitrios Pendarakis,

Reiner Sailer, Ray Valdez

(2)

© 2005 IBM Corporation

sailer@us.ibm.com

Security Opportunity Prologue

ƒ

Significant Challenges

Status quo approach to IT and business security is too complex,

is not measurable, will not scale

Lack of secure foundation for dynamic enterprise environments

ƒ

Synergistic Strategy

Leverage emerging trusted computing technologies (TCG) and

commoditization of virtualization (Intel / AMD, EMC, Microsoft, IBM)

Near-term: stronger guarantees position security as an enabler

(3)

TCG TPM1.2 DRTM Intel LT SENTER AMD SVM SKINIT

Trusted Computing and Virtualization Timeline

2007 2003 2002 2004 2005 2006 MS NGSCB 1.. IBM IMA

for Linux IBMsHype

MS Vista bitlocker NAC IBM vTPM TCG TPM1.1 SRTM

(4)

© 2005 IBM Corporation

sailer@us.ibm.com

Virtualization Landscape at a Glance

ƒ Application-level (or middleware-level) virtualization

E.g., Java Virtual Machine, Softricity (Microsoft SoftGrid),

Thinstall

ƒ Operating system-level virtualization

E.g., Linux VServers, Solaris Containers / Zones, Virtuozzo

ƒ Hypervisor-based virtualization

Type 1: VMware ESX, Microsoft Viridian, Xen, PHYP, PR/SM

(5)

Classic Type 1 Hypervisor

Hypervisor

Guest Kernel Guest Kernel Guest Kernel

Application Application Application Application Application Application Application Application Application

Hardware CPU and I/O devices

Virtualizes hardware Virtual Machines

(6)

© 2005 IBM Corporation

sailer@us.ibm.com

Virtualization-based Security & Systems Management

Trusted Virtual Data Center (TVDc)

Virtual R e sour ces Phy si cal R e sour ces

Market Analysis Security Underwriting

Centralized IT Security management

ƒ TVD: Grouping of VMs and resources that support common objective (customer workloads, etc.)

ƒ Abstracting the physical infrastructure (platform independence, scalability)

ƒ Policy-driven (consistent security configuration and management)

Distributed Enforcement

ƒ Very strong, coarse-grain security

guarantees – cannot be bypassed by VMs

ƒ Single data center security policy across different platforms and hypervisors

ƒ Containment (viruses, break-ins) & Trust

TVDc TVDc Hypervisor Hypervisor Hypervisor Systems View

(7)

sHype: Enabling Trusted Virtual Datacenters

Xen VMM

(virtualizes

+ isolates)

sHype

(controls

sharing)

TVDc

(manages)

Work

Load

VM

Coalition

Human Resources

– Workload Isolation + Integrity

– Radically Simplified WL-Management

Managed

Services

(8)

© 2005 IBM Corporation

sailer@us.ibm.com

Trusted Virtual Datacenter Simplifies Security Management

Systems View

Systems View Virtual Domain ViewVirtual Domain View

TVDc

TVDc

Red = Acct. Green = HR. Blue = Dev. Guard-VM

Isolation

Integrity

Trust

(9)

IBM TVDc: Radically Simplified Security Management

Trusted Virtual Data Center Value Proposition

Isolation Management

Integrity Management

Enforces restrictions on

administration and data sharing:

ƒWho manages what: independent admin for Hertz and Avis accounts

ƒWhat can run together: ensure air-gaps between strongly competing workloads

ƒWorkload and data isolation (malware confinement)

Maintains software inventory and acts as an early warning system for anomalies; detect and report:

ƒWhat is running in each VM

ƒIf VMs/Systems are correctly configured

ƒIf VMs are up-to-date with patches

Æ TVDc reduces the risk of security exposures

(10)

© 2005 IBM Corporation

sailer@us.ibm.com

Secure Hypervisor Architecture (sHype)

Hardware Xen / sHype Linux Application Application MS Windows Application Application Secure Services VM

Attested boot and run-time (TCG/TPM, IMA)

Isolation between partitions

Access control between partitions Secure (isolated) services

e.g. Policy Management

Resource control and metering Auditing, Monitoring, Metering, …

Sailer, Jaeger, Valdez, Cáceres, Perez, Berger, Griffin, van Doorn:

Building a MAC-based Security Architecture for the Xen Opensource Hypervisor. 21stACSAC, 2005.

Sailer, Jaeger, Valdez, Cáceres, Perez, Berger, Griffin, van Doorn:

(11)

sHype Access Control Architecture (Example: Xen)

Hardware

Xen / sHype ACM

Hypervisor security hooks Callbacks Linux Application Application MS Windows Application Application Secure Services Dom0 (Management) VM ƒ Flexible framework:

Supports Multiple Policies

ƒ Access Control Module

Implements Policy Model

ƒ Hypervisor Security Hooks

9

mediate inter-VM

communication + resource access

9

interact with ACM for

access decision

ƒ Implemented for Xen, PHYP,

(12)

© 2005 IBM Corporation

sailer@us.ibm.com

1. Centralized Isolation Management

Policy authoring and management

ƒDefine security labels and anti-collocation rules

ƒRevision-based policy management

Labeling Systems, VMs and resources

Label-based management

ƒRestrict Admins to manage a set of security labels

ƒRestrict configuration choices based on policy

= Accounting

= Human Resources = Development

(13)

2. Distributed Isolation Enforcement at Run-time

(Secure hypervisor extensions sHype/ACM)

ƒ Xen: Integrated into Open-source distribution

ƒ PHYP Access Control Module (research prototype)

ƒ Xen: Integrated into

Open-source distribution

ƒ PHYP Access Control Module

(research prototype)

1.

Control Sharing

9

9

a

9

9

t Anti-Collocation:{ , }

3.

Enforce rules for

anti-collocation

2.

Control what a

system can run

(14)

© 2005 IBM Corporation sailer@us.ibm.com Virtual LAN 1 Virtual LAN 2 Virtual LAN 1 Virtual LAN 2 Virtual LAN 1 Virtual LAN 2

TVDc Network Isolation

1. Label VMs + VLANs 2. VMM enforces: VMs

VLANs 3. Hardware VLAN switch enforces: Blades

VLANs 1. Label VMs + VLANs 2. VMM enforces: VMs

VLANs 3. Hardware VLAN switch enforces: Blades

VLANs VM1 VM VM4 VM5 VMM VMM Blade 1 Blade 2 Network Switch

X

VM2 VM3

(15)

Trusted Virtual Domains – Isolation and Trust

Attestation:

mutually verifiable environments

Isolation:

protect against attacks and limit spread of damage

Mediated Communications:

transparent protection, authorization and audit

Authentication:

(16)

© 2005 IBM Corporation

sailer@us.ibm.com

vm4 vm5

B

Distributed Trusted Computing Base

Putting Access Control and Integrity Measurement together

ƒ Establish trust – enabling collaboration across multiple platforms

Are P1 and P2 mutually trusted (TCB)

Are policies A and B compatible?

Are policies uniformly enforceable?

VM change / compromise Platform P1 Platform P2 vm1 vm2 vm3

A

McCune, Berger, Cáceres, Jaeger, Sailer:

Shamon – A System for Distributed Mandatory Access Control. 22nd ACSAC, 2006.

McCune, Berger, Cáceres, Jaeger, Sailer:

Shamon – A System for Distributed Mandatory Access Control. 22nd ACSAC, 2006.

TCB change / compromise

(17)

Trusted Platform Module (TPM)

ƒ

ƒ Trusted Computing in todayTrusted Computing in today’’s world is largely synonymous with a s world is largely synonymous with a use that involves the Trusted Platform Module (TPM)

use that involves the Trusted Platform Module (TPM)

ƒ

ƒ TPM is a passive storage device that has some interesting TPM is a passive storage device that has some interesting properties:

properties:

You cannot remove data once youYou cannot remove data once you’’ve written it to the TPMve written it to the TPM

You can retrieve an aggregate of the data from the TPM that is sYou can retrieve an aggregate of the data from the TPM that is signed by that igned by that TPMTPM’’ss unique key

unique key

The TPM provides sealed storageThe TPM provides sealed storage

Storage root key protectionStorage root key protection

Winbond

Winbond

Infineon

Infineon

Atmel

Atmel

(18)

© 2005 IBM Corporation

sailer@us.ibm.com

Integrity Measurement –

Integrity & Attestation

ƒ Provide reliable runtime integrity guarantees

Certificates provide identity and secure tunnel

But does the remote system currently satisfy security-related requirements?

ƒ Leverage Trusted Platform Module (TPM) / Core Root of Trust for Measurement

Remotely attest software-stack

Detect cheating & compromise (load guarantees)

Bind sensitive data to endpoint (certificates etc.)

Non-intrusive / negligible overhead

ƒ Implemented for Linux in 2003/2004

IBM Integrity Measurement Architecture (IMA) Core Root of Trust OS Loader OS Applications 1 3 5 2 4 6 measure execute

Sailer, Zhang, Jaeger, Doorn. Design and Implementation of a TCG-based Integrity Measurement Architecture. Usenix Security Symposium, August, 2004.

Sailer, Zhang, Jaeger, Doorn. Design and Implementation of a TCG-based Integrity Measurement Architecture. Usenix Security Symposium, August, 2004.

(19)

1. Local integrity verification

ƒ Does my system have integrity?

ƒ Is it save to log in and use? (Kiosk, Desktop, …)

2. Remote integrity verification

ƒ Does their system have integrity?

ƒ Is it save to use? (online services,…)

ƒ What about its users?

2. How is their system doing? 1. How is my system doing? 3. Use Service

Trusted Computing uses real-time attestation to

establish sufficient facts about a system, such as

software integrity, to interpolate from its past to its

future behavior.

(20)

© 2005 IBM Corporation sailer@us.ibm.com Inferred System SHA1(Boot Process) SHA1(Kernel) SHA1(Kernel Modules) SHA1(Program) SHA1(Libraries) SHA1(Configurations) SHA1(Structured data)

Measurements Deduce System Properties

Known Fingerprints Real System Program Kernel Kernel module Config data Boot-Process Data TPM-Signed PCR Integrity Value

(1) Measurement (2) Attestation (3) Verification

Attesting System Verifying System

Analysis

IMA

TCG Grub

(21)

Virtual TPMs Enable VM Integrity Attestation

Hardware Secure Hypervisor

Guest Kernel Guest Kernel

Application Application Application Application Application Application

Core Root of Trust

IMA-enabled OS IMA-enabled OS Application Application IMA-enabled Application Application IMA-enabled Application IMA-enabled Application Measure HW, hypervisor, and critical services Virtual TPMs Policy Manager Support current IMA via vTPMs (flexible, scalable) ACM

(22)

© 2005 IBM Corporation

sailer@us.ibm.com

vTPM+IMA: Focus on Solving Real Problems

ƒ

Configuration Management

ƒ Configure server classes

ƒ Verify configuration

against software stack

Runs old

patch-level

HELP!

#000: BC55F0AFE013C...E6CFAA2B4D2AB | boot_aggregate (bios + grub stages) #001: A8A865C7203F2...0A2289F7D035B | grub.conf (boot configuration) #002: 1238AD50C652C...87D06A99A22D1 | vmlinuz-2.6.5-bk2-lsmtcg #003: 84ABD2960414C...9364B4E5BDA4F | init (first process)

#004: 9ECF02F90A2EE...5DE4798A1BE3D | ld-2.3.2.so (dynamic linker)

#005: 1238AD50C652C...87D06A99A22D1 | Illegal Config /etc/http.conf #006: 84ABD2960414C...9364B4E5BDA4F | Old HTTP Server 1.1

#000: BC55F0AFE013C...E6CFAA2B4D2AB | boot_aggregate (bios + grub stages) #001: A8A865C7203F2...0A2289F7D035B | grub.conf (boot configuration) #002: 1238AD50C652C...87D06A99A22D1 | vmlinuz-2.6.5-bk2-lsmtcg #003: 84ABD2960414C...9364B4E5BDA4F | init (first process)

#004: 9ECF02F90A2EE...5DE4798A1BE3D | ld-2.3.2.so (dynamic linker)

#005: 1238AD50C652C...87D06A99A22D1 | Illegal Config /etc/http.conf #006: 84ABD2960414C...9364B4E5BDA4F | Old HTTP Server 1.1

System A

ƒ

Problem Management

ƒ Automatically detect and

isolate real problems

ƒ Direct intelligence towards those real problems

ƒ Fix problems efficiently

ƒ Verify that problems no

longer exists

#000: BC55F0AFE013C...E6CFAA2B4D2AB | boot_aggregate (bios + grub stages) #001: A8A865C7203F2...0A2289F7D035B | grub.conf (boot configuration) #002: 1238AD50C652C...87D06A99A22D1 | vmlinuz-2.6.5-bk2-lsmtcg #003: 84ABD2960414C...9364B4E5BDA4F | init (first process)

#004: 9ECF02F90A2EE...5DE4798A1BE3D | ld-2.3.2.so (dynamic linker)

#005: 1238AD50C652C...87D06A99A22D1 | Linux Root Kit #006: 84ABD2960414C...9364B4E5BDA4F | Unknown Program

#000: BC55F0AFE013C...E6CFAA2B4D2AB | boot_aggregate (bios + grub stages) #001: A8A865C7203F2...0A2289F7D035B | grub.conf (boot configuration) #002: 1238AD50C652C...87D06A99A22D1 | vmlinuz-2.6.5-bk2-lsmtcg #003: 84ABD2960414C...9364B4E5BDA4F | init (first process)

#004: 9ECF02F90A2EE...5DE4798A1BE3D | ld-2.3.2.so (dynamic linker)

#005: 1238AD50C652C...87D06A99A22D1 | Linux Root Kit #006: 84ABD2960414C...9364B4E5BDA4F | Unknown Program

(23)

Research Challenges around TVDc Technologies

ƒ

Controlled Sharing Between TVDc

Guard systems

ƒ

Integrity Measurement Architecture

Run-time guarantees (extend load-time guarantees)

Property determination and fingerprint management

ƒ

Distributed Mandatory Access Control

Policy composition & change management

ƒ

Virtual TPM

(24)

© 2005 IBM Corporation

sailer@us.ibm.com

Trusted Virtual Data Center

Summary

ƒ

TVDc is designed to achieve

simplified security management

enterprise-level assurance

ƒ

TVDc creates confined workload domains to enable

independent trust and security properties

More on our department team page: http://www.research.ibm.com/

secure_systems_department or:

“TVDc – Managing Security in the Trusted Virtual Datacenter” in ACM SIGOPS Operating System Review Special: IBM Research. Vol 42, Issue 1, January 2008. Berger, Cáceres, Pendarakis, Perez, Sailer, Schildhauer, Srinivasan, Valdez.

“TVDc – Managing Security in the Trusted Virtual Datacenter” in ACM SIGOPS Operating System Review Special: IBM Research. Vol 42, Issue 1, January 2008. Berger, Cáceres, Pendarakis, Perez, Sailer, Schildhauer, Srinivasan, Valdez.

(25)

Resources – TVDc building blocks freely available:

ƒ Integrity Measurement Architecture (IMA)

Source code: http://sourceforge.net/projects/linux-ima

Project page:

http://domino.research.ibm.com/comm/research_people.nsf/pages/sailer.ima.html

ƒ Virtual Trusted Platform Module (vTPM)

Source code in Xen: http://www.xensource.com/xen

Project page: http://www.research.ibm.com/ssd_vtpm

ƒ sHype Access Control Architecture

Source code in Xen: http://www.xensource.com/xen

Xen User Guide: http://www.cl.cam.ac.uk/research/srg/netos/xen/readmes/user

Figure

Updating...

References

Updating...

Related subjects :