• No results found

Self-service Cloud Computing

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Self-service Cloud Computing"

Copied!
40
0
0

Loading.... (view fulltext now)

Download now ( 40 Page )

Full text

(1)

Shakeel Butt

[email protected]

H. Andres Lagar-Cavilla

[email protected]

Abhinav Srivastava

[email protected]

Vinod Ganapathy

[email protected]

Self-service Cloud Computing

(2)

•  By 2015, 90% of government agencies and large

companies will use the cloud

[Gartner, “Market Trends:

Application Development Software, Worldwide, 2012-2016,” 2012]

•  Many new companies & services rely exclusively

on the cloud, e.g., Instagram, MIT/Harvard EdX

(3)

Virtualized cloud platforms

Hardware

Hypervisor

Management  

VM  (dom0)  

Work  

VM  

Work  

VM  

Work  

VM  

(4)

Embracing the cloud

(5)

Embracing the cloud

Trust me with your code & data

Cloud Provider Client

You have to trust us as well

Cloud operators

(6)

Embracing the cloud

(7)

Embracing the cloud

Problem #2

Clients must rely on provider to deploy customized services

I need customized malware detection and VM rollback

Cloud Provider Client

For now just have checkpointing …

Cloud Provider Client

(8)

Why do these problems arise?

Hardware

Hypervisor

Management  

(9)

Hypervisor

Client’s VM

Management VM

Code

Data

Checking daemon

Sec.

Policy

Resume guest

1

2

3

Process the page Alert user

Example: Malware detection

(10)

Hypervisor

Client’s VM

Management VM

Code

Data

Checking daemon

Sec.

Policy

Resume guest

1

2

3

Process the page Alert user

?

(11)

Hypervisor

Client’s VM

Management VM

Code

Data

Checking daemon

Sec.

Policy

Resume guest

1

2

3

Process the page Alert user

?

Problem

Client code & data secrecy and integrity vulnerable to attack

(12)

Hypervisor

Client’s VM

Management VM

Code

Data

Checking daemon

Sec.

Policy

Resume guest

1

2

3

Process the page Alert user

?

Problem

Client code & data secrecy and integrity vulnerable to attack

EXAMPLES:  

•  CVE-2007-4993. Xen guest root escapes to dom0 via pygrub

•  CVE-­‐2007-­‐5497.  Integer  overflows  in  libext2fs  in  e2fsprogs.    

•  CVE-­‐2008-­‐0923.  Directory  traversal  vulnerability  in  the  shared  folders  feature  for  

VMWare.    

•  CVE-­‐2008-­‐1943.  Buffer  overflow  in  the  backend  of  XenSource  Xen  paravirtualized  

frame  buffer.    

•  CVE-­‐2008-­‐2100.  VMWare  buffer  overflows  in  VIX  API  let  local  users  execute  

arbitrary  code  in  host  OS.    

(13)

Hardware

Hypervisor

Management  

VM  

Client’s  VMs  

(14)

SSC: Self-service cloud computing

Hardware

Hypervisor

Management  

(15)

Main contributions

•  New hypervisor privilege model

•  Enables four new cloud abstractions

– Udom0: Per-client management VMs

– Sdom0: System-wide management VM

– Service VMs

– Mutually-trusted service VMs

•  Protocols for trustworthy VM startup

•  Novel cloud-based services

(16)

Duties of the management VM

Manages  and  mul;plexes  hardware  resources  

Manages  client  virtual  machines  

   

(17)

System-­‐wide  Mgmt.    

Per-­‐Client    

Mgmt.  VM    

(

UDom0

)  

Main technique used by SSC

Disaggregate the management VM

•  Manages hardware

•  No access to clients VMs •  Manages client’s VMs •  Allows clients to deploy

new services

(18)

An SSC platform

Hardware

SSC Hypervisor

18  

SDom0  

Work  

VM  

Work  

VM  

UDom0  

Client’s  meta-­‐domain  

Service  

VM  

TPM  

(19)

Hardware

SSC Hypervisor

SDom0  

Work  

VM  

Work  

VM  

UDom0  

Service  

VM  

2. Least Privilege

1. Separation of Privilege

(20)

Cloud Provider Client

But providers want

some

control

•  Udom0 and service VMs put clients in

control of their VMs

•  Sdom0 cannot inspect these VMs

•  Malicious clients can misuse privilege

  Mutually-trusted service VMs

16   NO data leaks or corruption NO illegal activities or botnet hosting

(21)

Trustworthy regulatory compliance

Hardware

SSC Hypervisor

SDom0  

Work  

VM  

Work  

VM  

UDom0  

Mutually

-­‐trusted  

Service  

VM  

(22)

Traditional privilege model

Privileged  opera;on  

Hypervisor

is  request  from  Management  VM?    

YES  

ALLOW

NO  

(23)

SSC’s privilege model

Privileged  opera;on  

Self-service hypervisor

Is  the  request  from  client’s  Udom0?    

NO  

YES  

ALLOW

Does  requestor  have  privilege  

(e.g.,  client’s  service  VM)  

DENY

NO  

YES  

(24)

Hardware

SSC Hypervisor

SDom0  

Bootstrap: the Domain Builder

Domain  

Builder  

UDom0  

Work  

VM  

Service  

VM  

(25)

Hardware

SSC Hypervisor

SDom0  

Bootstrap: the Domain Builder

Domain  

Builder  

UDom0  

Work  

VM  

Service  

VM  

Must  establish  

an  encrypted  

communicaDon

channel  

(26)

1  

Hardware

SSC Hypervisor

Domain  

Builder  

Udom0 image,

Enc ( , )

(27)

Hardware

SSC Hypervisor

Domain  

Builder  

UDom0  

DomB builds domain

2  

(28)

Enc            (          ,                )

 

Hardware

SSC Hypervisor

Domain  

Builder  

UDom0  

DomB installs key, nonce

(29)

Hardware

SSC Hypervisor

Domain  

Builder  

UDom0  

Client gets TPM hashes

(30)

Hardware

SSC Hypervisor

Domain  

Builder  

UDom0  

Udom0 sends to client

(31)

UDom0  

Hardware

SSC Hypervisor

Domain  

Builder  

Client sends Udom0 SSL key

6  

(32)

Hardware

SSC Hypervisor

Domain  

Builder  

UDom0  

SSL handshake and secure

channel establishment

(33)

Hardware

SSC Hypervisor

Domain  

Builder  

UDom0  

Can boot other VMs securely

Work  

VM  

Service  

VM  

8  

VM     image  

(34)

Client meta-domains

Hardware

Malware  

detecDon  

Firewall    

and  IDS  

Storage  

services  

Service  VMs  

SSC hypervisor

ComputaDon  

Work

   

VM  

Work

   

VM  

Work

   

VM  

Udom0  

Trustworthy  

metering  

Regulatory  

compliance  

Mutually-­‐

trusted  

Service  VMs  

(35)

Case studies: Service VMs

•  Storage services: Encryption, Intrusion

detection

•  Security services:

– Kernel-level rootkit detection

– System-call-based intrusion detection

•  Data anonymization service

•  Checkpointing service

•  Memory dedupication

(36)

Evaluation

•  Goals

– Measure overhead of SSC

•  Dell PowerEdge R610

– 24 GB RAM

– 8 Xeon cores with dual threads (2.3 GHz)

– Each VM has 2 vCPUs and 2 GB RAM

•  Results shown only for 2 service VMs

(37)

Storage encryption service VM

Sdom0  

Storage  encrypDon    

service  VM

  Client’s  work   VM   Backend   Block   device   Frontend   Block   device   Frontend   Block   device   Backend   Block   device   EncrypDon   DecrypDon  

Plaiorm   Unencrypted  (MB/s)   Encrypted  (MB/s)  

Xen-­‐legacy  

81.72  

71.90  

(38)

Checkpointing service VM

Client’s  VM

 

Checkpoint  

service

  Encrypted   Storage   service  

Storage  

Storage  

Checkpoint  

service  

(EncrypDon)  

Plaiorm  

Unencrypted    (sec)  

Encrypted  (sec)  

Xen-­‐legacy  

1.840  

11.419  

(39)

Related projects

CloudVisor  

[SOSP’11]  

Xen-­‐Blanket  

[EuroSys’12]   Protect client VM data from

Dom0 using a thin, bare-metal hypervisor

Allow clients to have their own Dom0s on commodity clouds using a thin shim

Nested Hypervisor

Client  

VM  

Dom0  

CloudVisor

Cloud Hypervisor

Client  

VM  

Client  

Dom0  

XenBlanket

Cloud

Dom0  

(40)

Current and future work

•  Novel network services, e.g., trustworthy

network traffic metering

•  VM migration in an SSC-based cloud:

–  Co-location of service VMs and work VMs.

–  Without exposing details of cloud platform to clients

–  Pricing and metering issues

•  Cloud market model:

–  Service VMs as cloud apps

–  See “Towards a Richer Model of Cloud App

Markets,” in ACM CCSW 2012.

References

Download now ( PDF - 40 Page - 1.51 MB )

Related documents

Security and Cloud Computing

Enterprise Data Center Private Cloud 1 Enterprise Data Center Private Cloud Enterprise Data Center Private Cloud 1 Enterprise A Enterprise B Enterprise C Shared Cloud Services

Cloud Computing Services: A Survey

The common security issues around cloud computing are mainly on Cloud infrastructure, platform and hosted code (storage and network vulnerabilities), Data (data

A Context Sensitive Offloading Scheme for Mobile Cloud Computing Service

The communication manager on both client and server side handles connections between client mobile device and the remote execution in either local mobile device cloud or remote

Remote Data Integrity Checking in Cloud Computing

To ensure the correctness of users data the task of allowing a third party auditor (TPA), on behalf of the cloud client, to verify the integrity of the data stored in the

Security Enhancement through Third Party Auditing for Data Storage in Cloud Computing using RC5 Algorithm

To ensure the correctness of data, we consider the task of allowing a third party auditor (TPA), on behalf of the cloud client, to verify the integrity of the data stored in the

Drafting a Cloud Computing Contract

Other questions focus on the security of the whole cloud architecture and customers' data or content, or questions on issue of data integrity, data disclosure,

Mobile Cloud Computing Security Considerations

Securing mobile cloud computing user’s privacy and integrity of data or applications is one of the key issues most cloud providers are given attention.. Since

An Approach to Secure Run Time Environment under Untrusted Management OS

In this I need to provide Integrity of data by overcoming many existing problems like Client Data Integrity, Cloud Storage Integrity ,Integrity Problem on Transmitted Data,