• No results found

Security and Integrity of a Distributed File Storage in a Virtual Environment

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Security and Integrity of a Distributed File Storage in a Virtual Environment"

Copied!
23
0
0

Loading.... (view fulltext now)

Download now ( 23 Page )

Full text

(1)

Security and Integrity of a Distributed File

Storage in a Virtual Environment

Gaspare Sala

1

Daniele Sgandurra

1

Fabrizio Baiardi

2

1

Department of Computer Science, University of Pisa, Italy

2

Polo G. Marconi - La Spezia, University of Pisa, Italy

(2)

Outline

1

Introduction

Secure File Sharing

Requirements

2

Proposed Solution: VSFS

Overall Architecture

Threat Model

Implementation

3

Evaluation

Performance

4

Conclusion

(3)

Secure File Sharing

Applications with Distinct Trust Levels

Secure file sharing

among applications with

distinct trust

levels

:

Web Services.

P2P applications.

Users share their data only if they receive some

assurance

about the:

Description

Enforcement

(4)

MAC/MLS Policies

To enable

secure file sharing

, we need an

architecture

that:

Describes and enforces in a

centralized way

a security

policy to handle file requests.

Forces users

to respect their roles when accessing files.

Supports a large set of

MAC

or

DAC

policies.

(5)

Requirements

Distributed File System

Client-server

architecture to implement a

distributed

file

system.

Exports

to the clients one or more directories of the shared

file system.

Applications access

transparently

remote shared files.

Limitations

of current solutions:

untrusted

client user

credentials.

(6)

Virtualization Technology

Software

emulation

of the hardware architecture:

Virtual

Machines

(VMs).

Benefits:

1

Confinement

among the VMs.

2

Server

consolidation

: better resource utilization.

3

Centralized

management: easier administration.

(7)

Overall Architecture

(8)

Virtual environment Secure File System

We propose a software architecture for

secure file sharing

composed of:

A network of multiple interconnected

virtual machines

.

Three disjoint sets of VMs:

1

Application-VMs

(APP-VMs): each APP-VM runs some

application processes.

2

File System-VMs

(FS-VMs): export file systems shared

among the application processes.

3

Administrative-VMs

(A-VMs): one for each node, to set up

and manage VMs for assurance, routing and administrative

tasks.

(9)

Overall Architecture

(10)

Application VMs (APP-VMs)

Run

application processes

.

(11)

Overall Architecture

File System VMs (FS-VMs)

Export

file systems

.

(12)

Administrative VMs (A-VMs)

Protect

FS-VM integrity

against attacks.

Implement

anti-spoofing

techniques to

authenticate

each

file request before routing it.

(13)

Threat Model

Threat Model

VMMs and A-VMs belong to the

Trusted Computing Base

.

A malicious application may

attacks

other ones through

shared files

.

Invalidate

data integrity.

Contamination

through viruses.

APP-VMs are

untrusted

: spoofed packets.

Communications among the physical nodes cannot be

forged

or

spoofed

.

(14)

Current Prototype

Patch to FS-VM

Linux Kernel

.

The prototype is based on

Xen

.

VSFS exploits

NFSv3

service to handle file requests.

FS-VMs run Security-Enhanced Linux (

SELinux

):

1

to support

DAC/MAC

policies;

(15)

Implementation

NFS Subject

Changes to

SELinux

labeling and access rules:

new subject

corresponding to the

NFS client

;

definition

of all the

operations

it can invoke.

the

NFS server

acts on

behalf

of NFS clients.

VSFS:

1

Defines a

distinct protection domain

for each NFS client.

2

Dynamically

pairs the NFS server process with the

security

context

of the NFS client.

(16)
(17)

Implementation

Assurance

Virtual Machine Introspection

: Standford University.

Visibility

: access FS-VM’s state from a

lower level

.

Robustness

: protects FS-VM integrity from an A-VM.

Anti-spoofing

on the Xen virtual bridge:

Static

IP addresses bound to virtual interfaces.

(18)

IOzone

We used the

IOzone Filesystem Benchmark

to run NFS

performance tests.

Read/Write test.

Four cases

depending on whether:

APP-VM and FS-VM are on the

same

or

different node

.

Security policy is

enforced

or

disabled

.

(19)

Performance

IOzone Read Performance

Overhead is negligible

(20)

IOzone Write Performance

Overhead is negligible

(21)

Results and Future Works

Limitations

Current

limitations

of the prototype:

No file system

encryption

.

Assurance

is limited to FS-VMs:

attacks

to APP-VMs are possible.

Policy granularity is at the

VM level

.

Security policy is

static

.

(22)

Results

Enforcement of

MAC policies

on a

shared storage

:

to protect files accessed by applications with

distinct trust

levels

.

Ability of

securely identifying

each APP-VM:

reliable association of a

security context

to an APP-VM

according to its trust level.

High assurance

of the FS-VM integrity.

Negligible

overhead

.

(23)

Results and Future Works

Future Works

Tainting

: track data propagation among users and

applications.

File System

encryption

.

Finer-grained

security policy: user-ID and NFS client-ID.

1

Protection domain is a

subset

of the VM’s domain.

2

Client

side authentication.

Master

A-VM: controls and configures the whole network.

Ex.: VM

migration

.

References

Download now ( PDF - 23 Page - 701.31 KB )

Related documents

VCDN: A CONTENT DISTRIBUTION NETWORK FOR HIGH QUALITY VIDEO DISTRIBUTION. Adrian J. Cahill and Cormac J. Sreenan

This paper outlines the design of a Video Content Distribution Network (VCDN), which unlike tradition CDNs, is designed to automatically repli- cate and/or move content on to

Identification of critical paralog groups with indispensable roles in the regulation of signaling flow

We needed only two criteria to distinguish the critical and non-critical paralog groups: tissue-specific information flow through a member of a paralog group and cross-talk

Using geolocated tweets for characterization of Twitter in Portugal and the Portuguese administrative regions

As such, it is common to divide the territory into coastal and interior regions when performing data analysis (Fig. 2 shows the Portuguese population per district and the

How To File A Chapter 8 Claim

10. The creditor ’s secured claim is not extin- guished if it fails to file a proof of claim. 2003) (Amsouth’s liens were not extinguished by its failure to file a timely claim

Employer_Name JobTitle Program Source Job Start Date

ALP Lighting Components Tooling Technician Machine Tool Student/Employer Follow-up Survey 6/20/14 Hendrickson Trailer Suspensions Maintenance Mechatronics Student/Employer

Distance Learning Drilling Calculations Part 1

Miles divided by hours must give the answer as miles per hour mph Example If the distance were in feet and the time in seconds, what units would the speed be in..

Distributed auditing mechanism in order to strengthen user s control over data in Cloud computing Environment

Even if the attacker is an authorized user, he can only access the actual content file but he is not able to de- crypt any other data including the log files which are viewable

Writting To A File Java

Hence we have character stream that java is one last modified time i have a file path may writting to a file java program receives data..