Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds
Marc Lacoste
Orange Labs
SEC2 ComPAS’15 Workshop on Cloud Security
Lille, June 30, 2015
Security = key concern in cloud adoption
for the enterprise market Cloud Security Today
Threats are on the rise
Attacks are costly
Awareness is growing, but is not enough
Source: Cloud Security Alliance, 2013.
Source: Ponemon, 2013.
The Cloud everywhere, increasingly complex…
Classical
cloud threats…
…and so are security breaches!
…
and
new threats
...
Challenges: central PoF, trust
Mitigation: Replication, diversity, authentication
Policy consistency, secure SDN toolkits
Intrusion prevention?
Fault tolerance?
Secure, Robust SDN NFV Security
Topology validation
Availability of management network
Secure boot
I/O partitioning
Performance isolation
Root causes: commodity hardware,
cloud isolation technology
Issues:
Hasn’t someone been forgotten?
The User? The Customer?
Are they going to use those infrastructures?
Are they going to pay for them?
Provider-centric clouds prevent interoperability and unified control
The Cloud as utility
Promise: high availability & security, energy efficiency, scalability, …
Feature-rich services: intrusion monitoring, elastic load balancing, …
Multi-provider clouds
NOT ACHIEVED
NOT DEPLOYED
Provider-centric cloud
deficiencies
INTEROPERABILITY
Vendor lock-in
Different SLAs
UNIFIED CONTROL
Heterogeneous infrastructure services
Monolithic infrastructure
Technological choices
S
E
C
U
R
I
T
Y
Outline
Moving to User-Centric Cloud Security
Secure Supercloud Computing 11 Key Enabling Technologies
The H2020 SUPERCLOUD Project
Next Steps
User-centric clouds require a resource distribution layer
Customer Security Expectations
Taking Into Account Security Challenges
Infrastructure security: strong, flexible, automated security for compute resources
Vulnerabilities in complex infrastructure, mitigation of cross-layer attacks
Lack of flexibility and control in security management
Automation of security management: in layers, between providers Data management: on-demand, unified experience in protection of data assets
Management of access rights, continuum between provider vs. user control
Blind compute over data stored in multi-clouds
Traceability of information for accountability and privacy Network management: resilient, secure virtual networking
Resilient resource provisioning across heterogeneous clouds
End-to-end inter-cloud network security with different security SLAs
Outline
Moving to User-Centric Cloud Security
Secure Supercloud Computing 11 Key Enabling Technologies
The H2020 SUPERCLOUD Project
Next Steps
Secure Supercloud Computing
The Supercloud NORTH INTERFACE
provides user-centric self-service
security & dependability
The Supercloud SOUTH INTERFACE
provides provider-centric self-managed
security & dependability
Supercloud Computing: Self-Service Security
Self-service security relies on:
a distributed, flexible resource & control layer spanning compute, data, network
multi-provider security policies
Abstraction & Control Layer Policies
Supercloud Computing: Self-Managed Security
Self-managed security relies on:
bi-dimensional (cross-layer, multi-provider) self-protection for compute and network resources
bi-dimensional trust management
Security and Trust management
Supercloud Computing: End-to-End Security
End-to-end security relies on:
E2E security SLAs for VMs & data protection
E2E network security in control and data planes
E2E network
security E2E VM SLAs
E2E network
security
E2E data
security
Supercloud Computing: Resilience
Resilience relies on:
multi-cloud data availability
resilient networking in data and control plane
Resilience
Resilience
Resilience
Outline
Moving to User-Centric Cloud Security
Secure Supercloud Computing 11 Key Enabling Technologies
The H2020 SUPERCLOUD Project
Next Steps
Key Enabling Technologies: Self-Service Security
Flexible hypervisor security architectures:
User data isolation + protection against the cloud provider
Modular, secure interface for the hypervisor Blind computation:
Lightweight homomorphic operations over encrypted data
Advanced cryptographic tools for data security Security SLA management:
Security SLA (SSLA) language bridging the gap between layers
SSLA templates and combination functions for easy specification
Key Enabling Technologies: Self-Managed Security
Autonomic IaaS security supervision:
Cross-layer security monitoring, even if some layers are
compromised
Cross-provider security monitoring, seamless integration Security policies:
Flexible security policy languages and deployment tools
Policy negotiation tools for conflict resolution Network security management:
Finer-grained network control than current specifications
SDN components/APIs for advanced policy monitoring
Key Enabling Technologies: End-to-End Security
Cryptographic protection:
Integrity and consistency verification
Processing cryptographically protected data
Storage access control:
Transparent cryptographic protection mechanisms
Flexible cloud-based key management Trust management:
Horizontal trust management between different cloud entities
Vertical trust management across cloud system configurations
Abstraction of trust through specification language
Key Enabling Technologies: Resilience
SDN Resilience:
Secure, dependable SDN controller for multi-cloud networking
Intra/inter-cloud infrastructure resilient to network failures Data availability:
Integration of disruptive secrecy technology to multi-cloud
storage replication
New services based on multi-cloud storage algorithms
Adaptive multi-cloud algorithms with outstanding performance
for real workloads
What is VESPA?
= Virtual Environments Self-Protecting Architecture
An automated security supervision framework for IaaS and multi-DC infrastructures
APPLICATIONS
CLOUD PROVIDER
IaaS monitoring
Anti-malware.
Anti-DDoS.
End-to-end security.
CUSTOMERS
SecaaS
appliances
STRONG SECURITY Cross-layer security: detect / respond
to overall extent of attack.
Open architecture: mitigate new threats,
integrate legacy counter-measures.
SIMPLE SECURITY Automated security supervision:
choose in-layer, cross-layer, multi-DC.
Tuneable defense patterns: orchestrate
multiple loops for rich defense strategy.
Design principles
VESPA System Architecture
HO
Resource
Plane
Security
Plane
Agent
Plane
Orchestration
Plane
VM
Hypervisor
Physical
VO
HO
Detection Manager
DETECTION
Detection Agent
DECISION
Reaction Manager
REACTION
Reaction Agent
RESOURCES
VESPA System Architecture
HO
Resource
Plane
Security
Plane
Agent
Plane
Orchestration
Plane
VM
Hypervisor
Physical
Intra-Layer
Self-Protection
VO
HO
Detection Manager
DETECTION
Detection Agent
DECISION
Reaction Manager
REACTION
Reaction Agent
RESOURCES
VESPA System Architecture
HO
Resource
Plane
Security
Plane
Agent
Plane
Orchestration
Plane
Cross-Layer
Self-Protection VM
Hypervisor
Physical
VO
HO
Detection Manager
DETECTION
Detection Agent
DECISION
Reaction Manager
REACTION
Reaction Agent
RESOURCES
Research results :
Framework [ICAC’12]..
Extensions:
Network management (SDN approach).
Mobile cloud SLAs: Orange MC2 [UCC’13].
VMM self-protection: KungFuVisor [EURODW’12], self-stabilization [DSS’14].
Keynotes [SSS’11], panels [IM’11, NOMS’14], tutorials [ICAR’13, MOBILECLOUD’14].
Code available at : https://github.com/Orange-OpenSource/vespa-core
The VESPA Project
RESULTS
Framework: supervision of single cloud and multi-DC security.
Available in open source.
Different applications demonstrating
viability of self-defending cloud concept.
So far CURRENT VESPA FUNCTIONALITIES
VESPA = core + security plug-ins.
Supported In progress
Anti-virus Integration with Heat + Horizon
Hypervisor control Network zones
Firewall vSwitch management (SDN)
Log analysis
Outline
Moving to User-Centric Cloud Security
Secure Supercloud Computing 11 Key Enabling Technologies
The H2020 SUPERCLOUD Project
Next Steps
28
The SUPERCLOUD Project
The SUPERCLOUD Project: Goals and Expected Results
Goal: a security management infrastructure for secure supercloud computing
Expected Results: A security management infrastructure:
360°autonomic security supervision, horizontally and vertically for superclouds
A user-centric to provider-centric continuum of security services
End-to-end trust management
A data management framework:
Advanced cryptographic tools (e.g., access control, secure computation)
A resilience framework for multi-cloud storage infrastructures
A multi-cloud network management infrastructure:
Resilient virtual network provisioning across multiple clouds
Sanitized network environment with tunable security guarantees
Use Cases and Dissemination of Results
Use cases:
Healthcare-oriented:
Distributed medical imaging platform
Healthcare Laboratory Information System
NFV security
Smart home
Decentralized, location-aware cloud security
SUPERCLOUD Technology Dissemination: fully open source
Ambition: open toolbox for trustworthy management of clouds of clouds Standardization: aim for open standards
Outline
Moving to User-Centric Cloud Security
Secure Supercloud Computing 11 Key Enabling Technologies
The H2020 SUPERCLOUD Project
Next Steps
Conclusion and Next Steps
Key take-aways: User-centric distributed clouds should overcome provider-centric limitations
Secure Supercloud Computing enables to build such clouds,
with security that is self-service, self-managed, end-to-end, and resilient
Open innovation enables to build such next-generation security technology
More trustworthy cloud services with increased customer experience are expected
Next steps: SUPERCLOUD requirements, security architecture, prototypes
Push into open source and standardization
https://supercloud-project.eu/
Thank you!