how to secure infrastructure clouds with trusted computing ... · how to secure infrastructure...
TRANSCRIPT
![Page 1: How to Secure Infrastructure Clouds with Trusted Computing ... · How to Secure Infrastructure Clouds with Trusted ... IaaS security with trusted computing. ... IaaS environment?](https://reader031.vdocument.in/reader031/viewer/2022020413/5b8346b77f8b9a315b8cdf7e/html5/thumbnails/1.jpg)
How to Secure Infrastructure Clouds with Trusted Computing Technologies
Nicolae Paladi
Swedish Institute of Computer Science
![Page 2: How to Secure Infrastructure Clouds with Trusted Computing ... · How to Secure Infrastructure Clouds with Trusted ... IaaS security with trusted computing. ... IaaS environment?](https://reader031.vdocument.in/reader031/viewer/2022020413/5b8346b77f8b9a315b8cdf7e/html5/thumbnails/2.jpg)
Contents
1. Infrastructure-as-a-Service
2. Security challenges of IaaS
3. Trusted Computing and TPM
4. Trusted VM launch
5. InfraCloud
6. Future work
2
![Page 3: How to Secure Infrastructure Clouds with Trusted Computing ... · How to Secure Infrastructure Clouds with Trusted ... IaaS security with trusted computing. ... IaaS environment?](https://reader031.vdocument.in/reader031/viewer/2022020413/5b8346b77f8b9a315b8cdf7e/html5/thumbnails/3.jpg)
Infrastructure-as-a-Service
• A 'cloud computing' service model (NIST:2011):
Provision processing, storage, networks.
Deploy and run arbitrary software.
No control over underlying cloud infrastructure.
Control over OS, storage, deployed applications.
Limited control of select networking components.
3
![Page 4: How to Secure Infrastructure Clouds with Trusted Computing ... · How to Secure Infrastructure Clouds with Trusted ... IaaS security with trusted computing. ... IaaS environment?](https://reader031.vdocument.in/reader031/viewer/2022020413/5b8346b77f8b9a315b8cdf7e/html5/thumbnails/4.jpg)
Infrastructure-as-a-Service architectural overview
4
OpenStack architectural overview
https://wiki.openstack.org/wiki/ArchitecturalOverview
![Page 5: How to Secure Infrastructure Clouds with Trusted Computing ... · How to Secure Infrastructure Clouds with Trusted ... IaaS security with trusted computing. ... IaaS environment?](https://reader031.vdocument.in/reader031/viewer/2022020413/5b8346b77f8b9a315b8cdf7e/html5/thumbnails/5.jpg)
Infrastructure-as-a-Service security issues
5
OpenStack architectural overview
https://wiki.openstack.org/wiki/ArchitecturalOverview
2011: Vulnerabilities in the AWS management console (XSS and XML wrapping attacks)
![Page 6: How to Secure Infrastructure Clouds with Trusted Computing ... · How to Secure Infrastructure Clouds with Trusted ... IaaS security with trusted computing. ... IaaS environment?](https://reader031.vdocument.in/reader031/viewer/2022020413/5b8346b77f8b9a315b8cdf7e/html5/thumbnails/6.jpg)
Infrastructure-as-a-Service security issues
6
OpenStack architectural overview
https://wiki.openstack.org/wiki/ArchitecturalOverview
2011: Vulnerabilities in the AWS management console (XSS and XML wrapping attacks)
2012: Cross-VM Side Channels can be used to extract private keys.
![Page 7: How to Secure Infrastructure Clouds with Trusted Computing ... · How to Secure Infrastructure Clouds with Trusted ... IaaS security with trusted computing. ... IaaS environment?](https://reader031.vdocument.in/reader031/viewer/2022020413/5b8346b77f8b9a315b8cdf7e/html5/thumbnails/7.jpg)
Infrastructure-as-a-Service security issues
7
OpenStack architectural overview
https://wiki.openstack.org/wiki/ArchitecturalOverview
2011: Vulnerabilities in the AWS management console (XSS and XML wrapping attacks)
2012: Cross-VM Side Channels can be used to extract private keys
2012: Rackspace’s
“dirty disks”
![Page 8: How to Secure Infrastructure Clouds with Trusted Computing ... · How to Secure Infrastructure Clouds with Trusted ... IaaS security with trusted computing. ... IaaS environment?](https://reader031.vdocument.in/reader031/viewer/2022020413/5b8346b77f8b9a315b8cdf7e/html5/thumbnails/8.jpg)
Can we help it?
8
![Page 9: How to Secure Infrastructure Clouds with Trusted Computing ... · How to Secure Infrastructure Clouds with Trusted ... IaaS security with trusted computing. ... IaaS environment?](https://reader031.vdocument.in/reader031/viewer/2022020413/5b8346b77f8b9a315b8cdf7e/html5/thumbnails/9.jpg)
Introducing the TPM
Trusted platform module v1.2 as specified by TCG.
v2.0 is currently under review.
Tamper-evident.
16+ PCRs for volatile storage.
Four operations: Signing / Binding / Sealing / Sealed-sign.
9
![Page 10: How to Secure Infrastructure Clouds with Trusted Computing ... · How to Secure Infrastructure Clouds with Trusted ... IaaS security with trusted computing. ... IaaS environment?](https://reader031.vdocument.in/reader031/viewer/2022020413/5b8346b77f8b9a315b8cdf7e/html5/thumbnails/10.jpg)
Introducing the TPM: output
• Produces integrity measurements of the firmware at boot time.
Can produce integrity measurements of the loaded kernel modules (sample below).
10
![Page 11: How to Secure Infrastructure Clouds with Trusted Computing ... · How to Secure Infrastructure Clouds with Trusted ... IaaS security with trusted computing. ... IaaS environment?](https://reader031.vdocument.in/reader031/viewer/2022020413/5b8346b77f8b9a315b8cdf7e/html5/thumbnails/11.jpg)
Introducing the TPM: usage
• Microsoft BitLocker
• Google Chromium OS
• Citrix XenServer
• Oracle’s X- and T-Series Systems
• HP ProtectTools
• Others
11
![Page 12: How to Secure Infrastructure Clouds with Trusted Computing ... · How to Secure Infrastructure Clouds with Trusted ... IaaS security with trusted computing. ... IaaS environment?](https://reader031.vdocument.in/reader031/viewer/2022020413/5b8346b77f8b9a315b8cdf7e/html5/thumbnails/12.jpg)
Securing IaaS environments with trusted computing
• Virtualization security.
• Storage protection in IaaS environments.
• Computing security in IaaS environments.
• Remote host software integrity attestation.
• Runtime host software integrity attestation.
• Encryption key management in IaaS environments.
12
![Page 13: How to Secure Infrastructure Clouds with Trusted Computing ... · How to Secure Infrastructure Clouds with Trusted ... IaaS security with trusted computing. ... IaaS environment?](https://reader031.vdocument.in/reader031/viewer/2022020413/5b8346b77f8b9a315b8cdf7e/html5/thumbnails/13.jpg)
Computing security in IaaS environments: Problem Setting
• “Consumer is able to deploy and run arbitrary software, which can include operating systems and applications.”
Client can launch VMs for sensitive computations.
Trusted VM launch – the correct VM is launched in a IaaS platform on a host with a known software stack verified to not have been modified by malicious actors.
IaaS security with trusted computing.
How do we ensure a trusted VM launch in an untrusted
IaaS environment?
13
![Page 14: How to Secure Infrastructure Clouds with Trusted Computing ... · How to Secure Infrastructure Clouds with Trusted ... IaaS security with trusted computing. ... IaaS environment?](https://reader031.vdocument.in/reader031/viewer/2022020413/5b8346b77f8b9a315b8cdf7e/html5/thumbnails/14.jpg)
Attack scenario 1
Hardware
Client (C)
Scheduler
(S)
Trusted
Compute
Host
(CH)
Compute
Host
(CH)
Hardware Hardware
Remote attacker
(Ar)
14
Ar could schedule
the VM instance to
be launched on a
compromised host
![Page 15: How to Secure Infrastructure Clouds with Trusted Computing ... · How to Secure Infrastructure Clouds with Trusted ... IaaS security with trusted computing. ... IaaS environment?](https://reader031.vdocument.in/reader031/viewer/2022020413/5b8346b77f8b9a315b8cdf7e/html5/thumbnails/15.jpg)
Attack scenario 2
Trusted
Compute
Host
(CH)
Hardware
Scheduler
(S)
Client (C)
Compute
Host
(CH)
Hardware Hardware
Compute
Host
(CH)
15
Ar could
compromise
the VM image
prior to
launch
Remote attacker
(Ar)
![Page 16: How to Secure Infrastructure Clouds with Trusted Computing ... · How to Secure Infrastructure Clouds with Trusted ... IaaS security with trusted computing. ... IaaS environment?](https://reader031.vdocument.in/reader031/viewer/2022020413/5b8346b77f8b9a315b8cdf7e/html5/thumbnails/16.jpg)
Trusted VM launch protocol
• Ensure VM image launched on a trusted host.
• Ensure communication with VM launched on a trusted
CH rather than a random VM.
• Compute host to verify the integrity VM image to be
launched.
• Minimum implementation footprint on the IaaS
codebase.
• Transparent view of the secure launch procedures.
16
![Page 17: How to Secure Infrastructure Clouds with Trusted Computing ... · How to Secure Infrastructure Clouds with Trusted ... IaaS security with trusted computing. ... IaaS environment?](https://reader031.vdocument.in/reader031/viewer/2022020413/5b8346b77f8b9a315b8cdf7e/html5/thumbnails/17.jpg)
Protocol: birds-eye view
(S)
CH
HW Client (C)
CH CH
HW HW
+
TPM
1.
2.
3.
4. 5.
6.
![Page 18: How to Secure Infrastructure Clouds with Trusted Computing ... · How to Secure Infrastructure Clouds with Trusted ... IaaS security with trusted computing. ... IaaS environment?](https://reader031.vdocument.in/reader031/viewer/2022020413/5b8346b77f8b9a315b8cdf7e/html5/thumbnails/18.jpg)
Prototype implementation
• OpenStack cluster deployed on 3 nodes (TPM-equipped)
• Code extensions:
• Changes OpenStack launch procedure.
• Implementation of an OpenStack–TPM communication “glue”.
• Implementation of a TTP (interpretation of attestation info)
• Implementation of client-side functionality (token generation, trusted launch verification).
18
![Page 19: How to Secure Infrastructure Clouds with Trusted Computing ... · How to Secure Infrastructure Clouds with Trusted ... IaaS security with trusted computing. ... IaaS environment?](https://reader031.vdocument.in/reader031/viewer/2022020413/5b8346b77f8b9a315b8cdf7e/html5/thumbnails/19.jpg)
• Ongoing project in collaboration between
Region Skåne, Ericsson Research and SICS.
• Aim: proof of concept design and deployment
of one of the region’s medical journaling
systems in a hardened and trustworthy
IaaS environment.
• Prototype implementation based on earlier
research, as well as solutions to newly
identified challenges.
19
Securing IaaS with InfraCloud: The project
![Page 20: How to Secure Infrastructure Clouds with Trusted Computing ... · How to Secure Infrastructure Clouds with Trusted ... IaaS security with trusted computing. ... IaaS environment?](https://reader031.vdocument.in/reader031/viewer/2022020413/5b8346b77f8b9a315b8cdf7e/html5/thumbnails/20.jpg)
Numerous new research challenges have been identified already in the early stages of the project:
• Storage protection in untrusted IaaS environments.
• Verification and protection of a deployment’s network
configuration.
• Runtime VM instance protection (prevent memory dumping,
cloning).
• Secure key handling mechanisms in untrusted IaaS
deployments.
• Update and patch deployment on guest VM instances.
• Interpretation of TPM attestation data.
20
Securing IaaS with InfraCloud: The challenges
![Page 21: How to Secure Infrastructure Clouds with Trusted Computing ... · How to Secure Infrastructure Clouds with Trusted ... IaaS security with trusted computing. ... IaaS environment?](https://reader031.vdocument.in/reader031/viewer/2022020413/5b8346b77f8b9a315b8cdf7e/html5/thumbnails/21.jpg)
Conclusion
• Out-of-the-box public IaaS probably not acceptable
for most organizations handling sensitive data.
• A comprehensive solution for data protection in public
IaaS environments has not been found yet.
• SICS Secure Systems lab works with various aspects
of guest protection in untrusted IaaS.
• Trusted Computing Technologies allow to address
some of the issues with IaaS security.
• Participation in the InfraCloud project and practical
application of protocols reveal multiple new research
challenges.
21