Upload File

the problem - elinux...cloud-native app same owner xen no multi-tenancy only run cloud-native apps...

  • Home
  • Documents
  • The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary
51

Upload: others

Post on 28-May-2020

2 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary
Page 2: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary

The Problem

Page 3: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary
Page 4: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary
Page 5: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary
Page 6: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary

Packaging vs. Runtime

OCI Image Spec vs. OCI Runtime Spec

Page 7: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary

Linux Kernel

Linux Namespaces

Docker Registry

Linux Namespaces

Cloud-Native App

Linux Namespaces

Cloud-Native App

App binaries

App librariesCloud Native App

(rootfs + manifest)

App binaries

App libraries

Docker

Page 8: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary
Page 9: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary

The problem withLinux namespaces

Page 10: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary

Cloud-native App

Cloud-native App

Linux kernel

POSIX

Cloud-native App

Page 11: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary

Cloud-native App

Cloud-native App

Linux kernel

POSIX

Large surface of attack

On average, 3 privilege escalation vulnerabilities per Linux release!

Cloud-native App

Page 12: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary

Cloud-native AppMalicious App

Linux kernel

POSIX

Cloud-native App

Large surface of attack

On average, 3 privilege escalation vulnerabilities per Linux release!

Page 13: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary

Cloud-native AppMalicious App

Linux kernel

POSIX

Cloud-native App

Large surface of attack

On average, 3 privilege escalation vulnerabilities per Linux release!

Page 14: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary

Cloud-native AppMalicious App

Linux kernel

POSIX

Cloud-native App

Large surface of attack

On average, 3 privilege escalation vulnerabilities per Linux release!

Page 15: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary

Cloud-native AppMalicious App

Linux kernel

POSIX

Cloud-native App

Large surface of attack

On average, 3 privilege escalation vulnerabilities per Linux release!

Page 16: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary
Page 17: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary
Page 18: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary
Page 19: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary
Page 20: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary

App (Container)

same owner

App (Container)

same owner

Linux kernel

App (Container)

same owner

Cloud-native App

same owner

Cloud-native App

same owner

Linux kernel

POSIX

Cloud-native App

same owner

Xen

● No multi-tenancy

● Only run cloud-native apps from the same user on the same host

● Use VMs (or bare-metal) as security boundary

● Need to handle both VMs provisioning and Cloud-Native app provisioning

Virtual interface, on average:

Xen PV: 1 priv escalation vuln / year KVM: 4 priv escalation vuln / year

Page 21: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary
Page 22: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary
Page 23: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary
Page 24: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary

Run

Page 25: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary

Virtualizationas container runtime

Page 26: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary
Page 27: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary
Page 28: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary

On R

Page 29: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary
Page 30: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary

Yes but,Does it run containers?

Page 31: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary

Cloud-native App

Cloud-native App

Linux

Cloud-native App

Embedded Hypervisor

POSIX

Linux Linux

VMX

VM● 1 container app <--> 1 VM

● Secure by default

● Mix and match traditional VMs and container apps on a single platform

● Support mixed criticality workloads

● Support real time apps

● Support device assignment

Page 32: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary

How do we do it?

Page 33: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary

Linux Kernel

Linux Namespaces

Docker Registry

Linux Namespaces

Cloud-Native App

Linux Namespaces

Cloud-Native App

App binaries

App librariesCloud-Native

App

App binaries

App libraries

Docker

This is justrootfs + manifest

Page 34: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary
Page 35: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary
Page 36: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary
Page 37: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary

Xen

VM

Docker Registry

VM

Cloud-Native App

VM

Cloud-Native App

App binaries

App librariesCloud-Native

App

App binaries

App libraries

CoreOS rkt

Page 38: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary
Page 39: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary

PVCalls

Page 40: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary
Page 41: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary

Cloud-native App

Linux DomU

Xen

POSIX

PV Interface

VM

Each app is run in a small separate Xen VM for isolation.

POSIX calls are confined within the VM, “emulated” by the guest kernel.

Few selected syscalls are handled securely by Dom0 (filesystem and socket syscalls primarily).

Dom0

PV Calls

Page 42: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary

Dom0Cloud-native app

XenPV Interface

VM

Syscall backend

Syscallfrontend

PV CallsAll othersyscalls

Linux DomU internals

Page 43: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary
Page 44: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary

Considerations on Meltdown

Page 45: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary
Page 46: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary
Page 47: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary

Linux 4.15no fix

Linux 4.15fix

Linux 4.15On Xen

CompileBench, Higher is Better

Native Native Xen VM

Page 48: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary
Page 49: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary
Page 50: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary

Demo

Page 51: The Problem - eLinux...Cloud-native App same owner Xen No multi-tenancy Only run cloud-native apps from the same user on the same host Use VMs (or bare-metal) as security boundary

Stefano Stabellinisstabellini AT kernel.orgtwitter.com/stabellinist


DroneCode and ArduPilot - eLinux · PDF fileMoved to AVR boards in 2009 ... – Ublox Lea6H GPS on 38400 UART

Human Impact. Invasive Species Non-Native Species enter an ecosystem Invasive Species, Alien Species, Non- Native Species are all the same. Globalization

Common Core 3.0 ICWA: Working with Native American ......has been roughly the same for over 100 years and today, although comprising only 1% of the population, Native American children

Mastering the DMA and IOMMU APIs - eLinux

ASSESSMENT OF NATIVE AMERICAN, ALASKA NATIVE, AND NATIVE … · ASSESSMENT OF NATIVE AMERICAN, ALASKA NATIVE, AND NATIVE HAWAIIAN HOUSING NEEDS PAPERWORK REDUCTION ACT SUBMISSION

Native or Non-native

RunX - eLinux

OpenBMC - eLinux · • Driver stability • Better tooling: development, provisioning, monitoring • HW availability • OpenBMC Developer Platform • Baseboard with AST2500 BMC

Native ift native advertising

The American Colonies Native American Culture Way of life varied based on location: Farmers, Nomadic, etc.: Not all Native Americans are the same Way

USB Netconsole - eLinux

Native American Literature English 3. “The Sun Still Rises in the Same Sky: Native American Literature” by Joseph Bruchac p.15-16 Article about Native

BoF Farming Together Andrew Murray - eLinux

Cross-compiling OpenJDK - eLinux · Cross-compiling OpenJDK Robert Schuster. 2010-10-27 ELCE Europe 2010 Why?

ARM Flattened Device Tree status report - eLinux

NATIVE TEACHERS, NON-NATIVE TEACHERS AND ELF Same …

Scala Native Documentation - Scala Native — Scala Native

Raspberry Pi - Hardware (eLinux)

Asterisk, mas que una central telefónica - Elinux - Inicio2008.encuentrolinux.cl/charlas/Asterisk_mas_que_una_central... · Asterisk, mas que una central telefónica Andrés Junge

Using Qt for non-graphical applications - eLinux

arm-soc - eLinux

Lessons Learned in Native and How to Avoid Making the Same Mistakes - WTF Native NYC, 11/3/15

Cooperative Development Inside Communities - eLinux · Cooperative Development Inside Communities Jeff OsierMixon MontaVista Software, Inc. ... Hacks Android Last Project Platform

Native American Indians And now… Then…. What do these two have in common? They are both from the same tribe…

Chapter 1 Hello, Androidsite.iugaza.edu.ps/aasamra/wp-content/uploads/CH1... · All apps (native and 3rd party) are written using the same APIs and run on the same run time executable

Short Message Service - eLinux · CE Linux Forum Technical Document Classification: Short Message Service

Raspberry Pi - Expansion Boards (eLinux)

Raspberry Pi - SD Cards (eLinux).pdf

Introduction - eLinux

Android is NOT just 'Java on Linux' - eLinux wiki

ArcGIS Runtime SDKs: Using QML to Build Native Cross ... · Qt and QML •Cross platform framework •Build native apps •Same source code compiled for each platform •Powered by

Elinux Ref Slides Day 4&5

RPiconfig - eLinux

Native Advertising Seminar - IAB Australia · Native Advertising Seminar . ... The BuzzFeed Story Unit . In-stream and content-rich . 22 . The same hat, just tinier. Justin Bieber’s

Upstreaming Android Kernel - eLinux