Document 7724305
Download
Report
Transcript Document 7724305
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
1
Agenda
Introduction
Cloud
Computing
Virtualization
VM migration
Key Management in Cloud
Literature Survey
Survey Findings
Industry Survey
Community Response
Problem Statement
Proposed Architecture Design
Technology and standards
Future Milestones
References
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
2
Cloud Computing
Cloud Services Model
SaaS
PaaS
IaaS
Cloud Federation
Federation Benefits
Cloud Burst
Load Balancing
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
3
Virtualization
Virtualization
Types of Virtualization
Virtual Machine (VM)
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
4
VM Migration
VM Migration
Live Migration (only shared storage)
Suspend/Pause and Transfer
Benefits of Migration
Load balancing
Disaster recovery
Hardware maintenance
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
5
Key Management in Cloud
Service Side Encryption (SSE) with KMS provides
Data protection
Hardware Encryption (AES-NI)
Reduce client maintenance effort
Amazon /Google’s provides transparent encryption.
VM images (object), Volume, Data encryption
Creating, Storing, Protecting, and Providing access to keys.
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
6
Literature Survey
Problem
Insecure VM migration in Xen/VMware/KVM.
Solution
Categorized Attack on VM migration into:
Control plane (Unauthorized migration operation)
Data plane (insecure channel)
Migration Module (buffer overflow issues)
Developed Xensploit Tool for exploitation
Reference: J. Oberheide, E. Cooke and F. Jahanian, “Empirical exploitation of live Virtual Machine migration”, Proc. of
BlackHat DC convention.
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
7
Literature Survey
Problem
Inter Cloud VM mobility for cloud bursting and load balancing
Solution
Inter Cloud Proxies
Secure Channel between Proxies using SSH
Analysis
Tunnel does not provide host to host secure channel during migration.
Port forwarding on firewalls between the clouds
No Authorization mechanism.
Reference: K. Nagin, D. Hadas, Z. Dubitzky, A. Glikson, I. Loy, B. Rochwerger and L. Schour, “Inter-cloud mobility of virtual
machines”, International Conference on Systems and Storage, May 30-June 01, 2011, Haifa, Israel.
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
8
Literature Survey
Problem
Trusted channel and remote attestation in VM
migration
Solution
vTPM based migration proposed provides
Authentication, confidentiality, Integrity,
Reply Resistance, source non-repudiation
Two phases
Trusted channel establishment
VM and vTPM migration
Analysis
Authorization is not supported.
Dependency on TPM hardware .
Suspension of vTPM instance
Complex Key hierarchy from TPM to vTPM.
Reference: X. Wan, X. Zhang, L. Chen and J. Zhu, “An improved vTPM migration protocol based trusted channel”,
International Conference on Systems and Informatics, 2012, pp. 871-875
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
9
Literature Survey
Problem
VM migration is insecure process
Solution.
Load calculation on physical host
RSA with SSL protocol for authentication
and encryption
Pre-copy or Post-copy migration
techniques
Analysis.
Authorization is not supported
Neglected the affects of migration in cloud
environment.
Reference: V. P. Patil and G.A. Patil, “Migrating process and virtual machine in the cloud: load balancing and security
perspectives,” International Journal of Advanced Computer Science and Information Technology 2012, vol. 1, pp. 11-19.
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
10
Literature Survey
Problem
Security and Reliability in VM migration
Solution.
Policy/Role based Migration approach
Consists of attestation service, seal storage,
policy service, migration service and
secure hypervisor components
Analysis.
Authentication is not supported
Dependency on TPM and Seal storage
hardware.
Reference: W. Wang, Y. Zhang, B. Lin, X. Wu and K. Miao, “Secured and reliable VM migration in personal cloud”, 2nd
International Conference on Computer Engineering and Technology, 2010
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
11
Literature Survey
Problem
Resource Optimization in Federated Cloud
using VM migration.
Solution.
Monitor the current workload of the
physical servers
Detect the overloaded servers efficiently
VM replacement considering the federated
environment
Analysis.
No security feature is supported
Reference: Y. Xu, Y. Sekiya , “Scheme of Resource Optimization using VM Migration for Federated Cloud
Proceedings of the Asia-Pacific Advanced Network 2011 v. 32, p. 36-44
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
12
Survey Findings
Analysis of Existing Solutions and Approaches
Security
Requirements/ID’s
Integrity
Verification of
platform
Authentication of
platform
Authorization
(Access control
policies )
Confidentiality and
Integrity of VM
during migration
Replay Resistance
Source NonRepudiation
1
3
4
5
6
7
8
Isolate
migration
network
V
LAN[6]
Role
based
Migratio
n
[9]
Secure
VMvTPM
[10]
Improve
d
vTMP
based
Migrati
on
[7]
VM
mobilit
y
using
SSH
tunnel
[11]
TCSL Secure
Migratio
[12]
n using
RSA
with SSL
[13]
9
10
Trust
PALM
Token
[17]
Based
migration
[14]
Isolate
migration
Traffic
Isolate
migration
traffic
Isolate
migration
traffic
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
13
Survey Findings
Identified Limitations
Security
Insufficient Access Control
Lack of Mutual Authentication
Lack of Confidentiality
Lack of Integrity
Implementation
Dependency on TPM/Seal Storage module
TPM is bottleneck
Leakage of information in vTPM.
Port forwarding on intermediate firewall
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
14
Industrial Survey
http://searchservervirtualization.techtarget.com/feature/Virtual-machine-migration-FAQ-Live-migration-P2V-and-more
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
15
Cont..
http://www.net-security.org/secworld.php?id=11825
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
16
Community Response
https://launchpad.net/~harlowja
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
17
This research work is intended to propose a secure
migration of Encrypted Images of VM and their keys
between CSP’s. Furthermore, we also propose
enhanced key management which securely handle
migrated keys.
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
18
Cont..
A
Dashboard/CLI
Load
Monitoring
Dashboard/CLI
B
Insecure channel
1
2
3
Xen/KVM
Authentication/
Authorization
Module
Load
Monitori
ng
Encrypted
Images Store,
(Windows8,
Ubuntu,
Centos,Suse)
1
2
4
Xen/KVM
5
Encrypted
Image Store,
(Windows8,
Ubuntu,
Centos,Suse )
Authentication/
Authorization
Module
Key Manager
Key Manager
Can not store
migration keys
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
Requirements for VM migration
Process
Security:
Role based access control
Mutual Authentication (source non-repudiation and trust)
Confidentiality during migration process
Integrity of VM and Keys
Key Management:
Migrated Keys of Encrypted VM Images must be included in Key
Manager of receiver CSP.
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
20
Proposed Architecture Design
1. Cert Req
1. Cert Req
2. Auth/Autz
2. Auth/Autz
Dashboard/CLI
A
1
2
2
3
Xen/KVM
Authentication/
Authorization
Module
Load
Monitoring
3. Run VM
Instance
Encrypted
Images Store,
Windows8,
Ubuntu,
Centos,Suse
Dashboard/CLI
4. Migration
Request
5. Mutual
Authentication
6. SSL Channel/
Key shared (K)
7. [VM +
{Key} Pub_B ] K
Key Manager
B
8 b). Migrated VM.
2
1
2
4
Xen/KVM
Authentication/
Authorization
Module
9. ACK
8a). Decrypt &
Update Key Manager
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
5
3. Run VM
instance
Encrypted
Image Store,
Windows8,
Ubuntu,
Centos,Suse
Key Manager
Technologies and Standards
Libvirt
KVM/XEN
Python
OpenStack Cloud OS
Key Manager (OpenStack )
PKI (DogTag)
M2Crypt/pyopenssl
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
Future Milestones
Milestones
Duration
Preliminary study and Research
Done
Implementation
Cloud Configuration , PKI setup
Key
Manager setup
Done
1 week
Implementation of security features
Authorization, Authentication,
confidentiality and integrity
3 month
Enchantment in Key manager
1 month
Testing and Evaluation
1.5 month
Final Documentation
1.5 month
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
24
References
[1] K. Hashizume, D. G. Rosado, E. Fernández-Medina, and E. B. Fernandez, “An analysis of security issues
for cloud computing,” Journal of Internet Services and Applications 2013.
[2] P. Mell, T. Grance, 'The NIST definition of cloud computing". NIST,Special Publication 800–145,
Gaithersburg, MD.
[3] J. Oberheide, E. Cooke and F. Jahanian, “Empirical exploitation of live Virtual Machine migration”, Proc.
of BlackHat DC convention 2008.
[4] V. Vaidya, "Virtualization vulnerabilities and threats: a solution white paper", RedCannon Security Inc,
2009.
http://www.redcannon.com/vDefense/VM_security_wp.pdf.
[5] Steve Orrin, Virtualization Security: Challenges and Solutions, 2010.
http://365.rsaconference.com/servlet/JiveServlet/previewBody/2555-102-2-3214/STAR-303.pdf.
[6] J. Shetty, Anala M. R, Shobha G, “A survey on techniques of secure live migration of virtual machine”,
International Journal of Computer Applications (0975 – 8887), vol. 39, no.12, February 2012.
[7] X. Wan, X. Zhang, L. Chen and J. Zhu, “An improved vTPM migration protocol based trusted channel”,
International Conference on Systems and Informatics, 2012, pp. 871-875.
[8] OpenStack Security Guide, 2013.
http://docs.openstack.org/security-guide/security-guide.pdf.
[9] W. Wang, Y. Zhang, B. Lin, X. Wu and K. Miao, “Secured and reliable VM migration in personal cloud”,
2nd International Conference on Computer Engineering and Technology, 2010.
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
References
[10] B. Danev, R. J. Masti, G. O. Karame and S. Capkun,“Enabling secure VM-vTPM migration in private
clouds”, Proceedings of the 27th Annual Computer Security Applications Conference, December 05-09,
2011, Orlando, Florida.
[11] K. Nagin, D. Hadas, Z. Dubitzky, A. Glikson, I. Loy, B. Rochwerger and L. Schour, “Inter-cloud
mobility of virtual machines”, International Conference on Systems and Storage, May 30-June 01, 2011,
Haifa, Israel.
[12] Y. Chen, Q. Shen, P. Sun, Y. Li, Z. Chen and S. Qing, “Reliable migration module in trusted cloud based
on security level - design and implementation”, International Parallel and Distributed Processing Symposium
Workshops & PhD Forum 2012.
[13]. V. P. Patil and G.A. Patil, “Migrating process and virtual machine in the cloud: load balancing and
security perspectives,” International Journal of Advanced Computer Science and Information Technology
2012, vol. 1, pp. 11-19
[14]. M. Aslam, C. Gehrmann, M. Bjorkman “Security and trust preserving VM migrations in public
clouds”, International Conference on Trust, Security and Privacy in Computing and
Communications 2012.
[15] P. Botero, Diego “A brief tutorial on live virtual machine migration from a security perspective”,
University of Princeton, USA.
[16]. A. Rehman, S. Alqahtani, A. Altameem and T. Saba, “Virtual machine security challenges: case
studies”, International Journal of Machine Learning and Cybernetics: 1-14, April 2013.
[17]. F. Zhang, Y. Huang, H. Wang, H. Chen, B. Zang, “PALM: security preserving VM live migration for
systems with VMM-enforced protection”, Third Asia-Pacific Trusted Infrastructure Technologies
Conference, 2008.
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad