securing your cloud with xen project s advanced security
play

Securing Your Cloud with Xen Projects Advanced Security Features - PowerPoint PPT Presentation

Mar 16, 2024 •221 likes •553 views

Introduction Network path Bootloader Device model Xen Conclusion Securing Your Cloud with Xen Projects Advanced Security Features Russell Pavlicek, Xen Project Evangelist CloudOpen North America 2013 Introduction Network path

  1. Introduction Network path Bootloader Device model Xen Conclusion Securing Your Cloud with Xen Project’s Advanced Security Features Russell Pavlicek, Xen Project Evangelist CloudOpen North America 2013

  2. Introduction Network path Bootloader Device model Xen Conclusion Who is the Old, Fat Geek Up Front? ◮ Xen Project Evangelist ◮ Employed by Citrix, focused entirely on the Xen Project ◮ History with Open Source begins in 1997 ◮ Former columnist with Infoworld, Processor magazines ◮ Former panelist on The Linux Show webcast, repeat guest on The Linux Link Tech Show ◮ Over 150 pieces published, plus one book on Open Source development and several blogs CloudOpen North America 2013 Securing Your Cloud with Xen Project’s Advanced Security Features 2 / 32

  3. Introduction Network path Bootloader Device model Xen Conclusion Introduction: Xen Project and Security ◮ Xen Project is an enterprise-grade Type I hypervisor ◮ Built for the Cloud before it was called the Cloud ◮ A number of advanced security features ◮ Driver Domains, Stub Domains, FLASK, and more ◮ Most of them are not (or cannot) be turned on by default ◮ Although they are simple to use, sometimes they can appear to be complicated CloudOpen North America 2013 Securing Your Cloud with Xen Project’s Advanced Security Features 3 / 32

  4. Introduction Network path Bootloader Device model Xen Conclusion Presentation Goals ◮ Introduce you to key Xen Project Security Tools ◮ Discuss some key Xen security features ◮ Get you started in the right direction toward securing your Xen installation CloudOpen North America 2013 Securing Your Cloud with Xen Project’s Advanced Security Features 4 / 32

  5. Introduction Network path Bootloader Device model Xen Conclusion Presentation Outline ◮ A few thoughts on the problem of securing the Cloud ◮ Overview of the Xen architecture ◮ Brief introduction to principles of security analysis ◮ Consider some attack surfaces and Xen features we can use to mitigate them: ◮ Driver Domains ◮ PVgrub ◮ Stub Domains ◮ Paravirtualization (PV) mode vs Hardware Virtualization (HVM) mode ◮ FLASK example policy CloudOpen North America 2013 Securing Your Cloud with Xen Project’s Advanced Security Features 5 / 32

  6. Introduction Network path Bootloader Device model Xen Conclusion The Cloud Security Conundrum ◮ Security: The 800 pound gorilla of the Cloud world ◮ Nothing generates more fear in specific, and FUD in general ◮ Probably the single greatest barrier to Cloud adoption ◮ Immediately behind it is the inability to get out of a 20th century IT mindset (i.e., ”Change is Bad”) ◮ The good news: we don’t need to fear it – we just need to solve it CloudOpen North America 2013 Securing Your Cloud with Xen Project’s Advanced Security Features 6 / 32

  7. Introduction Network path Bootloader Device model Xen Conclusion Cloud Security: New Visibility to Old Problem ◮ Security has always been an issue ◮ Putting a truly secure system in the open does not reduce its security, just increases the frequency of attack ◮ Unfortunately, system security behind the firewall has not always been comprehensive ◮ Having solutions in Clouds forces us to solve the security issues we should have already solved ◮ Security through obscurity is no longer sufficient CloudOpen North America 2013 Securing Your Cloud with Xen Project’s Advanced Security Features 7 / 32

  8. Introduction Network path Bootloader Device model Xen Conclusion Security by Design, not by Wishful Thinking ◮ Security by Wishful Thinking is Officially Dead ◮ Merely hoping that your firewall holds off the marauding hordes is NOT good enough ◮ Addressing security in one area while ignoring others is NOT good enough ◮ Saying, ”We’ve never had a problem before” is NOT good enough ◮ Comprehensive security starts with design ◮ It needs to planned and carefully thought through ◮ It needs to be implemented at multiple levels ◮ It needs components which are themselves securable CloudOpen North America 2013 Securing Your Cloud with Xen Project’s Advanced Security Features 8 / 32

  9. Introduction Network path Bootloader Device model Xen Conclusion Xen Project: Security by Design ◮ Xen Project was designed for Clouds before the term ”Cloud” was coined in the industry ◮ Designers foresaw the day of an ”infrastructure for wide-area distributed computing” which we now call ”the Cloud” ◮ http://www.cl.cam.ac.uk/research /srg/netos/xeno/publications.html ◮ Xen is designed to thwart attacks from many attack vectors, using different defensive techniques CloudOpen North America 2013 Securing Your Cloud with Xen Project’s Advanced Security Features 9 / 32

  10. Introduction Network path Bootloader Device model Xen Conclusion Xen Architecture: A Basic Picture dom 0 device model (qemu) toolstack Paravirtualized Fully (PV) Virtualized Domain (HVM) Hardware netback netfront Domain Drivers blkback blkfront Xen Hypervisor Hardware I/O Devices CPU Memory CloudOpen North America 2013 Securing Your Cloud with Xen Project’s Advanced Security Features 10 / 32

  11. Introduction Network path Bootloader Device model Xen Conclusion Security Overview ◮ Threat Models: ◮ Attacker can access network ◮ Attacker controls one Guest VM ◮ Security considerations to evaluate: ◮ How much code is accessible? ◮ What is the interface like? (e.g., pointers vs scalars) ◮ Defense-in-depth ◮ Then combine security tactics to secure the installation ◮ There is no single ”magic bullet” ◮ Individual tactics reduce danger; combined tactics go even farther CloudOpen North America 2013 Securing Your Cloud with Xen Project’s Advanced Security Features 11 / 32

  12. Introduction Network path Bootloader Device model Xen Conclusion Example System, for our Discussion ◮ Hardware setup ◮ Two networks: one Control network, one Guest network ◮ IOMMU with interrupt remapping (AMD or Intel VT-d v2) to allow for full Hardware Virtualization (HVM) ◮ Default configuration ◮ Network drivers in the Control Domain (aka ”Domain 0” or just ”Dom0”) ◮ Paravirtualized (PV) guests using PyGrub (grub-like boot utility within context of Guest Domain) ◮ Hardware Virtualized (HVM) guests using Qemu (as the device model) running in the Control Domain CloudOpen North America 2013 Securing Your Cloud with Xen Project’s Advanced Security Features 12 / 32

  13. Introduction Network path Bootloader Device model Xen Conclusion Attack surface: Network path dom 0 toolstack Domain netfront bridge iptables Rogue Domain NIC netback netfront Driver Xen Hypervisor Hardware Control NIC Guest NIC ◮ Where might an exploit focus? ◮ Bugs in hardware driver ◮ Bugs in bridging / filtering ◮ Bugs in netback (via the ring protocol) CloudOpen North America 2013 Securing Your Cloud with Xen Project’s Advanced Security Features 13 / 32

  14. Introduction Network path Bootloader Device model Xen Conclusion Attack surface: Network path dom 0 toolstack Domain netfront bridge iptables Rogue Domain NIC netback netfront Driver Xen Hypervisor Hardware Control NIC Guest NIC ◮ What could a successful exploit yield? ◮ Control of Domain 0 kernel ◮ Pretty much control of the whole system CloudOpen North America 2013 Securing Your Cloud with Xen Project’s Advanced Security Features 14 / 32

  15. Introduction Network path Bootloader Device model Xen Conclusion Security feature: Driver Domains dom 0 Domain toolstack netfront Driver Domain iptables bridge Rogue Domain NIC netfront NIC netback Driver Driver Xen Hypervisor Hardware Control NIC Guest NIC ◮ What is a Driver Domain? ◮ Unprivileged VM which drives hardware, provides access to guests CloudOpen North America 2013 Securing Your Cloud with Xen Project’s Advanced Security Features 15 / 32

  16. Introduction Network path Bootloader Device model Xen Conclusion Security feature: Driver Domains dom 0 Domain toolstack netfront Driver Domain iptables bridge Rogue Domain NIC netfront NIC netback Driver Driver Xen Hypervisor Hardware Control NIC Guest NIC ◮ Now a successful exploit could yield: ◮ Control of the Driver Domain (PV hypercall interface) ◮ Control of that guest’s network traffic ◮ Control of NIC ◮ An opportunity to attack netfront of other guests CloudOpen North America 2013 Securing Your Cloud with Xen Project’s Advanced Security Features 16 / 32

  17. Introduction Network path Bootloader Device model Xen Conclusion HowTo: Driver Domains ◮ Create a VM with appropriate drivers ◮ Use any distribution suitable as a Control Domain ◮ Install the Xen-related hotplug scripts ◮ Just installing the Xen tools in the VM is usually good enough ◮ Give the VM access to the physical NIC with PCI pass-through ◮ Configure the network topology in the Driver domain ◮ Just like you would for the Control Domain ◮ Configure the guest Virtual Network Interface (vif) to use the new domain ID ◮ Add backend=domnet to vif declaration vif = [ ’type=pv, bridge=xenbr0, backend=domnet’ ] ◮ http://wiki.xenproject.org/wiki/Driver Domain CloudOpen North America 2013 Securing Your Cloud with Xen Project’s Advanced Security Features 17 / 32

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Securing the Cloud Identity Management and Network Security in the Cloud Mark Ryland Chief

Securing the Cloud Identity Management and Network Security in the Cloud Mark Ryland Chief

Securing the Cloud Identity Management and Network Security in the Cloud Mark Ryland Chief Solutions Architect AWS Public Sector team Khawaja Shams Cloud Architect Jet Propulsion Labs / NASA QCon New York 2012 Agenda Identity &

594 views • 21 slides
Serverless security: attack & defense www.securing.pl #whoami Senior Security Consultant in

Serverless security: attack & defense www.securing.pl #whoami Senior Security Consultant in

www.securing.pl Pawel Rzepa Serverless security: attack & defense www.securing.pl #whoami Senior Security Consultant in - Pentesting - Cloud security assessment Blog: https://medium.com/@rzepsky @Rzepsky

1.1k views • 63 slides
Advanced Research Issues In Security: Securing Key Internet Technologies CS 236 On-Line MS

Advanced Research Issues In Security: Securing Key Internet Technologies CS 236 On-Line MS

Advanced Research Issues In Security: Securing Key Internet Technologies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 18 Page 1 CS 236 Online Outline Routing security DNS security Lecture 18 Page 2

556 views • 31 slides
Securing the connected world Security acceleration for cloud computing/data centers Company

Securing the connected world Security acceleration for cloud computing/data centers Company

Securing the connected world Security acceleration for cloud computing/data centers Company history 1991: Founded as ASIC design house in Louvain-la-Neuve, Belgium 1995: Becomes part of the Barco group. 1999: 1st SoC development for

189 views • 14 slides
Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security risks. Attacks in a cloud environment, top threats. Security, a major concern for cloud users. Privacy. Trust. Operating systems

661 views • 38 slides
IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT is a system of systems, with A great deal of heterogeneity (sensing, computation, communication, energy) New types of devices appearing all

1.35k views • 65 slides
IT SECURITY FOR LIBRARIES PART 1: SECURING YOUR LIBRARY BRIAN PICHMAN | EVOLVE PROJECT AGENDA

IT SECURITY FOR LIBRARIES PART 1: SECURING YOUR LIBRARY BRIAN PICHMAN | EVOLVE PROJECT AGENDA

IT SECURITY FOR LIBRARIES PART 1: SECURING YOUR LIBRARY BRIAN PICHMAN | EVOLVE PROJECT AGENDA A high level overview of what to implement in your library to make it secure. With the rise of data breaches, identity theft, malicious hacking,

1.03k views • 49 slides
Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the

Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the

Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the Cloud? How the Cloud is delivered: Iaas, PaaS and SaaS Cloud security challenges and risk Current Cloud security report Cloud security technology

302 views • 27 slides
Securing PHP Applications By: Ilia Alshanetsky What is Security? Security is a measurement, not

Securing PHP Applications By: Ilia Alshanetsky What is Security? Security is a measurement, not

Securing PHP Applications By: Ilia Alshanetsky What is Security? Security is a measurement, not a characteristic. It s is also an growing problem that requires an continually evolving solution. A good measure of secure application is it

782 views • 74 slides
Trusted End Host Monitors for Securing Cloud Datacenters Alan Shieh Srikanth Kandula

Trusted End Host Monitors for Securing Cloud Datacenters Alan Shieh Srikanth Kandula

Trusted End Host Monitors for Securing Cloud Datacenters Alan Shieh Srikanth Kandula Albert Greenberg Cloud workload is dynamic and hostile Traditional datacenters Cloud datacenters Infrastructure supports small # of

241 views • 6 slides
Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined)

Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined)

Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined) Administrative discussions Stephen McCamant University of Minnesota Multi-Cloud Oblivious Storage Old and new topics in security Cloud threats, old and new

645 views • 8 slides
1 1.2. Guidelines for Information Security of Cloud Computing Category Main contents of measure

1 1.2. Guidelines for Information Security of Cloud Computing Category Main contents of measure

Agenda Related Polices to Cloud Computing I. Guidelines for Information Security of Cloud II. Computing Cloud Security Certification Scheme in KOREA Cloud Security Certification Program in Korea III. April. 11, 2017 Jungduk (JD) KIM, Ph.

403 views • 5 slides
Securing Cloud Deployments S.S.Mulay Sr. V.P. Engineering April 6, 2013 Cloud at a Glance

Securing Cloud Deployments S.S.Mulay Sr. V.P. Engineering April 6, 2013 Cloud at a Glance

Securing Cloud Deployments S.S.Mulay Sr. V.P. Engineering April 6, 2013 Cloud at a Glance Resource Pooling Essential Features Network On Self Elasticity Metering Access Demand Service IAAS IAAS Service Models PAAS PAAS SAAS SAAS

502 views • 16 slides
Quick Intro to Computer Security What is computer security? Securing communication

Quick Intro to Computer Security What is computer security? Securing communication

Carnegie Mellon Quick Intro to Computer Security What is computer security? Securing communication Cryptographic tools Access control User authentication Computer security and usability Thanks to Mike Reiter for the

412 views • 38 slides
Advanced ML in Google Cloud Abhay Agarwal (MS Design 19) Agenda General Notes on

Advanced ML in Google Cloud Abhay Agarwal (MS Design 19) Agenda General Notes on

CS341: Project in Mining Massive Datasets Advanced ML in Google Cloud Abhay Agarwal (MS Design 19) Agenda General Notes on Pipelining Some History Distributed Processing in Tensorflow Cloud ML Engine in Google Cloud

381 views • 22 slides
Web Security Thierry Sans Securing the web architecture means securing ... The network

Web Security Thierry Sans Securing the web architecture means securing ... The network

Web Security Thierry Sans Securing the web architecture means securing ... The network The operating system The web server ( Apache for instance) The administration server ( SSH for instance) The database ( Oracle for instance)

1.37k views • 61 slides
Problems and Solutions in Classical Component Systems Language Transparency

Problems and Solutions in Classical Component Systems Language Transparency

TDDD05, O. Leifler & C. Kessler, 2005-2014. Some slides by courtesy of Uwe Assmann, IDA / TU Dresden. Problems and Solutions in Classical Component Systems Language Transparency Location/Distribution Transparency Example: Yellow

860 views • 52 slides
MC714 - Sistemas Distribuidos slides by Maarten van Steen (adapted from Distributed System - 3rd

MC714 - Sistemas Distribuidos slides by Maarten van Steen (adapted from Distributed System - 3rd

MC714 - Sistemas Distribuidos slides by Maarten van Steen (adapted from Distributed System - 3rd Edition) Chapter 04: Communication Version: March 28, 2019 Communication: Foundations Layered Protocols Basic networking model Application

662 views • 41 slides
Speaker: Jianchao Lu Jianchao Lu, Xiaomi Mao, Baris Taskin VLSI Lab Electrical & Computer

Speaker: Jianchao Lu Jianchao Lu, Xiaomi Mao, Baris Taskin VLSI Lab Electrical & Computer

Speaker: Jianchao Lu Jianchao Lu, Xiaomi Mao, Baris Taskin VLSI Lab Electrical & Computer Engineering Drexel University 1 Outline Preliminaries Previous Works Methodology Experimental Results Conclusions 2 Clock Mesh

589 views • 35 slides
Convolutional Neural Networks for Particle Tracking Steve Farrell for the HEP.TrkX project May

Convolutional Neural Networks for Particle Tracking Steve Farrell for the HEP.TrkX project May

Convolutional Neural Networks for Particle Tracking Steve Farrell for the HEP.TrkX project May 8, 2017 DS@HEP, FNAL Particle tracking at the LHC An interesting and challenging pattern recognition problem A very important piece of

613 views • 33 slides
Diffusing Your Mobile Apps: Extending In-Network Function Virtualisation to Mobile Function

Diffusing Your Mobile Apps: Extending In-Network Function Virtualisation to Mobile Function

Diffusing Your Mobile Apps: Extending In-Network Function Virtualisation to Mobile Function Offloading Mario Almeida, Liang Wang*, Jeremy Blackburn, Konstantina Papagiannaki, Jon Crowcroft* Telefonica Research, ES University of

903 views • 26 slides
Nachos Instructional OS: Part 3B CS 170, Tao Yang Topics File system implementation.

Nachos Instructional OS: Part 3B CS 170, Tao Yang Topics File system implementation.

Nachos Instructional OS: Part 3B CS 170, Tao Yang Topics File system implementation. Assignment 3B for File system extension 5/26/2015 2 Nachos File System Nachos Kernel Read/write Linux Two versions: openFile objects

627 views • 23 slides
Bringing the STW Thesaurus for Economics on to the Web of Linked Data Joachim Neubert IT

Bringing the STW Thesaurus for Economics on to the Web of Linked Data Joachim Neubert IT

Bringing the STW Thesaurus for Economics on to the Web of Linked Data Joachim Neubert IT Development German National Library of Economics Leibniz Centre for Economics Linked Data on the Web Madrid, 20/04/2009 www.zbw.eu Contents 1)

507 views • 14 slides
KOS evolution in Linked Data Joachim Neubert ZBW Leibniz Information Centre for Economics,

KOS evolution in Linked Data Joachim Neubert ZBW Leibniz Information Centre for Economics,

KOS evolution in Linked Data Joachim Neubert ZBW Leibniz Information Centre for Economics, Hamburg SWIB14 Bonn, Germany 03.12.2014 ZBW is member of the Leibniz Association Agenda Introduction Current versioning approach with STW

390 views • 34 slides

More recommend