Seeding Clouds with Trust Anchors Joshua Schiffman , Thomas Moyer, - - PowerPoint PPT Presentation

seeding clouds with trust anchors
SMART_READER_LITE
LIVE PREVIEW

Seeding Clouds with Trust Anchors Joshua Schiffman , Thomas Moyer, - - PowerPoint PPT Presentation

Feb 08, 2023 257 likes •671 views

slide-1
SLIDE 1
  • Systems and Internet Infrastructure Security Laboratory (SIIS)

Page

Seeding Clouds with Trust Anchors

Joshua Schiffman, Thomas Moyer, Hayawardh Vijayakuamar, Trent Jaeger, and Patrick McDaniel CCSW ’10

1

Saturday, October 16, 2010

slide-2
SLIDE 2

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

Hurdles to Cloud Adoption

  • Clouds offer customers a platform for on-demand

resources and reduced administrative effort

  • However, fears of data loss and security breaches

have stifled adoption by many businesses

  • We propose increasing the transparency of

cloud platforms to build trust in them

2

Saturday, October 16, 2010

slide-3
SLIDE 3

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

  • Customers are concerned with:
  • Host and

VM integrity

  • VM isolation / protection
  • Data leakage
  • Need to verify integrity of those components

Uncertainty in Clouds

3

Dom0

Xen

Saturday, October 16, 2010

slide-4
SLIDE 4

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

  • Customers are concerned with:
  • Host and

VM integrity

  • VM isolation / protection
  • Data leakage
  • Need to verify integrity of those components

Uncertainty in Clouds

3

DomU Dom0

Xen

Saturday, October 16, 2010

slide-5
SLIDE 5

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

  • Customers are concerned with:
  • Host and

VM integrity

  • VM isolation / protection
  • Data leakage
  • Need to verify integrity of those components

Uncertainty in Clouds

3

DomU DomU Dom0

Xen

Saturday, October 16, 2010

slide-6
SLIDE 6

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

  • Customers are concerned with:
  • Host and

VM integrity

  • VM isolation / protection
  • Data leakage
  • Need to verify integrity of those components

Uncertainty in Clouds

3

DomU DomU Dom0

Xen Xen

Saturday, October 16, 2010

slide-7
SLIDE 7

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

  • Customers are concerned with:
  • Host and

VM integrity

  • VM isolation / protection
  • Data leakage
  • Need to verify integrity of those components

Uncertainty in Clouds

3

DomU DomU Dom0

Xen

Dom0

Xen

Saturday, October 16, 2010

slide-8
SLIDE 8

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

  • Customers are concerned with:
  • Host and

VM integrity

  • VM isolation / protection
  • Data leakage
  • Need to verify integrity of those components

Uncertainty in Clouds

3

DomU DomU Dom0

Xen

Saturday, October 16, 2010

slide-9
SLIDE 9

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

  • Customers are concerned with:
  • Host and

VM integrity

  • VM isolation / protection
  • Data leakage
  • Need to verify integrity of those components

Uncertainty in Clouds

3

DomU DomU Dom0

Xen

DomU

Saturday, October 16, 2010

slide-10
SLIDE 10

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

  • Customers are concerned with:
  • Host and

VM integrity

  • VM isolation / protection
  • Data leakage
  • Need to verify integrity of those components

Uncertainty in Clouds

3

DomU DomU Dom0

Xen

DomU DomU

Saturday, October 16, 2010

slide-11
SLIDE 11

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

  • Customers are concerned with:
  • Host and

VM integrity

  • VM isolation / protection
  • Data leakage
  • Need to verify integrity of those components

Uncertainty in Clouds

3

DomU DomU Dom0

Xen

DomU DomU

Saturday, October 16, 2010

slide-12
SLIDE 12

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

  • Customers are concerned with:
  • Host and

VM integrity

  • VM isolation / protection
  • Data leakage
  • Need to verify integrity of those components

Uncertainty in Clouds

3

DomU DomU Dom0

Xen

DomU DomU

Saturday, October 16, 2010

slide-13
SLIDE 13

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

  • Customers are concerned with:
  • Host and

VM integrity

  • VM isolation / protection
  • Data leakage
  • Need to verify integrity of those components

Uncertainty in Clouds

3

DomU DomU Dom0

Xen

DomU DomU

Saturday, October 16, 2010

slide-14
SLIDE 14

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

  • Customers are concerned with:
  • Host and

VM integrity

  • VM isolation / protection
  • Data leakage
  • Need to verify integrity of those components

Uncertainty in Clouds

3

DomU DomU Dom0

Xen

DomU DomU

Saturday, October 16, 2010

slide-15
SLIDE 15

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

  • Customers are concerned with:
  • Host and

VM integrity

  • VM isolation / protection
  • Data leakage
  • Need to verify integrity of those components

Uncertainty in Clouds

3

DomU DomU Dom0

Xen

DomU DomU

Saturday, October 16, 2010

slide-16
SLIDE 16

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

Cloud support for proofs

  • Clouds offer a unique administrative environment

for integrity measurement

  • Physical security, internal PKI, consistent components
  • Centralized administration over many systems
  • Focus on using hardened / proven components
  • Assured hypervisors (e.g., SEL4) and code
  • Verifiable enforcement policies

4

Saturday, October 16, 2010

slide-17
SLIDE 17

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

Cloud Verifier

  • We propose a Cloud

Verifier (CV) mechanism to enable verification of cloud platforms by proxy

  • Verifiable component in the cloud
  • Monitors the integrity of

VM hosts using a public integrity criteria

5

CV

Node Controller Node Controller Node Controller

Saturday, October 16, 2010

slide-18
SLIDE 18

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

Cloud Verifier

  • We propose a Cloud

Verifier (CV) mechanism to enable verification of cloud platforms by proxy

  • Verifiable component in the cloud
  • Monitors the integrity of

VM hosts using a public integrity criteria

5

CV

Node Controller Node Controller Node Controller

Saturday, October 16, 2010

slide-19
SLIDE 19

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

Cloud Verifier

  • We propose a Cloud

Verifier (CV) mechanism to enable verification of cloud platforms by proxy

  • Verifiable component in the cloud
  • Monitors the integrity of

VM hosts using a public integrity criteria

5

CV

Node Controller Node Controller Node Controller

Saturday, October 16, 2010

slide-20
SLIDE 20

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

Cloud Verifier

  • We propose a Cloud

Verifier (CV) mechanism to enable verification of cloud platforms by proxy

  • Verifiable component in the cloud
  • Monitors the integrity of

VM hosts using a public integrity criteria

5

CV

Node Controller Node Controller Node Controller

Saturday, October 16, 2010

slide-21
SLIDE 21

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

Cloud Verifier

  • We propose a Cloud

Verifier (CV) mechanism to enable verification of cloud platforms by proxy

  • Verifiable component in the cloud
  • Monitors the integrity of

VM hosts using a public integrity criteria

5

CV

Node Controller Node Controller Node Controller

Integrity Criteria

Saturday, October 16, 2010

slide-22
SLIDE 22

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

Customers using the CV

6

CV

Node Controller

  • CV then vouches for integrity of a

VM’s host using a signed public key

Storage

Saturday, October 16, 2010

slide-23
SLIDE 23

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

Customers using the CV

6

CV

Node Controller

Verifies Integrity

  • CV then vouches for integrity of a

VM’s host using a signed public key

Storage

Saturday, October 16, 2010

slide-24
SLIDE 24

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

Customers using the CV

6

CV

Node Controller

Verifies Integrity

  • CV then vouches for integrity of a

VM’s host using a signed public key

Storage

Saturday, October 16, 2010

slide-25
SLIDE 25

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

Customers using the CV

6

CV

Node Controller

Verifies Integrity VM

  • CV then vouches for integrity of a

VM’s host using a signed public key

Storage

Saturday, October 16, 2010

slide-26
SLIDE 26

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

Customers using the CV

6

CV

Node Controller

Verifies Integrity VM Generate VM key pair

  • CV then vouches for integrity of a

VM’s host using a signed public key

Storage

Saturday, October 16, 2010

slide-27
SLIDE 27

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

Customers using the CV

6

CV

Node Controller

Verifies Integrity VM Generate VM key pair

  • CV then vouches for integrity of a

VM’s host using a signed public key

Storage

Saturday, October 16, 2010

slide-28
SLIDE 28

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

Customers using the CV

6

CV

Node Controller

Verifies Integrity VM Sign public key

  • CV then vouches for integrity of a

VM’s host using a signed public key

Storage

Saturday, October 16, 2010

slide-29
SLIDE 29

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

Customers using the CV

6

CV

Node Controller

Verifies Integrity VM

  • CV then vouches for integrity of a

VM’s host using a signed public key

Storage

Saturday, October 16, 2010

slide-30
SLIDE 30

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

Customers using the CV

6

CV

Node Controller

Verifies Integrity VM Get VM key

  • CV then vouches for integrity of a

VM’s host using a signed public key

Storage

Saturday, October 16, 2010

slide-31
SLIDE 31

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

Customers using the CV

6

CV

Node Controller

Verifies Integrity VM

  • CV then vouches for integrity of a

VM’s host using a signed public key

Storage

Saturday, October 16, 2010

slide-32
SLIDE 32

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

Customers using the CV

6

CV

Node Controller

Verifies Integrity Verifies CV and criteria VM

  • CV then vouches for integrity of a

VM’s host using a signed public key

Storage

Saturday, October 16, 2010

slide-33
SLIDE 33

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

Customers using the CV

6

CV

Node Controller

Verifies Integrity VM

  • CV then vouches for integrity of a

VM’s host using a signed public key

Storage

Saturday, October 16, 2010

slide-34
SLIDE 34

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

Customers using the CV

6

CV

Node Controller

Verifies Integrity VM Form authenticated connection

  • CV then vouches for integrity of a

VM’s host using a signed public key

Storage

Saturday, October 16, 2010

slide-35
SLIDE 35

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

Customers using the CV

6

CV

Node Controller

Verifies Integrity VM Form authenticated connection Authorize access

  • CV then vouches for integrity of a

VM’s host using a signed public key

Storage

Saturday, October 16, 2010

slide-36
SLIDE 36

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

Transparency Challenges

  • How can customers verify these proofs?
  • Custom distributions
  • Copious amount of details and systems
  • How can this be done efficiently?
  • Clouds operate at Internet scale
  • Commodity trusted hardware is slow

7

Saturday, October 16, 2010

slide-37
SLIDE 37

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

Integrity Criteria

  • Current integrity measurement approaches are very

system configuration specific

  • Difficult to assess arbitrary data and custom code
  • Resolution of measurement is often insufficient
  • Require an integrity criteria that focuses on

integrity properties achieved by a system

  • Establish a verifiable origin for data
  • Leverage enforcement to minimize measurements
  • Enable verifiers to compare requirements

8

Saturday, October 16, 2010

slide-38
SLIDE 38

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

Performance

  • Constructed a testbed using Eucalyptus
  • Configured nodes using network-based ROTI installation
  • Attestations take ~1 second to produce
  • CV generates asynchronous attestations
  • Using an attested time server to provide nonces
  • Handle over 7,000 requests per second

9

Saturday, October 16, 2010

slide-39
SLIDE 39

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

Further Challenges

  • CV Scalability
  • Enforcing customer security requirements
  • Key revocation and remediation

10

Saturday, October 16, 2010

slide-40
SLIDE 40

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

Questions?

11

Joshua Schiffman (jschiffm@cse.psu.edu) http://www.joshschiffman.org/ SIIS Laboratory (http://siis.cse.psu.edu)

Saturday, October 16, 2010