If you can't read please download the document
Upload
nguyendiep
View
218
Download
0
Embed Size (px)
Citation preview
Security, Trust, Liability... "Foggy" Challenges for Cloud Computing
Keynote NSRC Industry Day 2009Penn State University - Oct 13, 2009
---
Frank [email protected]
Argonne National Laboratory / University of Chicago
Outline
Introduction
What is Cloud Computing?
Security Guidance for Cloud Deployment
Clouds float on Virtual Machines
VM Security Challenges
VM Security Opportunities
Conclusion
Oct 13, 2009 2"Foggy" Challenges for Cloud Computing @ Industry Day 2009
Whos Frank?
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 3
Argonne National LaboratoryUniversity of Chicago
Earth System GridWebSSO, CAs
Standards, standardsWSS*, OGSA, XACML
DOE Cybersecurity R&D Grassroots
TeraGrid
EGEE
OSG
CDIGSCHI
CTSA
GridShib
Globus ProjectGSI, authZ
NIH/NCIs caBIG/caGridGAARDS
NIMBUS toolkitCloud Computing
Introducing Frank
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 4
Argonne National LaboratoryUniversity of Chicago
Earth System GridWebSSO, CAs
NIH/NCIs caBIG/caGridGAARDS
Standards, standardsWSS*, OGSA, XACML
DOE Cybersecurity R&D Grassroots
NIMBUS toolkitCloud Computing
TeraGrid
EGEEOSG
CDIGS CHI
CTSA
GridShib
Globus ProjectGSI, authZ
Introducing Frank
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 5
Argonne National LaboratoryUniversity of Chicago
Globus ProjectGSI, authZ
NIH/NCIs caBIG/caGridGAARDS
Standards, standardsWSS*, OGSA, XACML
DOE Cybersecurity R&D Grassroots
NIMBUS toolkitCloud Computing
TeraGrid
EGEEOSG
CDIGS CHI
CTSA
GridShib
Earth System GridWebSSO, CAs
Introducing Frank
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 6
Argonne National LaboratoryUniversity of Chicago
Earth System GridWebSSO, CAs
Standards, standardsWSS*, OGSA, XACML
DOE Cybersecurity R&D Grassroots
NIMBUS toolkitCloud Computing
TeraGrid
EGEE
OSG
CDIGS CHI
CTSA
GridShib
Globus ProjectGSI, authZ
NIH/NCIs caBIG/caGridGAARDS
caBigCancer Research
Introducing Frank
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 7
Argonne National LaboratoryUniversity of Chicago
Earth System GridWebSSO, CAs
Standards, standardsWSS*, OGSA, XACML
DOE Cybersecurity R&D Grassroots
TeraGrid
EGEE
OSG
CDIGS CHI
CTSA
GridShib
Globus ProjectGSI, authZ
NIH/NCIs caBIG/caGridGAARDS
NIMBUS toolkitCloud Computing
What is Cloud Computing?
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 8
Draft NIST Working Definition of Cloud Computing (CC)
Nice write-up by Peter Mell, Tim Grancehttp://csrc.nist.gov/groups/SNS/cloud-computing/index.html
Definition of Cloud Computing: Cloud computing is a model for enabling available,
convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is comprised of five essential characteristics,three delivery models, and four deployment models.
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 9
http://csrc.nist.gov/groups/SNS/cloud-computing/index.htmlhttp://csrc.nist.gov/groups/SNS/cloud-computing/index.htmlhttp://csrc.nist.gov/groups/SNS/cloud-computing/index.html
CCs Essential Characteristics On-demand self-service.
A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each services provider.
Ubiquitous network access. Capabilities are available over the network and accessed through standard mechanisms that
promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and PDAs).
Location independent resource pooling. The providers computing resources are pooled to serve all consumers using a multi-tenant model,
with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. The customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resources include storage, processing, memory, network bandwidth, and virtual machines.
Rapid elasticity. Capabilities can be rapidly and elastically provisioned to quickly scale up and rapidly released to
quickly scale down. To the consumer, the capabilities available for provisioning often appear to be infinite and can be purchased in any quantity at any time.
Measured Service. Cloud systems automatically control and optimize resource use by leveraging a metering capability at
some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported providing transparency for both the provider and consumer of the utilized service.
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 10
CCs Three Delivery Models(SPI-Model)
Cloud Software as a Service (SaaS).
The capability provided to the consumer is to use the providers applications running on a cloud infrastructure and accessible from various client devices through a thin client interface such as a Web browser (e.g., web-based email). The consumer does not manage or control the underlying cloud infrastructure, network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.
Cloud Platform as a Service (PaaS).
The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created applications using programming languages and tools supported by the provider (e.g., java, python, .Net). The consumer does not manage or control the underlying cloud infrastructure, network, servers, operating systems, or storage, but the consumer has control over the deployed applications and possibly application hosting environment configurations.
Cloud Infrastructure as a Service (IaaS).
The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly select networking components (e.g., firewalls, load balancers).
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 11
Cloud Computing
IaaSInfrastructure-as-a-Service
PaaSPlatform-as-a-Service
SaaSSoftware-as-a-Service
elasticity
computing on demand
capital expense
operational expense
Oct 13, 2009 12"Foggy" Challenges for Cloud Computing @ Industry Day 2009
CCs Four Deployment Models
Private cloud. The cloud infrastructure is operated solely for an organization. It may be
managed by the organization or a third party and may exist on premise or off premise.
Community cloud. The cloud infrastructure is shared by several organizations and supports a
specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations).
Public cloud. The cloud infrastructure is made available to the general public or a large
industry group and is owned by an organization selling cloud services.
Hybrid cloud. The cloud infrastructure is a composition of two or more clouds (private,
community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting).
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 13
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 15
Source: OpenCrowd.com
Open Source IaaS Implementations
Nimbus
Toolkit to turn your cluster into an IaaS cloud, EC2, Xen, virtual clusters
UofChicago/ANL, K. Keahey & team, early 2008
Eucalyptus
Open source implementation of EC2, commercial funding 09
UCSB, R. Wolski & team, 06/2008
OpenNebula
Open source datacenter implementation
University of Madrid, I. Llorente & team, 03/2008
Cloud-enabled Nimrod-G
Open source implementation of EC2
Monash University, MeSsAGE Lab, 01/2009
Industry efforts
openQRM, Enomalism
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 16
GoGrid is a real cloud hosting company( http://www.GoGrid.com/ and http://NoHardware.com/ )
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 17
http://www.gogrid.com/http://NoHardware.com/
and Gartner likes GoGrid
Cool Vendors in Cloud Computing System and Application Infrastructure, 2009
http://mediaproducts.gartner.com/reprints/gogrid/article1/article1.html
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 18
Recent Cloud Computer Outages
Microsoft Danger SideKick recent outage Contacts, calendar entries, photographs and other personal information of T-Mobile Sidekick
users looks to be lost for good
Google Gmail Fails again string of outages for Googles cloud-based offerings, including Google search, Google News
and Google Apps over the past 18 months.
eBays PayPal crashes The PayPal online payments system failed a couple of times in August, leaving millions of
customers unable to complete transactions
Rackspace pays up Rackspace was forced to pay out between $2.5 million and $3.5 million in service credits to
customers in the wake of a power outage that hit its Dallas data center in late June.
Windows Azure test release goes down Early adopters of Microsofts cloud-computing network Windows Azure suffered an overnight
outage over a weekend in mid-March.
Amazon S3 storage service knocked out summer of 2008: last major Amazon S3 cloud network outage, which lasted for 7 to 8 hours
and followed another outage earlier last year caused by too many authentication requests
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 19
Source: NetworkWorld
Clouds great for many Small/Medium Businesses (SMBs)
Most small businesses, schools, organizations are unable to run a decent IT-shop Lack SW/OS patches, misconfiguration, bad secret-hygiene,
minimal physical security, etc., etc.
Most of those SMBs will benefit from SaaS/PaaS/SaaS Amazon/Google will always do a better operations-job Security/privacy concerns are exact opposite of Big
Businesses concerns No brainer (except for liability issues)
Absolute no-brainer for start-ups Many wouldnt exist without the operational vs capital
expense swap
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 20
Cloud Security Alliance (CSA)(http://cloudsecurityalliance.org/)
Recent initiative
Members: HP, Sun, Dell, VISA, Barclays, ING, Intuit, eBay, Qualcomm, DuPont, Northrop Grumman, Fox/Newsgroup, Rackspace, PGP, RSA, MacAfee,
Notable non-members: Amazon, Google, IBM, Microsoft,
Number of big end-users, though
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 21
Security Guidance for Critical Areas of Focus in Cloud Computing
Recent CSA publication from April 09 Good read! Points out many security related areas that are
easily/often/mostly overlooked Many issues are related to liability, legal requirements,
audit issues, Not really interesting for the scientists among us ;-)
As a bonus, it discusses a Cloud Computing Architectural Framework based on NISTs definitions
Very recent book: Cloud Security and Privacy - An Enterprise Perspective on Risks
and ComplianceBy Tim Mather, Subra Kumaraswamy, Shahed LatifPublisher: O'Reilly - ISBN:978-0-596-80276-9 (September 2009)
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 22
CSAs Guidance Summary (1)
Tradeoffs between extensibility (openness) and security responsibility: SaaS (Software as a Service): least extensibility and
greatest amount of security responsibility taken on by the cloud provider
IaaS (Infrastructure as a Service): greatest extensibility and least amount of security responsibility taken on by the cloud provider
PaaS (Platform as a Service): lies somewhere in the middle, with extensibility and security features which must be leveraged by the customer
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 23
CSAs Guidance Summary (2)
Legal, Liability, Audit, Viability Concerns between customers and cloud providers Risk assessments
Outages, data loss/recovery, data center operations
Contracts and Audit Trust but Verify Often requirement related to legal or insurance
Privacy issues/assessment Legal requirements that data doesnt cross borders or jurisdiction
Consequences of leakage
Termination of relationship Portability, leave nothing behind
Lawsuits with discovery requirements
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 24
CSAs Guidance Summary (3)
Application/Infrastructure Security Intrusion Detection Incident response/escalation Data encryption facilities Standardized secure protocols (WSS,SAML,TLS/) Federation Svcs (SSO,SAML,OpenID,WS-Federation,)
Hypervisor/VM Security Need trusted TCB/Hypervisor+VM-Manager Need trusted VM-images Securely manage/issue secret keys VM Monitoring VM compromise detection
More
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 25
AWS & HIPAA Compliance..
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services http://awsmedia.s3.amazonaws.com/AWS_HIPAA_Whitepaper_Final.
Solutions: DiskAgent
Secure, encrypted data-storage on S3 of electronic private health information (EPHI)
TC3 Health We are utilizing Amazon S3, EC2, and SQS to enable our claim processing
system capacity to increase and decrease as required to satisfy our service level agreements (SLAs)
MedCommons We use Amazon S3, EC2, Elastic IP to store and host individual HealthURL
accounts
our BioMed Collaborators are nervous The big Q: who goes to jail when anything goes wrong?
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 26
http://awsmedia.s3.amazonaws.com/AWS_HIPAA_Whitepaper_Final.pdfhttp://awsmedia.s3.amazonaws.com/AWS_HIPAA_Whitepaper_Final.pdf
Cloud Service Provider Audit
Customers are nervous About CSPs operations, fail-over, outages, security,
logging, privacy, etc., etc.
IT Outsourcing not new CSC, IBM Global Services, Big Customers require external audit of SP
CSPs are touting their secure, robust operations Audit frameworks are evolving to meet new paradigm SAS70, SysTrust, ISO27001 This will be solved: higher standard => more $$$
(differentiating factor for cloud offerings)
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 27
Federal Cloud Computing Initiative
Government drank the Cloud Kool-Aid Cloud Computing plays a key role in the
Presidents initiative to modernize IT
The General Services Administration (GSA) is focusing on implementing projects for planning, acquiring, deploying and utilizing cloud computing solutions for the Federal Government
See Apps.gov All solutions are still TBD but there is a lot of
noise ;-)
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 28
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 29
http://App.gov
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 30
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 31
Coming Soonon a Government Cloud near You
Challenges and Opportunities for Virtualized Security
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 32
Clouds run on Virtual Machines
The previous part was kind of high-level, slightly boring for those interested in real technology and such
However, meeting the cloud security requirements is a dauntingly complex task
Clouds run on virtual machines
Virtual machine technologies are both a risk and an asset for security
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 33
DOE CyberSecurity Research Workshops
DOE cybersecurity researchers organized a number of workshops to discuss cybersecurity research needs for 3-5-10 years out
NSRCs Trent Jaeger participated
One clear conclusion was that Cloud computing and virtualization are pervasively in our future
Virtualization can help to make future IT more secure
Research opportunities
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 34
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 35
3/5/10 Year Prediction: VM Deployment Everywhere
Every Network Service runs on a VM 1 Service/VM if possible
10s-100s-1000s of VMs per physical Server 10s-100s of cores/CPU, multiple CPUs/board
All desktop/laptops/PDAs/cellphones/???everything runs their OSs/apps in VMs VMM/Hypervisor is pushed into the BIOS
Commercial IT-world, data centers, clusters, Clouds, all have fully adopted VM-technologies
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 36
VMs & VMM
Control Plane
VM-1 VM-2 VM-nManager
Hardware/Network/Memory/Disk
Hypervisor/VMMonitor / Reference Monitor
AppOS
VM-1
AppOS
VM-2
VM-Manager(Domain-0 orSvc Console)
Hardware/CPUs/Network/Memory/Disk
VM-n
PolicyEnforcement
Isolation
More Detailed VM Hosting
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 37
Trusted Computing Base (TCB)
VMs and Security
VM Insulation/Isolation/Compartmentalized VMs dont see each other Limited consequences of compromise (single VM)
Hypervisor/VMMonitor transparent control/monitoring Real-time policy enforcement of network/memory/disk/cpu access Monitor bandwidth/memory/disk/cpu usage Throttle bandwidth/memory/disk/cpu usage
Freeze, Migrate, Replicate VM-images Forensic evidence frozen Menu-svc to prepare commodity/custom-made configs
Security policy becomes part of the SLA between the VM-host and VM-owner Service Level Agreement about use of ports, network, libs, cpu, external
access, behavior, etc. (includes security components) Enforce Least Privilege Model
could limit bot-net/army capabilities
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 38
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 39
Challenges because of Virtualization
Challenge: Assurances about VMs Hosting Environment
The virtualization of resources introduces an additional abstraction that complicates the policy enforcement for a VM-user who requires assurances about the location, type, or kind of hardware that hosts the hypervisor
The use of secure hardware components, like integrated TPM, could help to attest the trust chain from the application service running on a VM running on a hypervisor running on a specific machine that has an embedded TPM
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 40
Where does my Service run?
Somehow I received an reference for a Service Through broker/discovery/directory svc
Policy: Only run on DOE-approved Compute Facilities Where and how do I get the assurance that my service-
appliance conforms? Virtualization adds additional level of
abstraction/indirection
How can we anchor the trust on the HW? Compute resource users have similar interest as the DRM-
folks of the movie/music industry Trusted Computing Platform (TCP) may/can help TCP-HW=>VMM=>VM-image=>OS=>app=>user
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 41
Challenge:Correctness of Hypervisor Security Execution
The overall protection of the VMs from the outside world as well as from the other hosted VMs relies on the integrity of the hosting system, i.e. the integrity of the hypervisor software and correctness of the policy enforced by its reference monitor.
In order to limit the number of bugs in the hypervisor code, the code base must remain as small as possible and must be formally proven secure where possible.
The correct and unambiguous enforcement of the policy by the reference monitor as it is derived from the SLAs and higher-level site-policies is another concern.
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 42
Privileged Domains/Partitions
The Hypervisor may be small Actually > 100k LoC for Xen 3.*
The VM-Manager (Dom-0) is not Equivalent of root Compromised Dom-0 => All VMs are Compromised
TCB = Hypervisor + DOM-0 VM-Manager often facing internet
Need ways for compartmentalize or split responsibilities among multiple privileged VMs
Not trivial weakest link
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 43
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 44
Source: RSA 2008 Presentation, Security Challenges in Virtualized Environments, Joanna Rutkowska, Invisible Things Lab
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 45
Opportunities to Improve Security
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 46
Virtual OTP Token
Hypervisor/VMMonitor / Reference Monitor
AppOS
VM-1
AppOS
VM-2
VM-Manager(Domain-0 orSvc Console)
Hardware/CPUs/Network/Memory/Disk
VM-n
PolicyEnforcement
Isolation
VirtualOne Time Password
Token
SecureChannel/Path
To User
Secure Inter-VM Communication
Inter-VM-Communication managed by Hypervisor
Connections and visibility of the communication are under Hypervisors control, i.e. are policy enforced.
Inter-VM-Communications can be authenticated, and privacy and integrity protected without the need for any higher-level protocols like ipsec or SSL/TLS.
Authentication on the VM-Id level
Similar to ipsec authN which is on the host-level
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 47
Trusted Security Token Service VM
Access to a VM can be restricted to only a single other VM managed by the same hypervisor and further restricted to a single communication mechanism and protocol.
Off-load the secrets and crypto processing from a network attached VM to a non-network-accessible VM. Use pkcs#11 interface
Equivalent of using a VM as a smartcard or secure hardware device.
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 48
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 49
Virtual Smart Card
Hypervisor/VMMonitor / Reference Monitor
AppOS
VM-1
AppOS
VM-2
VM-Manager(Domain-0 orSvc Console)
Hardware/CPUs/Network/Memory/Disk
VM-n
PolicyEnforcement
Isolation
VirtualKey-Chain/SmartCard
SecureChannel/Path
SecureChannel
Goal: Limit Chance and Limit Consequences of Compromise
State of networked clients & services: hacked or to be hacked soon
All systems will be hacked: not if but when and maybe already
Fact of Cybersecurity Life get over it - live with it
Goal: Limit Chance of Compromise
Goal: Limit Consequences of Compromise
Non-goal: make systems unhackable
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 55
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 57
SLA & Least Privilege Operation
Minimize VMs privileges to those required for correct operation and no more
Service Level Agreement (SLA) should determine the required use of resources (cpu/memory/disk/network)
More details in the SLA => Not per customer, but per VM-appliance Finer-grained enforcement of resource usage Increased ability to monitor for abnormalities Lesser chance for compromise to occur Lesser chance for compromise to spread
Fine-Grained SLA => $$$
Lock the sandbox down as much as possible Ports, network-addresses, cpu usage, app/library usage
patterns, files access, Deviation from normal behavior = deviation from SLA =>
reason for suspicion, for lockdown
Detailing SLA Automated, code scanning, observation/learning Human/warm-body domain/code-knowledge
Why go through the trouble of detailing the SLA? $$$: more detail => cheaper rates Tighter the sandbox => less chance for intrusion-damage
=> less potential monetary damage (for both CSP&Client) IaaS specific but PaaS/SaaS can benefit also
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 58
Fine-Grained SLA Enforcement
Fine-grained SLA enforcement requires: Fine-grained resource-access authZ in hypervisor Fine-grained resource-usage monitoring in hypervisor Ideally high-level, warm-body-friendly policy language Or better: higher-level SLA to low-level policy
translation Client specifies fine-grained SLA, which results in
equivalent fine-grained low-level hypervisor policy to be enforced Requires in-depth hypervisor policy knowledge there is a business case here
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 59
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 60
SLA & Fine-Grained Access Control
Translate high-level SLA statements into hypervisors low-level access control policy
XEN Security Modules (XSM) S/Hype MAC policies (IBM) Flask MAC-policies (NSA)
like SELinux policy grammar
Need an SLA-language with a translator such that warm-bodies wont have to write SELinux-like access rules
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 63
Limit Consequences of Compromise
Limit damage of possible compromise Least privilege operation
Detection of compromise Abnormal behavior
Limit damage of detected compromise Isolation
Investigation Forensic evidence
Determination of result integrity Provenance
Fast recovery Roll-back to well-known state
Conclusion
Cloud Computing: lots of promise but also lots of issues to address before general deployment Security-as-a-Service new hot area
Interesting challenges associated with VM-security (trust, identity, correctness)
VM-technologies could substantially improve the secure deployment of clients and services Isolation, resource usage policy enforcement, compromise
detection/recovery, secure VM-Svc, nested hypervisors, fine-grained SLA, etc.
Many exciting research & business opportunities! Many topics are researched now/already, but the field is still wide
open
Oct 13, 2009 "Foggy" Challenges for Cloud Computing @ Industry Day 2009 69