Embed Size (px)
Citation preview
Secure Cloud Computing with Virtualized Network Infrastructure
HotCloud 10By Xuanran Zong
Cloud Security
• Two end of the spectrum– Amazon EC2• Shared, public cloud• Resource multiplexing, low cost• Low security
– Government cloud• Dedicated infrastructure• High cost• High security
Design Goal
• Isolation• Transparency• Location independence• Easy policy control• Scalability (?)• Low cost
Conventional data center architecture
• VLAN to ensure security– Scalability issue: can take up to 4K id– Management and control overhead
• Per-user security policy control– But, how to enforce?• End-host? Not secure enough• Middlebox? Unnecessary traffic
Secure Elastic Cloud Computing
Reference: http://www.usenix.org/events/hotcloud10/tech/slides/hao.pdf
Numbering and addressing
• Each customer has a unique cnet id• VM can be identified by (cnet id, IP)• Each domain has a unique eid• Use VLAN to separate different customer in
the same domain• VLAN id can be reused in different domain
Customer network integration
• Private network can be treated as a special domain where VPN is used to connect it to core domain
Central controller
• Address mapping – VM MAC <-> (cnet id, IP)– VM MAC <-> eid– eid <-> FE MAC list– (cnet id, eid) <-> VLAN id
• Policy databas– E.g. packet from customer A are first forwarded to
firewall F.
Forwarding elements
• Address lookup and mapping– FE MAC of the destination domain– VLAN ID
• Policy enforcement– By default, packets designated to a different
customer are dropped• Tunneling between FEs– Encapsulate another MAC header
Data forwarding
Reference: http://www.usenix.org/events/hotcloud10/tech/slides/hao.pdf
How does it solve the limitation?
• VLAN scalability– Partition network into smaller edge domain, each
maintains its own VLAN– VLAN id can be reused
• Per-user security– Security policy enforced by FE– CC stores security policies for all customers
Discussion
• Security via isolation and access control– Consider the co-residence problem proposed by
“Get off my cloud” paper– Matching Dom0 IP address• Disable traceroute
– Small round-trip time• Every packet needs to go through FE
– Numerically close IP address• Each customer has private IP address
Discussion
• Cached vs installed forwarding table• VM migration– Update CC (eid, VLAN id)
Discussion
• Pros– Security enforcement via isolation and access control– Scalable in terms of number of customers supported
by VLAN– Most networking equipments are off-the-shelf
• Cons?– Scalability? Centralized CC?– Larger round trip time within the same edge domain– Tunneling?
