[email protected]/talks/self-service-cloud/ssc.pdf · 2012-09-07 · resume guest 1 2 3...
TRANSCRIPT
![Page 1: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/1.jpg)
Self-service Cloud Computing
Vinod Ganapathy [email protected]
Department of Computer Science
Rutgers University
![Page 2: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/2.jpg)
2
The Cloud Smartphones and tablets
Web browsers and other apps
The modern computing spectrum
![Page 3: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/3.jpg)
3
Security concerns are everywhere! Can I trust Gmail with my personal conversa;ons?
Can I trust my browser with my saved passwords?
Is that gaming app compromising my privacy?
![Page 4: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/4.jpg)
4
Today’s talk The Cloud Smartphones
and tablets Web browsers and other apps
![Page 5: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/5.jpg)
Shakeel Butt H. Andres Lagar-Cavilla Vinod Ganapathy Abhinav Srivastava
Self-service Cloud Computing
![Page 6: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/6.jpg)
What is the Cloud?
6
A distributed compu;ng infrastructure, managed by 3rd-‐par;es, with which we entrust our code and data.
![Page 7: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/7.jpg)
What is the Cloud?
• Comes in many flavours: *-aaS – Infrastructure-aaS, Platform-aaS, Software-aaS,
Database-aaS, Storage-aaS, Security-aaS, Desktop-aaS, API-aaS, etc.
• Many economic benefits – No hardware acquisition/maintainence costs – Elasticity of resources – Very affordable: a few ¢/hour
7
A distributed compu;ng infrastructure, managed by 3rd-‐par;es, with which we entrust our code and data.
![Page 8: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/8.jpg)
8
• By 2015, 90% of government agencies and large companies will use the cloud [Gartner, “Market Trends: Application Development Software, Worldwide, 2012-2016,” 2012]
• Many new companies & services rely exclusively on the cloud, e.g., Instagram, MIT/Harvard EdX [NYTimes, “Active in Cloud, Amazon Reshapes Computing,” Aug 28, 2012]
![Page 9: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/9.jpg)
Virtualized cloud platforms
Hardware Hypervisor
Management VM (dom0)
Work VM
Work VM
Work VM
Examples: Amazon EC2, MicrosoN Azure, OpenStack, RackSpace Hos;ng
9
![Page 10: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/10.jpg)
Embracing the cloud
Lets do Cloud
10
![Page 11: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/11.jpg)
Embracing the cloud Trust me with your
code & data
Cloud Provider Client
You have to trust us as well
Cloud operators
Problem #1 Client code & data secrecy and integrity vulnerable to attack
11
![Page 12: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/12.jpg)
Embracing the cloud
Problem #1 Client code & data secrecy and integrity vulnerable to attack
12
![Page 13: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/13.jpg)
Embracing the cloud
Problem #2 Clients must rely on provider to deploy customized services
I need customized malware detection and VM rollback
Cloud Provider Client
For now just have checkpointing …
Cloud Provider Client
13
![Page 14: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/14.jpg)
Why do these problems arise?
Hardware Hypervisor
Management VM (dom0)
Work VM
Work VM
Work VM
14
![Page 15: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/15.jpg)
Hypervisor
Client’s VM Management VM
Code Data Checking daemon
Sec. Policy
Resume guest
1
2
3
Process the page
Alert user
Example: Malware detection
15
?
[Example: Gibraltar -‐-‐ Baliga, Ganapathy, INode, ACSAC’08]
![Page 16: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/16.jpg)
Hypervisor
Client’s VM Management VM
Code Data Checking daemon
Sec. Policy
Resume guest
1
2
3
Process the page
Alert user
16
?
Problem Clients must rely on provider to deploy customized services
![Page 17: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/17.jpg)
Hypervisor
Client’s VM Management VM
Code Data Checking daemon
Sec. Policy
Resume guest
1
2
3
Process the page
Alert user
17
?
Problem Client code & data secrecy and integrity vulnerable to attack
Malicious cloud operator
![Page 18: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/18.jpg)
Hypervisor
Client’s VM Management VM
Code Data Checking daemon
Sec. Policy
Resume guest
1
2
3
Process the page
Alert user
18
?
Problem Client code & data secrecy and integrity vulnerable to attack
EXAMPLES: • CVE-2007-4993. Xen guest root escapes to dom0 via pygrub • CVE-‐2007-‐5497. Integer overflows in libext2fs in e2fsprogs. • CVE-‐2008-‐0923. Directory traversal vulnerability in the shared folders feature for
VMWare. • CVE-‐2008-‐1943. Buffer overflow in the backend of XenSource Xen paravirtualized
frame buffer. • CVE-‐2008-‐2100. VMWare buffer overflows in VIX API let local users execute
arbitrary code in host OS. …. [AND MANY MORE]
![Page 19: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/19.jpg)
Our solution
Hardware Hypervisor
Management VM Client’s VMs
19
SSC: Self-service cloud computing
![Page 20: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/20.jpg)
Outline • Disaggregation and new privilege model • Technical challenges:
– Balancing provider’s and client’s goals – Secure bootstrap of client’s VMs
• Experimental evaluation • Future directions and other projects
20
![Page 21: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/21.jpg)
Duties of the management VM
Manages and mul;plexes hardware resources
Manages client virtual machines
21
Management VM (Dom0)
![Page 22: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/22.jpg)
System-‐wide Mgmt. VM (SDom0)
Per-‐Client Mgmt. VM (UDom0)
Main technique used by SSC Disaggregate the management VM
• Manages hardware • No access to clients VMs
Solves problem #1
• Manages client’s VMs • Allows clients to deploy new services
Solves problem #2
22
![Page 23: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/23.jpg)
System-‐wide Mgmt. VM (SDom0)
Per-‐Client Mgmt. VM (UDom0)
Embracing first principles Principle of separation of privilege
23
![Page 24: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/24.jpg)
System-‐wide Mgmt. VM (SDom0)
Per-‐Client Mgmt. VM (UDom0)
Embracing first principles Principle of least privilege
24
![Page 25: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/25.jpg)
An SSC platform
Hardware SSC Hypervisor
25
SDom0
Work VM
Work VM UDom0
Client’s meta-‐domain
Service VM
Equipped with a Trusted Plaiorm Module (TPM) chip
![Page 26: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/26.jpg)
SSC’s privilege model Privileged opera;on
Self-service hypervisor Is the request from client’s Udom0?
NO YES
ALLOW Does requestor have privilege (e.g., client’s service VM)
DENY
NO YES
ALLOW 26
![Page 27: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/27.jpg)
Key technical challenges 1. Providers want some control
– To enforce regulatory compliance (SLAs, etc.) – Solution: Mutually-trusted service VMs
2. Building domains in a trustworthy fashion – Sdom0 is not trusted – Solution: the Domain Builder
3. Establishing secure channel with client – Sdom0 controls all the hardware! – Solution: Secure bootstrap protocol
27
![Page 28: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/28.jpg)
Cloud Provider Client
Providers want some control
• Udom0 and service VMs put clients in control of their VMs
• Sdom0 cannot inspect these VMs • Malicious clients can misuse privilege • Mutually-trusted service VMs
NO data leaks or
corruption
NO illegal activities or
botnet hosting
28
![Page 29: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/29.jpg)
Trustworthy regulatory compliance
Hardware SSC Hypervisor
29
SDom0
Work VM
Work VM UDom0 Mutually
-‐trusted Service VM
![Page 30: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/30.jpg)
Hardware SSC Hypervisor
30
SDom0
Bootstrap: the Domain Builder
Domain Builder
UDom0 Work VM
Service VM
![Page 31: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/31.jpg)
Hardware SSC Hypervisor
31
SDom0
Bootstrap: the Domain Builder
Domain Builder
UDom0 Work VM
Service VM
Must establish an encrypted communica;on
channel
![Page 32: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/32.jpg)
Secure bootstrap protocol • Goal: Build Udom0, and establish an SSL
channel with client • Challenge: Sdom0 controls the network! • Implication: Evil twin attack
32
![Page 33: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/33.jpg)
Hardware SSC Hypervisor
33
SDom0
An evil twin attack
Domain Builder
UDom0
Udom0
![Page 34: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/34.jpg)
1
Hardware SSC Hypervisor
34
Domain Builder
Udom0 image, Enc ( , )
Udom0
![Page 35: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/35.jpg)
Hardware SSC Hypervisor
35
Domain Builder
UDom0
DomB builds domain 2
Udom0
![Page 36: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/36.jpg)
Enc ( , )
Hardware SSC Hypervisor
36
Domain Builder
UDom0
DomB installs key, nonce 3
![Page 37: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/37.jpg)
Hardware SSC Hypervisor
37
Domain Builder
UDom0
Client gets TPM hashes 4
![Page 38: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/38.jpg)
Hardware SSC Hypervisor
38
Domain Builder
UDom0
Udom0 sends to client 5
![Page 39: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/39.jpg)
UDom0
Hardware SSC Hypervisor
39
Domain Builder
Client sends Udom0 SSL key 6 Enc ( )
![Page 40: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/40.jpg)
Hardware SSC Hypervisor
40
Domain Builder
UDom0
SSL handshake and secure channel establishment 7
![Page 41: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/41.jpg)
Hardware SSC Hypervisor
41
Domain Builder
UDom0
Can boot other VMs securely
Work VM
Service VM
8
VM image
![Page 42: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/42.jpg)
Client meta-domains
Hardware
Malware detec;on
Firewall and IDS
Storage services
Service VMs
SSC hypervisor
Computa;on
Work VM
Work VM
Work VM
Udom0
Trustworthy metering
Regulatory compliance
Mutually-‐trusted
Service VMs
42
![Page 43: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/43.jpg)
Case studies: Service VMs • Storage services: Encryption, Intrusion
detection • Security services:
– Kernel-level rootkit detection – System-call-based intrusion detection
• Data anonymization service • Checkpointing service • Memory deduplication • And compositions of these!
43
![Page 44: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/44.jpg)
Evaluation • Goals
– Measure overhead of SSC • Dell PowerEdge R610
– 24 GB RAM – 8 XEON cores with dual threads (2.3 GHz) – Each VM has 2 vCPUs and 2 GB RAM
• Results shown only for 2 service VMs – Our ACM CCS’12 paper presents many more
44
![Page 45: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/45.jpg)
Storage encryption service VM Sdom0 Client’s work
VM
Backend Block device
Frontend Block device
45
![Page 46: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/46.jpg)
Storage encryption service VM Sdom0 Storage encryp;on
service VM
Client’s work VM
Backend Block device
Frontend Block device
Frontend Block device
Backend Block device
Encryp;on
Decryp;on
Plaiorm Unencrypted (MB/s) Encrypted (MB/s) Xen-‐legacy 81.72 71.90 Self-‐service 75.88 70.64
46
![Page 47: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/47.jpg)
Checkpointing service VM
Client’s VM Checkpoint service
Storage
47
![Page 48: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/48.jpg)
Checkpointing service VM
Client’s VM
Encrypted Storage service
Storage
Checkpoint service
(Encryp;on)
Plaiorm Unencrypted (sec) Encrypted (sec) Xen-‐legacy 1.840 11.419 Self-‐service 1.936 11.329
48
![Page 49: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/49.jpg)
Related projects
CloudVisor [SOSP’11] Xen-‐Blanket [EuroSys’12]
49
Protect client VM data from Dom0 using a thin, bare-metal hypervisor
Allow clients to have their own Dom0s on commodity clouds using a thin shim
Nested Hypervisor
Client VM Dom0
CloudVisor Cloud Hypervisor
Client VM
Client Dom0
XenBlanket
CloudDom0
![Page 50: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/50.jpg)
SSC is a cloud model that …
50
… Improves security and privacy of client code and data
… Enhances client control over their VMs
… Imposes low run;me performance overheads … Provides a rich source of problems for followup work J
![Page 51: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/51.jpg)
Future vision for SSC • Cloud app markets:
– Marketplaces of service VMs. – Research problems: Ensuring trustworthiness of
apps, enabling novel mutually-trusted apps, App permission models.
• Migration-awareness: – Policies and mechanisms for VM migration in SSC. – Research problems: Prevent exposure of cloud
infrastructure details to competitors, TPM-based protocols that are migration-aware.
51
![Page 52: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/52.jpg)
Other research projects
52
![Page 53: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/53.jpg)
53
The Cloud The smartphone The browser
![Page 54: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/54.jpg)
Smartphone rootkits
• Rootkits operate by maliciously modifying kernel code and data
RESULTS: • New techniques to detect data-
oriented rootkits [ACSAC’08] • Exploring the rootkit threat on
smartphones [HotMobile’10] • Security versus energy tradeoffs
in detecting rootkits on mobile devices [MobiSys’11]
54
New techniques to detect OS kernel-‐level malware
![Page 55: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/55.jpg)
Securing Web browsers
• Addons are untrusted, privileged code – All major browsers support addons – Can leak sensitive information
RESULTS: • Information flow tracking-enhanced
browser [ACSAC’09] • Static capability leak analysis for Mozilla
Jetpack [ECOOP’12] • New bugs found in Mozilla extensions
55
Studying informa;on leakage via 3rd party browser addons
![Page 56: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/56.jpg)
And many more … • The Cloud (and other software systems) [CCS08, ACSAC08a, ACSAC09a, RAID10, TDSC11, CCS12a, CCS12b, ANCS12]
– Security remediation using transactional programming – Fast, memory-efficient network intrusion detection
• The browser (and the Web) [ACSAC08b, ACSAC09b, ECOOP12a, ECOOP12b]
– Secure mashup Web applications – Integrating the Web and the cloud – Isolation as a first-class JavaScript feature
• The smartphone (and other mobile devices) [UbiComp09, SACMAT09, HotMobile10, MobiSys11]
– Location privacy in mobile computing – Secure remote access to enterprise file systems
56
![Page 57: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/57.jpg)
Looking into the future…
57
![Page 58: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/58.jpg)
58
SSC++ Improving browser extension security
Improving mobile app security
Active ongoing projects
![Page 59: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/59.jpg)
Collaborators and students
And many other camera-‐shy folks!
59
![Page 60: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/60.jpg)
![Page 61: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/61.jpg)
Fast and memory-efficient NIDS
• Regexp matching a basic primitive in many NIDS and firewalls
• Fundamental time/space tradeoff: – DFAs are fast but memory intensive – NFAs are memory efficient but slow
MAIN RESULT: • Encoding NFAs using OBDDs • Obtains NFA-like memory
consumption with DFA-like speed [RAID’10, COMNET’11, ANCS’12]
61
Using ordered binary decision diagrams (OBDDs) to address ;me/space tradeoff in regexp matching
![Page 62: vinodg@cs.rutgersvinodg/talks/self-service-cloud/SSC.pdf · 2012-09-07 · Resume guest 1 2 3 Process the page Alert user 16? Problem Clients must rely on provider to deploy customized](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec8e3f804a90406890d6f3e/html5/thumbnails/62.jpg)
Transactional introspection
• Enforcing authorization policies with stronger guarantees [CCS’08]
• Detecting data structure corruptions [RV’11] • Sandboxing untrusted JavaScript code using
transactions [ECOOP’12]
62
Security using transac;onal programming and machinery
BENEFIT: Security remedia;on for free