1 / 33

Virtualization security for cloud computing service

Virtualization security for cloud computing service. Shengmei Luo , Zhaoji Lin , Xiaohua Chen ZTE Corporation Shenzhen, China Zhuolin Yang, Jianyong Chen Dept. of Computer Science and Technology Shenzhen University Shenzhen, China

jacqueline-talley
Download Presentation

Virtualization security for cloud computing service

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Virtualization security for cloud computing service Shengmei Luo,Zhaoji Lin,Xiaohua Chen ZTE Corporation Shenzhen, China Zhuolin Yang, Jianyong Chen Dept. of Computer Science and Technology Shenzhen University Shenzhen, China International Conference on Cloud and Service Computing 2011 IEEE Speaker: 張宗典 Date:2012/06/01 Advisor:陳志達 教授 Type:Conference

  2. Outline Introduction Security Vulnerabilities in Virtualization Virtualization Security Framework Virtual System Security Virtualization Security Management Conclusion

  3. Outline Introduction Security Vulnerabilities in Virtualization Virtualization Security Framework Virtual System Security Virtualization Security Management Conclusion

  4. Introduction(1/3) • The menu of services is being enriched. • SaaS , Paas , IaaS have been invented as part of XaaS. • XaaS=Anything as a Service • Business as a Service(BaaS)、Database as a Service(DaaS)、Voice as a Service(VaaS)…..eveything as a Service

  5. Introduction(2/3) • Combing a set of existing techniques, such as SOA and Virtualization. • Cloud Computing is regarded as a paradigm. • Data confidential against cloud servers is hence frequently desired when users outsource data for storage in the cloud.

  6. Introduction(3/3) • Cloud computing already leverages virtualization for load balancing via dynamic provisioning and migration of VM among physical nodes. • This article Focused on virtualization security. • Weaknesses and Attacks • And propose a scheme to solve current problems effectively. • Virtual system security • Virtual security managment

  7. Outline Introduction Security Vulnerabilities in Virtualization Virtualization Security Framework Virtual System Security Virtualization Security Management Conclusion

  8. Security Vulnerabilities in Virtualization • Most of security threats identified in a VM environment are very similar. • Attack between VMs or between VMs and VMM • VM escape • Virtual machine controlled by Host Machine • Denial of Service • VM sprawl

  9. Attack between VMs or between VMs and VMM Primary benefits that virtualization brings is isolation. If not carefully deployed will become a threat to the environment. Poor isolation access control policy will cause the inter-attack between VMs or between VMs and VMM.

  10. VM escape 一種應用,攻擊者續允許扣作系統與管理程序直接互動的VM運作,使攻擊者進入主機上運行的其他VM。 If he attacker can compromise the VMs, they will have control of all of the guests. Most VMs run with very high privileges on the host because a VM needs comprehensive access to the host’s hardware so it can map the real hardware into virtualized hardware for the guests..

  11. Virtual machine controlled by Host Machine More necessary to strictly protect the host machine than VMs. If a host is compromised then the security of the VMs is under question.

  12. Denial of Service • DoS or DDoS is an attempt to make a computer resource unavailable to its intended user. • Perpetrators of Dos attacks typically target sites or services hosted on high-profile web server. • Such as banks, credit card payment gateways…

  13. Denial of Service In VM architecture the guest machines and the underlying host share the physical resources such as CPU, memory, HD…

  14. VM sprawl Inappropriate virtual machine management policy will cause VM sprawl.

  15. Outline Introduction Security Vulnerabilities in Virtualization Virtualization Security Framework Virtual System Security Virtualization Security Management Conclusion

  16. Virtualization Security Framework • Virtualization security could be investigate from 2aspects • Virtual system security • Virtualization security management

  17. Virtualization Security Framework A Virtualization security framework

  18. Outline Introduction Security Vulnerabilities in Virtualization Virtualization Security Framework Virtual System Security Virtualization Security Management Conclusion

  19. Virtual System Security • Virtual system security contains 4 parts. • VM system architecture security • Access control • Virtual firewall • vIDS/vIPS

  20. VM system architecture security • A security VM system should be protected by a robust, efficient and flexible. • Three architecture: • Popular • Admin VM • Security control

  21. VM system architecture security Security Control Admin VM Popular

  22. Access Control

  23. Virtual firewall VF is a firewall deployed and running entirely within a virtual environment and which provides the packet filtering and monitoring. It can be a managed kernel process running within the host VMM.

  24. vIDS/vIPS vIDS and vIPS protects virtual environment through collecting and analyzing information from network and Host to check if there are signs of attacking.

  25. Outline Introduction Security Vulnerabilities in Virtualization Virtualization Security Framework Virtual System Security Virtualization Security Management Conclusion

  26. Virtualization Security Management • Divide the VM management into four parts. • Patch management • VM migration management • VM image management • Audit

  27. Patch management 開發及分銷廠商補丁導致無休止循環的安全更新生產系統。 管理安全更新不是一個簡單的任務對於任何組織。修補程序管理過程中必須正式通過文件和接收管理部門批准,以提供最佳的戰略實施這類系統的變化。廠商會經常修復安全問題的軟件或固件通過版本更新。他們可能不說明原因的版本改變或者什麼缺陷得到解決在給定的更新。

  28. VM migration management VM migration is a vulnerable process that is easily to be attacked. When a VM is going to migrate to somewhere, particular security mechanisms should be taken into account.

  29. VM image management VM Image is a special type of file/data format which is used to instantiate(create) a VM within the virtual environment.

  30. Audit Audit the VM behaviors and sensitive data in order to monitor whether the operation of the virtual system is well or the sensitive data is safe.

  31. Outline Introduction Security Vulnerabilities in Virtualization Virtualization Security Framework Virtual System Security Virtualization Security Management Conclusion

  32. Conclusion Propose a virtualization security framework aim at the vulnerabilities. This framework, VM system architecture can solve the problem of virtualization security effectively, and virtualization security management.

  33. Thanks for listening

More Related