Physical attack protection with human secure virtualization in data centers
This presentation is the property of its rightful owner.
Sponsored Links
1 / 23

Physical Attack Protection with Human-Secure Virtualization in Data Centers PowerPoint PPT Presentation


  • 50 Views
  • Uploaded on
  • Presentation posted in: General

Physical Attack Protection with Human-Secure Virtualization in Data Centers. Jakub Szefer , Pramod Jamkhedkar, Yu-Yuan Chen and Ruby B. Lee Princeton University By, Akhilesh Raperthy. About Authors. Jakub Szefer : Current Research is Security and Performance of Cloud Computing.

Download Presentation

Physical Attack Protection with Human-Secure Virtualization in Data Centers

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Physical attack protection with human secure virtualization in data centers

Physical Attack Protection with Human-Secure Virtualization in Data Centers

Jakub Szefer , Pramod Jamkhedkar, Yu-Yuan Chen and Ruby B. Lee

Princeton University

By,

Akhilesh Raperthy


About authors

About Authors

Jakub Szefer :

Current Research is Security and Performance of Cloud Computing.

Pramod Jamkhedkar :

Current Research is Software-hardware Architecture For Self-Protecting Data.

Yu-Yuan Chen :

Data-Centric Architectures for Confidentiality and Integrity

Ruby B. Lee:

Computer Architecture and multicore security for facilitating secure and resilient systems


Abstract

Abstract

Cloud computing-based data centers, which hold a large amount of customer data, are vulnerable to physical attacks and insider threats. Current protection and defense mechanisms for security of data held in data centers are either completely physical (sensors, barriers, etc.) or completely cyber (firewalls, encryption, etc.).


Cyber physical system data centers

Cyber Physical System Data Centers

  • Cyber-physical systems are tight integrations of computation, networking, and physical objects

  • Data Centers are one example of cyber-physical system:

  • Physical components: utilities, physical contraints, etc.

  • Cyber components: management software, servers, networking, etc.


Physical aspects of data centers

Physical Aspects of Data Centers

Utilities: cooling, power supply, backup power, etc.

Physical constraints:barriers, checkpoints, floor plan, etc.

Sensors: cameras, climate control


Cyber aspects of data centers

Cyber Aspects of Data Centers

Management software: software framework for

management of the resources.

Servers: run and store customers' software and data; they provide the “utility” of the data center.

Networking: connection to the outside world and interconnection between servers.


Data center security

Data Center Security


Data centers security concerns

Data Centers Security Concerns

Availability:

– Support infrastructure (backup, electricity, etc.)

– Customer's access to their software or data

Integrity:

– Modification of software or data running in data center

– Software or data change in transit (e.g. over network)

Confidentiality:

– Customer's code or data leaking


Defense framework

Defense Framework

VM’s used for computing environment with in an Operating system and Programs can be enabled.

VM’s can simultaneously run on multiple VM’s and can be easily moved b/w physical machine.


Cyber and physical security concerns

Cyber and Physical Security Concerns

Cyber:

– Software attacks on servers

– Network attacks, denial-of-service

– Exploits in management software

Physical:

– Physical intrusion

– Probing of hardware

– Equipment theft

– False assumption on security sensors


Human secure design

Human-Secure Design

Human-aware design:

– Use existing infrastructures to track humans in data centers

– Use information to predict potential risks

Self-adapting design:

– Adjust security measures to keep track with infrastructure changes

– Apply security measures suitable for given estimated defense time


A physical defenses

A Physical Defenses

Physical defenses can provide:

– Warning time

– Attack delay


Cyber physical defense

Cyber-Physical Defense

Cyber defenses are activated when a threat is discovered

Estimated attack time guides choice of defense mechanisms


Cyber defenses and virtualization

Cyber Defenses and Virtualization

Software and data are conveniently contained inside virtual machine

– A virtual server has same properties as physical server

Virtualization software supports or can be modified to support:

– Moving virtual machine - migration

– On-demand encryption of code and data

– Deletion of code and data


Physical attack protection with human secure virtualization in data centers

Defense Framework Strategy Three Primary types of defenses have been used against physical attacks to protect VM’s


Delete

Delete

Delete all the sensitive software and data


Encrypt

Encrypt

Lock down applications and data with encryption (and hashing) to protect confidentiality (and integrity)


Physical attack protection with human secure virtualization in data centers

Move

Relocate software and data to avoid threats

Virtual machine migration can be used to move the software and data anywhere.


Defense mechanism and their analysis

Defense Mechanism and their Analysis

No one strategy is best

– Each offers different protections

– Each has different cost (time, compute power, network bandwidth)

An algorithm is needed to match the estimated time for defense and expected protections to the strategy


Human secure virtualization

Human-Secure Virtualization

First, focus on APIs for management and compute infrastructures


Defense strategies

Defense Strategies

Human-secure virtualization combines the three techniques of move, encrypt and delete to protect virtual machines from human attackers

Decision logic algorithm for managing defenses.


Conclusion

Conclusion

Data centers are interesting and important example of cyber-physical systems

Defined human-secure virtualization

Design of a system needed for physical attack protection in data centers:

– Focus on human attackers

– Leverage physical sensors for detection

– Leverage virtualization for cyber defenses


Questions

Questions ?


  • Login