dependable and secure remote management in iaas clouds n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Dependable and Secure Remote Management in IaaS Clouds PowerPoint Presentation
Download Presentation
Dependable and Secure Remote Management in IaaS Clouds

Loading in 2 Seconds...

play fullscreen
1 / 21

Dependable and Secure Remote Management in IaaS Clouds - PowerPoint PPT Presentation


  • 76 Views
  • Uploaded on

Dependable and Secure Remote Management in IaaS Clouds. Tomohisa Egawa (Kyushu Institute of Technology) Naoki Nishimura (Kyushu Institute of Technology ) Kenichi Kourai (Kyushu Institute of Technology). Remote VM Management in IaaS. In-band remote management is usually used

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Dependable and Secure Remote Management in IaaS Clouds' - kristen-mcgowan


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
dependable and secure remote management in iaas clouds

Dependable and Secure Remote Managementin IaaS Clouds

TomohisaEgawa(Kyushu Institute of Technology)

NaokiNishimura(Kyushu Institute of Technology)

KenichiKourai(Kyushu Institute of Technology)

remote vm management in iaas
Remote VM Management in IaaS
  • In-band remote management is usually used
    • A server runs in a user VM
    • The user connects to the server with VNC or SSH
  • However, users cannot access their VMs
    • when they fail the configuration of the firewall or network
    • when the systemsin the VMs crash

IaaS

User

User VM

VNC

Client

VNC

Server

VM

VM

out of band remote management
Out-of-band Remote Management
  • Users can access their VMs via a VNC server in the management VM
    • The VNC server directly accesses virtual devices of a user VM
      • e.g. virtual keyboard, virtual video card
    • More dependable method
      • Not rely on the network of the user VM
      • Users can check kernel messages when the system crashes

IaaS

Management VM

User

VNC Client

VNC Server

User VM

virtual devices

virtual drivers

the management vm is not always trustworthy
The Management VM is Not Always Trustworthy
  • Administrators in clouds may not be trusted
    • Users cannot know where their VMs are running
    • Lazy administrators cause vulnerable management VM to be penetrated by outside attackers
    • Malicious administrators can act as inside attackers

Data Center 1

Data Center 2

VM

VM

Management VM

VM

Management VM

VM

VM

VM

Legitimate Administrator

Malicious Administrator

User

VNC Client

information leakage to the management vm
Information Leakage to the Management VM
  • Attackers in the management VM can steal sensitive information of user VMs
    • Keystrokes from VNC clients
      • e.g. Password, credit card number, etc.
    • Screen updates from user VMs
      • e.g. Displayed passwords, software keyboard, etc.

Management VM

Password & Screen Caputure

User VM

User

VNC Server

malware

VNC Client

virtual devices

device drivers

fbcrypt
FBCrypt

User

  • FBCrypt encrypts the inputs and outputs between a VNC client and a user VM
    • The VMM decrypts keyboard inputs
    • The VMM encrypts screen updates
    • The attackers in the management VM cannot steal sensitive information

Management VM

User VM

VNC Server

VNC Client

virtual devices

device drivers

encrypt / decrypt

intercept

encrypt / decrypt

VMM

protecting the vmm inside iaas
Protecting the VMM inside IaaS
  • Remote attestation of the VMM
    • To guarantee the integrity of the VMM at the boot time
  • Runtime memory protection of the VMM against the management VM
    • The management VM cannot access the code and data of the VMM

Management VM

Signed

measurement

VMM

Verifier

TPM

Hash

Hardware

protecting user vms inside iaas
Protecting User VMs inside IaaS
  • The memory and CPU states of user VMs can be protected by the VMM
    • They are encrypted when the management VM accesses
      • Secure runtime environment [Li et al. '2010]
      • VMCrypt [Tadokoro et al. '2012]
    • The management VM cannot access decrypted inputs or unencrypted screen updates in user VMs

User VM

Management

VM

Keystroke

& Screen

memory

VMM

encrypt

encryption of keyboard inputs
Encryption of Keyboard Inputs
  • The VMM decrypts a keyboard input encrypted by a VNC client
    • A virtual keyboard device passes it to the VMM
    • The VMM stores a decrypted one into the keyboard queue
      • In para-virtualized Linux of Xen, the queue is in a user VM
      • The VMM also converts a keysym (ASCII code) into a keycode

User

VNC Client

Management VM

User VM

encrypt

queue

virtual keyboard

VNC Server

decrypt

convert

VMM

confidentiality and integrity
Confidentiality and Integrity
  • FBCrypt uses AES-CTR as a stream cipher
    • Inputs are encrypted to a different stream every time
    • They cannot perform even replay attacks
  • The VMM checks the integrity of the inputs with the MAC
    • A VNC client sends the MAC with encrypted inputs
    • Attackers cannot insert arbitrary inputs

User

Management VM

User VM

virtual keyboard

queue

VNC Server

VNC Client

encrypt

integrity check

decrypt & convert

VMM

replication of vram
Replication of VRAM
  • The VMM replicates VRAM of a user VM
    • A virtual video card accesses the replicated VRAM
      • A user VM can use the original one without modification
  • The VMM encrypts the pixel data in the replicated VRAM
    • A VNC client decrypts updated pixel data

User

User VM

Management VM

VNC Client

decrypt

VNC Server

video card

video driver

VRAM

VRAM

encrypt

VMM

synchronization of vrams
Synchronization of VRAMs
  • The VMM synchronizes the original and replicated VRAMs
    • It monitors updates to the original VRAM
      • Update events are sent from a user VM to a virtual video card
    • It copies updated areas to the replicated VRAM with encryption

User VM

Management VM

User

VNC Server

video card

video driver

VNC Client

VRAM

monitor

VRAM

decrypt

VMM

encrypt

key management
Key Management
  • A VNC client securely shares a session key with the VMM
    • A VNC client generates a session key on a VNC connection
    • The key is encrypted with the VMM's public key
    • Only the VMM can decrypt it with its private key
      • The management VM cannot decrypt it

User

Verifier

VNC Client

public key

VNC

Server

User VM

Management VM

encrypt

decrypt

Attestation

session key

private key

VMM

experiments
Experiments
  • We conducted several experiments for FBCrypt
    • We attempted to eavesdrop on inputs and outputs of VNC
    • We examined the overhead and the response time in remote management

Server

Client

attempts at eavesdropping
Attempts at Eavesdropping
  • We embedded malware into the VNC server in the management VM
    • Key logger
    • Screen capture
  • Demo

Management VM

User VM

VNC Server

Key logger

User

Screen capture

VNC Client

virtual devices

device drivers

overheads in a keyboard input
Overheads in a Keyboard Input
  • We measured overheads when a keyboard input is sent to a user VM
    • Client side: 802μs
      • Encryption, hash calculation
      • Most comes from sending extra data for the MAC
    • Server side: 15μs
      • Decryption, hash calculation

Server side

Client side

802

Management VM

User VM

queue

VNC Server

VNC Client

15

integrity check

decrypt & convert

encrypt

[μs]

VMM

response time of a keyboard input
Response time of a Keyboard Input
  • We measured the time after typing a character until it is displayed in the VNC client
    • The increase of the response time: 7 ms (6%)
      • Decryption of a keyboard input
      • Encryption of pixel data for the displayed character

[ms]

113

120

Management VM

User VM

queue

VNC Server

VNC Client

’A’

integrity check

decrypt & convert

encrypt

Keystroke!

VMM

overheads in a full screen update
Overheads in a Full-screen Update
  • We measured overheads when the full screen of 800x600 was updated
    • Server side: 37 ms
      • Synchronization and encryption of VRAM
    • Client side: 47 ms
      • Decryption of pixel data

Server side

[ms]

47

Client side

User VM

37

Management VM

VNC Server

VRAM

VRAM

VNC Client

decrypt

encrypt

VMM

response time of a full screen update
Response Time of a Full-screen Update
  • We measured the time from a keyboard input to a full-screen update by terminating a screen saver
    • The increase of the response time: 46ms (31.5%)
    • The server-side overhead was hidden
      • because of the long timer interval used in the VNC server

[ms]

192

146

User VM

Management VM

VNC Server

VRAM

VRAM

VNC Client

decrypt

encrypt

VMM

related work
Related Work
  • Xoar [Colp et al. '2010]
    • It runs a VNC server in an isolated VM
    • The security is not improved against insider attacks
  • vSphere Hypervisor [VMware Inc.]
    • It runs a VNC server in the VMM
      • No information leakage via the management VM
    • Attackers can steal sensitive information by compromising the VNC server
  • CloudVisor [Zhang et al. '2011]
    • The security monitor underneath the VMM encrypts the memory of the user VMs
    • It does not consider the security in remote management
conclusion
Conclusion
  • We proposed FBCrypt for dependable and secure remote management in IaaS clouds
    • FBCrypt prevents information leakage via the management VM in out-of-band remote management
    • It encrypts the input and outputs between a VNC client and a user VM using the VMM
  • Future work
    • To support fully-virtualized guest OSes such as Windows
    • To apply FBCrypt to other remote management software such as SSH