340 likes | 769 Views
Security aspects of virtualization in Cloud computing. Muhammad Kazim, Rahat Masood, Muhammad Awais Shibli, and Abdul Ghafoor Abbasi. Outline. Introduction Virtualization in Cloud Security Analysis Hypervisor Virtual Machines Disk Images Conclusion. 1. Introduction.
E N D
Security aspects of virtualization in Cloud computing Muhammad Kazim, Rahat Masood, Muhammad Awais Shibli, and Abdul Ghafoor Abbasi
Outline • Introduction • Virtualization in Cloud • Security Analysis • Hypervisor • Virtual Machines • Disk Images • Conclusion
1. Introduction Cloud computing is becoming popular among IT businesses due to its services being offered at Software, Platform and Infrastructure level. Infrastructure as a Service (IaaS) model offers services such as computing, network, storage and databases via internet.
1. Introduction IaaS is the base of all Cloud services with SaaS and PaaS built upon it.
2. Virtualization in Cloud Computing Virtualization enables a single system to concurrently run multiple isolated virtual machines (VMs), operating systems or multiple instances of a single operating system (OS). Virtualization is benefiting companies by reducing their operating costs and increasing the flexibility of their own infrastructures.
3. Full Virtualization Figure 1: Full virtualization architecture
4. Security Analysis Attacks on various virtualization components. Solutions for security of virtualization components.
5. Hypervisor Hyperjacking: BLUEPILL and SubVir. Virtual Machine Escape attack. Figure 2: VM Escape attacks
5. Hypervisor Hypersafe [Wang:2010] is a system designed to maintain the integrity of Hypervisor. Use techniques to harden the hypervisor security. Properly configure the interaction between guest machines and host.
6. Virtual machines Malicious programs can monitor traffic and tamper the functionality of guest VMs. Attacks through worms, viruses, botnets can be used to exploit the VMs. Examples include Confickerand command and control botnet. Attacker can compromise the integrity and confidentiality of the saved state of guest virtual machine.
6. Virtual machines Security features such as firewall, HIPS, log monitoring must be provided in guest OS. Advanced Cloud Protection System [Flavio:2011] can monitor and protect the integrity of guest OS by periodic monitoring of executable system files. In this way, any suspicious activity can be blocked. Use encryption and hashing of VMs state before saving VM.
7. Disk images VM checkpoint attacks. Old images are vulnerable to zero day attacks. VM image sprawl issue. Attackers can access and recover data from old disks and by unauthorized access to image backup.
7. Disk images J. Wei et al. [Wei:2009] proposed an image management system to manage images in Cloud. Checkpoint attacks can be prevented by encrypting the checkpoints using SPARC [Gofman:2011]. Apply updates and patches to maintain images secure. After VM migration, Cloud admin must ensure that data is removed from old disks.
9. Conclusion The enterprises while shifting to Cloud must deal with security issues related to virtualized environments. An assessment criteria needs to be proposed by which we can analyze the effectiveness of security solutions of virtualization against the specific attacks.
10. References • Shubhashis Sengupta, Vikrant Kaulgud, Vibhu Saujanya Sharma, “Cloud Computing Security - Trends and Research Directions”, IEEE World Congress on Services, Washington, DC, USA, 2011. • Jakub Szefer, Ruby B. Lee, “A Case for Hardware Protection of Guest VMs from Compromised Hypervisors in Cloud Computing”, 31st International Conference on Distributed Computing Systems Workshops, Washington, DC, USA, 2011. • Jinzhu Kong, “Protecting the confidentiality of virtual machines against untrusted host”, International Symposium on Intelligence Information Processing and Trusted Computing, Washington, DC, USA, 2010.
10. References • Wu Zhou, PengNing, Xiaolan Zhang, “Always up-to-date: scalable offline patching of VM images in a compute cloud”, Proceedings of the 26th Annual Computer Security Applications Conference, New York, USA, 2010, pp. 377-386. • Wang, Z., Jiang, X.: Hypersafe: A lightweight approach to provide lifetime hyper- visor control- ow integrity. In: Security and Privacy (SP), 2010 IEEE Symposium on, IEEE (2010). • Mikhail I. Gofman, RuiqiLuo, Ping Yang, KartikGopalan, “SPARC: A security and privacy aware Virtual Machine checkpointing mechanism”, Proceedings of the 10th annual ACM workshop on Privacy in the electronic society, New York, USA, 2011, pp. 115-124.
10. References Dan Pelleg, Muli Ben-Yehuda, Rick Harper, “Vigilant—Out-of-band Detection of Failures in Virtual Machines”, ACM SIGOPS Operating Systems Review, New York, NY, USA, Volume 42 Issue 1, 2008, pp. 26-31. Lombardi, F., Di Pietro, R.: Secure virtualization for cloud computing. Journal of Network and Computer Applications 34(4) (2011) 1113 -1122. Koichi Onone, Yoshihiro Oyama, Akinori Yonezawa, “Control of System Calls from Outside of Virtual Machines”, Proceedings of the 2008 ACM symposium on Applied Computing, New York, NY, USA, 2008, pp. 2116-2221.
THANKYOU THANKYOU