VESPA- Multi-Layered Self-Protection for Cloud Resources, OW2con'12, Paris


Published on

This talk presents VESPA, an open self-protection architecture and framework for cloud infrastructures that overcomes the previous limitations. Developed in the OpenCloudWare project, VESPA adopts a policy-based management approach, and allows a two-level regulation of security, both within a software layer and across layers. Flexible coordination between self-protection loops allows enforcing a rich spectrum of security strategies such as cross-layer detection and reaction. A multi-plane, extensible architecture also enables simple integration of commodity detection and reaction components. Evaluation results on a VESPA KVM-based implementation show that the design is applicable for effective and yet flexible self-protection of cloud infrastructures.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

VESPA- Multi-Layered Self-Protection for Cloud Resources, OW2con'12, Paris

  1. 1. VESPA: Multi-Layered Self-Protection for Cloud Resources Marc Lacoste Orange Labs Self-protection has raised growing interest as possible element of answer to the cloud protectionchallenge. However, previous solutions miss flexible security policies, cross-layered defense,multiple control granularities, and open security architectures. This talk presents VESPA, an open IaaS self-protection architecture and framework thatovercomes such limitations. Key features are regulation of security at two levels, both within andacross software layers; flexible coordination of multiple feedback loops enabling enforcement of arich spectrum of protection strategies; and an extensible architecture allowing simple integration ofcommodity security components. OW2Con’12, November 28-29, 2012 Orange Labs, Paris.
  2. 2. Motivations Security = #1 adoption stopper to cloud computing.s Mushrooming threats:  From outside: rootkits, malware, intrusions…  From inside: "honest-but-curious" legitimate users, over-privileged admins…s Heterogeneous defenses:  Vertically: layer-specific mechanisms.  Horizontally: system. vs. network placement. Self-protection as possible next step of security management with promise of simpler, stronger, more efficient, But…flexible protection. more …How to design self-protecting clouds? OW2Con’12, November 28-29, 2012 Orange Labs, Paris. 2
  3. 3. 3 Major Challenges Challenge #1: Multi-Layering Each cloud layer has its own security mechanisms, oblivious to other layers. But attacks may span several layers at once! Challenge #2: Multi-Laterality Each cloud stakeholder has its own security objectives and policies. Flexiblility is needed in monitoring granularity and security policies! Challenge #3: Openness Cloud stakeholder topology is dynamic, and threats may be unknown. Interoperability is needed with 3rd-party security policies/components! OW2Con’12, November 28-29, 2012 Orange Labs, Paris. 3
  4. 4. ● Principle Cloud Self-Protection Design Principles Self-Protection Policy-Based Principle #2: Principle #1: Cross-Layer Defense Self-Protecting Cloud Principle #3: Multiple Self- Open Architecture Protection Loops Principle #4: Principle #1: Policy-Based Self-Protection Principle #3: #4: OpenSelf-Protection Loops Principle #2: Cross-Layer Defense Multiple ArchitectureThe self-protection architecture should be aperformed withinwell-defined securitybe but Multiple detectionreaction should not be refinement of a agranularity shouldsecurity Detection and and reaction strategies and mechanisms single third-partylayer, Several control loops of variable levels of supervision (e.g., software components)and coordinated. integrated in the security architecture. may also span several layers. defined should be easilyadaptation model based on policies. OW2Con’12, November 28-29, 2012 Orange Labs, Paris. 4
  5. 5. VESPA Goalss VESPA = Virtual Environments Self-Protecting Architecture: An autonomic security framework for regulating protection of IaaS resources. 1. Cross-layer approach to security. 2. Multiple levels of supervision granularity. 3. Open and flexible architecture for easy security interoperability.s Implementation: KVM-based IaaS infrastructure.s Typical application: risk-aware dynamic VM confinement. OW2Con’12, November 28-29, 2012 Orange Labs, Paris. 5
  6. 6. VESPA System Architecture 1. Policy-based security regulation, with well-defined SP model. 2. Automated protection at two levels, within and across IaaS layers. 3. Flexible orchestration of multiple SP loops, for rich defense strategy. 4. OW2Con’12, November 28-29, 2012 Orange Labs, Paris. integration. Layered, extensible architecture for easy security COTS 6
  7. 7. Security Model Critical assets to protect PR DMThreats impact one layer (or more) SM PM RM Security supervision DM: Detection RM: Reaction Policy-orientation PM: Detection+Reaction of the framework OW2Con’12, November 28-29, 2012 Orange Labs, Paris. 7
  8. 8. Agent Model DECISION-MAKING REACTIONREFINEMENT CONTEXT AGGREGATIONNFORCEMENT SENSING Agents performs mediation between security and decision-making:  Security context aggregation.  Reaction policy refinement.  API adaptation for easy infrastructure integration of security COTS. OW2Con’12, November 28-29, 2012 Orange Labs, Paris. 8
  9. 9. Implementing Risk-Aware VM QuarantineThree levels of self-protection: 1. Intra-layer [VM-level]: anti-virus for analysis and cleaning. 2. Cross-layer [VM+hypervisor levels]: hypervisor firewalling for VM isolation. 3. Cross-layer [VM+hypervisor levels]: hypervisor migration manager to move VM OW2Con’12, November 28-29, 2012 Orange Labs, Paris. to quarantine zone and back. 9
  10. 10. Conclusionss Key points:  VESPA: architecture for effective and flexible SP of IaaS resources.  Two-level tuning of security policies, within and across layers.  Coordination of multiple loops allows rich spectrum of defense strategy.  Multi-plane open design for easy integration of detection/reaction COTS.s Ongoing:  VESPA v0 = 8000 Python LoC. Underlying infrastructure = KVM.  C version under development using Fractal / Cecilia framework. Security services: IDS, anti-virus, log analysis, firewall, MAC.  Extend VESPA to the multi-cloud setting using security domains.s More …Available soon in open source! Check-out our ICAC 2012 paper![ICAC 12] Aurélien Wailly, Marc Lacoste, Hervé Debar. VESPA: Multi-Layered Self-Protection for Cloud Resources. OW2Con’12, November 28-29, 2012 Orange Labs, Paris. 9th ACM International Conference on Autonomic Computing (ICAC), 10 San José, California, September 2012.
  11. 11. Thanks!Contact:Marc LacosteSenior Research ScientistOrange Labs, Security Dept.E-mail: