More Related Content
What's hot
What's hot (13)
Viewers also liked
Viewers also liked (20)
Similar to Trusted Launch of Generic Virtual Machine Images in Public IaaS Environments
Similar to Trusted Launch of Generic Virtual Machine Images in Public IaaS Environments (20)
Recently uploaded
Recently uploaded (20)
Trusted Launch of Generic Virtual Machine Images in Public IaaS Environments
- 1. Trusted Launch of Generic Virtual Machine Images in Public IaaS Environments Nicolae Paladi1*, Christian Gehrmann1, Mudassar Aslam1, Fredric Morenius2 1 Swedish Institute of Computer Science 2 Ericsson Research
- 2. 2 Contents 1. Infrastructure-as-a-Service 2. Problem Setting 3. Attacker Model 4. Related Work 5. Protocol Description 6. Protocol Implementation 7. Conclusion - u re ct ru - st a fra as- vice In r Se
- 3. 3 Infrastructure-as-a-Service • A 'cloud computing' service model (NIST:2011): Provision processing, storage, networks. Deploy and run arbitrary software No control over underlying cloud infrastructure Control over OS, storage, deployed applications. Limited control of select networking components. rio e na d s Sc an tion i in def
- 4. 4 Scenario and Definitions Scheduler (S) Compute Compute Compute Host Host Host (CH) (CH) (CH) Hardware Hardware Hardware Client (C) f rie te B o M N TP on
- 5. 5 A Brief Note on TPM • Trusted platform module v1.2 as specified by TCG • v2.0 is currently under review • Tamper-evident • 16+ PCRs as volatile or non-volatile storage Four operations: Signing / Binding / Sealing / Sealed-sign em o bl ng Pr etti S
- 6. 6 Problem Setting • “Consumer is able to deploy and run arbitrary software, which can include operating systems and applications.” • Client can launch VMs for sensitive computations. • Trusted VM launch – the correct VM is launched in a IaaS platform on a host with a known software stack verified to not have been modified by malicious actors. • How do we ensure a trusted VM launch in an untrusted IaaS environment? er ta c k el At od M
- 7. 7 Attacker Model • (Ar) has root access to IaaS hosts. • (Ar) has no physical access. • (Ar) has no access to CH's memory. • (Ar) can act maliciously or in good faith. ck tta ario A n e Sc 1 • (A ) can be a person/malicious software/code bug.
- 8. 8 Attack scenario 1 Remote Attacker Scheduler Ar (S) Trusted Compute Compute Host Host (CH) (CH) Hardware Hardware Hardware Client (C) ck tta ario A n e Sc 2
- 9. 9 Attack scenario 2 Remote Attacker Ar Compute Compute Host Host (CH) (CH) Hardware Hardware Hardware Client (C) ed lat rk Re o W
- 10. 10 Related Work d u ste d Tr hir ty T ar P
- 11. 11 Trusted VM Launch Protocol: Trusted Third Party • Trusted Third Party (TTP) – trusted by C and IaaS, able to assess the SP of CH according to predefined guidelines. • Security profile (SP) – verified setup of an VM, trusted by the Participants. • Currently no fine-grained scale of SP available. • Limited to only matching the measurements with reference values. g Bi e e r Th ictu P
- 12. The big picture 3. (S) 1. 4. 5. 2. CH CH CH 6. HW HW HW + TPM l Client (C) c o ion to t ro crip P s 1) e ( D
- 13. 13 Trusted VM Launch Protocol: Protocol Details (1) l c o ion to t ro crip P s 2) e ( D
- 14. 14 Trusted VM Launch Protocol: Protocol Details (2) l co ion to t ro rip P sc 3) e ( D
- 15. 15 Trusted VM Launch Protocol: Protocol Details (3) l c o ion to t ro crip P s 4) e ( D
- 16. 16 Trusted VM Launch Protocol: Protocol Details (4) k S tac n pe O
- 17. 18 Trusted VM Launch Protocol: OpenStack • Protocol was implemented in OpenStack • Open Source IaaS deployment and management platform. • Large user base and multiple industry contributors • “Essex” release as baseline. • Aimed to have a minimal footprint in terms of code modifications. • Implementation changed 4 components involved in the launch process (presented next). l n co atio to t r o en P m ) e pl (1 Im
- 18. 19 Trusted VM Launch Protocol: Protocol Implementation (1) Affected components: • Nova SQL db – global security profile per compute host. • Dashboard – request compute host attestation, minimum SP, TTP’s URL and Token upload. • Scheduler – SimpleScheduler to schedule VM launches on trusted CH with the requested–or stricter–SP. • Nova compute – support communication with TPM through TSS, encryption/decryption and VM image integrity assessment. l n co tatio to ro en P e m 2) pl ( Im
- 19. 20 Trusted VM Launch Protocol: Protocol Implementation (2) • TrustedComputingPools (currently in blueprints) will introduce TPM support in OpenStack • Trusted IaaS provider with untrusted nodes. • Node attestation offered as “premium service”. • Node attestation performed by IaaS provider itself. n u si o n cl Co
- 20. 21 Conclusion • A trusted VM launch protocol available assuming an untrusted IaaS platform + TPM + physical security of the hosts. • Fairly close to ongoing industrial implementation but offers stricter security guarantees. • Fine-grained attestation process on the TTP side still a research challenge.