Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Security aspects.

Slides:



Advertisements
Similar presentations
Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
Advertisements

Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.
Distributed Data Processing
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
BY Muhammad Kazim SUPERVISOR: Dr. Awais Shibli.  Introduction  Literature Survey  Problem Statement  OpenStack  Proposed Solution and Design  Major.
Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.
An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.
Course Name- CSc 8320 Advanced Operating Systems Instructor- Dr. Yanqing Zhang Presented By- Sunny Shakya Latest AOS techniques, applications and future.
Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.
Supervisor : Mr. Hadi Salimi Advanced Topics in Information Systems Mazandaran University of Science and Technology February 4, 2011 Survey on Cloud Computing.
Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.
BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.
An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.
Virtual Machine approach to Security Gautam Prasad and Sudeep Pradhan 10/05/2010 CS 239 UCLA.
Presented by Sujit Tilak. Evolution of Client/Server Architecture Clients & Server on different computer systems Local Area Network for Server and Client.
M.A.Doman Model for enabling the delivery of computing as a SERVICE.
Virtualization for Cloud Computing
5205 – IT Service Delivery and Support
N. GSU Slide 1 Chapter 04 Cloud Computing Systems N. Xiong Georgia State University.
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Cloud based Secure.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
© 2010 IBM Corporation Cloudy with a chance of security Information security in virtual environments Johan Celis Security Solutions Architect EMEA IBM.
Jakub Szefer, Eric Keller, Ruby B. Lee Jennifer Rexford Princeton University CCS October, 2011 報告人:張逸文.
Virtual machines image protection in Cloud computing
Introduction to VMware Virtualization
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
Introduction to Cloud Computing
Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash.
608D CloudStack 3.0 Omer Palo Readiness Specialist, WW Tech Support Readiness May 8, 2012.
COMS E Cloud Computing and Data Center Networking Sambit Sahu
Plan  Introduction  What is Cloud Computing?  Why is it called ‘’Cloud Computing’’?  Characteristics of Cloud Computing  Advantages of Cloud Computing.
BY Muhammad Kazim SUPERVISOR: Dr. Awais Shibli.  Introduction  Literature Survey  Problem Statement  OpenStack  Proposed Solution and Design  Major.
Server Virtualization
Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.
November 19, 2008 CSC 682 Use of Virtualization to Thwart Malware Written by: Ryan Lehan Presented by: Ryan Lehan Directed By: Ryan Lehan Produced By:
Improving Xen Security through Disaggregation Derek MurrayGrzegorz MilosSteven Hand.
Security Vulnerabilities in A Virtual Environment
Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.
Protection of Processes Security and privacy of data is challenging currently. Protecting information – Not limited to hardware. – Depends on innovation.
Cloud Computing Lecture 5-6 Muhammad Ahmad Jan.
Vignesh Ravindran Sankarbala Manoharan. Infrastructure As A Service (IAAS) is a model that is used to deliver a platform virtualization environment with.
Challenge and Research in migration. Challenge in VM migration Resource management issues during migration inappropriate access control policies An inappropriate.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
NETWORK SECURITY LAB 1170 REHAB ALFALLAJ CT1406. Introduction There are a number of technologies that exist for the sole purpose of ensuring that the.
Virtual machines image protection in Cloud computing Muhammad Kazim (2011-NUST-MSCCS-23) Thesis Supervisor: Dr. Muhammad Awais Shibli G.E.C Members: Dr.
Computer Science Infrastructure Security for Virtual Cloud Computing Peng Ning 04/08/111BITS/ Financial Services Roundtable Supported by the US National.
Secure Offloading of Legacy IDSes Using Remote VM Introspection in Semi-trusted IaaS Clouds Kenichi Kourai Kazuki Juda Kyushu Institute of Technology.
Clouding with Microsoft Azure
Prof. Jong-Moon Chung’s Lecture Notes at Yonsei University
Md Baitul Al Sadi, Isaac J. Cushman, Lei Chen, Rami J. Haddad
Chapter 6: Securing the Cloud
Introduction to VMware Virtualization
Windows Server 2016 Secure IaaS Microsoft Build /1/2018 4:00 AM
Prepared by: Assistant prof. Aslamzai
Protecting your mobile devices away from virus by a cloud-based approach Wei Wu.
Infrastructure as a Service
Xixu Fu,Kai jun Wu,XiZhang Gong
Virtualization & Security real solutions
Cloud security issues & challenges – public cloud
Cloud Testing Shilpi Chugh.
Dr. John P. Abraham Professor, Computer Engineering UTPA
Healthcare Cloud Security Stack for Microsoft Azure
Virtualization Layer Virtual Hardware Virtual Networking
Outline Virtualization Cloud Computing Microsoft Azure Platform
CompTIA Security+ Study Guide (SY0-501)
Healthcare Cloud Security Stack for Microsoft Azure
SCONE: Secure Linux Containers Environments with Intel SGX
Harrison Howell CSCE 824 Dr. Farkas
Presentation transcript:

Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Security aspects of virtualization in Cloud computing Muhammad Kazim, Rahat Masood, Muhammad Awais Shibli, and Abdul Ghafoor Abbasi

Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Outline Introduction Virtualization in Cloud Security Analysis –Hypervisor –Virtual Machines –Disk Images Conclusion

Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 1. Introduction Cloud computing is becoming popular among IT businesses due to its services being offered at Software, Platform and Infrastructure level. Infrastructure as a Service (IaaS) model offers services such as computing, network, storage and databases via internet.

Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 1. Introduction IaaS is the base of all Cloud services with SaaS and PaaS built upon it.

Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Virtualization in Cloud Computing Virtualization enables a single system to concurrently run multiple isolated virtual machines (VMs), operating systems or multiple instances of a single operating system (OS). Virtualization is benefiting companies by reducing their operating costs and increasing the flexibility of their own infrastructures.

Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 3. Full Virtualization Figure 1: Full virtualization architecture

Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 4. Security Analysis Attacks on various virtualization components. Solutions for security of virtualization components.

Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 5. Hypervisor Hyperjacking: BLUEPILL and SubVir. Virtual Machine Escape attack. Figure 2: VM Escape attacks

Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 5. Hypervisor Hypersafe [Wang:2010] is a system designed to maintain the integrity of Hypervisor. Use techniques to harden the hypervisor security. Properly configure the interaction between guest machines and host.

Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 6. Virtual machines Malicious programs can monitor traffic and tamper the functionality of guest VMs. Attacks through worms, viruses, botnets can be used to exploit the VMs. Examples include Conficker and command and control botnet. Attacker can compromise the integrity and confidentiality of the saved state of guest virtual machine.

Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 6. Virtual machines Security features such as firewall, HIPS, log monitoring must be provided in guest OS. Advanced Cloud Protection System [Flavio:2011] can monitor and protect the integrity of guest OS by periodic monitoring of executable system files. In this way, any suspicious activity can be blocked. Use encryption and hashing of VMs state before saving VM.

Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 7. Disk images VM checkpoint attacks. Old images are vulnerable to zero day attacks. VM image sprawl issue. Attackers can access and recover data from old disks and by unauthorized access to image backup.

Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 7. Disk images J. Wei et al. [Wei:2009] proposed an image management system to manage images in Cloud. Checkpoint attacks can be prevented by encrypting the checkpoints using SPARC [Gofman:2011]. Apply updates and patches to maintain images secure. After VM migration, Cloud admin must ensure that data is removed from old disks.

Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 9. Conclusion The enterprises while shifting to Cloud must deal with security issues related to virtualized environments. An assessment criteria needs to be proposed by which we can analyze the effectiveness of security solutions of virtualization against the specific attacks.

Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 10. References  Shubhashis Sengupta, Vikrant Kaulgud, Vibhu Saujanya Sharma, “Cloud Computing Security - Trends and Research Directions”, IEEE World Congress on Services, Washington, DC, USA,  Jakub Szefer, Ruby B. Lee, “A Case for Hardware Protection of Guest VMs from Compromised Hypervisors in Cloud Computing”, 31st International Conference on Distributed Computing Systems Workshops, Washington, DC, USA,  Jinzhu Kong, “Protecting the confidentiality of virtual machines against untrusted host”, International Symposium on Intelligence Information Processing and Trusted Computing, Washington, DC, USA, 2010.

Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 10. References  Wu Zhou, Peng Ning, Xiaolan Zhang, “Always up-to-date: scalable offline patching of VM images in a compute cloud”, Proceedings of the 26 th Annual Computer Security Applications Conference, New York, USA, 2010, pp  Wang, Z., Jiang, X.: Hypersafe: A lightweight approach to provide lifetime hyper- visor control- ow integrity. In: Security and Privacy (SP), 2010 IEEE Symposium on, IEEE (2010).  Mikhail I. Gofman, Ruiqi Luo, Ping Yang, Kartik Gopalan, “SPARC: A security and privacy aware Virtual Machine checkpointing mechanism”, Proceedings of the 10th annual ACM workshop on Privacy in the electronic society, New York, USA, 2011, pp

Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 10. References Dan Pelleg, Muli Ben-Yehuda, Rick Harper, “Vigilant—Out-of-band Detection of Failures in Virtual Machines”, ACM SIGOPS Operating Systems Review, New York, NY, USA, Volume 42 Issue 1, 2008, pp Lombardi, F., Di Pietro, R.: Secure virtualization for cloud computing. Journal of Network and Computer Applications 34(4) (2011) Koichi Onone, Yoshihiro Oyama, Akinori Yonezawa, “Control of System Calls from Outside of Virtual Machines”, Proceedings of the 2008 ACM symposium on Applied Computing, New York, NY, USA, 2008, pp

Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.