Presentation is loading. Please wait.

Presentation is loading. Please wait.

What is needed in the Next Generation Cloud trusted platform?

Published byPedro Valente Modified over 4 years ago

Similar presentations

Presentation on theme: "What is needed in the Next Generation Cloud trusted platform?"— Presentation transcript:

1 What is needed in the Next Generation Cloud trusted platform?
CSV-T10 What is needed in the Next Generation Cloud trusted platform? David B. Cross Director of Cloud Security Google @MrDBCross

2 How Do You Trust a Cloud Platform?
Trust through transparency: Logging, auditing, compliance Automation: Abstraction, detection and remediation Control: Policy, IAM, encryption, 2FA, etc. Defense in Depth: Protection at cloud scale via trusted stack Innovation: Next generation application model Fact: Everyone is moving to the cloud

3 What Comprises a Cloud Trusted Platform?
Think of the cloud platform as a 9 layer stack From Hardware -> Users Each layer is a security layer Trust is built by ensuring you have security in each layer Usage Operations Deployment Application Network Storage OS + IPC Boot Hardware

4 Hardware Layer

5 The Need for a Trusted Hardware Stack
Cloud Attack Surface Controlled design/build of server components Secure microcontroller Firmware and BIOS integrity protection Validated components before loading Monitoring from chip level to the cooling systems Cryptographically authenticated and authorized Trusted hardware Secure boot Monitoring at scale Trusted Supply Chain of Hardware and Software

6 Boot Layer

7 OS Layer: The Risks Without a Hardened Kernel
VM Containment is Mission Critical Reality: VMs should always be viewed as untrusted Boundary between the host kernel and untrusted code running in a VM A separate userspace virtual machine monitor

8 OS Layer: The Risks of Unknown Hardware
Controlled Harware Configurations Unknown hardware configurations The more untrusted software, the risk is exponential Attack is easier through drivers at the OS layer Homogeneous system configurations No legacy hardware or unused devices in cloud datacenter Tightly controlled software driver supply chain

9 OS Layer: Recommended Risk Mitigations
Continuous attack surface reduction. Trim the kernel and hardare drivers to only what is needed Constant fuzzing of all components. Attackers do the same. Extensive kernel address space randomization and code flow integrity All kernel and user mode crashed should be monitored and analyzed. This is how you find the zero days.

10 Application Layer

11 The Cloud Fabric Layer is Evolving
Standard Cloud Fabric Definition: "The loosely coupled storage, networking and parallel processing functions linked by high bandwidth interconnects" Trusted Fabric: All functions and flows are known and validated through policies and monitoring

12 Application Layer: Code Has an Identity
Machine identity Data protection Binary authorization User Identity Machine Identity Code Identity Data Policy Right code running on the right machine authorized by the right identity accessing the right data at the right time

13 Trusted Fabric Recommendations
Code is always tested and reviewed Only execute code with known cryptographic signatures and trusted provenance All jobs and policy changes audited automatically Code and machine identity tightly bound by policy Compartmentalization of code based on its role

14 Despite this Evolution We are Not Secure
Mainframes Virtual Machines Micro- services Servers Containers Multi-tenant systems do not have adequate partitioning of resources The container security ecosystem and isolation is still immature

15 Consider a Sandboxed Application Model
Mainframes Virtual Machines Servers Containers Host kernel syscall are the continued source of big risk Sandboxing the application environment reduces this risk

16 Sandboxed Applications – The Challenges
Privileges More Untrusted app On Premise Datacenter Cloud Compute Privileged instruction isolation Supervisor bit, SMEP VMs, Containers Memory Privileged memory isolation ASLR, SMAP, TrustZone Cloud Storage OS/IO/Disk Machine resource isolation chroot, namespaces, capabilities GCP, AWS IAM, Encryption at rest, user supplied keys File permissions, encryption Less User Data User data isolation

17 Sandboxed Applications - Philosophy
Defense Layers Independent security boundaries Combining diverse technologies in single sandbox No single vulnerability affects all user data

18 Sandboxed Applications - Philosophy
Maintenance Continuous internal and external reviews Assume attackers have all your source code Unit, functional and fuzz testing Continuous integration and deployment of upstream changes

19 Sandboxed Applications - Philosophy
Monitoring Logging at all layers, all the time Central repository and tamper resistance Alerting and incident response processes Incidents are how you improve the system

20 The Continued Application Layer Risks
Protecting secrets is increasingly hard Database credentials Passwords API and OAuth tokens Problem: We all have secrets! SSH keys SSL certs and keys, etc… IP protected algorithms

21 The Next Generation Cloud Application Model
Past Ecosystem Solutions Explored: TPMs were the "hope" for trusted applications Intel TXT and AMD SVM (secure hypervisor launch) also had potential... The Past

22 The Next Generation Cloud Application Model
Looking forward into the future: Secure Isolated Execution Environments (SIEEs) The Potential Solution: Software enclaves with attestation and optional hardware Next generation application containers

23 Next Generation Cloud Apps Using Hardware
The benefits of hardware VM_A VM_B app_z trustlet_y app_x Reduce the Trusted Computing Base to the smallest footprint Protect memory against bus snooping and memory tampering attacks Protect against root-level admins and malicious users Attested and verified bins/libs bins/libs bins/libs guest kernel guest kernel Host OS KVM Hardware/Firmware Shared Volume Storage

24 The Next Generation Cloud Application Model
Emerging industry technologies: Intel SGX hardware enclaves Dedicated HW chip as a root-of-trust Hardware-assisted isolation of code execution Fully attested state (pre-OS, Host OS, VM, and Enclaves) Verifiable by consumers AMD Secure Encrypted Virtualization Encrypted guest memory Restricted key access Potential Future Solutions

25 Deployment Layer

26 Deployment: Strong Multi-Factor Authentication
The boundaries are down and the model is changing 2FA and security keys are here now Session re-use and lack of device binding is the continued risk Advance MFA usage with other policy constraints Secret Protection is Critical Token Reuse Strong Authentication Hardware session binding and enforcement Policy based, unphishable authentication using Security Key

27 Operations Layer

28 Ops Layer: Machine Learning is Not the Only Answer
Two motions must be combined at the ops layer to achieve Defense in Depth: Environment specific endpoint policies Machine learning analysis 1 2 Trusted Machine Trusted Person Untrusted Location Untrusted Time High Risk

29 Apply: Best Practices when Moving to the Cloud
1 2 3 4 Examine the cloud platform security stack in detail from an end to end hardware and software perspective Establish end to end trust capabilities and policies from devices to your data Explore building next generation applications to be to be sandboxed and using hardware isolation Ensure your cloud security policies use both your environment policies with machine learning analysis

Download ppt "What is needed in the Next Generation Cloud trusted platform?"

Similar presentations

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Ljubomir Ivaniš CPU d.o.o.

Ljubomir Ivaniš CPU d.o.o.
Virtualisation From the Bottom Up From storage to application.

Virtualisation From the Bottom Up From storage to application.
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.

1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.
Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.

Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.
Hardware-Rooted Security in Mobile Devices Andrew Regenscheid Lead, Hardware-Rooted Security Computer Security Division.

Hardware-Rooted Security in Mobile Devices Andrew Regenscheid Lead, Hardware-Rooted Security Computer Security Division.
1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.

1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.

Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
Sony White House Anthem Lockheed Aramco Bushehr nuclear reactor NSA Hacked Facebook Hacked Apple,Google,Microsoft,

Sony White House Anthem Lockheed Aramco Bushehr nuclear reactor NSA Hacked Facebook Hacked Apple,Google,Microsoft,
Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,

Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,
BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.

BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.
Virtual Machine approach to Security Gautam Prasad and Sudeep Pradhan 10/05/2010 CS 239 UCLA.

Virtual Machine approach to Security Gautam Prasad and Sudeep Pradhan 10/05/2010 CS 239 UCLA.
Virtualization for Cloud Computing

Virtualization for Cloud Computing

Similar presentations

Ads by Google