Presentation is loading. Please wait.

Presentation is loading. Please wait.

 Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS.

Published byMelvyn Flowers Modified over 9 years ago

Similar presentations

Presentation on theme: " Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS."— Presentation transcript:

1  Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS

2 Cloud computing appealing but still concerns  Many companies can reduce costs using CC services  But, customers still concerned about security of data  Data deployed to CC services can leak out 2Nuno Santos, MPI-SWS2009

3 Potential data leakage at the provider site Nuno Santos, MPI-SWS3  Customer pay virtual machine (VM) to compute data  E.g., Amazon EC2  Privileged user with access to VM state can leak data  Accidentally or intentionally Computation & data Customer Provider Privileged User 2009

4 Need solution to secure the computation state  Encryption can secure communications and storage  But, encryption per se is ineffective for computation  Raw data kept in memory during computation  Provider benefits from providing a solution 4Nuno Santos, MPI-SWS2009

5 Trusted Cloud Computing Platform  Goal: Make computation of virtual machines confidential  Deployed by the service provider  Customer can verify that computation is confidential 5Nuno Santos, MPI-SWS2009

6 The threat model: User with root privileges  Providers require staff with privileged access to the system  E.g., maintenance of software and workload  User with full privileges on any machine  Configure, install and run software, remotely reboot  Setup attacks to access VM state 6Nuno Santos, MPI-SWS2009

7 Rely on provider to secure the hardware  Access to hardware can bypass any sw-based protections  E.g., cold boot attacks  Leverage security protections deployed by providers  E.g., physical security perimeter, surveillance  These protections can mitigate hw-based attacks 7Nuno Santos, MPI-SWS2009

8 Model of elastic virtual machine services 8 Service Provider Nodes Cloud Manager Launch & Access VM Nuno Santos, MPI-SWS Customer 2009 Privileged User Access components

9 Trusted computing techniques are a good start  Trusted computing platforms  Remote party can identify the software stack on host  Trusted Platform Module (TPM)  Secure boot  Remote attestation 9 TPM Remote attestation Nuno Santos, MPI-SWS2009 Trusted Computing Platform Trusted Software

10 Our proposal: Trusted Cloud Computing Platform 10 Nodes Cloud Manager TPM Trusted VMM Nuno Santos, MPI-SWS Service Provider 2009 Customer  Trusted VMM  Guarantee that VMs only run on nodes  With trusted VMM  Within security perimeter  Secure launch & migration Launch Migration

11 Issues with current VMMs  No protection from privileged user  E.g., XenAccess  Support operations that export VM state  Migration, suspension, etc.  Large trusted computing base (TCB) 11Nuno Santos, MPI-SWS2009 Node Privileged User …

12 Challenges: Secure memory management  Prevent guest VM inspection & keep TCB small  Provide narrow interface for launching, migration, etc.  Migration ensure destination is trusted  Efficient  Possible research: limit TCB to memory management 12Nuno Santos, MPI-SWS2009 Node Privileged User …

13 Summary: Trusted Cloud Computing Platform  Prevent inspection of computation state at the service provider site  Allows customers to verify that computation is secure  Deployed with cooperation of the cloud provider 13Nuno Santos, MPI-SWS2009

14 Thanks! Questions? Contact: Nuno Santos nuno.santos@mpi-sws.org 14Nuno Santos, MPI-SWS2009

Download ppt " Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS."

Similar presentations

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu www.list.gmu.edu.

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.

Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.
Virtual Machine Technology Dr. Gregor von Laszewski Dr. Lizhe Wang.

Virtual Machine Technology Dr. Gregor von Laszewski Dr. Lizhe Wang.
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
Information Security and Cloud Computing Naresh K. Sehgal, Sohum Sohoni, Ying Xiong, David Fritz, Wira Mulia, and John M. Acken 1 NKS.

Information Security and Cloud Computing Naresh K. Sehgal, Sohum Sohoni, Ying Xiong, David Fritz, Wira Mulia, and John M. Acken 1 NKS.
Accountability in Hosted Virtual Networks Eric Keller, Ruby B. Lee, Jennifer Rexford Princeton University VISA 2009.

Accountability in Hosted Virtual Networks Eric Keller, Ruby B. Lee, Jennifer Rexford Princeton University VISA 2009.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.
An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.

An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.
Virtualization in HPC Minesh Joshi CSC 469 Dr. Box Feb 1, 2012.

Virtualization in HPC Minesh Joshi CSC 469 Dr. Box Feb 1, 2012.
1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.

1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.
Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation Dane Brandon, Hardeep Uppal CSE551 University of Washington.

Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation Dane Brandon, Hardeep Uppal CSE551 University of Washington.
This paper states that one of the major problem to the adoption of cloud computing is that of security.  Existing cloud computing problem or concerns.

This paper states that one of the major problem to the adoption of cloud computing is that of security.  Existing cloud computing problem or concerns.
BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.

BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.
FI-WARE – Future Internet Core Platform FI-WARE Cloud Hosting July 2011 High-level description.

FI-WARE – Future Internet Core Platform FI-WARE Cloud Hosting July 2011 High-level description.
Towards Application Security On Untrusted OS

Towards Application Security On Untrusted OS
Securing Information Transfer in Distributed Computing Environments AbdulRahman A. Namankani.

Securing Information Transfer in Distributed Computing Environments AbdulRahman A. Namankani.
Authors: Thomas Ristenpart, et at.

Authors: Thomas Ristenpart, et at.
Presented by Sujit Tilak. Evolution of Client/Server Architecture Clients & Server on different computer systems Local Area Network for Server and Client.

Presented by Sujit Tilak. Evolution of Client/Server Architecture Clients & Server on different computer systems Local Area Network for Server and Client.

Similar presentations

Ads by Google