Cloud Security Group V for Vendetta Wei Mao, Xiaolong Huang, Han Song 2017524
Cloud Security Group: V for Vendetta Wei Mao, Xiaolong Huang, Han Song 2017.5.24
Outline Cloud environment Security problems in cloud How to protect applications against Hypervisor/OS in cloud Intel SGX, protecting applications against OS SCONE(OSDI'16), using Intel SGX How to protect user data against applications in cloud yoan(OSDI'16), using Nacl (s&P09)and Intel SGX How to verify network security in cloud TenantGuard(NDSS'17), verifying network isolation in cloud
Outline • Cloud environment & Security problems in cloud • How to protect applications against Hypervisor/OS in cloud • Intel SGX, protecting applications against OS • SCONE (OSDI’16), using Intel SGX • How to protect user data against applications in cloud • Ryoan (OSDI’16), using NaCl (S&P’09) and Intel SGX • How to verify network security in cloud • TenantGuard (NDSS’17), verifying network isolation in cloud
Cloud Environment Terminal User Access service jug Personal health data A VM VM VM Deploy service in VM,/ through network 卜 ypervisor Amazon ec2 23andMe Manage platform through network Service Provider Cloud Operator
Cloud Environment Hypervisor VM App VM App VM App Cloud Operator Terminal User Service Provider Deploy service in VM, through network Manage platform, through network Access service, through network 23andMe Amazon EC2 Personal health data
Problems in cloud security Hypervisor protect the cloud platform by virtualization, but who protects VM, A pp, user s data Computing resources are leased from cloud platform not owned by user. Hypervisor/os has absolute privileges of vM, app, data. App tself cannot resist os's attack Hypervisor/OS may not be trustable
Problems in cloud security • Hypervisor protect the cloud platform by virtualization, but who protects VM, App, user’s data ? • Computing resources are leased from cloud platform, not owned by user. • Hypervisor/OS has absolute privileges of VM, app, data. App itself cannot resist OS’s attack • Hypervisor/OS may not be trustable
is hypervisor/OS not trustable Too big TCB(Trusted Computing Base) to be bug-free TCB: the parts that are trusted Process never trust another process, but trusts all its threads OS never trust a process, but trusts hardware Hypervisor never trust a VM, but trust hardware The tcB in cloud is very big, explained later Cloud operators themselves may be potential adversaries
Why is hypervisor/OS not trustable • Too big TCB (Trusted Computing Base) to be bug-free • TCB: the parts that are trusted • Process never trust another process, but trusts all its threads • OS never trust a process, but trusts hardware • Hypervisor never trust a VM, but trust hardware • The TCB in cloud is very big, explained later • Cloud operators themselves may be potential adversaries