secure remote management with virtualization daniel p
play

Secure remote management with virtualization Daniel P. Berrang - PowerPoint PPT Presentation

Sep 01, 2022 •494 likes •608 views

Secure remote management with virtualization Daniel P. Berrang <berrange@redhat.com> libvirt: Background API for management of hypervisors Community (Red Hat, Fujitsu, Bull) Isolates apps from HV specific APIs Driver

  1. Secure remote management with virtualization Daniel P. Berrangé <berrange@redhat.com>

  2. libvirt: Background ● API for management of hypervisors ● Community (Red Hat, Fujitsu, Bull) ● Isolates apps from HV specific APIs ● Driver support for Xen, QEMU, KVM ● C, Python, Perl, shell APIs ( virsh )

  3. libvirt: Local Architecture

  4. libvirt: Remote Management ● Local management unchanged ● Driver talks to remote libvirtd server ● XDR messaging protocol (rfc 1832) ● Layered over TLS 1.1 or tunnel SSH ● x509 certificate authentication ● Role based MAC with SELinux

  5. libvirt: Remote Architecture

  6. libvirt: Host Capabilities ● Supported architectures: x86, ppc, sparc ● Supported virt types: Xen, KVM, QEMU, KQEMU ● Supported OS types: Xen PV, HVM ● CPU capabilities: SVM, VMX, PAE

  7. libvirt: Network Management ● Shared physical device / virtual network ● APIs to define virtual networks ● dnsmasq provides DHCP + DNS ● Isolated or NAT forwarding (iptables) ● Solve NetworkManager/Laptop case

  8. libvirt: Storage Management ● Storage pool of file, partition, or lvm ● Enumeration volumes in pool ● Allocate virtual disks from pool ● Verify availability for migration ● POSIX (file), GpartD (partition), ??? (lvm)

  9. libvirt: Graphics Console ● Xen, QEMU, KVM provide VNC server ● VNC unencrypted traffic, 'trivial' auth ● Goal for parity auth scheme with libvirt ● VeNCrypt extension adds TLS + x509 ● Port PV daemon to use QEMU VNC code ● GTK-VNC client supports VeNCrypt

  10. libvirt: Text Console ● Xen, QEMU, KVM provide Pseudo-TTY ● Restricted to root on local machine ● QEMU provides UNIX/TCP socket access ● Goal for parity auth scheme with libvirt ● Existing tool ? Tunnel VNC / libvirt ?

  11. http://libvirt.org/

Recommend

Virtualization Virtualization Memory virtualization Process feels like it has its own

Virtualization Virtualization Memory virtualization Process feels like it has its own

4/25/08 Virtualization Virtualization Memory virtualization Process feels like it has its own address space Created by MMU, configured by OS Storage virtualization Logical view of disks connected to a machine External

441 views • 8 slides
SVLAN: Secure &amp; Scalable Network Virtualization Jonghoon Kwon, Taeho Lee, Claude Hhni,

SVLAN: Secure &amp; Scalable Network Virtualization Jonghoon Kwon, Taeho Lee, Claude Hhni,

SVLAN: Secure &amp; Scalable Network Virtualization Jonghoon Kwon, Taeho Lee, Claude Hhni, Adrian Perrig ETH Zrich, Network Security Group Jonghoon Kwon, Ph.D | | 25.02.2020 1 Current Inter-domain Network Virtualization: VLAN PM PM PM

679 views • 29 slides
Virtualization and memory hierarchy Computer Architecture J. Daniel Garca Snchez

Virtualization and memory hierarchy Computer Architecture J. Daniel Garca Snchez

Virtualization and memory hierarchy Virtualization and memory hierarchy Computer Architecture J. Daniel Garca Snchez (coordinator) David Expsito Singh Francisco Javier Garca Blas ARCOS Group Computer Science and Engineering Department

830 views • 55 slides
Virtualization What is Virtualization? Virtualization is the simulation of the software and/

Virtualization What is Virtualization? Virtualization is the simulation of the software and/

Virtualization What is Virtualization? Virtualization is the simulation of the software and/ or hardware upon which other software runs. This simulated environment is called a virtual machine --Wikipedia 2 Computer Systems Arch.

1.26k views • 26 slides
Building Secure Decentralized Applications the DECENT Way Haofan Zheng Xiaowei Chu University

Building Secure Decentralized Applications the DECENT Way Haofan Zheng Xiaowei Chu University

Building Secure Decentralized Applications the DECENT Way Haofan Zheng Xiaowei Chu University of California, Santa Cruz Owen Arden Remote Attestation A process for the enclave to gain the trust of a remote service, so that the remote

212 views • 18 slides
Toward a Field Study on the Impact of Hacking Competitions on Secure Development Daniel Votipka ,

Toward a Field Study on the Impact of Hacking Competitions on Secure Development Daniel Votipka ,

Toward a Field Study on the Impact of Hacking Competitions on Secure Development Daniel Votipka , Hongyi Hu, Bryan Eastes, and Michelle L. Mazurek 12 Aug 2018 SECURE DEVELOPMENT 2 SECURE DEVELOPMENT 2 SECURE DEVELOPMENT 2 SECURE

565 views • 39 slides
Remote Timing Attacks on TPMs, AKA TPM-Fail Daniel Moghimi About Me Daniel Moghimi

Remote Timing Attacks on TPMs, AKA TPM-Fail Daniel Moghimi About Me Daniel Moghimi

Remote Timing Attacks on TPMs, AKA TPM-Fail Daniel Moghimi About Me Daniel Moghimi @danielmgmi https://moghimi.org Security Researcher PhD Candidate @ WPI Microarchitectural Attacks Side Channels Breaking Crypto

1.2k views • 71 slides
Extremely Secure Communication Daniel Romo - daniel.romao@os3.nl Oil Company Oil Company What

Extremely Secure Communication Daniel Romo - daniel.romao@os3.nl Oil Company Oil Company What

Extremely Secure Communication Daniel Romo - daniel.romao@os3.nl Oil Company Oil Company What (almost) everyone knows: NSA collects traffic Confidential data can be compromised Backdoors in encryption-related software and hardware make it

583 views • 30 slides
Harvesting Logs and Events Using MetaCentrum Virtualization Services Radoslav Bod, Daniel

Harvesting Logs and Events Using MetaCentrum Virtualization Services Radoslav Bod, Daniel

Harvesting Logs and Events Using MetaCentrum Virtualization Services Radoslav Bod, Daniel Kouil CESNET EGI Community Forum, April 2013 Agenda Introduction Collecting logs Log Processing Advanced analysis Resume

601 views • 44 slides
Mikro-SINA Bastei's stacked policies Overlay window management Demo TU Dresden,

Mikro-SINA Bastei's stacked policies Overlay window management Demo TU Dresden,

So far ... Faculty of Computer Science Institute for System Architecture, Operating Systems Group Basics Device Drivers Real time Naming Secure Systems Resource Management Stefan Kalkowski Virtualization / Legacy

347 views • 7 slides
Fast &amp; Secure LTE Connectivity Solutions Fast &amp; Secure LTE Connectivity Solutions Remote

Fast &amp; Secure LTE Connectivity Solutions Fast &amp; Secure LTE Connectivity Solutions Remote

April 29 th Webinar April 29 th Webinar Fast &amp; Secure LTE Connectivity Solutions Fast &amp; Secure LTE Connectivity Solutions Remote Ready, Productively Working From Home Remote Ready, Productively Working From Home Bryan Buckley Director

646 views • 28 slides
AMD Pacifica Virtualization Technology AMD Unveils Virtualization Platform AMD Pacifica

AMD Pacifica Virtualization Technology AMD Unveils Virtualization Platform AMD Pacifica

AMD Pacifica Virtualization Technology AMD Unveils Virtualization Platform AMD Pacifica Tutorial 2 Virtual Machine Approaches Carve a Server into Many Virtual Machines Hosted Hypervisor-based Virtualization Virtualization App App

539 views • 18 slides
Virtualization and SDN Applications 2 Virtualization Network Virtualization Sharing

Virtualization and SDN Applications 2 Virtualization Network Virtualization Sharing

4/1/2013 Virtualization and SDN Applications 2 Virtualization Network Virtualization Sharing physical hardware or software resources by Share physical network resources to form multiple multiple users and/or use cases diverse virtual

511 views • 5 slides
4/22/2009 Virtualization Memory virtualization Process feels like it has its own address

4/22/2009 Virtualization Memory virtualization Process feels like it has its own address

4/22/2009 Virtualization Memory virtualization Process feels like it has its own address space Created by MMU, configured by OS Distributed Systems Storage virtualization Logical view of disks connected to a machine

407 views • 3 slides
Physical Attack Protection with Human-Secure Virtualization in Data Centers Jakub Szefer ,

Physical Attack Protection with Human-Secure Virtualization in Data Centers Jakub Szefer ,

Physical Attack Protection with Human-Secure Virtualization in Data Centers Jakub Szefer , Pramod Jamkhedkar, Yu-Yuan Chen and Ruby B. Lee Princeton University WORCS 2012 July 25, 2012 contact: szefer@princeton.edu Data Centers as

686 views • 36 slides
The Long and Winding Path to Secure Implementation of GlobalPlatform SCP10 Daniel De Almeida

The Long and Winding Path to Secure Implementation of GlobalPlatform SCP10 Daniel De Almeida

The Long and Winding Path to Secure Implementation of GlobalPlatform SCP10 Daniel De Almeida Braga Pierre-Alain Fouque Mohamed Sabt TCHES 2020 1 Overview Context Deterministic RSA Padding Padding Oracle Key Reuse Secure

681 views • 46 slides
Virtualization Capacity Management and Hollywood Charles Johnson Metron-Athene, Inc. August 16,

Virtualization Capacity Management and Hollywood Charles Johnson Metron-Athene, Inc. August 16,

Virtualization Capacity Management and Hollywood Charles Johnson Metron-Athene, Inc. August 16, 2013 Session Number (14079) Insert Custom Session QR if Desired. The Rundown Introduction Hollywood Virtualization

691 views • 36 slides
Virtualization. A dream within a dream Type 1 Virtualization Hypervisor run on bare

Virtualization. A dream within a dream Type 1 Virtualization Hypervisor run on bare

Virtualization. A dream within a dream Type 1 Virtualization Hypervisor run on bare metal. Dedicated virtualization machine. Higher performance. Typical for servers. Type 2 Virtualization Hypervisor sits on

571 views • 17 slides
Virtualization and Containerization What is Virtualization? What is Containerization? What does

Virtualization and Containerization What is Virtualization? What is Containerization? What does

Virtualization and Containerization What is Virtualization? What is Containerization? What does this do for us? Virtual Machines: Terminology Types of Hypervisors VirtualBox and VMWare

2.8k views • 30 slides
Secure Communica-on Protocols Today SSL/TLS Protec-on for web browsing / transac-ons

Secure Communica-on Protocols Today SSL/TLS Protec-on for web browsing / transac-ons

Secure Communica-on Protocols Today SSL/TLS Protec-on for web browsing / transac-ons SSH Secure shell (remote login) IPSec IP Security suite, originally for use with IPv6 SSL/TLS Secure Sockets Layer / Transport Layer

322 views • 18 slides
Virtualization Technology Zhiming Shen Virtualization: rejuvenation 1960s: first track of

Virtualization Technology Zhiming Shen Virtualization: rejuvenation 1960s: first track of

Virtualization Technology Zhiming Shen Virtualization: rejuvenation 1960s: first track of virtualization Time and resource sharing on expensive mainframes IBM VM/370 Late 1970s and early 1980s: became unpopular Cheap

924 views • 34 slides
CCCP: Secure Remote Storage for Computational RFIDs M. Salajegheh, S. Clark , B. Ransford, K. Fu

CCCP: Secure Remote Storage for Computational RFIDs M. Salajegheh, S. Clark , B. Ransford, K. Fu

CCCP: Secure Remote Storage for Computational RFIDs M. Salajegheh, S. Clark , B. Ransford, K. Fu (UMass Amherst) A. Juels (RSA) The Security Division of EMC NSF-627529 Shane Clark, USENIX Security 09 Tuesday, August 18, 2009 RFID tags

750 views • 71 slides
The Long and Winding Path to Secure Implementation of GlobalPlatform SCP10 Daniel De Almeida

The Long and Winding Path to Secure Implementation of GlobalPlatform SCP10 Daniel De Almeida

Context Notation &amp; Reminders Deterministic RSA Padding Padding Oracle on Key Transport Key Reuse Secure Implementation Conclusion The Long and Winding Path to Secure Implementation of GlobalPlatform SCP10 Daniel De Almeida Braga

658 views • 46 slides
CASD-TeraLab Secure Remote Access to Confidential Big Data Alexandre Marty [

CASD-TeraLab Secure Remote Access to Confidential Big Data Alexandre Marty [

1 CASD-TeraLab Secure Remote Access to Confidential Big Data Alexandre Marty [ alexandre.marty@casd.eu ] Outline 2 CASD-TeraLab Use Cases Live Demo The Secure Data Access Centre 3 Data Insertions/extractions are A group of

594 views • 8 slides

More recommend