security for virtualized distributed systems
play

Security for Virtualized Distributed Systems Thse soutenue le 3 - PowerPoint PPT Presentation

Mar 13, 2023 •541 likes •1.36k views

From Modelization to Deployment . Arnaud Lefray Workshop SEC2 - 4 Juillet 2016 Qirinus - Inria Sous la direction de : Ralise dans les quipes : Eddy Caron, Avalon - LIP - ENS Lyon Christian Toinard, SDS - LIFO - INSA CVL Jonathan

  1. From Modelization to Deployment . Arnaud Lefray Workshop SEC2 - 4 Juillet 2016 Qirinus - Inria Sous la direction de : Réalisée dans les équipes : Eddy Caron, Avalon - LIP - ENS Lyon Christian Toinard, SDS - LIFO - INSA CVL Jonathan Rouzaud-Cornabas Security for Virtualized Distributed Systems Thèse soutenue le 3 Novembre 2015

  2. . Context

  3. Hacker profile: 15 years old irish teen. Consequences: 10% share value drop. Previous breach: August 2015 TalkTalk: a Cloud provider for businesses . 2/45 A data breach story ▶ Date: October 21st. 2015 ▶ Nb stolen records: 4 million ▶ Data types: ▶ personal infos (names, addresses, dates of birth) ▶ contact infos (email addresses, phone numbers) ▶ financial infos (credit card, bank details)

  4. TalkTalk: a Cloud provider for businesses . 2/45 A data breach story ▶ Date: October 21st. 2015 ▶ Nb stolen records: 4 million ▶ Data types: ▶ personal infos (names, addresses, dates of birth) ▶ contact infos (email addresses, phone numbers) ▶ financial infos (credit card, bank details) ▶ Hacker profile: 15 years old irish teen. ▶ Consequences: 10% share value drop. ▶ Previous breach: August 2015

  5. 2/45 . A data breach story ▶ Date: October 21st. 2015 ▶ Nb stolen records: 4 million ▶ Data types: ▶ personal infos (names, addresses, dates of birth) ▶ contact infos (email addresses, phone numbers) ▶ financial infos (credit card, bank details) ▶ Hacker profile: 15 years old irish teen. ▶ Consequences: 10% share value drop. ▶ Previous breach: August 2015 TalkTalk: a Cloud provider for businesses

  6. 2015 Average cost per breach: $3.79 million . 2015 Average cost per stolen record: $154 3/45 Growing security breaches

  7. . 2015 Average cost per stolen record: $154 3/45 Growing security breaches 2015 Average cost per breach: $3.79 million

  8. Cloud model 93% of organizations are running/experimenting Cloud. [RightScale2015] . Data and services hosted on-premise 1 resources/services provider for multiple clients Economical benefits Automatic management Loss of control Security complexification 4/45 From on-premise to Cloud Traditional model

  9. . Data and services hosted on-premise 1 resources/services provider for multiple clients 4/45 From on-premise to Cloud Traditional model Cloud model 93% of organizations are running/experimenting Cloud. [RightScale2015] ▶ Economical benefits ▶ Loss of control ▶ Automatic management ▶ Security complexification

  10. Key technology: Virtualization . Infinite resources Pay per use Multitenant provisioning Virtual resources sharing real resources 5/45 Cloud and Virtualization Cloud Characteristics ▶ On-demand resources

  11. Key technology: Virtualization . Pay per use Multitenant provisioning Virtual resources sharing real resources 5/45 Cloud and Virtualization Cloud Characteristics ▶ On-demand resources ▶ Infinite resources

  12. Key technology: Virtualization Multitenant provisioning . Virtual resources sharing real resources 5/45 Cloud and Virtualization Cloud Characteristics ▶ Pay per use ▶ On-demand resources ▶ Infinite resources

  13. Key technology: Virtualization . Virtual resources sharing real resources 5/45 Cloud and Virtualization Cloud Characteristics ▶ Pay per use ▶ On-demand resources ▶ Multitenant provisioning ▶ Infinite resources

  14. Virtual resources sharing real resources . 5/45 Cloud and Virtualization Cloud Characteristics ▶ Pay per use ▶ On-demand resources ▶ Multitenant provisioning ▶ Infinite resources Key technology: Virtualization

  15. Cloud model Threats 6/45 Multitenancy An IT managing security “by hand” (configuration, etc.) Internal External Currently, same as traditional . Security Issues Traditional model Threats Problems ▶ External ▶ Oversight ▶ Lack of expertise ▶ Misconfiguration

  16. 6/45 . Multitenancy An IT managing security “by hand” (configuration, etc.) Currently, same as traditional Security Issues Traditional model Threats Problems ▶ External ▶ Oversight ▶ Lack of expertise ▶ Misconfiguration Cloud model Threats ▶ External ▶ Internal

  17. . Virtualized Distributed Systems 7/45 What to Secure? ▶ Data ▶ Processes/Services ▶ VM ▶ Network The vast majority of applications are distributed systems

  18. Proposition: Automatic security enforcement . distributed systems? User-centric approach Bridge the gap between the user’s security specification skills and complex configurations of security mechanisms. Distributed security with heterogeneous mechanisms 8/45 Cloud Security: Problem Problem How to provide a trusted end-to-end security of virtualized ▶ Transversal: secure from endpoints to services ▶ In-depth: secure all layers ▶ Temporal: secure whole lifecycle

  19. . distributed systems? skills and complex configurations of security mechanisms. 8/45 Cloud Security: Problem Problem How to provide a trusted end-to-end security of virtualized ▶ Transversal: secure from endpoints to services ▶ In-depth: secure all layers ▶ Temporal: secure whole lifecycle Proposition: Automatic security enforcement ▶ User-centric approach ▶ Bridge the gap between the user’s security specification ▶ Distributed security with heterogeneous mechanisms

  20. . 17 partners from 4 countries. From Apr. 2012 to Feb. 2015. . 9/45 The Seed4C Celtic+ European Project France Finland Spain South Korea

  21. . 17 partners from 4 countries. From Apr. 2012 to Feb. 2015. . 9/45 The Seed4C Celtic+ European Project France Finland Spain South Korea

  22. . Build a secure Cloud with cooperative points of enforcement. 10/45 The Seed4C Celtic+ European Project – Logical Architecture Idea

  23. . . 11/45 My Thesis: From Modelization To Deployment

  24. . Contributions

  25. . . 13/45 My Thesis – Modelization

  26. What? 3D Printer . 14/45 Modelization - Why and What? Why? ▶ To apply algorithms ( e.g., verification) ▶ To automate security configuration ▶ To automate application deployment

  27. 3D Printer . 14/45 Modelization - Why and What? Why? ▶ To apply algorithms ( e.g., verification) ▶ To automate security configuration ▶ To automate application deployment What?

  28. Security Policy What it means to be secure. Defined by security properties Security Properties . Confidentiality: Absence of unauthorized disclosure Integrity: Absence of unauthorized alteration Isolation: Confidentiality + Integrity Availability: Absence of denial of use 15/45 What is Security?

  29. . 15/45 What is Security? Security Policy What it means to be secure. Defined by security properties Security Properties ▶ Confidentiality: Absence of unauthorized disclosure ▶ Integrity: Absence of unauthorized alteration ▶ Isolation: Confidentiality + Integrity ▶ Availability: Absence of denial of use

  30. Access Control Information Flow Control A. Yes, access is granted. A. Depends on previous flows. information but not its propagation . . Explicit perms., implicit flows Implicit perms., explicit flows Access Control checks place restrictions on the release of 16/45 What Security Model? Q. Can I read document File?

  31. Information Flow Control A. Depends on previous flows. information but not its propagation . . Explicit perms., implicit flows Implicit perms., explicit flows Access Control checks place restrictions on the release of 16/45 What Security Model? Q. Can I read document File? Access Control A. Yes, access is granted.

  32. . Explicit perms., implicit flows Implicit perms., explicit flows Access Control checks place restrictions on the release of 16/45 What Security Model? Q. Can I read document File? Access Control Information Flow Control A. Yes, access is granted. A. Depends on previous flows. information but not its propagation .

  33. . properties) process-integration, etc.) 17/45 Model-driven Security - Lack of suitable models Existing models – Nguyen et al. [APSEC2013] ▶ Specific isolated security concerns (Not all security ▶ Lack of formality ▶ Incomplete integrated approach (automation, Problem No Models for Information Flow Properties on Virtualized Distributed Systems

  34. . A unified security-aware metamodel: Sam4C 18/45 Sam4C - Security Aware Models for Clouds Solution

  35. . Reducing complex programming tasks by: 19/45 Unified Model – Metamodelisation Metamodel (Model of models) ▶ abstracting system-specific constraints ▶ providing automatic transformation

  36. . . 20/45 UseCase: Airport Management ▶ Industrial UseCase (Ikusi Company) ▶ n -tier application (Standard for building enterprise software)

  37. . Client VM Domain (Madrid) AppDomain (System): Service (SSH) – Data (Logs) 21/45 Application Model Entities

  38. VNet (Intranet) . Composition VM and AppDom 22/45 Application Model Entities (cont’d)

  39. 23/45 . UseCase: Application Model

  40. . the Musik MAD service . from any other tenant in the hosting virtualized infrastructure. 24/45 UseCase – Security Constraints 70 properties for the AirportContentManager UseCase. Integrity Property Musik MAD application logs can only be modified by Isolation Property The whole AirportContentManager framework is isolated

Recommend

Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all

Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all

5/20/2018 Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all key resources are kept inside of the OS protected by hardware (mode, memory management) 13I. Secure sessions processes cannot

129 views • 9 slides
Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems

Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems

5/27/2017 Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems all key resources are kept inside of the OS protected by hardware (mode, memory management) 13I. Secure Sessions processes cannot

253 views • 9 slides
Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in distributed systems arises from the desire to share resources Resources must be protected against unauthorized access, as enemies (attackers)

1.16k views • 67 slides
A-DRM: Architecture-aware Distributed Resource Management of Virtualized

A-DRM: Architecture-aware Distributed Resource Management of Virtualized

A-DRM: Architecture-aware Distributed Resource Management of Virtualized Clusters Hui Wang * , Canturk Isci , Lavanya Subramanian * , Jongmoo Choi #* , Depei Qian , Onur Mutlu * Beihang

707 views • 57 slides
Security in Distributed Systems Introduction Cryptography Authentication Key

Security in Distributed Systems Introduction Cryptography Authentication Key

Security in Distributed Systems Introduction Cryptography Authentication Key exchange Computer Science Lecture 18, page 1 Network Security Intruder may eavesdrop remove, modify, and/or insert messages read and

361 views • 11 slides
The Role of Trust Management in Distributed Systems Security (KeyNote) Darrell Hyatt

The Role of Trust Management in Distributed Systems Security (KeyNote) Darrell Hyatt

The Role of Trust Management in Distributed Systems Security (KeyNote) Darrell Hyatt Introduction For secure distributed systems, ACLs are inadequate Password-based protocols are insecure in a networked environment Centralized

252 views • 12 slides
Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals & Challenges

Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals & Challenges

5/17/2017 Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals & Challenges scalability and performance apps require more resources than one computer has 13B. Distributed Systems: Communication grow

572 views • 7 slides
Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals & Challenges

Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals & Challenges

5/19/2018 Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals & Challenges scalability and performance apps require more resources than one computer has 13B. Distributed Systems: Communication grow

131 views • 9 slides
MILLIONS OF TRANSACTIONS PER SECOND ON A SINGLE MACHINE CASE FOR A VIRTUALIZED DATABASE AND

MILLIONS OF TRANSACTIONS PER SECOND ON A SINGLE MACHINE CASE FOR A VIRTUALIZED DATABASE AND

MILLIONS OF TRANSACTIONS PER SECOND ON A SINGLE MACHINE CASE FOR A VIRTUALIZED DATABASE AND SCALE-IN ROGER JOHANSSON Who am I? Roger Johansson Actor Model, Scalability, Distributed Systems, C#, Senior Solution Architect Starcounter Go,

683 views • 37 slides
Experimental Evaluation of Distributed Middleware with a Virtualized Java Environment Nuno A.

Experimental Evaluation of Distributed Middleware with a Virtualized Java Environment Nuno A.

Experimental Evaluation of Distributed Middleware with a Virtualized Java Environment Nuno A. Carvalho, Joo Bordalo, Filipe Campos and Jos Pereira HASLab / INESC TEC Universidade do Minho MW4SOC11 December 12, 2011 2011 Nuno Alexandre

739 views • 37 slides
Research Interests Distributed algorithms Distributed shared memory systems Distributed

Research Interests Distributed algorithms Distributed shared memory systems Distributed

Privacy & Security in Machine Learning / Optimization Nitin Vaidya University of Illinois at Urbana-Champaign disc.ece.illinois.edu Research Interests Distributed algorithms Distributed shared memory systems Distributed

1.2k views • 70 slides
Distributed Systems Rik Sarkar James Cheney Security Protocols & Case Studies March 17,

Distributed Systems Rik Sarkar James Cheney Security Protocols & Case Studies March 17,

Distributed Systems Rik Sarkar James Cheney Security Protocols & Case Studies March 17, 2014 Recap & outline Security is hard Cryptography is not security No "security through obscurity" Today:

924 views • 39 slides
Distributed Systems 1 Roadmap CPU management Memory management Disk management

Distributed Systems 1 Roadmap CPU management Memory management Disk management

Distributed Systems 1 Roadmap CPU management Memory management Disk management Distributed System Protection & Security Virtual machine 2 Today Distributed systems overview Basic network concepts TCP/IP

316 views • 16 slides
The Intersection of Application and Security Architecture Through the lens of distributed

The Intersection of Application and Security Architecture Through the lens of distributed

The Intersection of Application and Security Architecture Through the lens of distributed systems Walt Williams Who is this bloke? Author of Security for Service Oriented Architecture, CRC press 2014 Director of Information Security,

1.12k views • 55 slides
Distributed Systems Reasons for distributed systems Resource sharing sharing and

Distributed Systems Reasons for distributed systems Resource sharing sharing and

CSC 4103 - Operating Systems Motivation Spring 2007 Distributed system is collection of loosely coupled processors that do not share memory Lecture - XXII interconnected by a communications network Distributed Systems

477 views • 4 slides
1 Multilevel Security Different security levels for resources Important systems A

1 Multilevel Security Different security levels for resources Important systems A

Last time Threats Introduction Threat analysis Policy Introduction to access Specification control matrix Design Implementation Operation and Maintenance 7/10 - 05 Distributed systems - Jonny Pettersson, UmU 1 Security in the

444 views • 13 slides
Distributed Systems Protection & Security Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Distributed Systems Protection & Security Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Distributed Systems Protection & Security Paul Krzyzanowski pxk@cs.rutgers.edu Except as otherwise noted, the content of this presentation is licensed under the Creative Commons Attribution 2.5 License. You need to get into a vault Try

1.35k views • 79 slides
Distributed File Systems Distributed File Systems A distributed file system (DFS) is a

Distributed File Systems Distributed File Systems A distributed file system (DFS) is a

Distributed File Systems Distributed File Systems A distributed file system (DFS) is a distributed Definitions implementation of a classical time-sharing model of a file Distributed system - A number of loosely coupled system. machines

997 views • 8 slides
VIRTUALPOWER: COORDINATED POWER MANAGEMENT IN VIRTUALIZED ENTERPRISE SYSTEMS BY: NATHUJI, RIPAL

VIRTUALPOWER: COORDINATED POWER MANAGEMENT IN VIRTUALIZED ENTERPRISE SYSTEMS BY: NATHUJI, RIPAL

1 VIRTUALPOWER: COORDINATED POWER MANAGEMENT IN VIRTUALIZED ENTERPRISE SYSTEMS BY: NATHUJI, RIPAL AND SCHWAN, KARSTEN, SOSP '07: PROCEEDINGS OF TWENTY-FIRST ACM SIGOPS SYMPOSIUM ON OPERATING SYSTEMS PRINCIPLES STEVENSON, WASHINGTON, 2007

307 views • 17 slides
Introduction to Distributed Systems Material adapted from Distributed Systems: Concepts &

Introduction to Distributed Systems Material adapted from Distributed Systems: Concepts &

Introduction to Distributed Systems Material adapted from Distributed Systems: Concepts & Design , George Coulouris, et al. and Engineering Distributed Objects , Wolfgang Emmerich Outline What is a Distributed System? Examples of

961 views • 36 slides
Introduction to Distributed Systems Material adapted from Distributed Systems: Concepts &

Introduction to Distributed Systems Material adapted from Distributed Systems: Concepts &

Introduction to Distributed Systems Material adapted from Distributed Systems: Concepts & Design , George Coulouris, et al. and Engineering Distributed Objects , Wolfgang Emmerich Outline What is a Distributed System? Examples of

565 views • 18 slides
Distributed Systems of distributed systems Types of Distributed Describe various

Distributed Systems of distributed systems Types of Distributed Describe various

Objectives/Outline (selected topics from chapter 16 & 18) Objectives Outline Provide a high-level overview Introduction Distributed Systems of distributed systems Types of Distributed Describe various methods for

436 views • 9 slides
Coordinating distributed systems Marko Vukoli Distributed Systems and Cloud Computing Previous

Coordinating distributed systems Marko Vukoli Distributed Systems and Cloud Computing Previous

Coordinating distributed systems Marko Vukoli Distributed Systems and Cloud Computing Previous lectures Distributed Storage Systems CAP Theorem Amazon Dynamo Cassandra 2 Today Distributed systems coordination Apache

1.57k views • 62 slides
Kerberos for Distributed Systems Security Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding

Kerberos for Distributed Systems Security Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding

Kerberos for Distributed Systems Security Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding COMP4631 L16 1 Agenda Distributed system security Introduction to Kerberos V4 Kerberos Realms Authentication with Kerberos in Windows NT 5

751 views • 30 slides

More recommend