security for virtualized distributed systems
play

Security for Virtualized Distributed Systems Thse soutenue le 3 - PowerPoint PPT Presentation

From Modelization to Deployment . Arnaud Lefray Workshop SEC2 - 4 Juillet 2016 Qirinus - Inria Sous la direction de : Ralise dans les quipes : Eddy Caron, Avalon - LIP - ENS Lyon Christian Toinard, SDS - LIFO - INSA CVL Jonathan


  1. From Modelization to Deployment . Arnaud Lefray Workshop SEC2 - 4 Juillet 2016 Qirinus - Inria Sous la direction de : Réalisée dans les équipes : Eddy Caron, Avalon - LIP - ENS Lyon Christian Toinard, SDS - LIFO - INSA CVL Jonathan Rouzaud-Cornabas Security for Virtualized Distributed Systems Thèse soutenue le 3 Novembre 2015

  2. . Context

  3. Hacker profile: 15 years old irish teen. Consequences: 10% share value drop. Previous breach: August 2015 TalkTalk: a Cloud provider for businesses . 2/45 A data breach story ▶ Date: October 21st. 2015 ▶ Nb stolen records: 4 million ▶ Data types: ▶ personal infos (names, addresses, dates of birth) ▶ contact infos (email addresses, phone numbers) ▶ financial infos (credit card, bank details)

  4. TalkTalk: a Cloud provider for businesses . 2/45 A data breach story ▶ Date: October 21st. 2015 ▶ Nb stolen records: 4 million ▶ Data types: ▶ personal infos (names, addresses, dates of birth) ▶ contact infos (email addresses, phone numbers) ▶ financial infos (credit card, bank details) ▶ Hacker profile: 15 years old irish teen. ▶ Consequences: 10% share value drop. ▶ Previous breach: August 2015

  5. 2/45 . A data breach story ▶ Date: October 21st. 2015 ▶ Nb stolen records: 4 million ▶ Data types: ▶ personal infos (names, addresses, dates of birth) ▶ contact infos (email addresses, phone numbers) ▶ financial infos (credit card, bank details) ▶ Hacker profile: 15 years old irish teen. ▶ Consequences: 10% share value drop. ▶ Previous breach: August 2015 TalkTalk: a Cloud provider for businesses

  6. 2015 Average cost per breach: $3.79 million . 2015 Average cost per stolen record: $154 3/45 Growing security breaches

  7. . 2015 Average cost per stolen record: $154 3/45 Growing security breaches 2015 Average cost per breach: $3.79 million

  8. Cloud model 93% of organizations are running/experimenting Cloud. [RightScale2015] . Data and services hosted on-premise 1 resources/services provider for multiple clients Economical benefits Automatic management Loss of control Security complexification 4/45 From on-premise to Cloud Traditional model

  9. . Data and services hosted on-premise 1 resources/services provider for multiple clients 4/45 From on-premise to Cloud Traditional model Cloud model 93% of organizations are running/experimenting Cloud. [RightScale2015] ▶ Economical benefits ▶ Loss of control ▶ Automatic management ▶ Security complexification

  10. Key technology: Virtualization . Infinite resources Pay per use Multitenant provisioning Virtual resources sharing real resources 5/45 Cloud and Virtualization Cloud Characteristics ▶ On-demand resources

  11. Key technology: Virtualization . Pay per use Multitenant provisioning Virtual resources sharing real resources 5/45 Cloud and Virtualization Cloud Characteristics ▶ On-demand resources ▶ Infinite resources

  12. Key technology: Virtualization Multitenant provisioning . Virtual resources sharing real resources 5/45 Cloud and Virtualization Cloud Characteristics ▶ Pay per use ▶ On-demand resources ▶ Infinite resources

  13. Key technology: Virtualization . Virtual resources sharing real resources 5/45 Cloud and Virtualization Cloud Characteristics ▶ Pay per use ▶ On-demand resources ▶ Multitenant provisioning ▶ Infinite resources

  14. Virtual resources sharing real resources . 5/45 Cloud and Virtualization Cloud Characteristics ▶ Pay per use ▶ On-demand resources ▶ Multitenant provisioning ▶ Infinite resources Key technology: Virtualization

  15. Cloud model Threats 6/45 Multitenancy An IT managing security “by hand” (configuration, etc.) Internal External Currently, same as traditional . Security Issues Traditional model Threats Problems ▶ External ▶ Oversight ▶ Lack of expertise ▶ Misconfiguration

  16. 6/45 . Multitenancy An IT managing security “by hand” (configuration, etc.) Currently, same as traditional Security Issues Traditional model Threats Problems ▶ External ▶ Oversight ▶ Lack of expertise ▶ Misconfiguration Cloud model Threats ▶ External ▶ Internal

  17. . Virtualized Distributed Systems 7/45 What to Secure? ▶ Data ▶ Processes/Services ▶ VM ▶ Network The vast majority of applications are distributed systems

  18. Proposition: Automatic security enforcement . distributed systems? User-centric approach Bridge the gap between the user’s security specification skills and complex configurations of security mechanisms. Distributed security with heterogeneous mechanisms 8/45 Cloud Security: Problem Problem How to provide a trusted end-to-end security of virtualized ▶ Transversal: secure from endpoints to services ▶ In-depth: secure all layers ▶ Temporal: secure whole lifecycle

  19. . distributed systems? skills and complex configurations of security mechanisms. 8/45 Cloud Security: Problem Problem How to provide a trusted end-to-end security of virtualized ▶ Transversal: secure from endpoints to services ▶ In-depth: secure all layers ▶ Temporal: secure whole lifecycle Proposition: Automatic security enforcement ▶ User-centric approach ▶ Bridge the gap between the user’s security specification ▶ Distributed security with heterogeneous mechanisms

  20. . 17 partners from 4 countries. From Apr. 2012 to Feb. 2015. . 9/45 The Seed4C Celtic+ European Project France Finland Spain South Korea

  21. . 17 partners from 4 countries. From Apr. 2012 to Feb. 2015. . 9/45 The Seed4C Celtic+ European Project France Finland Spain South Korea

  22. . Build a secure Cloud with cooperative points of enforcement. 10/45 The Seed4C Celtic+ European Project – Logical Architecture Idea

  23. . . 11/45 My Thesis: From Modelization To Deployment

  24. . Contributions

  25. . . 13/45 My Thesis – Modelization

  26. What? 3D Printer . 14/45 Modelization - Why and What? Why? ▶ To apply algorithms ( e.g., verification) ▶ To automate security configuration ▶ To automate application deployment

  27. 3D Printer . 14/45 Modelization - Why and What? Why? ▶ To apply algorithms ( e.g., verification) ▶ To automate security configuration ▶ To automate application deployment What?

  28. Security Policy What it means to be secure. Defined by security properties Security Properties . Confidentiality: Absence of unauthorized disclosure Integrity: Absence of unauthorized alteration Isolation: Confidentiality + Integrity Availability: Absence of denial of use 15/45 What is Security?

  29. . 15/45 What is Security? Security Policy What it means to be secure. Defined by security properties Security Properties ▶ Confidentiality: Absence of unauthorized disclosure ▶ Integrity: Absence of unauthorized alteration ▶ Isolation: Confidentiality + Integrity ▶ Availability: Absence of denial of use

  30. Access Control Information Flow Control A. Yes, access is granted. A. Depends on previous flows. information but not its propagation . . Explicit perms., implicit flows Implicit perms., explicit flows Access Control checks place restrictions on the release of 16/45 What Security Model? Q. Can I read document File?

  31. Information Flow Control A. Depends on previous flows. information but not its propagation . . Explicit perms., implicit flows Implicit perms., explicit flows Access Control checks place restrictions on the release of 16/45 What Security Model? Q. Can I read document File? Access Control A. Yes, access is granted.

  32. . Explicit perms., implicit flows Implicit perms., explicit flows Access Control checks place restrictions on the release of 16/45 What Security Model? Q. Can I read document File? Access Control Information Flow Control A. Yes, access is granted. A. Depends on previous flows. information but not its propagation .

  33. . properties) process-integration, etc.) 17/45 Model-driven Security - Lack of suitable models Existing models – Nguyen et al. [APSEC2013] ▶ Specific isolated security concerns (Not all security ▶ Lack of formality ▶ Incomplete integrated approach (automation, Problem No Models for Information Flow Properties on Virtualized Distributed Systems

  34. . A unified security-aware metamodel: Sam4C 18/45 Sam4C - Security Aware Models for Clouds Solution

  35. . Reducing complex programming tasks by: 19/45 Unified Model – Metamodelisation Metamodel (Model of models) ▶ abstracting system-specific constraints ▶ providing automatic transformation

  36. . . 20/45 UseCase: Airport Management ▶ Industrial UseCase (Ikusi Company) ▶ n -tier application (Standard for building enterprise software)

  37. . Client VM Domain (Madrid) AppDomain (System): Service (SSH) – Data (Logs) 21/45 Application Model Entities

  38. VNet (Intranet) . Composition VM and AppDom 22/45 Application Model Entities (cont’d)

  39. 23/45 . UseCase: Application Model

  40. . the Musik MAD service . from any other tenant in the hosting virtualized infrastructure. 24/45 UseCase – Security Constraints 70 properties for the AirportContentManager UseCase. Integrity Property Musik MAD application logs can only be modified by Isolation Property The whole AirportContentManager framework is isolated

Recommend


More recommend