SilverLine: Data and Network Isolation for Cloud Services Yogesh Mundada Anirudh Ramachandran Nick Feamster 1
Cloud Computing Advantages • Reduced operational costs • Reduced management overhead • Easier resources scaling • Lowers the barrier to entry for new services Cloud revenue for 2010 was $68 billion. Estimated revenue for 2014 is $150 billion. 2
Recent Cloud Data Leak Incidents • Microsoft BPOS cloud service data breach (Dec 2010) • Heroku cloud application platform vulnerability (Jan 2011) • Dropbox hash-tag security flaw (May 2011) Occurrences such as these make adoption of the cloud harder 3
Top Cloud Computing Threats • Shared resources – Heroku • Data loss and leakage – Microsoft BPOS – Dropbox 4
SilverLine Solution: Isolation Problem Attack Solution Service exploit, SilverLine’s Operating Information Flow Data Loss environment Tracking and Control exploit, Misconfigurations Gain more SilverLine’s information about obfuscation of the environment network metrics to Network Side-Channels through namespace, reduce the RTT and hop-count information entropy. study 5
SilverLine Data Isolation • Information Flow Tracking – Add taints or labels to data – Track the taints – System Call Hooks • Components of the system – Tracker: Initialize and track taints, on end hosts – Enforcer: Stop unauthorized data flow, in the network 6
Example Setting SilverLine Storage service With automatically created labels for each database record 7
Example Setting Alex’s records are Labeled with a taint ‘A’ 8
Example Setting VM instance that runs application logic 9
Example Setting Custom LOGIN module & Declassifier 10
Example Setting Network Level Enforcer in Dom0 11
Normal User’s Interaction A1. Login & “Get My Balance” A3. Start Worker A4. Get Process Alex’s Balance A6. A2. Authen- Alex’s Labeled ticate Worker Replies Alex to Process A5. Ans = Declassifier $100, Label=‘A’ A7. Alex’s Replies pass A8. Reply = $100 12
An Attacker’s Interaction B1. Login, SQL exploit to get Bob & Alex’s Balance B3. Start B4. Get Worker Bob & process Alex’s Balance Bob’s B2. Authen- Worker ticate Process B5. Ans= Bob ($10, $100 ) B6. Label=‘B, A ’ Labeled replies B7. Bob’s Replies are blocked 13
SilverLine Configuration • Labeling Service – Specify Taint Creation Policy when query := “INSERT” and table := “USERS”: Generate a new label; add it to the DB record • Custom Login module – Provided by each tenant – Authorizes legitimate users 14
SilverLine Solution: Isolation Problem Attack Solution Service exploit, SilverLine’s Operating Information Flow Data Loss environment exploit, Tracking and Control Misconfigurations Gain more SilverLine’s information about obfuscation of Network the environment network metrics to Side-Channels through namespace, reduce the RTT and hop-count information entropy. study 15
SilverLine Network Isolation • IP address obfuscation – Actual Internal IP to Pseudo IP – OpenFlow protocol Actual IP Pseudo IP • Entirely in the software a.b.c.d w.x.y.z • Minimal changes --------- --------- Centralized VM1 VM2 VM3 Controller Local Click Software Router Controller with OpenFlowClick 16
SilverLine Network Isolation • Normalize network metrics – Realistic RTTs between instances – Minimal threshold on hop counts – Modified openflow module for per packet decision Delay Queue to simulate realistic delays From Internal between virtual machines Virtual Machines To Internal vitf0 vitf0 Virtual Machines vitf1 vitf1 OpenFlowClick Element From External Virtual Machines To External eth0 eth0 Virtual Machines 17
SilverLine Summary • Data Isolation: Information Flow Tracking • Network Isolation: Reducing the entropy of the network side-channels Future Work • Measure the taint leakage • Fine grained tainting in a VMM 18
Questions B1. Login, SQL exploit to get Bob & Alex’s Balance B3. Start B4. Get Worker Bob & process Alex’s Balance Bob’s B2. Authen- Worker ticate Process B5. Ans= Bob ($10, $100 ) B6. Label=‘B, A ’ Labeled replies B7. Bob’s Replies are blocked 19
Recommend
More recommend