Virtualization & Cloud Computing
virtualization &cloud computingcs642computer securityadam everspaughace@cs.wisc.edu
todayAnnouncements: HW4 posted yesterdayVirtualizationRandom number generators and reset vulnerabilitiesCloud computing and co-residency
VirtualizationP1Process 1Process 2P2P1OS1HardwareNo dwareType-1 Virtualization(Xen, VMware ESX)Type-1: Hypervisor runs directly on hardwareType-2: Hypervisor runs on host OSP2OS2P1P2HypervisorHost OSHardwareType-2 Virtualization(VMware Workstation,Virtual Box)
VM Use Cases Development and testing (especially when weneed different OSs) Server consolidation Run multiple servers on same hardware: webserver, file server, email servers, Cloud computing: Infrastructure-as-a-Service Sandboxing / containment
Security eType-1 Virtualization(VMware Workstation,Virtual Box) What's the desired security model? Isolation between OS1/OS2 (andprocesses) No access to file system, memorypages No "escape" from process/OS tohypervisor What can go wrong?
Isolation wareType-1 Virtualization(VMware Workstation,Virtual Box) Information leakage side-channel attacks using sharedresources (instruction/memorycaches) Degradation of service Violate performance isolation,OS1 degrades OS2 to get moreCPU time or network bandwidth Other problems?
Virtual Machine Management Snapshots– Volume snapshot / checkpoint persistent storage of VM must boot from storage when resuming snapshot– Full snapshot persistent storage and ephemeral storage (memory,register states, caches, etc.) start/resume in between (essentially) arbitrary instructions VM image is a file that stores a snapshot
Uses for Secure RandomNumbersCryptography Keys Nonces, initial values (IVs), saltsSystem Security TCP Initial Sequence Numbers(ISNs) ASLR Stack Canaries
Where can we get securerandom numbers?Every OS provides a high-quality RNGOSX/Linux:cat /dev/urandom
Operating System Random NumberGeneratorsSystem EventsKeyboard ClicksMouse MovementsHard Disk EventNetwork PacketsOther InterruptsRNGRandom NumbersStatistically UniformHard to predict
Linux RNGLinux /dev/(u)random:SystemEventsInterruptinterrupt eventsPooldisk eventskeyboard eventsmouse eventshardware RNGsRNGRandomPool/dev/randomRandom ic hash
RNG FailuresSystem EventsRNGRandom NumbersRNG FailuresPredictable OutputRepeated OutputOutputs from a small range (not-statistically uniform)Broken Windows RNG: [DGP 2007]Broken Linux RNG: [GPR 2008], [LRSV 2012], [DPRVW 2013], [EZJSR 2014]Factorable RSA Keys: [HDWH 2012]Taiwan National IDs: [BCCHLS 2013]
Virtual Machine SnapshotsdiskSnapshotResumption
Security Problems withVM ResetsVM Reset Vulnerabilities [Ristenpart, Yilek 2010]Use keyAppRead Derives keystarts /dev/urandomInitializationSnapshotUse keyFirefox and Apache reused random values for TLSAttacker can read previous TLS sessions, recover privatekeys from Apache
Linux RNG after VM ResetNot-So-Random Numbers in Virtualized Linux[Everspaugh, et al, 2014]Read RNGdiskSnapshotRead RNGExperiment: Boot VM in Xen or VMware Capture snapshot Resume from snapshot, read from /dev/urandomRepeat: 8 distinct snapshots20 resumptions/snapshot
/dev/urandom outputsafter resumption7/821B8BEE421B8BEE421B8BEE4Linux RNG9D27FB83is not reset 2.Reset 1Reset 2Reset 3
Reset insecurity andapplicationsGenerate RSA key on resumption:openssl genrsa30 snapshots; 2 resets/snapshot (ASLR Off) 27 trials produced identical private keys 3 trials produced unique private keys
Why does this happen?if (entropy estimate 64)if (count 64 orelapsed time 1s )interruptsInterruptPooldisk v/urandomif (entropy estimate 192)Buffering and thresholds prevent new inputsfrom impacting outputsLinux /dev/(u)random
What about other platforms?FreeBSD/dev/random produces identical output streamUp to 100 seconds after resumptionMicrosoft Windows 7Produces repeated outputs indefinitelyrand ET)
Cloud computingCloud providersPopular customersWho can be a customer?We call these "public clouds"
VMsInfrastructure-asa-serviceStorageWeb Cache/TLSTerminationCloud Services
A simplified model of public cloud computingUsers run Virtual Machines (VMs) on cloud provider’s infrastructureUser AOwned/operatedby cloud providervirtual machines (VMs)User Bvirtual machines (VMs)Multitenancy (users share physical resources)Virtual Machine Manager (VMM)manages physical server resources for VMsTo the VM should look like dedicated serverVirtualMachineManager
Trust models in public cloud computingUser AUser BUsers must trust third-party provider tonot spy on running VMs / datasecure infrastructure from external attackerssecure infrastructure from internal attackers
A new threat model:User ABad guyAttacker identifies one or more victims VMs in cloud1) Achieve advantageous placement via launching of VM instances2) Launch attacks using physical proximityExploit VMM vulnerabilityDoSSide-channel attack
Anatomy of attackChecking for co-residencecheck that VM is on same server as target- network-based co-residence checks- efficacy confirmed by covert channelsAchieving co-residencebrute forcing placementinstance flooding after target launchesLocation-based attacksside-channels, DoS, escape-from-VMPlacementvulnerability:attackers canknowinglyachieveco-residencewith target
Cross-VM side channels using CPU cache contentionAttacker VMMainmemoryVictim VMCPU data cache1) Read in a large array (fill CPU cache with attacker data)2) Busy loop (allow victim to run)3) Measure time to read large array (the load measurement)
Cache-based cross-VM load measurement on EC2Running Apache serverRepeated HTTP get requestsPerforms cache load measurements3 pairs of instances, 2 pairs co-resident and 1 not100 cache load measurements during HTTP gets (1024 byte page) and with no HTTP gets[Hey, You, Get Off of my Cloud, 2009, Ristenpart, et al.]
recapVirtualization types, containment problemsLinux RNG and reset vulnerabilitiesCloud computing/ Placement vulnerabilities/ Co-residency detection via side-channels/ Co-location strategies
Linux RNG after VM Reset Experiment: Boot VM in Xen or VMware Capture snapshot Resume from snapshot, read from /dev/urandom Read RNG Snapshot disk Read RNG Repeat: 8 distinct snapshots 20 resumptions/snapshot Not-So-Random Numbers in Vir
Chapter 10 Cloud Computing: A Paradigm Shift 118 119 The Business Values of Cloud Computing Cost savings was the initial selling point of cloud computing. Cloud computing changes the way organisations think about IT costs. Advocates of cloud computing suggest that cloud computing will result in cost savings through
Cloud Computing What is Cloud Computing? Risks of Cloud Computing Practical Applications Benefits of Cloud Computing Adoption Strategies 5 4 3 2 1 Q&A What the Future Holds 7 6 Benefits of Cloud Computing Reduced Cost for Implementation Flexibility Scalability Disaster Relief Multitenancy Virtualization Pay incrementally Automatic Updates
In this section, we give an overview of virtualization and describe virtio, the virtualization standard for I/O devices. In addition, we discuss the state-of-the-art for network I/O virtualization. 2.1 Overview of Virtualization and virtio The virtualization technology is generally classi ed into full-virtualization and paravirtualization.
Cloud Computing J.B.I.E.T Page 5 Computing Paradigm Distinctions . The high-technology community has argued for many years about the precise definitions of centralized computing, parallel computing, distributed computing, and cloud computing. In general, distributed computing is the opposite of centralized computing.
Mobile Cloud Computing Cloud Computing has been identified as the next generation’s computing infrastructure. Cloud Computing allows access to infrastructure, platforms, and software provided by cloud providers at low cost, in an on-demand fashion. Mobile Cloud Computing is introduced as an int
Cloud Computing Takes Virtualization to the Next Step . Virtualization abstracts the underlying physical structure of various technologies. Virtualization, in computing, is the creation of a virtual (rather than actual) version of something, such as a hardware . When It Makes It To Dilbert. 5. VMware Inc.,
Virtualization and Cloud Computing are vast areas of study. Though there are several excellent reference books on these topics, most of them tend to have a narrow focus. In this book, I have tried to compile those Virtualization and Cloud Computing topics which are necessary to gain an
UNIT 5: Securing the Cloud: Cloud Information security fundamentals, Cloud security services, Design principles, Policy Implementation, Cloud Computing Security Challenges, Cloud Computing Security Architecture . Legal issues in cloud Computing. Data Security in Cloud: Business Continuity and Disaster
