Isolation And Integrity Management In Dynamic Virtualized Environments
|
|
- Frank Hodge
- 6 years ago
- Views:
Transcription
1 Isolation And Integrity Management In Dynamic Virtualized Environments Reiner Sailer <> Manager Security Services (GSAL) Team IBM Thomas J Watson Research Center, NY Joint work with: See next slide 2007 IBM Corporation
2 Research Collaborators Stefan Berger Ramon Cáceres (now AT&T) Kenneth Goldman Dimitrios Pendarakis Ronald Perez Eran Rom (HRL) Sivan Tal (HRL) Enriquillo Valdez Mihai Christodorescu Josyula R Rao Reiner Sailer Douglas Lee Schales Wietse Venema Andreas Wespi (ZRL) Diego Zamboni (ZRL) 2005 IBM Corporation 2
3 Virtualization Unleashes Security Value Hosting mission critical applications and sensitive data in highly dynamic virtualized environments itvdc - Infrastructure Security Integrated, policy-driven isolation management for competing data center workloads Continuous audit and compliance guarantees for dynamic cloud environments Systems Systems View View Hypervisor Hypervisor Hypervisor VLAN TVDc TVDc TVDc TVDc View View Prod. admin VLAN VLAN Dev. admin Phantom - Integrated Security Services On-demand network intrusion and host malware prevention for virtualized workloads Transparent, effective and low overhead monitoring of dynamic virtual environments SVM VM VM Hypervisor Hardware VM Building security foundations using isolation and integrity management 2005 IBM Corporation 3
4 High Utilization Benefits Power Consumption Relative Power Consumption: Lowest at High Server Utilization RPC Virtualization 0% 100% 2005 IBM Corporation 4
5 Collocating Customers Raises Isolation Concerns Complication: Moving different customers onto the same platform raises concerns related to their isolation Just pretend I m not here Customer feedback suggests that insufficient isolation can be a disruptive force hindering virtualization 2005 IBM Corporation 5
6 We Must Strengthen Isolation Three-fold! Trusted Virtual Datacenter = Adding controls on data sharing between VMs to improve isolation TVD admin TVD admin + Continuously monitoring isolation mechanisms and protecting integrity + Automating security management to account for increasing dynamics of Cloud Computing 2005 IBM Corporation 6
7 Virtualization-based Security Management Virtual Resources IHS Blue Workload WAS WAS WAS DB2 Green Workload WAS IHS WAS DB2 WAS Physical Resources 2005 IBM Corporation 7
8 Classic Type 1 Hypervisor Application Application Application Application Application Application Application Application Application Virtual Machines Guest Kernel Guest Kernel Guest Kernel Hypervisor Hardware Virtualizes hardware CPU, Memory, and I/O devices 2005 IBM Corporation 8
9 Trusted Virtual Data Center Value Proposition Systems View View TVD TVD View View Hypervisor Hypervisor TVDc Hypervisor Hypervisor 4 6 Radically simplifies security Management Reduces the risk of security exposures through consistent, policy-driven enforcement Leverage virtualization through centralized security services 2005 IBM Corporation 9
10 Isolation and Integrity Management Isolation Services Integrity Services Enforces restrictions on administration and data sharing Who can manage what Which customers can run together How virtual machines can share data Maintains software inventory and acts as early warning system for anomalies What is running in each VM (TC, N/H-IDS) If VMs/Systems are correctly configured If VMs are up-to-date with patches Extrusion/Intrusion Extrusion/Intrusion Protection Protection Malware Malware Prevention Prevention and and Fidelity Fidelity 2005 IBM Corporation 10
11 Security Services in Virtualized Environments Isolation Services Static Integrity Services (Load-time root of trust) Configuration validation Load-time code guarantees Dynamic Integrity Services (Continuous root of trust) Network Intrusion Detection Host Intrusion Detection 2005 IBM Corporation 11
12 Isolation Management Virtual Domain View Holistic workload protection Run-time isolation Isolate VMs of different colors Network isolation Isolate traffic of different colors Storage isolation Isolate storage of different colors Management isolation Separate tenant administrators responsible for different colors 2005 IBM Corporation 12
13 TVDc Centralized Policy-Driven Workload Isolation Three Layers of Workload Isolation Physical Isolation: TVDc System authorization enables flexible partitioning of workloads onto different systems Temporal isolation: TVDc Anticollocation disables selective workloads from running concurrently on the same platform Logical Isolation: TVDc Access control prevents sharing between concurrently executing workloads 1. System Authorization - t 2. Anti-Collocation 3. Controlled Sharing 2005 IBM Corporation 13
14 shype Access Control Architecture (Example: Xen) Application VM Linux Application Xen / shype Hardware Application Hypervisor security hooks Application MS Windows Callbacks Dom0 Secure (Management) Services ACM Flexible framework: Supports Multiple Policies Access Control Module Implements Policy Model Hypervisor Security Hooks mediate inter-vm communication + resource access interact with ACM for access decision Implemented for Xen, PHYP, rhype in various stages 2005 IBM Corporation 14
15 TVDc Centralized Policy-Driven Network isolation Blade 1 Blade 2 VM 1 VM 2 VM VM 3 VM 4 VM 5 VMM X VMM Virtual LAN 1 Virtual LAN 1 Virtual LAN 2 Virtual LAN Label Label VMs VMs + VLANs VLANs VMM VMM enforces: enforces: VMs VMs VLANs VLANs Hardware Hardware VLAN VLAN switch switch enforces: enforces: Blades Blades VLANs VLANs Virtual LAN 1 Virtual LAN 2 Network Switch 2005 IBM Corporation 15
16 Implemented Network Isolation on Xen/sHype Physical Machine dom1 dom0 (Management VM) dom2 eth0 eth0 vif1.0 vif2.0 eth0 vif1.0 vif2.0 eth0 br0.100 eth0 br0.101 peth0.100 peth0 peth0.101 Other Machines/Switches Physical LAN vlan 100 vlan101 VLAN Switch Other Machines/Switches 2005 IBM Corporation 16
17 TVDc Centralized Policy-Driven Storage Isolation Two Layers of TVDc Storage Isolation Physical Isolation: TVDc System authorization enables flexible mapping of storage (Volumes) onto distinct physical systems Logical Isolation: TVDc controls access of concurrently executing workloads to locally virtualized storage - Virtual Block Device (VBD) PI: (B) Dom0 SAN Non-intrusive Storage Access Enforcement Points Policy-driven storage management ensures that storage is only accessible to authorized systems (A) Extensions of the local virtual storage management to mediate VM device access and manage security (B) (A) Storage System 2005 IBM Corporation 17
18 TVDc: Orchestrating Server, Network & Storage Isolation System/Service Management Solutions WAS Data Center Administrator IHS WAS WAS DB2 SVC SVC Blue Trusted Virtual Domain Dom U Dom U Dom U Dom 0 Green Bridge XenAPI Virtual IO Server Mgmt Green Bridge LPAR LPAR LPAR Blue Bridge Blue Bridge Xen/sHype PHYP/sHype System x w. Xen Blue VLAN Blue VLAN System P Green VLAN Green VLAN System x (Xen) System P (PHYP) 2005 IBM Corporation 18
19 Use Cases For Protected Infrastructure VMs Policy and host management: manage TVDc access control policy & virtualization settings Crypto / vtpm server: keep keys and credentials out of Guest-VMs Intrusion Crypto/ Defense vtpm Services Server TVDC Management VM VM VM Supervision/Introspection: monitor and protect Guest VMs from a secure place Hypervisor 2005 IBM Corporation 19
20 Virtualization-based Isolation and Integrity Management Isolation Management Integrity Management Tenant Workloads Infrastructure Tenant Workloads 2005 IBM Corporation 20
21 Guest Guest VM VM Guest Guest VM VM Secure VM VM Hypervisor 2005 IBM Corporation 21
22 Security Services in Virtualized Environments Isolation Services Static Integrity Services (Load-time root of trust) Configuration validation Load-time code guarantees Dynamic Integrity Services (Continuous root of trust) Network Intrusion Detection Host Intrusion Detection 2005 IBM Corporation 22
23 Wanted: Structure and Trusted Foundations! Status quo approach to IT and business security is too complex, not measurable, does not scale I. Virtualization: brings ORDER II. Trusted Computing: Creates foundation Lack of robust trusted foundation erodes security 2005 IBM Corporation 23
24 How Trusted Computing Fits In absolutely secure 10 8 $ Physically controlled room, usually closed run-time environment, information flows sanitized manually across isolation boundaries Secure coprocessors, physical protection, largely closed environment, signed executables, active device, usually server side add-on Trusted Platform Module, protected from software, open environment, passive, suitable for client side Hope for the best secure 10 4 $ trusted 10 0 $ hope for the best 2005 IBM Corporation 24
25 Trusted Computing Integrity Measurement Architecture Attesting System Measurements Verifying System Deduce System Properties Data Config data Boot- Process TCG Grub Kernel Real System Program IMA Kernel module SHA1(Boot Process) SHA1(Kernel) SHA1(Kernel Modules) SHA1(Program) SHA1(Libraries) SHA1(Configurations) SHA1(Structured data) TPM-Signed PCR Integrity Value Analysis Inferred System Known Fingerprints (1) Measurement (2) Attestation (3) Verification 2005 IBM Corporation 25
26 Remote Attestation Prototype 2. Receive: Sig(Nonce, PCR) Measurement List 3. Check: Signature Nonce 4. Validate: PCR Value 1. Submit Request and Nonce 5. Evaluate: Individual Measurements 6. Infer: High-Level System Properties 2005 IBM Corporation 26
27 VMM Integrity Verification Example (Xen) VMM VMM Measurement Measurement List List Fingerprint Fingerprint DB DB ===============================================+============================ ===============================================+============================ #000: #000: BC55F0AFE013C3402F00E0AA11EE6CFAA2B4D2AB BC55F0AFE013C3402F00E0AA11EE6CFAA2B4D2AB aggregate aggregate (bios (bios + + grub grub stages) stages) #001: #001: A8A865C7203F2565DDEB511480B0A2289F7D035B A8A865C7203F2565DDEB511480B0A2289F7D035B grub.conf grub.conf (boot (boot configuration) configuration) #002: #002: 1238AD50C652C88D139EA2E9987D06A99A2A22D1 1238AD50C652C88D139EA2E9987D06A99A2A22D1 xen.gz xen.gz #003: #003: 84ABD CA4A448E0D2C9364B4E1725BDA4F 84ABD CA4A448E0D2C9364B4E1725BDA4F isolation_policy.bin isolation_policy.bin #004: #004: 9ECF02F90A2EE2080D DE47968C8A1BE3D 9ECF02F90A2EE2080D DE47968C8A1BE3D linux xen linux xen Hypervisor #317: #317: BC55F0AFE013C3402F00E0AA11EE6CFAA2B4D2AB BC55F0AFE013C3402F00E0AA11EE6CFAA2B4D2AB /bin/login /bin/login #318: #318: A8A865C7203F2565DDEB511480B0A2289F7D035B A8A865C7203F2565DDEB511480B0A2289F7D035B /usr/bin/httpd /usr/bin/httpd #319: #319: 1238AD50C652C88D139EA2E9987D06A99A2A22D1 1238AD50C652C88D139EA2E9987D06A99A2A22D1 /usr/bin/java /usr/bin/java #320: #320: 84ABD CA4A448E0D2C9364B4E1725BDA4F 84ABD CA4A448E0D2C9364B4E1725BDA4F /usr/bin/sshd /usr/bin/sshd #321: #321: 9ECF02F90A2EE2080D DE47968C8A1BE3D 9ECF02F90A2EE2080D DE47968C8A1BE3D /usr/bin/python /usr/bin/python Hypervisor Secure Secure VM VM Known Fingerprints = Acceptable + Malicious + Out of Policy 2005 IBM Corporation 27
28 Virtual TPMs Enable VM Integrity Attestation Support current IMA via vtpms (flexible, scalable) IMA-enabled Application Application IMA-enabled Application Application Application IMA-enabled Application Application Application Application Policy Manager Virtual TPMs Measure HW, hypervisor, and critical services IMA-enabled Guest Kernel OS IMA-enabled Guest Kernel OS ACM Secure Hypervisor Core Root of Trust Hardware 2005 IBM Corporation 28
29 Security Services in Virtualized Environments Isolation Services Static Integrity Services (Load-time root of trust) Configuration validation Load-time code guarantees Dynamic Integrity Services (Continuous root of trust) Network Intrusion Detection Host Intrusion Detection 2005 IBM Corporation 29
30 Weinberg s Second Law of Programming If builders built buildings the way programmers write programs, the first woodpecker to come along would destroy civilization IBM Corporation 30
31 X-Force 2008 Trend Statistics Conclusions the following [malware] behaviors are included in the top ten list: Hides a file from folder listings by setting the hidden file attribute Injects code into processes Disables security software one of the most common actions malware takes upon installation is an attempt to evade detection Public exploits Same day exploits 2005 IBM Corporation 31
32 Virtualization: On-Demand, Centralized Security Services Virtualization enables on-demand, centralized services Selective network intrusion and host malware protection delivered on-demand with Virtual Machine/Guest granularity Consolidation of security services into a single enforcement point Centralized protection using a Security-VM (SVM) means Non-bypass, highly effective security functionality in Ring 0 Efficient amortization of fixed security cost across workloads Reduction of security sprawl across virtual infrastructures Simplified management of security updates Minimal or no per-os footprint SVM VM VM VM Hypervisor Hardware 2005 IBM Corporation 32
33 Usage Case: Intrusion Prevention System (IPS) Summary Security virtual machine (SVM) provides analysis of all virtual network traffic using intrusion prevention system Integrated Security VM Guest VM Attack VM Detail Attacker sends network exploit Attack is routed to Guest VM SVM monitors network traffic Detects attack via IPS system Attack Prevented! Disables or firewalls Attack VM Security Services Hypervisor Hardware vswitch 2005 IBM Corporation 33
34 Usage Case: Anti-Rootkit System (ARKS) Summary Security virtual machine (SVM) uses virtual machine introspection to monitor critical OS data structures for changes made by rootkits and other types of malware Integrated Security VM Guest VM OS Data Security Services Detail Rootkit strikes Attempts to hide itself SVM detects OS tampering Attack Prevented! Performs clean-up of rootkit Hypervisor Hardware 2005 IBM Corporation 34
35 CPU & Memory Introspection Types I Passive Introspection Non-intrusive reading of Guest memory Limited by Data consistency (guest is running) Polling interval could miss manipulations in guest memory Restricted to detection (no rollback) SVM Security Agent Read Memory (Polling) VMM / Hypervisor Guest VM 2005 IBM Corporation 35
36 CPU & Memory Introspection Types II Trigger-based Introspection (e.g., Anti-Rootkit) available triggers: memory page execute, write, read Limited by: overhead reading guest pages VM-VM event overhead Security Agent 2. Response 1. Events VMM / Hypervisor Guest VM In-guest Security Agent (e.g., Anti-Virus) Minimize useless events Create new or semantically richer events Protect context agent Security Agent 2. Response 1. Events VMM / Hypervisor Guest VM Context Agent 2005 IBM Corporation 36
37 The Semantic Gap From OS to Physical Semantics r/w/x OS Semantics OS / Process Structures Set Trigger Gap Guest virtual memory Trigger Guest physical memory Introspection Event Phys Page Semantics 2005 IBM Corporation 37
38 Rootkit Protection System Rootkits in action User space: Exploit the way in Create persistent trap doors Kernel space: Manipulate data/code to hide from HIDS, AV, etc. Tap into control flow Rootkit detection/prevention Introspect Guest Kernel space: Security Agent: Detect / prevent changes to critical kernel data structures ( anti-stealth ) Instrument Guest User Space: Existing HIDS, AV: Undo visible user space changes Rootkit Detector SA Secure VM Protected Guest VM Hypervisor Introspection Kernel 2005 IBM Corporation 38
39 IBM T. J. Watson Research Center Rootkit Demo Setup SVM SVM Guest Guest Anomaly Detected * DS change reverted (QuerySystemInformation) Lo ck ar t S Rootkit strikes * installs backdoor * hides by rewriting DS M V t DS Written Reset DS Do wn DS DS Introspection Hypervisor Guest Physical Memory 2005 IBM Corporation 39
40 Great Opportunities in Overcoming the Challenges Opportunities Through Centralized Security Services Marginal additional security cost per protected Guest (utilization, maintenance, OS support, ) Protected Security Agent run-time environment Reclaiming Ring-0 against Guest-VM rootkits and other malware Differentiation through correlating events across data center e.g., Cloud-Antivirus, Cloud-IMA: Check once, run everywhere Challenges Performance of SVM/out-of-guest event processing (trigger precision/overhead) Semantics of the introspection interface (OS dependencies finding trigger targets) VMM integrity (see BH08 and ISS: more than 150 VMM vulnerabilities since 1999) ISS X-Force IBM Corporation 40
41 Summary Need for Virtualization is driven by energy saving potential Introduces need for isolating collocated customers TVDc isolation management can mitigate the risk of collocating customers in dynamic virtualized data centers Introduces need for integrity management Integrity management in virtualized environments poses significant challenges, many of which can be addressed Run-time Integrity Attestation (Trusted Computing) Malware Protection Services (Virtual Introspection) # 2005 IBM Corporation 41
42 References and Related Work TVDc: Managing Security in the Trusted Virtual Datacenter. Stefan Berger, Ramón Cáceres, Dimitrios Pendarakis, Ronald Perez, Reiner Sailer, Wayne Schildhauer, Deepa Srinivasan, Enriquillo Valdez. ACM SIGOPS Operating Systems Review, Vol 42, Issue 1, January Retrofitting the IBM POWER Hypervisor to Support Mandatory Access Control. Enriquillo Valdez, Reiner Sailer, Ronald Perez. 23rd Annual Computer Security Applications Conference (ACSAC), Florida, December Capability based Secure Access Control to Networked Storage Devices. Michael Factor, Dalit Naor, Eran Rom, Julian Satran, Sivan Tal. Mass Storage Systems and Technologies, MSST th IEEE Conference on Volume, Issue, Sept Page(s): Shamon -- A System for Distributed Mandatory Access Control. Jonathan M McCune, Stefan Berger, Ramón Cáceres, Trent Jaeger, Reiner Sailer. 22nd Annual Computer Security Applications Conference (ACSAC), Miami Beach, Florida, December 2006 vtpm: Virtualizing the Trusted Platform Module. Stefan Berger, Ramón Cáceres, Kenneth Goldman, Ronald Perez, Reiner Sailer, Leendert van Doorn. 15th USENIX Security Symposium, Vancouver, Canada, July Building a MAC-based Security Architecture for the Xen Opensource Hypervisor. Reiner Sailer, Trent Jaeger, Enriquillo Valdez, Ramón Cáceres, Ronald Perez, Stefan Berger, John Griffin, Leendert van Doorn. 21st Annual Computer Security Applications Conference (ACSAC), Tucson, Arizona, December Design and Implementation of a TCG-based Integrity Measurement Architecture. Reiner Sailer, Xiaolan Zhang, Trent Jaeger, Leendert van Doorn.13th Usenix Security Symposium, San Diego, California, August, In the interest of space, please refer to the references of the cited papers for further related work IBM Corporation 42
Security for the Xen Hypervisor Status Quo & Perspective 2006
Security for the Xen Hypervisor Status Quo & Perspective 2006 Reiner Sailer Xen Summit 2006 IBM T J Watson Research Center 1/17/2006 1. Access Control Module 2. Virtual Trusted Platform Module 2 IBM T
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 1 Operating System Quandary Q: What is the primary goal of
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 Operating System Quandary Q: What is the primary goal of system
More informationOS Security IV: Virtualization and Trusted Computing
1 OS Security IV: Virtualization and Trusted Computing Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab2 More questions? 3 Virtual machine monitor +-----------+----------------+-------------+
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 Operating System Quandary Q: What is the primary goal of system
More informationIBM Research Report. Towards Trustworthy Kiosk Computing. Scott Garriss Carnegie Mellon University Pittsburgh, PA
RC24081 (W0610-086) October 17, 2006 Computer Science IBM Research Report Towards Trustworthy Kiosk Computing Scott Garriss Carnegie Mellon University Pittsburgh, PA Ramón Cáceres, Stefan Berger, Reiner
More informationTowards Multi Layer Trusted Virtual Domains
Towards Multi Layer Trusted Virtual Domains Yasuharu Katsuno Michiharu Kudo Ronald Perez Reiner Sailer Yuji Watanabe Sachiko Yoshihama Leendert van Doorn {katsuno, kudo, muew, sachikoy}@jp.ibm.com IBM
More informationIBM Research Report. Building a MAC-based Security Architecture for the Xen Opensource Hypervisor
RC23629 (W0506-051) June 8, 2005 Computer Science IBM Research Report Building a MAC-based Security Architecture for the Xen Opensource Hypervisor Reiner Sailer, Trent Jaeger, Enriquillo Valdez, Ronald
More informationIBM Research Report. Trusted Mobile Computing
RC23752 (W0510-132) October 19, 2005 Computer Science IBM Research Report Trusted Mobile Computing Ramón Cáceres, Reiner Sailer IBM Research Division Thomas J. Watson Research Center P.O. Box 704 Yorktown
More informationIBM Research Report. shype: Secure Hypervisor Approach to Trusted Virtualized Systems
RC23511 (W0502-006) February 2, 2005 Computer Science IBM Research Report shype: Secure Hypervisor Approach to Trusted Virtualized Systems Reiner Sailer, Enriquillo Valdez, Trent Jaeger, Ronald Perez,
More informationCSE543 - Computer and Network Security Module: Trusted Computing
CSE543 - Computer and Network Security Module: Trusted Computing Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 What is Trust? 2 What is Trust? dictionary.com Firm reliance
More informationVirtual Machine Security
Virtual Machine Security CSE443 - Spring 2012 Introduction to Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ 1 Operating System Quandary Q: What is the primary goal
More informationCYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) Securing Virtual Environments
CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) 2010 October 25 29, 2010 Kuala Lumpur Convention Centre Securing Virtual Environments Raimund Genes CTO Trend Micro The Changing Datacenter
More informationVirtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC
Virtualization Security & Audit John Tannahill, CA, CISM, CGEIT, CRISC jtannahi@rogers.com Session Overview Virtualization Concepts Virtualization Technologies Key Risk & Control Areas Audit Programs /
More information1 Introduction. Designing Resilient Mission Critical Systems. Abstract
Designing Resilient Mission Critical Systems Dipankar Dasgupta, Ph.D Director, Center for Information Assurance Professor of Computer Science The University of Memphis dasgupta@memphis.edu Marco Carvalho,
More informationThe trust problem in modern network infrastructures
The trust problem in modern network infrastructures Ludovic Jacquin (*), Antonio Lioy (+), Diego R. Lopez (%), Adrian L. Shaw (*), and Tao Su (+) (*) Hewlett-Packard Laboratories (Bristol, UK) (+) Politecnico
More informationIBM Research Report. The Role of TPM in Enterprise Security
RC23363 (W0410-029) October 6, 2004 Computer Science IBM Research Report The Role of TPM in Enterprise Security Reiner Sailer, Leendert Van Doorn, James P. Ward IBM Research Division Thomas J. Watson Research
More informationTowards Secure Virtual Machine Migration in Vehicular Cloud Environment
, pp.85-89 http://dx.doi.org/10.14257/astl.2014.66.21 Towards Secure Virtual Machine Migration in Vehicular Cloud Environment Nkenyereye Lewis and Kyung Hyune Rhee 1 1 Department of IT Convergence and
More informationCSE Computer Security
CSE 543 - Computer Security Lecture 25 - Virtual machine security December 6, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ 1 Implementation and Results Experimental Platform Exact specification
More informationOperating System Security: Building Secure Distributed Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Operating System Security:
More informationSAFEGUARDING YOUR VIRTUALIZED RESOURCES ON THE CLOUD. May 2012
SAFEGUARDING YOUR VIRTUALIZED RESOURCES ON THE CLOUD May 2012 THE ECONOMICS OF THE DATA CENTER Physical Server Installed Base (Millions) Logical Server Installed Base (Millions) Complexity and Operating
More informationCS 356 Operating System Security. Fall 2013
CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database
More informationSecuring the Data Center against
Securing the Data Center against vulnerabilities & Data Protection Agenda Virtual Virtualization Technology How Virtualization affects the Datacenter Security Keys to a Secure Virtualized Deployment and
More informationFramework for Prevention of Insider attacks in Cloud Infrastructure through Hardware Security
Framework for Prevention of Insider attacks in Cloud Infrastructure through Hardware Security Framework for Prevention of Insider attacks in Cloud Infrastructure through Hardware Security T. Gunasekhar
More informationIntel s Virtualization Extensions (VT-x) So you want to build a hypervisor?
Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor? Mr. Jacob Torrey May 13, 2014 Dartmouth College 153 Brooks Road, Rome, NY 315.336.3306 http://ainfosec.com @JacobTorrey torreyj@ainfosec.com
More informationSecVisor: A Tiny Hypervisor for Lifetime Kernel Code Integrity
SecVisor: A Tiny Hypervisor for Lifetime Kernel Code Integrity Arvind Seshadri, Mark Luk, Ning Qu, Adrian Perrig Carnegie Mellon University Kernel rootkits Motivation Malware inserted into OS kernels Anti
More informationIntel s s Security Vision for Xen
Intel s s Security Vision for Xen Carlos Rozas Intel Corporation Xen Summit April 7-8, 7 2005 INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. EXCEPT AS PROVIDED IN INTEL'S TERMS
More informationBUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY
SOLUTION OVERVIEW BUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY Every organization is exploring how technology can help it disrupt current operating models, enabling it to better serve
More informationScotch: Combining Software Guard Extensions and System Management Mode to Monitor Cloud Resource Usage
Scotch: Combining Software Guard Extensions and System Management Mode to Monitor Cloud Resource Usage Kevin Leach 1, Fengwei Zhang 2, and Westley Weimer 1 1 University of Michigan, 2 Wayne State University
More informationEnterprise & Cloud Security
Enterprise & Cloud Security Greg Brown VP and CTO: Cloud and Internet of Things McAfee An Intel Company August 20, 2013 You Do NOT Want to Own the Data Intel: 15B 2015 Cisco: 50B 2020 2 August 21, 2013
More informationViryaOS RFC: Secure Containers for Embedded and IoT. A proposal for a new Xen Project sub-project
ViryaOS RFC: Secure Containers for Embedded and IoT A proposal for a new Xen Project sub-project Stefano Stabellini @stabellinist The problem Package applications for the target Contain all dependencies
More informationCyber Threat Assessment and Mitigation for Power Grids Lloyd Wihl Director, Application Engineering Scalable Network Technologies
Cyber Threat Assessment and Mitigation for Power Grids Lloyd Wihl Director, Application Engineering Scalable Network Technologies lwihl@scalable-networks.com 2 The Need OT security particularly in the
More informationSECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011
SECURING THE NEXT GENERATION DATA CENTER Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011 JUNIPER SECURITY LEADERSHIP Market Leadership Data Center with High-End
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
NET3420BU Introducing VMware s Transformative Data Center Endpoint Security Solution Vijay Ganti Director, Product Management VMware Christopher Frenz Director of Infrastructure Interfaith Medical Center
More informationThe vsphere 6.0 Advantages Over Hyper- V
The Advantages Over Hyper- V The most trusted and complete virtualization platform SDDC Competitive Marketing 2015 Q2 VMware.com/go/PartnerCompete 2015 VMware Inc. All rights reserved. v3b The Most Trusted
More informationSecuring Containers Using a PNSC and a Cisco VSG
Securing Containers Using a PNSC and a Cisco VSG This chapter contains the following sections: About Prime Network Service Controllers, page 1 Integrating a VSG into an Application Container, page 4 About
More informationDynamic Datacenter Security Solidex, November 2009
Dynamic Datacenter Security Solidex, November 2009 Deep Security: Securing the New Server Cloud Virtualized Physical Servers in the open Servers virtual and in motion Servers under attack 2 11/9/09 2 Dynamic
More informationIBM PowerSC. Designed for Enterprise Security & Compliance in Cloud and Virtualised environments. Highlights
IBM PowerSC Designed for Enterprise Security & Compliance in Cloud and Virtualised environments Highlights Simplify management and measurement for security & compliance Quickly view security compliance
More informationSystems Security Research in SIIS Lab
Systems and Internet Infrastructure Security (SIIS) Laboratory 1 Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania
More informationThe Road to a Secure, Compliant Cloud
The Road to a Secure, Compliant Cloud The Road to a Secure, Compliant Cloud Build a trusted infrastructure with a solution stack from Intel, IBM Cloud SoftLayer,* VMware,* and HyTrust Technology innovation
More informationTrusted Computing. William A. Arbaugh Department of Computer Science University of Maryland cs.umd.edu
Trusted Computing William A. Arbaugh Department of Computer Science University of Maryland waa @ cs.umd.edu http://www.cs.umd.edu/~waa Getting Started Would you like to know what software is running on
More informationStopping Advanced Persistent Threats In Cloud and DataCenters
Stopping Advanced Persistent Threats In Cloud and DataCenters Frederik Van Roosendael PSE Belgium Luxembourg 10/9/2015 Copyright 2013 Trend Micro Inc. Agenda How Threats evolved Transforming Your Data
More informationTowards High Assurance Networks of Virtual Machines
Towards High Assurance Networks of Virtual Machines Fabrizio Baiardi 1 Daniele Sgandurra 2 1 Polo G. Marconi - La Spezia, University of Pisa, Italy 2 Department of Computer Science, University of Pisa,
More informationBuilding a MAC-Based Security Architecture for the Xen Open-Source Hypervisor
Building a MAC-Based Security Architecture for the en Open-Source Hypervisor Reiner Sailer Trent Jaeger Enriquillo Valdez Ramón Cáceres Ronald Perez Stefan Berger John Linwood Griffin Leendert van Doorn
More informationEXTERNALLY VERIFIABLE CODE EXECUTION
By ARVIND SESHADRI, MARK LUK, ADRIAN PERRIG, LEENDERT VAN DOORN, and PRADEEP KHOSLA EXTERNALLY VERIFIABLE CODE EXECUTION Using hardware- and software-based techniques to realize a primitive Cfor externally
More informationW11 Hyper-V security. Jesper Krogh.
W11 Hyper-V security Jesper Krogh jesper_krogh@dell.com Jesper Krogh Speaker intro Senior Solution architect at Dell Responsible for Microsoft offerings and solutions within Denmark Specialities witin:
More informationSystems View -- Current. Trustworthy Computing. TC Advantages. Systems View -- Target. Bootstrapping a typical PC. Boot Guarantees
Trustworthy Computing s View -- Current Trent Jaeger February 18, 2004 Process 1 Web server Process 2 Mail server Process 3 Java VM Operating Hardware (CPU, MMU, I/O devices) s View -- Target TC Advantages
More informationIBM Research Report. Bridging Mandatory Access Control Across Machines
RC23778 (W0511-035) November 4, 2005 Computer Science IBM Research Report Bridging Mandatory Access Control Across Machines Jonathan M. McCune 1, Stefan Berger, Ramón Cáceres, Trent Jaeger 2, Reiner Sailer
More informationExtended Page Tables (EPT) A VMM must protect host physical memory Multiple guest operating systems share the same host physical memory VMM typically implements protections through page-table shadowing
More informationOperating System Security
Operating System Security Operating Systems Defined Hardware: I/o...Memory.CPU Operating Systems: Windows or Android, etc Applications run on operating system Operating Systems Makes it easier to use resources.
More informationSecuring Containers Using a PNSC and a Cisco VSG
Securing Containers Using a PNSC and a Cisco VSG This chapter contains the following sections: About Prime Network Service Controllers, page 1 Integrating a VSG into an Application Container, page 3 About
More informationDatacenter Security: Protection Beyond OS LifeCycle
Section Datacenter Security: Protection Beyond OS LifeCycle 1 Not so fun Facts from the Symantec ISTR 2017 Report Zero-Day Vulnerability, annual total Legitimate tools, annual total 6,000 5 5,000 4,000
More informationHow to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis
White paper How to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis AhnLab, Inc. Table of Contents Introduction... 1 Multidimensional Analysis... 1 Cloud-based Analysis...
More informationSecuring Your Cloud Introduction Presentation
Securing Your Cloud Introduction Presentation Slides originally created by IBM Partial deck derived by Continental Resources, Inc. (ConRes) Security Division Revision March 17, 2017 1 IBM Security Today
More informationIBM Research Report. PRIMA: Policy-Reduced Integrity Measurement Architecture. Trent Jaeger Pennsylvania State University
RC23898 (W0603-030) March 3, 2006 Computer Science IBM Research Report PRIMA: Policy-Reduced Integrity Measurement Architecture Trent Jaeger Pennsylvania State University Reiner Sailer IBM Research Division
More informationIBM Research Report. Design and Implementation of a TCG-Based Integrity Measurement Architecture
RC23064 (W0401-082) January 16, 2004 Computer Science IBM Research Report Design and Implementation of a TCG-Based Integrity Measurement Architecture Reiner Sailer, Xiaolan Zhang, Trent Jaeger, Leendert
More informationEMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security
EMERGING THREATS & STRATEGIES FOR DEFENSE Paul Fletcher Cyber Security Evangelist @_PaulFletcher Threats by Customer Environment Cloud Environment On Premise Environment 1.96% 0.13% 0.02% application-attack
More informationMAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER
MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER Bret Hartman Cisco / Security & Government Group Session ID: SPO1-W25 Session Classification: General Interest 1 Mobility Cloud Threat Customer centric
More informationTOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION
INFORMATION TECHNOLOGY SECURITY GUIDANCE TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION ITSM.10.189 October 2017 INTRODUCTION The Top 10 Information Technology (IT) Security
More informationVMware ESX Server 3i. December 2007
VMware ESX Server 3i December 2007 ESX Server 3i Exec Summary What is it? What does it do? What is unique? Who can use it? How do you use it? Next generation, thin hypervisor integrated in server hardware
More informationMcAfee Public Cloud Server Security Suite
McAfee Public Cloud Server Security Suite Comprehensive security for AWS and Azure cloud workloads As enterprises shift their data center strategy to include and often lead with public cloud server instances,
More informationContainer Deployment and Security Best Practices
Container Deployment and Security Best Practices How organizations are leveraging OpenShift, Quay, and Twistlock to deploy, manage, and secure a cloud native environment. John Morello CTO Twistlock Dirk
More informationShame on Trust in Distributed Systems
Shame on Trust in Distributed Systems Trent Jaeger, Patrick McDaniel, Luke St. Clair Pennsylvania State University Ramón Cáceres, Reiner Sailer IBM T. J. Watson Research Center 1 Introduction Approaches
More informationArsenal. Shadow-Box: Lightweight Hypervisor-Based Kernel Protector. Seunghun Han, Jungwhan Kang (hanseunghun
Arsenal Shadow-Box: Lightweight Hypervisor-Based Kernel Protector Seunghun Han, Jungwhan Kang (hanseunghun ultract)@nsr.re.kr Who are we? - Senior security researcher at NSR (National Security Research
More informationTrusted Computing Use Cases and the TCG Software Stack (TSS 2.0) Lee Wilson TSS WG Chairman OnBoard Security November 20, 2017
Trusted Computing Use Cases and the TCG Software Stack (TSS 2.0) Lee Wilson TSS WG Chairman OnBoard Security November 20, 2017 Trusted Computing: Where Are We At? (From the Perspective of Deploying Compelling,
More informationProactive Approach to Cyber Security
Proactive roach to Cyber Security Jeffrey Neo Sales Director HP Enterprise Security Products Customers struggle to manage the security challenge Today, security is a board-level agenda item 2 Trends driving
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More informationKaspersky Security for Virtualization Frequently Asked Questions
Kaspersky Security for Virtualization Frequently Asked Questions 1. What is Kaspersky Security for Virtualization, and how does it work with vshield technology? Kaspersky Security for Virtualization for
More informationKey Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering. Key Threats Internet was just growing Mail was on the verge
Key Threats Internet was just growing Mail was on the verge Key Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering Key Threats Code Red and Nimda (2001), Blaster (2003), Slammer
More informationZero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection
Zero Trust on the Endpoint Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection March 2015 Executive Summary The Forrester Zero Trust Model (Zero Trust) of information
More informationCIH
mitigating at host level, 23 25 at network level, 25 26 Morris worm, characteristics of, 18 Nimda worm, characteristics of, 20 22 replacement login, example of, 17 signatures. See signatures SQL Slammer
More informationSecurity versus Energy Tradeoffs in Host-Based Mobile Malware Detection
Security versus Energy Tradeoffs in Host-Based Mobile Malware Detection Jeffrey Bickford *, H. Andrés Lagar-Cavilla #, Alexander Varshavsky #, Vinod Ganapathy *, and Liviu Iftode * * Rutgers University
More informationSecuring your Virtualized Datacenter. Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008
Securing your Virtualized Datacenter Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008 Agenda VMware Virtualization Technology How Virtualization Affects Datacenter Security Keys to
More informationSymantec and VMWare why 1+1 makes 3
Symantec and VMWare why 1+1 makes 3 Finn Henningsen Principal Systems Engineer Peter Schjøtt Principal Systems Engineer Rasmus Rask Eilersen Principal Systems Engineer Symantec and VMWare 1 Tak til vores
More informationSELinux Protected Paths Revisited
SELinux Protected Paths Revisited Trent Jaeger Department of Computer Science and Engineering Pennsylvania State University March 1, 2006 1 Talk Topics Mechanism for MAC enforcement between 2 machines
More informationAT&T Endpoint Security
AT&T Endpoint Security November 2016 Security Drivers Market Drivers Online business 24 x 7, Always on Globalization Virtual Enterprise Business Process / IT Alignment Financial Drivers CapEx / OpEx Reduction
More informationTUX : Trust Update on Linux Kernel
TUX : Trust Update on Linux Kernel Suhho Lee Mobile OS Lab, Dankook university suhho1993@gmail.com -- Hyunik Kim, and Seehwan Yoo {eternity13, seehwan.yoo}@dankook.ac.kr Index Intro Background Threat Model
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by machine learning and intelligent automation. By rethinking
More informationPRIMA: Policy-Reduced Integrity Measurement Architecture
PRIMA: Policy-Reduced Integrity Measurement Architecture Trent Jaeger tjaeger@cse.psu.edu Pennsylvania State University University Park, PA 16802 Reiner Sailer sailer@us.ibm.com IBM T. J. Watson Research
More informationT12: Virtualization: IT Audit and Security Perspectives Jason Chan, VMware
T12: Virtualization: IT Audit and Security Perspectives Jason Chan, VMware Virtualization: IT Audit and Security Perspectives Jason Chan Director of Security, VMware Agenda o Background and Disclaimers
More informationModule: Cloud Computing Security
Module: Computing Security Professor Trent Jaeger Penn State University Systems and Internet Infrastructure Security Laboratory (SIIS) 1 Computing Is Here Systems and Internet Infrastructure Security (SIIS)
More informationMcAfee Embedded Control
McAfee Embedded Control System integrity, change control, and policy compliance in one solution McAfee Embedded Control maintains the integrity of your system by only allowing authorized code to run and
More informationIntroduction to Virtualization
Introduction to Virtualization Reference Virtual Machines: Versatile Platforms for Systems and Processes by Jim Smith, Ravi Nair Publisher: Morgan Kaufmann (2005) ISBN-10: 1558609105-2- Abstraction Computer
More informationAutomated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security Chris Van Den Abbeele, Global Solution Architect, Trend
SAI3314BES Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security Chris Van Den Abbeele, Global Solution Architect, Trend Micro #VMworld #SAI3314BES Automated Security
More informationLSS 2017: linux-integrity subsystem update Mimi Zohar
LSS 2017: linux-integrity subsystem update Mimi Zohar 1 IBM Research Linux Integrity Subsystem Status Update Review of IMA goals New IMA features and other changes TPM related work Possible IMA specific
More informationSymantec Reference Architecture for Business Critical Virtualization
Symantec Reference Architecture for Business Critical Virtualization David Troutt Senior Principal Program Manager 11/6/2012 Symantec Reference Architecture 1 Mission Critical Applications Virtualization
More informationSecure Sharing of an ICT Infrastructure Through Vinci
Secure Sharing of an ICT Infrastructure Through Vinci Fabrizio Baiardi 1 Daniele Sgandurra 2 1 Polo G. Marconi - La Spezia, University of Pisa, Italy 2 Department of Computer Science, University of Pisa,
More informationBack To The Future: A Radical Insecure Design of KVM on ARM
Back To The Future: A Radical Insecure Design of KVM on ARM Abstract In ARM, there are certain instructions that generate exceptions. Such instructions are typically executed to request a service from
More informationXen Community Update. Ian Pratt, Citrix Systems and Chairman of Xen.org
Xen Community Update Ian Pratt, Citrix Systems and Chairman of Xen.org 1 Outline Project Status Xen Client Initiative Xen Cloud Platform New Xen 4.0 Features 2 Announcement The Xen Advisory Board is excited
More informationIoT Security for Critical Information Infrastructures. Andrey Tikhonov
IoT Security for Critical Information Infrastructures Andrey Tikhonov Impact 2 THE SCALE OF EVENTS Weapons of Mass Destruction Extreme weather events Natural Disasters Cyber Attacks Climate Change Likelihood
More informationPresenting the VMware NSX ECO System May Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe
Presenting the ware NSX ECO System May 2015 Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe Agenda 10:15-11:00 ware NSX, the Network Virtualization Platform 11.15-12.00 Palo Alto
More informationCIS 4360 Secure Computer Systems Secured System Boot
CIS 4360 Secure Computer Systems Secured System Boot Professor Qiang Zeng Spring 2017 Previous Class Attacks against System Boot Bootkit Evil Maid Attack Bios-kit Attacks against RAM DMA Attack Cold Boot
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by behavior-based threat detection and intelligent automation.
More informationExploring Cloud Security, Operational Visibility & Elastic Datacenters. Kiran Mohandas Consulting Engineer
Exploring Cloud Security, Operational Visibility & Elastic Datacenters Kiran Mohandas Consulting Engineer The Ideal Goal of Network Access Policies People (Developers, Net Ops, CISO, ) V I S I O N Provide
More informationForeScout Extended Module for Splunk
Enterprise Strategy Group Getting to the bigger truth. ESG Lab Review ForeScout Extended Module for Splunk Date: May 2017 Author: Tony Palmer, Senior Lab Analyst Abstract This report provides a first look
More informationSecuring Your Virtual World Harri Kaikkonen Channel Manager
Securing Your Virtual World Harri Kaikkonen Channel Manager Copyright 2009 Trend Micro Inc. Virtualisation On The Rise 16,000,000 Virtualized x86 shipments 14,000,000 12,000,000 10,000,000 8,000,000 6,000,000
More informationReducing Network Tiers Flattening the Network. Kevin Ryan Director Data Center Solutions
Reducing Tiers Flattening the Kevin Ryan Director Data Center Solutions www.extremenetworks.com Data Center Trends The New Computer Data center capacity, not server capacity, is the new metric Consolidation
More informationBig and Bright - Security
Big and Bright - Security Big and Bright Security Embedded Tech Trends 2018 Does this mean: Everything is Big and Bright our security is 100% effective? or There are Big security concerns but Bright solutions?
More informationSecurity Control Variations Between In house and Cloud based Virtualized Infrastructures
Security Control Variations Between In house and Cloud based Virtualized Infrastructures Ramaswamy Chandramouli Computer Security Division, Information Technology Laboratory National Institute of Standards
More informationTechnical Brief Distributed Trusted Computing
Technical Brief Distributed Trusted Computing Josh Wood Look inside to learn about Distributed Trusted Computing in Tectonic Enterprise, an industry-first set of technologies that cryptographically verify,
More information