1 Modeling virtualized infrastructures under security constrains Muhammad Ali, EuroNF workshop, Volos, Greece, 31.03.2011 Muhammad Ali, Michael Niedermeier, Hermann de Meer
Jan 01, 2016
1
Modeling virtualized infrastructures under security constrains
Muhammad Ali, EuroNF workshop, Volos, Greece, 31.03.2011
Muhammad Ali, Michael Niedermeier, Hermann de Meer
2
Overview
Motivation
Mapping virtualized resources
Classic approach
Incorporating security constraints
Future work
Muhammad Ali, EuroNF workshop, Volos, Greece, 31.03.2011
3
Motivation
The rising costs of both hardware as well as energy in ITC, making them lucrative targets for optimization.
This has given rise to solutions like cloud computing and service consolidation, based on virtualization technology.
While the adoption of virtualization is advancing rapidly, the question of security is often not considered appropriately.
This work targets to develop a solution that models virtual infrastructures and includes security constrains during the distribution of virtual resources (VMs) onto physical ones.
This is an ongoing work and is in its initial stages.
Muhammad Ali, EuroNF workshop, Volos, Greece, 31.03.2011
4
Mapping of virtual resources
How should virtual machines be distributed to physical hosts?
??
VM4VM4VM3VM3VM2VM2VM1VM1
PM2PM2PM1PM1
Muhammad Ali, EuroNF workshop, Volos, Greece, 31.03.2011
5
Classic approach
How should virtual machines be distributed to physical hosts?
??
VM4VM4VM3VM3VM2VM2VM1VM1
PM2PM2PM1PM1
Available ResourcesAvailable Resources
Muhammad Ali, EuroNF workshop, Volos, Greece, 31.03.2011
6
Classic approach
Available ResourcesAvailable Resources
VM4VM4VM3VM3VM2VM2VM1VM1
PM2PM2PM1PM1
A physical resource is described by:
P: Set of 1 to n physical resources
Each pn є P is a tuple: (Apn, cpn
)
Apn is a list of attributes (|Apn
| ≥ 0). Could be a name-value pair.
cpn is the maximum capacity in units
Muhammad Ali, EuroNF workshop, Volos, Greece, 31.03.2011
7
Classic approach
Available ResourcesAvailable Resources
VM4VM4VM3VM3VM2VM2VM1VM1
PM2PM2PM1PM1
A virtual resource is described by:
V: Set of 1 to m virtual resources
Each vm є V is a tuple: (Avm, λvm
)
Avm is a list of attributes, each represented as a name-value pair
λvm is a set of 1 to n tuples (pn
vm, cnvm), where:
pnvm is a nth physical resource vm is dependent upon
cnvm is the respective required capacity of this resource
Cnvm = 0 means mth virtual resource is not dependent on nth physical resource.
Muhammad Ali, EuroNF workshop, Volos, Greece, 31.03.2011
8
Classic solution
1. Find if all needed physical resources are available.
For all pnvm є λvm
exists pn є P | pn = pnvm
2. Every physical resource can only be specified once by a virtual resource.
For all pivm, pj
vm є λvm, pi
vm ≠ pjvm
3. There must be enough capacities available of every physical resource.
For all pn є P, cpn ≥ ∑ cn
vm
Muhammad Ali, EuroNF workshop, Volos, Greece, 01.04.2011
9
Extension
How should virtual machines be distributed to physical hosts?
Available ResourcesAvailable Resources
VM4VM4VM3VM3VM2VM2VM1VM1
PM2PM2PM1PM1
Available Resources & SecurityAvailable Resources & Security
Muhammad Ali, EuroNF workshop, Volos, Greece, 31.03.2011
10
Incorporating security constraints
To include security in the mathematical formulation, the previous descriptions have to be extended:
The physical resource description pn
is extended with the security context ∆pn
:
pn = (Apn, cpn
, ∆pn)
∆pn changes each time a VM gets
allocated on pn
The virtual description resource vm is
extended with the security requirements element ωn
vm :
vm = (pnvm , cn
vm , ωnvm)
Check if security requirements of a virtual resource can be fulfilled by the current security context, to a specified degree ◊D , of the physical resource Check if security requirements of a virtual resource can be fulfilled by the current security context, to a specified degree ◊D , of the physical resource
Muhammad Ali, EuroNF workshop, Volos, Greece, 31.03.2011
11
Incorporating security constraints
1. Fulfill all previously stated requirements. All the required physical resources are available.
Physical resources must be distinctly defined. Physical resources must have ample capacity to accommodate
incoming virtual resource.
2. Security constraints for each virtual resource have to be satisfied at least to the respective degree ‘D’ in order to be able to successfully map all virtual resources.
For all pn є P, vm є V, ωnvm ◊D ∆pn
Muhammad Ali, EuroNF workshop, Volos, Greece, 31.03.2011
Some examples
Virtual resource constraints: Requires authenticated access by third party entities to the
underlying physical resource. Requires that USB devices must not be used on the underlying
physical host.
Physical resource context: Evolves its state as new virtual resources are added onto it. Represented by the properties and attributes of the physical
resource. Additionally, it covers the restrictions imposed by the currently
hosted virtual resources.
12Muhammad Ali, EuroNF workshop, Volos, Greece, 31.03.2011
13
Future work
Identify, classify and formalize virtual resource security constraints. Set of constraints present a virtual resource security policy.
Develop an efficient way to find valid and optimal solution (policy matching algorithm).
Define an appropriate modeling language and extend it to include other constraints, like energy usage.
Muhammad Ali, EuroNF workshop, Volos, Greece, 31.03.2011
14
Limitations
Trust between the entities in certain scenarios: When ownership of physical and virtual resources lies with
different entities. E.g. Migration of virtual resources between data centers in
different countries.
Muhammad Ali, EuroNF workshop, Volos, Greece, 31.03.2011
State of the art
Surveys has been conducted to analyse virtual infrastructures in general and their adoption rate.
Identification and development of new forms of threats like hyperjacking.
Efforts to compromise hypervisors.
EU PASSIVE project is also directed in the same direction. Just started in Sep 2010 and no published work has been
identified as yet.
15Muhammad Ali, EuroNF workshop, Volos, Greece, 31.03.2011