Modeling virtualized infrastructures under security constrains

1

Modeling virtualized infrastructures under security constrains

Muhammad Ali, EuroNF workshop, Volos, Greece, 31.03.2011

Muhammad Ali, Michael Niedermeier, Hermann de Meer

2

Overview

Motivation

Mapping virtualized resources

Classic approach

Incorporating security constraints

Future work


3

Motivation

The rising costs of both hardware as well as energy in ITC, making them lucrative targets for optimization.

This has given rise to solutions like cloud computing and service consolidation, based on virtualization technology.

While the adoption of virtualization is advancing rapidly, the question of security is often not considered appropriately.

This work targets to develop a solution that models virtual infrastructures and includes security constrains during the distribution of virtual resources (VMs) onto physical ones.

This is an ongoing work and is in its initial stages.


4

Mapping of virtual resources

How should virtual machines be distributed to physical hosts?

??

VM4VM4VM3VM3VM2VM2VM1VM1

PM2PM2PM1PM1


5

Classic approach


??


PM2PM2PM1PM1

Available ResourcesAvailable Resources


6

Classic approach



PM2PM2PM1PM1

A physical resource is described by:

P: Set of 1 to n physical resources

Each pn є P is a tuple: (Apn, cpn

)

Apn is a list of attributes (|Apn

| ≥ 0). Could be a name-value pair.

cpn is the maximum capacity in units


7

Classic approach



PM2PM2PM1PM1

A virtual resource is described by:

V: Set of 1 to m virtual resources

Each vm є V is a tuple: (Avm, λvm

)

Avm is a list of attributes, each represented as a name-value pair

λvm is a set of 1 to n tuples (pn

vm, cnvm), where:

pnvm is a nth physical resource vm is dependent upon

cnvm is the respective required capacity of this resource

Cnvm = 0 means mth virtual resource is not dependent on nth physical resource.


8

Classic solution

1. Find if all needed physical resources are available.

For all pnvm є λvm

exists pn є P | pn = pnvm

2. Every physical resource can only be specified once by a virtual resource.

For all pivm, pj

vm є λvm, pi

vm ≠ pjvm

3. There must be enough capacities available of every physical resource.

For all pn є P, cpn ≥ ∑ cn

vm


9

Extension




PM2PM2PM1PM1

Available Resources & SecurityAvailable Resources & Security


10


To include security in the mathematical formulation, the previous descriptions have to be extended:

The physical resource description pn

is extended with the security context ∆pn

:

pn = (Apn, cpn

, ∆pn)

∆pn changes each time a VM gets

allocated on pn

The virtual description resource vm is

extended with the security requirements element ωn

vm :

vm = (pnvm , cn

vm , ωnvm)

Check if security requirements of a virtual resource can be fulfilled by the current security context, to a specified degree ◊D , of the physical resource Check if security requirements of a virtual resource can be fulfilled by the current security context, to a specified degree ◊D , of the physical resource


11


1. Fulfill all previously stated requirements. All the required physical resources are available.

Physical resources must be distinctly defined. Physical resources must have ample capacity to accommodate

incoming virtual resource.

2. Security constraints for each virtual resource have to be satisfied at least to the respective degree ‘D’ in order to be able to successfully map all virtual resources.

For all pn є P, vm є V, ωnvm ◊D ∆pn


Some examples

Virtual resource constraints: Requires authenticated access by third party entities to the

underlying physical resource. Requires that USB devices must not be used on the underlying

physical host.

Physical resource context: Evolves its state as new virtual resources are added onto it. Represented by the properties and attributes of the physical

resource. Additionally, it covers the restrictions imposed by the currently

hosted virtual resources.

12Muhammad Ali, EuroNF workshop, Volos, Greece, 31.03.2011

13

Future work

Identify, classify and formalize virtual resource security constraints. Set of constraints present a virtual resource security policy.

Develop an efficient way to find valid and optimal solution (policy matching algorithm).

Define an appropriate modeling language and extend it to include other constraints, like energy usage.


14

Limitations

Trust between the entities in certain scenarios: When ownership of physical and virtual resources lies with

different entities. E.g. Migration of virtual resources between data centers in

different countries.


State of the art

Surveys has been conducted to analyse virtual infrastructures in general and their adoption rate.

Identification and development of new forms of threats like hyperjacking.

Efforts to compromise hypervisors.

EU PASSIVE project is also directed in the same direction. Just started in Sep 2010 and no published work has been

identified as yet.

15Muhammad Ali, EuroNF workshop, Volos, Greece, 31.03.2011

Modeling virtualized infrastructures under security constrains

Documents

euronf workshop

meermuhammad ali

unitsmuhammad ali

vm4vm3vm2vm1pm2pm1muhammad

cpn cnvmmuhammad ali

physical hosts

pnvmevery physical resource

virtual machines