Virtualization security for cloud computing service Speaker: 張張張 Date:2012/06/01 Advisor 張張張 張張 : Type : Conference Shengmei Luo , Zhaoji Lin , Xiaohua Chen ZTE Corporation Shenzhen, China Zhuolin Yang, Jianyong Chen Dept. of Computer Science and Technology Shenzhen University Shenzhen, China International Conference on Cloud and Service Computing 2011 IEEE
33
Embed
Virtualization security for cloud computing service
Virtualization security for cloud computing service. Shengmei Luo , Zhaoji Lin , Xiaohua Chen ZTE Corporation Shenzhen, China Zhuolin Yang, Jianyong Chen Dept. of Computer Science and Technology Shenzhen University Shenzhen, China - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Virtualization security for cloud computing service
Shengmei Luo , Zhaoji Lin , Xiaohua ChenZTE Corporation Shenzhen, China
Zhuolin Yang, Jianyong ChenDept. of Computer Science and Technology
Shenzhen University Shenzhen, ChinaInternational Conference on Cloud and Service Computing 2011
IEEE
Outline
Introduction Security Vulnerabilities in Virtualization Virtualization Security Framework Virtual System Security Virtualization Security Management Conclusion
112/04/20 2
Outline
Introduction Security Vulnerabilities in Virtualization Virtualization Security Framework Virtual System Security Virtualization Security Management Conclusion
112/04/20 3
Introduction(1/3)
The menu of services is being enriched.SaaS , Paas , IaaS have been invented as part of
XaaS.XaaS=Anything as a ServiceBusiness as a Service(BaaS) 、 Database as a
Service(DaaS) 、 Voice as a Service(VaaS)…..eveything as a Service
112/04/20 4
Introduction(2/3)
Combing a set of existing techniques, such as SOA and Virtualization.Cloud Computing is regarded as a paradigm.
Data confidential against cloud servers is hence frequently desired when users outsource data for storage in the cloud.
112/04/20 5
Introduction(3/3)
Cloud computing already leverages virtualization for load balancing via dynamic provisioning and migration of VM among physical nodes.
This article Focused on virtualization security.Weaknesses and Attacks
And propose a scheme to solve current problems effectively.Virtual system securityVirtual security managment
112/04/20 6
Outline
Introduction Security Vulnerabilities in Virtualization Virtualization Security Framework Virtual System Security Virtualization Security Management Conclusion
112/04/20 7
Security Vulnerabilities in Virtualization Most of security threats identified in a VM
environment are very similar.Attack between VMs or between VMs and VMMVM escapeVirtual machine controlled by Host MachineDenial of ServiceVM sprawl
112/04/20 8
Attack between VMs or between VMs and VMM
Primary benefits that virtualization brings is isolation.
If not carefully deployed will become a threat to the environment.
Poor isolation access control policy will cause the inter-attack between VMs or between VMs and VMM.
112/04/20 9
VM escape
一種應用,攻擊者續允許扣作系統與管理程序直接互動的 VM 運作,使攻擊者進入主機上運行的其他 VM 。
If he attacker can compromise the VMs, they will have control of all of the guests.
Most VMs run with very high privileges on the host because a VM needs comprehensive access to the host’s hardware so it can map the real hardware into virtualized hardware for the guests..
112/04/20 10
Virtual machine controlled by Host Machine
More necessary to strictly protect the host machine than VMs.
If a host is compromised then the security of the VMs is under question.
112/04/20 11
Denial of Service
DoS or DDoS is an attempt to make a computer resource unavailable to its intended user.
Perpetrators of Dos attacks typically target sites or services hosted on high-profile web server.Such as banks, credit card payment gateways…
112/04/20 12
Denial of Service
In VM architecture the guest machines and the underlying host share the physical resources such as CPU, memory, HD…
112/04/20 13
VM sprawl
Inappropriate virtual machine management policy will cause VM sprawl.
112/04/20 14
Outline
Introduction Security Vulnerabilities in Virtualization Virtualization Security Framework Virtual System Security Virtualization Security Management Conclusion
112/04/20 15
Virtualization Security Framework Virtualization security could be investigate
from 2aspectsVirtual system securityVirtualization security management
112/04/20 16
Virtualization Security Framework
112/04/20 17
A Virtualization security framework
Outline
Introduction Security Vulnerabilities in Virtualization Virtualization Security Framework Virtual System Security Virtualization Security Management Conclusion
112/04/20 18
Virtual System Security
Virtual system security contains 4 parts.VM system architecture securityAccess controlVirtual firewallvIDS/vIPS
112/04/20 19
VM system architecture security
A security VM system should be protected by a robust, efficient and flexible.
Three architecture:PopularAdmin VMSecurity control
112/04/20 20
VM system architecture security
112/04/20 21
Popular Admin VM Security Control
Access Control
112/04/20 22
Virtual firewall
VF is a firewall deployed and running entirely within a virtual environment and which provides the packet filtering and monitoring.
It can be a managed kernel process running within the host VMM.
112/04/20 23
vIDS/vIPS
vIDS and vIPS protects virtual environment through collecting and analyzing information from network and Host to check if there are signs of attacking.
112/04/20 24
Outline
Introduction Security Vulnerabilities in Virtualization Virtualization Security Framework Virtual System Security Virtualization Security Management Conclusion
112/04/20 25
Virtualization Security Management Divide the VM management into four parts.