Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds

Marc Lacoste

Orange Labs

SEC2 ComPAS’15 Workshop on Cloud Security

Lille, June 30, 2015

Security = key concern in cloud adoption

for the enterprise market Cloud Security Today

Threats are on the rise

Attacks are costly

Awareness is growing, but is not enough

Source: Cloud Security Alliance, 2013.

Source: Ponemon, 2013.

The Cloud everywhere, increasingly complex…

Classical

cloud threats…

…and so are security breaches!

…

and

new threats

...

Challenges: central PoF, trust

Mitigation: Replication, diversity, authentication

Policy consistency, secure SDN toolkits

Intrusion prevention?

Fault tolerance?

Secure, Robust SDN NFV Security

Topology validation

Availability of management network

Secure boot

I/O partitioning

Performance isolation

Root causes: commodity hardware,

cloud isolation technology

Issues:

Hasn’t someone been forgotten?

The User? The Customer?

Are they going to use those infrastructures?

Are they going to pay for them?

Provider-centric clouds prevent interoperability and unified control

The Cloud as utility

Promise: high availability & security, energy efficiency, scalability, …

Feature-rich services: intrusion monitoring, elastic load balancing, …

Multi-provider clouds

NOT ACHIEVED

NOT DEPLOYED

Provider-centric cloud

deficiencies

INTEROPERABILITY

Vendor lock-in

Different SLAs

UNIFIED CONTROL

Heterogeneous infrastructure services

Monolithic infrastructure

Technological choices

S

E

C

U

R

I

T

Y

Outline

Moving to User-Centric Cloud Security

Secure Supercloud Computing 11 Key Enabling Technologies

The H2020 SUPERCLOUD Project

Next Steps

User-centric clouds require a resource distribution layer

Customer Security Expectations

Taking Into Account Security Challenges

Infrastructure security: strong, flexible, automated security for compute resources

Vulnerabilities in complex infrastructure, mitigation of cross-layer attacks

Lack of flexibility and control in security management

Automation of security management: in layers, between providers Data management: on-demand, unified experience in protection of data assets

Management of access rights, continuum between provider vs. user control

Blind compute over data stored in multi-clouds

Traceability of information for accountability and privacy Network management: resilient, secure virtual networking

Resilient resource provisioning across heterogeneous clouds

End-to-end inter-cloud network security with different security SLAs

Outline

Moving to User-Centric Cloud Security

Secure Supercloud Computing 11 Key Enabling Technologies

The H2020 SUPERCLOUD Project

Next Steps

Secure Supercloud Computing

The Supercloud NORTH INTERFACE

provides user-centric self-service

security & dependability

The Supercloud SOUTH INTERFACE

provides provider-centric self-managed

security & dependability

Supercloud Computing: Self-Service Security

Self-service security relies on:

a distributed, flexible resource & control layer spanning compute, data, network

multi-provider security policies

Abstraction & Control Layer Policies

Supercloud Computing: Self-Managed Security

Self-managed security relies on:

bi-dimensional (cross-layer, multi-provider) self-protection for compute and network resources

bi-dimensional trust management

Security and Trust management

Supercloud Computing: End-to-End Security

End-to-end security relies on:

E2E security SLAs for VMs & data protection

E2E network security in control and data planes

E2E network

security E2E VM SLAs

E2E network

security

E2E data

security

Supercloud Computing: Resilience

Resilience relies on:

multi-cloud data availability

resilient networking in data and control plane

Resilience

Resilience

Resilience

Outline

Moving to User-Centric Cloud Security

Secure Supercloud Computing 11 Key Enabling Technologies

The H2020 SUPERCLOUD Project

Next Steps

Key Enabling Technologies: Self-Service Security

Flexible hypervisor security architectures:

User data isolation + protection against the cloud provider

Modular, secure interface for the hypervisor Blind computation:

Lightweight homomorphic operations over encrypted data

Advanced cryptographic tools for data security Security SLA management:

Security SLA (SSLA) language bridging the gap between layers

SSLA templates and combination functions for easy specification

Key Enabling Technologies: Self-Managed Security

Autonomic IaaS security supervision:

Cross-layer security monitoring, even if some layers are

compromised

Cross-provider security monitoring, seamless integration Security policies:

Flexible security policy languages and deployment tools

Policy negotiation tools for conflict resolution Network security management:

Finer-grained network control than current specifications

SDN components/APIs for advanced policy monitoring

Key Enabling Technologies: End-to-End Security

Cryptographic protection:

Integrity and consistency verification

Processing cryptographically protected data

Storage access control:

Transparent cryptographic protection mechanisms

Flexible cloud-based key management Trust management:

Horizontal trust management between different cloud entities

Vertical trust management across cloud system configurations

Abstraction of trust through specification language

Key Enabling Technologies: Resilience

SDN Resilience:

Secure, dependable SDN controller for multi-cloud networking

Intra/inter-cloud infrastructure resilient to network failures Data availability:

Integration of disruptive secrecy technology to multi-cloud

storage replication

New services based on multi-cloud storage algorithms

Adaptive multi-cloud algorithms with outstanding performance

for real workloads

What is VESPA?

= Virtual Environments Self-Protecting Architecture

An automated security supervision framework for IaaS and multi-DC infrastructures

APPLICATIONS

CLOUD PROVIDER

IaaS monitoring

Anti-malware.

Anti-DDoS.

End-to-end security.

CUSTOMERS

SecaaS

appliances

STRONG SECURITY Cross-layer security: detect / respond

to overall extent of attack.

Open architecture: mitigate new threats,

integrate legacy counter-measures.

SIMPLE SECURITY Automated security supervision:

choose in-layer, cross-layer, multi-DC.

Tuneable defense patterns: orchestrate

multiple loops for rich defense strategy.

Design principles

VESPA System Architecture

HO

Resource

Plane

Security

Plane

Agent

Plane

Orchestration

Plane

VM

Hypervisor

Physical

VO

HO

Detection Manager

DETECTION

Detection Agent

DECISION

Reaction Manager

REACTION

Reaction Agent

RESOURCES

VESPA System Architecture

HO

Resource

Plane

Security

Plane

Agent

Plane

Orchestration

Plane

VM

Hypervisor

Physical

Intra-Layer

Self-Protection

VO

HO

Detection Manager

DETECTION

Detection Agent

DECISION

Reaction Manager

REACTION

Reaction Agent

RESOURCES

VESPA System Architecture

HO

Resource

Plane

Security

Plane

Agent

Plane

Orchestration

Plane

Cross-Layer

Self-Protection VM

Hypervisor

Physical

VO

HO

Detection Manager

DETECTION

Detection Agent

DECISION

Reaction Manager

REACTION

Reaction Agent

RESOURCES

Research results :

Framework [ICAC’12]..

Extensions:

Network management (SDN approach).

Mobile cloud SLAs: Orange MC2 [UCC’13].

VMM self-protection: KungFuVisor [EURODW’12], self-stabilization [DSS’14].

Keynotes [SSS’11], panels [IM’11, NOMS’14], tutorials [ICAR’13, MOBILECLOUD’14].

Code available at : https://github.com/Orange-OpenSource/vespa-core

The VESPA Project

RESULTS

Framework: supervision of single cloud and multi-DC security.

Available in open source.

Different applications demonstrating

viability of self-defending cloud concept.

So far CURRENT VESPA FUNCTIONALITIES

VESPA = core + security plug-ins.

Supported In progress

Anti-virus Integration with Heat + Horizon

Hypervisor control Network zones

Firewall vSwitch management (SDN)

Log analysis

Outline

Moving to User-Centric Cloud Security

Secure Supercloud Computing 11 Key Enabling Technologies

The H2020 SUPERCLOUD Project

Next Steps

28

The SUPERCLOUD Project

The SUPERCLOUD Project: Goals and Expected Results

Goal: a security management infrastructure for secure supercloud computing

Expected Results: A security management infrastructure:

360°autonomic security supervision, horizontally and vertically for superclouds

A user-centric to provider-centric continuum of security services

End-to-end trust management

A data management framework:

Advanced cryptographic tools (e.g., access control, secure computation)

A resilience framework for multi-cloud storage infrastructures

A multi-cloud network management infrastructure:

Resilient virtual network provisioning across multiple clouds

Sanitized network environment with tunable security guarantees

Use Cases and Dissemination of Results

Use cases:

Healthcare-oriented:

Distributed medical imaging platform

Healthcare Laboratory Information System

NFV security

Smart home

Decentralized, location-aware cloud security

SUPERCLOUD Technology Dissemination: fully open source

Ambition: open toolbox for trustworthy management of clouds of clouds Standardization: aim for open standards

Outline

Moving to User-Centric Cloud Security

Secure Supercloud Computing 11 Key Enabling Technologies

The H2020 SUPERCLOUD Project

Next Steps

Conclusion and Next Steps

Key take-aways: User-centric distributed clouds should overcome provider-centric limitations

Secure Supercloud Computing enables to build such clouds,

with security that is self-service, self-managed, end-to-end, and resilient

Open innovation enables to build such next-generation security technology

More trustworthy cloud services with increased customer experience are expected

Next steps: SUPERCLOUD requirements, security architecture, prototypes

Push into open source and standardization

https://supercloud-project.eu/

Thank you!

marc.lacoste@orange.com