trust and cloud computing, removing the need for the consumer to trust their provider
TRANSCRIPT
Trust and Cloud computing, removing the need for the consumer to trust their provider
Prof David WallomUniversity of Oxford
Overview• The problem
– Drivers of cloud adoption– Threats forming barriers to adoption– Trust and the stakeholders in the cloud– Building trust through regulation– Trusted products within a marketplace
• The solution– Trusted Computing– Chain of trust– OAT– Trusted Appliances, Applications and user data
Problem…
7 Cloud Computing security risks
Trust at the Last Mile
• Problem for high value instantly usable data and services– Critical data or keys are still exposed inside the cloud at the final steps– Still require customers unconditional trust of their CSP– Value may be great enough that traditional blackmail/bribery may be enough to
gain access
Cloud (IaaS) and Security
cloud infrastructure
Storage (Object)
Storage (Block)
Host
VM
Host
VM…
Users
• AAI: management, storage APIs.
• VMs: security groups (layer 2/3), firewall, VPN.
• OS: admin policies, monitoring, auditing, patches, etc.
• HW: physical security
• How can users trust the origin and identity of the cloud infrastructure software stack?
• How can users trust the origin and identity of VMs, Block Storage, Storage Objects?
“What is really going on inside the cloud?”
New Industries Around Security and Trust
Building trust through regulation
Building trust by building brands
Recap• Cloud already affects all our lives, it will soon affect extremely high value parts of our lives even more
• Security, Trust and Privacy still great concerns
• The very thing that makes cloud great (of not caring about the innards) also causes some of our headaches
• Regulation may be well meaning when introduced but ultimately doesn’t improve the user experience as it by def. limits some functions or capabilities
• Providing improved consumer information may allow us to build reputation systems but there is nothing to stop them being subverted and having to use clean branded appliances each time will cause operational headaches.
• We must trust our cloud provider, completely!• We don’t really know whats going on within the cloud• We are worried we may lose our data
A solution
Trusted Computing• What it is: A set of specifications proposed by the Trusted Computing Group (TCG) for implementing a
remotely verifiable infrastructure.
• What it does and what it does not: It enables a challenger to remotely verify the genuine configurations of a platform. It provides no guarantee on the security properties of the platform, but leaves the challengers to determine the properties by mapping the configurations to a predefined security properties repository.
• TPM: A cost-effective secure hardware, providing tamper-proof capabilities for storing and reporting the platform’s configuration, together with other supporting capabilities, such as secure key management.
• Integrity and attestation: The integrity of a platform is defined as its capability to behave as expected. In general implementation, integrity is interpreted as whether only expected software components with expected configurations have been loaded on the target platform. Remote Attestations are performed to examine the integrity of a remote platform.
• Strengths and limitations: Trust Computing mechanisms are built upon the tamper-proof hardware. However, complexities in managing the expected platform configurations have inhibited the widespread adoption of Trusted Computing.
Extend the Trusted Platform to the cloud
• Reassure customers that the cloud infrastructure is strong enough to defend against attackers or malicious users.
• Enables a mechanism by which the properties of the cloud service components and third-party extensions can be continuously inspected and examined.
Trusted Computing and Cloud ComputingUser verifiable Chain of Trust=Attestation result of Storage +Attestation result of Host +Attestation result of VM
…but in the cloud the hardware components can change…
HW/TPM
Host Controller
Hypervisor
Virtual Machine
vTPM
Virtual Machine
vTPM
Virtual Machine
vTPM
HW/TPM
Storage Controller
Storage Service
12
3
123
Open Attestation (OAT) as a Trusted Third Party
…but what about resilience and scalability?
Porridge (Distributed OAT)
• High frequency platform verification• Application whitelisting• Verifiable Logging
Attesting Cloud Services• VM attestation
– Know exactly the status of your system, its how you left it!• Centralized Attestation Service
– A service to periodically examining all the cloud nodes and recording their configurations;– Customers attest the delegates to make sure the attestation service is correctly running.– Supporting dynamic VM migration attesting both source and destination to ensure
continual validity• Property-based Access Controls
– Customers define the access control policies to their data or keys based on the properties of the accessing cloud applications and the underlying hosting infrastructure.
– Whitelisting application software within a cloud instance
Trusted Data Processing
• To ensure that customer data is not abused by their CSP when outsourced to the cloud infrastructure for processing or storage.
• TDP ensures customers that their data is only decrypted by their applications, having the predefined states, and being deployed on the part of the cloud satisfying predefined SLA.
Trusted Data Exchanging
• To ensure that Customer Data is not abused by other customers when shared on a common infrastructure to achieve cooperative computations.
• TDP ensures a Data Provider that every piece of data is processed only by applications with predetermined properties.
Conclusion• Trust is still highlighted as a significant barrier to cloud adoption in high value usecases• Traditional security still requires users to trust their CSP• Regulation may aim for a secure business as usual, it doesn’t support you when things go wrong
• Utilising Trusted Computing and remote attestation builds a chain of trust– Hardware -> Cloud Host -> Hypervisor -> VM -> application software + Data– Support application and data whitelisting to ensure only those with permission can use services or capabilities
• Only registered and verified hosts can run high value applications• Only registered and verifies services can access high value data
• Extending existing Trusted Third Party capabilities to support multiple trusted Service Providers providing externally verifiable measurement of cloud located services
• We are removing the need to trust your cloud provider by building cryptographically secure cloud
Thank You!