1

Trust and Cloud computing, removing the need for the consumer to trust their providerDavid Wallom, Anbang Ruan and David Blundell

13/4/16

2

Overview• The problem

– Drivers of cloud adoption– Threats forming barriers to adoption– Trust and the stakeholders in the cloud– Building trust through regulation– Trusted products within a marketplace

• The solution– Trusted Computing– Chain of trust– OAT– Trusted Appliances, Applications and user data

3

Problem…

4

5

6

7 Cloud Computing security risks

7

Trust at the Last Mile

• Problem for high value instantly usable data and services

–Critical data or keys are still exposed inside the cloud at the final steps

–Still require customers unconditional trust of their CSP

8

Cloud (IaaS) and Security

cloud infrastructure

Storage (Object)

Storage (Block)

Host

VM

Host

VM…

Users

• AAI: management, storage APIs.

• VMs: security groups (layer 2/3), firewall, VPN.

• OS: admin policies, monitoring, auditing, patches, etc.

• HW: physical security

• How users can trust the origin and identity of the cloud infrastructure software stack?

• How users can trust the origin and identity of VMs, Block Storage, Storage Objects?

9

“What is really going on inside the cloud?”

10

New Industries Around Security and Trust

11

Building trust through regulation

12

Building trust on branded

13

Recap

• Cloud already affects all our lives, it will soon affect extremely high value parts of our lives more

• Security, Trust and Privacy still great concerns

• The very thing that makes cloud great (of not caring about the innards) also causes some of our headaches

• Regulation may be well meaning when introduced but ultimately doesn’t improve the user experience as it by def. limits some functions or capabilities

• Providing improved consumer information may allow us to build reputation systems but there is nothing to stop them being subverted and having to use clean branded appliances each time will cause operational headaches.

• We must trust our cloud provider, completely!• We don’t really know whats going on within the cloud• We are worried we may lose our data

14

A solution

15

Trusted Computing

• What it is: A set of specifications proposed by the Trusted Computing Group (TCG) for implementing a remotely verifiable infrastructure.

• What it does and what it does not: It enables a challenger to remotely verify the genuine configurations of a platform. It provides no guarantee on the security properties of the platform, but leaves the challengers to determine the properties by mapping the configurations to a predefined security properties repository.

• TPM: A cost-effective secure hardware, providing tamper-proof capabilities for storing and reporting the platform’s configuration, together with other supporting capabilities, such as secure key management.

• Integrity and attestation: The integrity of a platform is defined as its capability to behave as expected. In general implementation, integrity is interpreted as whether only expected software components with expected configurations have been loaded on the target platform. Remote Attestations are performed to examine the integrity of a remote platform.

• Strengths and limitations: Trust Computing mechanisms are built upon the tamper-proof hardware. However, complexities in managing the expected platform configurations have inhibited the widespread adoption of Trusted Computing.

16

Extend the Trusted Platform to the cloud

• Reassure customers that the cloud infrastructure is strong enough to defend against attackers or malicious users.

• Enables a mechanism by which the properties of the cloud service components and third-party extensions can be continuously inspected and examined.

17

Trusted Computing and Cloud Computing

User verifiable Chain of Trust=Attestation result of Storage +Attestation result of Host +Attestation result of VM

…but in the cloud the hardware components can change…HW/TPM

Host Controller

Hypervisor

Virtual Machine

vTPM

Virtual Machine

vTPM

Virtual Machine

vTPM

HW/TPM

Storage Controller

Storage Service

12

3

123

18

Open Attestation (OAT) as a Trusted Third Party

…but what about resilience and scalability?

19

Porridge (Distributed OAT)

• High frequency platform verification• Application whitelisting• Verifiable Logging

20

Attesting Cloud Services

• VM attestation– Know exactly the status of your system, its how you left it!

• Centralized Attestation Service– A service to periodically examining all the cloud nodes and recording their configurations;

– Customers attest the delegates to make sure the attestation service is correctly running.

– Supporting dynamic VM migration attesting both source and destination to ensure continual validity

• Property-based Access Controls– Customers define the access control policies to their data or keys based on the properties of

the accessing cloud applications and the underlying hosting infrastructure.

– Whitelisting application software within a cloud instance

21

Trusted Data Processing

• To ensure that customer data is not abused by their CSP when outsourced to the cloud infrastructure for processing or storage.

• TDP ensures customers that their data is only decrypted by their applications, having the predefined states, and being deployed on the part of the cloud satisfying predefined SLA.

22

Trusted Data Exchanging

• To ensure that Customer Data is not abused by other customers when shared on a common infrastructure to achieve cooperative computations.

• TDP ensures the Data Providers that every piece of data is processed only by the applications with predetermined properties.

23

Conclusion

• Trust is still highlighted as a significant barrier to cloud adoption in high value usecases• Traditional security still requires users to trust their CSP• Regulation may aim for a secure business as usual, it doesn’t support you when things go

wrong• Utilising Trusted Computing and remote attestation builds a chain of trust

– Hardware -> Cloud Host -> Hypervisor -> VM -> application software + Data

• Extending existing Trusted Third Party capabilities to support multiple trusted Service Providers providing externally verifiable measurement of cloud located services

• Support application and data whitelisting to ensure only those with permission can use services or capabilities

– Only registered and verified hosts can run high value applications

– Only registered and verifies services can access high value data

• We are removing the need to trust your cloud provider by building cryptographically secure cloud

24

Thank you!

Come and see us at Stand S332 for further details and demonstrations

http://www.antyran.com