中国IDC产业年度大典--云计算及应用安全-上

ComputerScienceAssuringRuntimeServiceIntegrityinCloudSystems1/22TingYuDepartmentofComputerScienceNorthCarolinaStateUniversityComputerScience2CloudComputing•Internet-basedcomputing–Sharedresourcesprovidedondemand•Basiccomputingresources–Virtualcomputingenvironment:CPU,memory,storage,networking•Complicatedservices–Softwareasaservice(SaaS),Service-orientedarchitecture(SOA)–Highlevelservices:dataprocessing,datamanagement,auditing,webservices,…ComputerScienceMulti-TenantCloudSystemsPlatformforSoftwareasaService(SaaS)3/22P3P2P1P2P3P3P1UserPortalS6S2S1S4S12S3S7f1f2f3f4f1f2f3ComputerScience4Multi-TenantCloudSystems(cont.)Benefits―Morepowerfulservicesinacost-effectivewayApplications―Dataflowprocessing•hugeamountsofdata•real-timeprocessingandanalysis•E.g.networktrafficmonitoring,sensordataanalysis,scientificdataprocessing―E-commerce4/22ComputerScience5DataflowProcessingApplicationsDataflowSiDataprocessingcomponentDatatuplediServiceprovider5/22P3P2P1P2P3P3P1UserPortalS6S2S1S4S12S3S7f1f2f3f4f1f2f3…di,……,f2(f1(di)),……,f3(f2(f1(di))),…ComputerScienceServiceIntegrityAttack6/22P3P2P1P2P3P3P1UserPortalS6S2S1S4S12S3S7f1f2f3f4f1f2f3…di,……,f0(f1(di)),……,f3(f0(f1(di))),…Problemswithmulti-tenantcloudsystems―Serviceproviderscomefromdifferentsecuritydomains―NotalldataprocessingcomponentsaretrustworthyComputerScienceSecurityConcernsCommunicationsecurityInformationpassedthroughtheInternetEasytoaddressIsolationInterferenceamongtenantsConfidentialityNottrustthirdpartytoaccessdataIntegrityNottrusttheresultofservicesFocusofthiswork7/22ComputerScience8PreviousWorkDistributeddataflowprocessing–focusesonresourceandperformancemanagementissues.–usuallyassumesthatalldataprocessingcomponentsaretrustworthyTrustmanagementindistributedsystems–Distributedmessagingsystems[Haeberlen,etal.SOSP2007]–Pub-suboverlay[Srivatsa,etal.,CCS2005]–Virtualizeddatacenters[Berger,etal.,SIGOPS2008]–Noneofthemaddressedsecureandscalabledataflowprocessinginmulti-tenantcloudsystems8/22ComputerScience9PreviousWork(cont.)Byzantinefault-tolerance–inWideareanetworks[Amir,etal.,DSN2006]–GenerallyhasscalabilityissuesSecurityinSOA–WS-Securityv1.1[Oasis,2006]–Focusesonintegrityandconfidentialityofwebservicemessagesthroughencryptionandauthentication–Attackscangobeyondmessagingsecurity9/22ComputerScienceChallenges10/22Cannotinstallspecialhardwareorsoftwareonthird-partyserviceproviders–RequiredbyexistinghardwareandsoftwarebasedattestationtechniquesScalableruntimeintegrityassuranceComputerScience11OurFocusPracticalruntimeserviceintegrityassuranceforlarge-scalemulti-tenantcloudsystems–withoutassumingatrustedentityatthird-partyserviceproviders–Withoutrequiringapplicationmodifications11/22ComputerScience12AssumptionsAssumptions–Third-partycomponentproviderscouldbemalicious–Theportalandusersaretrusted–PKIisdeployedinadvance–Foranyservicefunctions,•#ofgoodcomponents#ofbadcomponents12/22