Daoli: Grid Security via Two Levels of Virtualization

1
Daoli(??) Grid Security via Two Levels of
Virtualization

• Wenbo Mao
• EMC Research China
• Work reported here was conducted while with HP
• An open-source grid security project with
  ChinaGrid
• In collaboration with
• Fudan University
• Huazhong Univ of Science and Technology
• Wuhan University

2
Virtualization I _at_ resource level for high
performance and dependability

• Grid is a big virtual machine, called Virtual
  Organization (VO), of unbounded pool of computing
  storage resources

Farms
Knowledgeable Broker
Registering
Credential
3
Portal
manager
1
User
1
2
5
eg, MyProxy
Submitting
KEYWORDS Heterogeneity Delegation
4
6
Data job manager
3
An abstract of resource level virtualization

• In reality, a VO is ad hoc constructed for a user
  (Alice), involving, e.g.,
  dedicated or under-utilized servers in real
  organizations
• Any physical part in a VO can be off, but Alices
  science must be on
• How? Grid Security Infrastructure (GSI) Proxy
  credential
• My proxy, use this credential and work on my
  behalf! Bye-bye.
• (a credential is a crypto key)

Alice creates a cred
If a proxy wants to go, it creates a new
for Proxy 1 to use.
proxy cred to be used by a new proxy.
Then she goes.
CA
Proxy
1
Proxy n
Alice
receiving chained
sign
sign
sign
certificates
Proxy Certificates
Proxy Certificate
Identity Certificate
Certificates
Certificates
4
Trusted Computing

• Trusted Computing Group (TCG), COTS and standard
  technologies www.trustedcomputinggroup.org
• Hardware based solutions to creating a Trusted
  Computing Base (TCB) in an open-platform computer
• The hardware TCB (trusted 3rd party agent)
  Trusted Platform Module (TPM)
• Roots of Trust for (i) Measurement, (ii) Storage
  and (iii) Reporting

5
Hardware architecture (in x86 chipset)

TPM eavesdrops on LPC bus in booting time
6
Trusted Computing slice 3

• Roots of Trust for
• Measurement (how eavesdropping is done)
• SHA-1 hashing of the software which are loaded
  on to the platform, e.g.,
• PCR ? SHA-1(PCR BIOS) PCR ? SHA-1(PCR
  OS)
• Storage
• TPM stores a private key called Storage Root
  Key (SRK)
• Reporting
• A remote querier can demand a TPM to attest
  the measurement result (i.e., to check a PCR
  value)

7
Same architecture, new realization

• Alice creates a VO cred in TPM and migrates it
  within TPMs of the VO members
• Server, still use this cred to work on my
  behalf!! (but now the cred is in TPMs)
• Behaviour ConformityAlices safehands in
  platforms afar, TPMs can enforce VO members to
  comply with Alices policy (new to GSI)

Migrating credential
If a server wants to go, it migrates the same
between TPMs
credential to the TPM of another server, so on
CA
Alices TPM
Serve-1s TPM
Server-ns TPM
receiving certificate
receiving certificate
sign
Certificate for Server-1
Certificate for Server-n
Certificate for Alice
8
Policy enforcement afar (no oracle service!)
To decrypt or not to decrypt, that is the question
Is outside safe?
outside software environment
loaded onto the platform so far

• Crux TPM can perform a conditional crypto
  services (eg, decrypt)
• Pseudo code for Alice to instruct a remote TPM to
  serve conditionally
• CreatWrapKey( PCR-Setting, Migratable
  )
• This means to create a key pair in Alices TPM
  the private key satisfies
• It is migratable to another remote TPM (on
  Alices permit)
• The remote TPM can use the private key only if
  the locally eavesdropped PCR value matches
  PCR-Setting by Alice
• I.e.,
• to provide crypto services only to software
  environment of Alices approval

9
Virtualization II _at_ platform level

• Virtualization I is done at grid middleware which
  is above OS
• Operating System is still a weak part needing
  strengthening
• Conformity and High-Assurance within Operating
  Systems (CHAOS)
• Goal
• To extend the tamper-resistant property of TPM
  to conformed behavior in an Untrusted operating
  system, using a trusted virtual machine monitor
  (VMM)
• Requirements
• Backward Compatible with existing applications
• Minimal OS changes
• No need of dedicated hardware (apart from TPM)

10
Architecture VMM is part of TCB
Why? Because VMM is capable of intercepting all
privileged operations from all processes through
operating systems to hardware resources (memory,
disk and other peripherals) (zigzagged
software are to be eavesdropped)
11
Approach

• Interrupt interception using VMM to intercept
  system calls and interrupts from a trusted
  process such a call occurs whenever the process
  asks for resources (either as a result of
  inter-process interactions or hardware usage)
• (this presentation describes this only)
• Memory isolation prevention of un-trusted parts
  from tampering the CPU execution context and
  memory locations for a trusted process
• Persistent data sealing all persistent data
  input to/output from a trusted process will be
  decrypted/encrypted by VMM
• These are achieved by modifying the open source
  VMM Xen version 3.0.2 (adding security to Xen)

12
Implementation for interception (case
study)(good man in the middle attack)
(x86 chipset) int 0x80 interrupt occurs when a
process calls for resources we use int 0x81 to
imp interrupt from trusted process (soft/w of
Alice approval) which will always be intercepted
by the VMM for special treatments
13
Conclusion

• Whats novel
• Fine-grained trust vs. All-or-none trust
• Trust individual processes, not trust the whole
  OS
• OS serves as a service provider, not security
  broker
• a trusted (ie, integrity protected) VMM is a
  security broker
• Comparing existing All-or-none trust systems
• NGSCB (Msoft), Terra (Stanford), OpenTC (an EU
  Project)
• Software-based instead of dedicated hardware
• Compared to secure-coprocessor and architectural
  approaches
• Backward compatible with existing software
• Retain functionality, no porting efforts for
  software
• Whats more to be done
• Grid standardization (involving TCG, Globus,
  virtualization) hard!
• Generalization to other software hardware
  platforms a lot work!