Title: Daonity: Grid Security via Two Levels of Virtualization
1Daonity(??) Grid Security via Two Levels of
Virtualization
- Wenbo Mao
- EMC Research China
- Work reported here was conducted while with HP
- An open-source grid security project with
ChinaGrid - In collaboration with
- Fudan University
- Huazhong Univ of Science and Technology
- Wuhan University
2Virtualization I _at_ resource level for high
performance and dependability
- Grid is a big virtual machine, called Virtual
Organization (VO), of unbounded pool of computing
storage resources
Farms
Knowledgeable Broker
Registering
Credential
3
Portal
manager
1
User
1
2
5
eg, MyProxy
Submitting
Keywords Heterogeneity Delegation
4
6
Data job manager
3An abstract of resource level virtualization
- In reality, a VO is ad hoc constructed for a user
(Alice), involving, e.g.,
dedicated or under-utilized servers in real
organizations - Any physical part in a VO can be off, but Alices
science must be on - How? Grid Security Infrastructure (GSI) Proxy
credential - My proxy, use this credential and work on my
behalf! Bye-bye. - (a credential is a crypto key)
Alice creates a cred
If a proxy wants to go, it creates a new
for Proxy 1 to use.
proxy cred to be used by a new proxy.
Then she goes.
CA
Proxy
1
Proxy n
Alice
receiving chained
sign
sign
sign
certificates
Proxy Certificates
Proxy Certificate
Identity Certificate
Certificates
Certificates
4Trusted Computing
- Trusted Computing Group (TCG), COTS and standard
technologies www.trustedcomputinggroup.org - Hardware based solutions to creating a Trusted
Computing Base (TCB) in an open-platform computer - The hardware TCB (trusted 3rd party agent)
Trusted Platform Module (TPM) - Roots of Trust for (i) Measurement, (ii) Storage
and (iii) Reporting
5Hardware architecture (in x86 chipset)
TPM eavesdrops on LPC Bus
6Trusted Computing slice 3
- Roots of Trust for
- Measurement (how eavesdropping is done)
- SHA-1 hashing of the software which are loaded
on to the platform, e.g., - PCR ? SHA-1(PCR BIOS) PCR ? SHA-1(PCR
OS) - Storage
- TPM stores a private key called Storage Root
Key (SRK) - Reporting
- A remote querier can demand a TPM to attest
the measurement result (i.e., to check a PCR
value)
7Same architecture, new realization
- Alice creates a VO cred in TPM and migrates it
within TPMs of the VO members - Server, still use this cred to work on my
behalf!! (but now the cred is in TPMs) - Behaviour ConformityAlices safehands in
platforms afar, TPMs can enforce VO members to
comply with Alices policy (new to GSI)
Migrating credential
If a server wants to go, it migrates the same
between TPMs
credential to the TPM of another server, so on
CA
Alices TPM
Serve-1s TPM
Server-ns TPM
receiving certificate
receiving certificate
sign
Certificate for Server-1
Certificate for Server-n
Certificate for Alice
8Policy enforcement afar (no oracle service!)
To decrypt or not to decrypt, that is the question
Is outside safe?
outside software environment
loaded onto the platform so far
- Crux TPM can perform a conditional crypto
services (eg, decrypt) - Pseudo code for Alice to instruct a remote TPM to
serve conditionally - CreatWrapKey( PCR-Setting, Migratable
) - This means to create a key pair in Alices TPM
the private key satisfies - It is migratable to another remote TPM (on
Alices permit) - The remote TPM can use the private key only if
the locally eavesdropped PCR value matches
PCR-Setting by Alice - I.e.,
- to provide crypto services only to software
environment of Alices approval
9Virtualization II _at_ platform level
- Virtualization I is done at grid middleware which
is above OS - Operating System is still a weak part needing
strengthening - Conformity and High-Assurance within Operating
Systems (CHAOS) - Goal
- To extend the tamper-resistant property of TPM
to conformed behavior in an Untrusted operating
system, using a trusted virtual machine monitor
(VMM) - Requirements
- Backward Compatible with existing applications
- Minimal OS changes
- No need of dedicated hardware (apart from TPM)
10Architecture VMM is part of TCB
Why? Because VMM is capable of intercepting all
privileged operations from all processes through
operating systems to hardware resources (memory,
disk and other peripherals) (zigzagged
software are to be eavesdropped)
11Approach
- Interrupt interception using VMM to intercept
system calls and interrupts from a trusted
process such a call occurs whenever the process
asks for resources (either as a result of
inter-process interactions or hardware usage) - (this presentation describes this only)
- Memory isolation prevention of un-trusted parts
from tampering the CPU execution context and
memory locations for a trusted process - Persistent data sealing all persistent data
input to/output from a trusted process will be
decrypted/encrypted by VMM - These are achieved by modifying the open source
VMM Xen version 3.0.2 (adding security to Xen)
12Implementation for interception (case
study)(good man in the middle attack)
(x86 chipset) int 0x80 interrupt occurs when a
process calls for resources we use int 0x81 to
imp interrupt from trusted process (soft/w of
Alice approval) which will always be intercepted
by the VMM for special treatments
13Conclusion
- Whats novel
- Fine-grained trust vs. All-or-none trust
- Trust individual processes, not trust the whole
OS - OS serves as a service provider, not security
broker - a trusted (ie, integrity protected) VMM is a
security broker - Comparing existing All-or-none trust systems
- NGSCB (Msoft), Terra (Stanford), OpenTC (an EU
Project) - Software-based instead of dedicated hardware
- Compared to secure-coprocessor and architectural
approaches - Backward compatible with existing software
- Retain functionality, no porting efforts for
software - Whats more to be done
- Grid standardization (involving TCG, Globus,
virtualization) hard! - Generalization to other software hardware
platforms a lot work!