Cloud security Architecture design and Practice Tour

In the coming months, Aliyun will also work with the technology media community such as Infoq to open a cloud technology course in 12 cities across the country, communicating face-to-face with lecturers to make developers truly understand cloud computing and better use cloud computing. Although Aliyun the pace of the classroom a little later, but we will carefully walk every step, welcome to pay attention to Aliyun Open class, I hope we do not miss!

This issue of public class we invite to Aliyun flying Systems Two senior security experts Li (nickname) and Yang Mengzhe (nickname Mengjie); Two lecturers share the two topics, namely the sandbox mechanism and technical analysis in cloud computing security system, the design and realization of cloud Platform security access control. This article will make a brief review of these two shares.

Topic One: Sandbox mechanism and technical analysis in cloud computing security system

Flying Safety Platform technical expert Li emphatically introduced the architecture of Ali flying, mainly including two large pieces, a pangu system, there is a fuxi system. The diagram below contains ECS/SLB, OSS, OTS, OSPs, including ODPs systems.

All of the flying access control mechanism, including from Pangu file access, reading and certification bodies, ODPs, OTS, OSS and other systems based on flying, flying will help them do all the upper security infrastructure support work. At present more important is the ODPs system, in the ODPs all the access control mechanism and the safe sandbox system, is based on the entire flying the lower level security mechanism to build. This is also the topic that we want to share today, mainly from the following aspects to explore:

First, from an attacker's point of view, see what attack surfaces can be exploited on the cloud system;

Second, look at the current open source products, more famous products are how to prevent, and what to do;

Third, understand the current mechanisms system can do for us what security mechanisms;

The security solution of the security sandbox.

First, Xuefeng uses a picture to show the typical cloud computing environment. Figure: From top to bottom, usually the first layer of user code to perform, and then the next layer is LIBC library, which corresponds to the C language so. Another layer is the Linux Kernel. If the intruder wants to reach the ultimate goal, first of all, to break through the second layer of security protection, when the intruder wrote a code to upload to the cloud space station, it has a very large probability, if it wants to infiltrate your host and platform, for the local language, that is, the virtual machine provided, it can be directly supplied to the IIBC. To the IIBC, the typical cloud computing environment, we will have their own security implementation, will do some security in the enhanced work. IIBC for intruders, the main purpose is to get to the current process.

The next Xuefeng takes the current Docker of fire as an example, explains the Docker security defense mechanism. For Docker, the whole system has a Docker container, and the right side is dockerengine. If you are Docker the C process directly, the following two layers are C programs. For a malicious user, if you think about where it is and what root it is, break through what you do on the IIBC and then have a SECCOMP-BPF, which is actually a security mechanism that allows you to define the system filtering that a process can perform. The second and third layers are breached, and the SECCOMP-BPF can make additional security judgments. If you break this too, this machine is also directly root off.

Safety sandbox without absolute safety design, how to ensure the highest level of security? Xuefeng mentioned, mainly do the following two points:

1, into the layer of isolation, is to provide security mechanisms.

2, in kernel space inside security worry over.

Overall, this sharing is more focused, let us cloud computing security system in the sandbox mechanism has a preliminary understanding of the flying system security Products Protection Program has a new understanding.

Topic Two: Design and implementation of security access control for cloud platform

Flying Safety platform technology expert Yang Mengzhe in a relatively easy way to let you understand the Aliyun flying and cloud Platform architecture design.

First, from the concept of access control. Access control to have the subject, a person or a process, or to have the person who initiates the visit. Then there is the object and the real operation, the same truth, we may have a lot of objects and their operations, such a simple form to complete the access control design.

Mainstream access control implementation, there are two main ideas.

First: ACLs. The ACL is the object as the starting point, we have the document and the table of two things, we can attach a list on this object, which write the right of an object. We can define such a list, when Alice visits, have permission we let go, without permission we will not let go.

Second: Capabilit. This concept may be heard less, but often used. Mengjie For example: for example, I take the high-speed railway from Hangzhou, the high-speed rail of this matter, or the train ticket mechanism, essentially is the opportunity capability access control. We can send Alice this person a ticket, which is written on the file, the table has Read permission, Alice to visit the time to show the table, we check, have permission we let go.

The difference between ACL and capability

These two ideas in different scenarios have different applications, here to make a comparison, convenient for everyone to apply.

First: authentication; As an ACL, authentication is required. Access control list that says Alice has read and write access, but you don't know if the person who is visiting you is Alice or Bob, you can't use it at all. and capability certification is optional.

Second: authorization operation; ACL authorization must be in the object, that is, the file access list plus one. To complete the authorization, must operate the object. And for capability, the authorization operation is independent, there is no need to enter the railway station to do the authorization, only in advance or when there is time to buy tickets can be.

Third, security protection; For ACLs, the data security of ACLs must be protected, and if the object can be tampered with, it is unsafe. For capability, the key to be issued and validated must be secure so that you do not have the ability or difficulty to forge such a permission.

The delegation; This is also a common concept of access control. In the ACL access control list, basically is the authorization process to go. In the capability mechanism, delegation is a very simple matter, the subject can be directly delegated, no other cumbersome process.

V: Revocation of authorization; it's very easy in the ACL, the administrator to delete a person's grid, but in the capability is a very big problem. Can not be removed from someone else's computer or someone else's hand, or whether someone has copied the data countless times.

In order to give you a more vivid, Mengjie combined with Aliyun's ODPs products to demonstrate to the site's developers, so that the two concepts can be more visually distinguished.

From the concept of access control, from abstraction to the image, from the concept of the example, including some implementation of the design concept, different scenarios using different access control strategy, the whole process clear. The course introduction to this open class has ended.

Free discussion: the OpenSpace link

After two sharing, tea breaks and openspace. OpenSpace is a link for participants and lecturers to communicate fully, but at the scene from the tea break, two lecturers do not have the opportunity to rest, has been surrounded by participants until the end of the event.

Many participants commented on Weibo:

@ Rookie Growth Diary: Listen today, control related dry goods a lot, praise.

#阿里云技术探秘之旅 # Loyalty with dreams formatting scene feeling: Xuefeng teacher wise and steady, from the flying access control mechanism, security sandbox mechanism, cloud security technology and so on detailed analysis, interpretation of the flying safety of those things; Mengjie teacher humorous, revealing the cloud computing security access control three elements, Let us understand the relationship between the access control at the bottom of the sky and the cloud services we see. Wow, long experience, not enough to listen ^_^

The end of this period also heralds the beginning of the next issue, and our technical journey continues. "Double 11" the big promotion is coming, affects how many electric Merchant's heart, "presses the second work" the "Crazy Mode", the pain and the joyful day, each minute every second is the powerful witness to the technical personnel. In the background of this stroll, Taobao backstage what technology in support? The next public lesson, we will reveal the story behind it, let us wait and see.