RSA China Conference Haibo: The application of the trusted structure in the security of Cloud (1)

The two-day RSA 2010 conference ended in Beijing, but many in the industry and Internet security enthusiasts are still feeling the meaning of the end. So, 51CTO as a guest media, the General Assembly of the relevant reports. Here we'll tidy up the wonderful speeches in the conference. The following is a lecture by Assistant professor Haibo of the Institute of Parallel Processing, Fudan University, on the subject of the application of the trustworthy structure in the privacy and security of cloud computing services. See the RSA 2010 Information Security International Forum feature for more details. Haibo: Good afternoon! I am from Fudan University's Haibo, I introduced to you is in the cloud computing environment, how uses the virtualization to guarantee the data security. How do we protect our data in the non-cloud era? In the non-cloud era, we put data in our personal computers, installed a lot of firewalls on our computers, and then added some password locks to protect the data. In the cloud era, we have to gradually put personal data into the cloud, into the cloud after the problem is how we can protect our data. We can't just add a lock to every piece of data like our local computer, which poses some challenges to the data. So we see that in the cloud era, data privacy is a very important feature, because we can not put the data into the cloud, the cloud of the provider or the tenant of the cloud to steal my data, and then illegal use of it. In such a cloud, what are the threats to online data? The first threat comes from the cloud itself. There are some problems, we can trust a cloud provider, but due to the limitations of some technical and legal means, it is difficult for us to have effective means to ensure that we do not allow some of the cloud operators to access our privacy data. In the current environment, most of the time, if a cloud operator has control over the computer where you hold the data, he can steal your data and use it illegally. The second, from the web, we used to put data in a personal computer, completely isolated from other people's data. After the cloud, maybe your data is next to my data and can be used to steal your data in a variety of ways. For example: I now deploy such services on the cloud, now need to put my personal information in, everyone knows now in the census, I want to investigate how many rich people in China, and then their corresponding marital status. Corresponding to such a cloud, the correct service should be if my data to the cloud above, he must feel that I am not a rich person, the result of the census is that I am not rich. And the census process should not put my personal privacy data online. Unfortunately, it is now considered a major threat to the cloud provider's illegal access to customer data, he can by various means, the cloud platform to steal, steal some privacy data, and he can modify the feedback data. To me, I'm not a rich man, but it interferesThe results of the investigation. Another attack from your neighbor or even the network, which can also steal information while tampering with cloud results by loading malicious code into the cloud's platform. The cloud poses some new challenges to data security, including some possible intrusions between cloud providers and operators. In addition, your neighbors are likely to be your competitors, even from network attacks, can cause your data will be stolen. We talk about security, basically there is a threat model, and we first assume what such an attacker can do. If the attacker were able to look at the files on the cloud storage disk, he could modify the files. We know that an operator can easily see the contents of the disk, modify the contents of the disk file, and even remove the disk. The same data life cycle has a variety of, one form, I only exist on the disk, this way is very simple, in this way, only need to encrypt it, put on the disk, the attacker will not even take your hard drive, such as "pornographic door" event. Unfortunately, our data needs to be processed, and the process is inevitably loaded into memory before it can be processed. So what the attacker can do is to be able to check and modify the contents of the memory, for example, in the virtual machine environment, if you are a control of virtual machine management software, you can read the value of the virtual machine, memory modification, and even some peripheral access to the memory to a certain secret location. Data to be processed, processing can not be separated from the CPU, in the CPU there will be a lot of this state, because the processing of calculations, the equivalent of your data in the machine left a footprint, these footprints will reveal some privacy information. For example, when we are on the Internet, in a certain time, your net silver password exists in the CPU calculator, which is an attacker can do. There is also the man-in-the-middle attack, between the cloud users and the cloud providers, it is likely to hijack your network channel, hijacked can be disguised as I am a trusted person, please put your data to me. Another powerful attack is denial of service. Denial of service, you can provide a number of wrong services, the original thing you have to do is to save this data to the disk, the result he said he lost the data. This situation may cause some bugs to be paused, as the performer can perform arbitrary behavior. What can an attacker do? We think that the provider of cloud is well-intentioned, because his main purpose is to provide a cloud to steal your data, the main purpose is to make money, I will provide you with services, you pay me. His aim was to provide a credible service. So in this environment, most of the room has a lot of camera head, so you can not run to the engine room to open the chassis, in the CPU plug a line, in the process of the operation of all data recorded. This can be prevented by the camera head. In addition, we assume that it cannot recognize the TPM (Trusted Platform Module)The software that runs on top of such a machine can not be destroyed, nor can it get the p inside the TPM. At the same time we assume that cryptography algorithm is safe, we do not now think it easier to RSA, AES and other passwords to crack. For the threat of data being online in the cloud, what can operators and attackers do now? Introduction to the system before we need to know a bit, we have to make some assumptions, first of all, there is no absolute security, we can only have relative security, relative security is we assume who is trustworthy, who is not trustworthy, we say the hardware of the root of trust is what. Many machines now have many trusted platform modules, the Trusted Platform module to do things, in fact, the motherboard has added a coprocessor, to the platform for some of the running software to measure, and then the user is often difficult to remove such a TPM violence, after the demolition, the computer can not be used. TPM is designed as a trust root in PC design. What functions can the TPM provide? TPM mainly provides the 1th is that it has some private keys, with this private key can do some authentication, such private key will not leave, just used for signature. There is also a hash, you want to load the software to hash, you will get the only one data, such a data can be used to judge with the previous data, if it is matched, you are loaded with the software you want. Platform-made calculator, mainly used to store these hash values, there are many, because we measure the time, not only to measure the OS, perhaps we measure the application, as well as metric hypervisor and so on. There is also a sequence of random numbers that, if forged, could result in a password being cracked. So under the TPM environment, under the traditional way, what is the ideal trust chain model? We first measure the BIOS and then measure the operating system's loader, and when measured, we measure the hypervisor, which we can measure. After measuring the hypervisor, again the operating system, the final measurement of the application, this is a very perfect story, so that we can accurately know that when running these are known, can be trusted. How do we do such a thing? We first have to do such a attestation, to prevent a person in the middle of pretending that I am a credible member, please give me the data. It does is to do with the cloud server to do a certification, like the police interrogation, say you are who, your ID number is what, if certified, you are not a bad guy. Cloud users will send a problem to the cloud server, the server through the TPM will return the hash value, the hash value means that in this cloud platform to run the hardware, software is really the user expected, after this, we can be measured. The hash value is the only state that can reflect the current software. Now that we've talked about the chain of trust in the software, what's the problem with the chain of trust, we need to doWhat the? In such a chain of trust, there really is such a gap, because we have a very large thing in the middle metric chain. OS is a very complex software, Windows has thousands of lines of code, in such a complex software, no one can say that such an operating system is trustworthy, the operating system is not virus, no spyware. Basically, as long as it's a networked machine, no one can be sure that there are no holes in my machine, backdoor or spyware, so in a metric, we can only ensure that the operating system in the load is reliable, but once you go online, and constantly with the cloud users, there are good people have bad, Maybe the bad guys put the operating system inside the Trojan, virus, you in the startup is how, does not mean that the operating system will be credible. Based on this assumption, there is a goal architecture, we still think that the data is the core of the cloud, we want to protect only the data in the middle of the cloud, especially the privacy of the data will not be destroyed. There are a lot of users who are hesitant about the cloud, and the data I put in can protect the privacy of the cloud. Second, is this software likely to be corrupted? There are two main purposes, the first purpose, perhaps the software is copyrighted, that the software is very important, put on the cloud, you will worry about the software to put up later, will not your competitors to take your software used. Second, there will be no one to tamper with your software after the service. Our system mainly achieves these two goals. Based on this goal, we propose an architecture. We assume that the operating system itself is not trustworthy, we assume that such an operating system may be installed spyware, Trojan, and even someone can fully control the operating system this behavior. While assuming Hypervisor is a trusted software, why do we believe in VMM, not the OS. First of all, from the implementation of complexity, VMM is usually tens of thousands of lines, hundreds of thousands of lines of code, but the operating system is tens of millions of lines of code, the order of magnitude is completely different. Second, VMM is usually a static, now very few VMM says you can insert a module inside after startup, but now the operating system is not the same, now insert a new hardware in such an operating system, it may be loaded into a new module, it has a relatively powerful interface, Viruses can also be plugged into a module to make your operation code malicious. VMM, this code data is static, you measure it later, the next execution, up to the original start of the situation. VMM is relatively not directly interacting with users, but provides service consolidation, migration, and the security services we include, so it is more difficult to conquer. In an operating system like ours, we can run a variety of services, one that can run a trusted cloud service that we need to protect. For example, we can ship it inside.The census software, we submit the data, it will give you a result, and will not destroy the privacy of the data. You can also run other services, which may be malicious, perhaps well-meaning. Although the operating system is trustworthy, we add a behavior constraint layer in the Virtual machine monitoring system, and if the behavior of such a software or a person's behavior is bound, he is not easy to do bad things. What the behavior constraint layer is doing here is preventing the untrusted operating system from tampering with such a service. The TPM is going to measure bios,vmm, the metrics are over in VMM, not the upper OS. In our protection, the application is submitted by the user, the user submitted application may contain some software, some binary files, some of the data files he wants to manipulate. We're trying to secure an intermediary. Or tampered with the data from my machine in the middle of the cloud, we let the user's data and code encrypted, he used encryption is the TPM to provide signed keys, this signed key only the TPM can be such a code or data decryption. Although someone in the middle said I am a trustworthy person, you give me the data, he will not use it. startup mode, metric to hypervisor, also VMM. We do not measure the operating system or application because we have no way to send a students certificate to a constantly changing villain, saying that you are a students. In spite of this, you can't be a good person at a certain point in time and think he's a good person, so we're not here to measure the OS, nor measure the attestation. Hypervisor can communicate with some remote users through the interface we provide, allowing users to know that a machine does run the hypervisor we provide, and then your data is safe on my hypervisor. Also provides secure communication channels, mainly for remote authentication. 1 2 Next Page >> view full-text navigation page 1th: What are the threats to online data? Page 2nd: How to protect the Cloud application original: RSA China Conference Haibo: The application of the authentic structure in the security of Cloud (1) Return to the Network security home page