k communication security of trusted launch of virtual machine in public IAAS environment

1
GOHEL VISHAL LECTURER OF COMPUTER
DEPT.GPBHUJMO9638893297

• Improvement of virtual network communication
  security of trusted launch of virtual machine in
  public IAAS environment

2
Contents

• Introduction
• Literature Review (In Detail)
• Reserch Findings
• Research Objective
• Work Plan/Simulation tools used
• Problem Formulation (if any)
• Proposed Methodology/Algorithm(if any)
• Expected Outcome
• Conclusion
• Publication
• Bibliography

3
Introduction Of Cloud Computing

• What is Cloud Computing?
• Until recently, computing meant a program that
  ran on a desktop or laptop computer on your desk,
  or a server in your lab. Or, using the internet,
  you could use a program that was running on a
  server somewhere else in the world. But it was
  always a specific piece of hardware in a specific
  location that was running the program.
• In the context of cloud computing, cloud refers
  to the internet. And then, cloud computing means
  that the computing is happening somewhere in the
  cloud. You don't know where the computing is
  happening, most of the time, you can't know where
  it is happening (since it can keep moving
  around), and the most important factor is that
  you don't care.

4
Types of Cloud Service

• Software As A Service
• software as a service (saas) is the model
  in which an application is hosted as a service to
  customers who access it via the internet. when
  the software is hosted off-site, the customer
  doesnt have to maintain it or support it. on the
  other hand, it is out of the customer s hands
  when the hosting service decideds to change it.
  the idea is that you use the software out of the
  box as is and do not need to make a lot of
  changes or require integration to other systems.
   
• Hardware As A Service
• hardware as a service (haas) is the next
  form of service available in cloud computing.
  where saas and paas are providing applications to
  customers, haas doesnt. it simply offers the
  hardware so that your organization can put
  whatever they want onto it.
• Platform AS A Service
• following on the heels of saas, platform
  as a service (paas) is another application
  delivery model. paas supplies all the resources
  required to build applications and services
  completely from the internet, without having to
  download or install software.
•  
•  

5
Introduction of IIAS

• Infrastructure as a Service is a provision model
  in which an organization outsources the equipment
  used to support operations, including storage,
  hardware, servers and networking components. The
  service provider owns the equipment and is
  responsible for housing, running and maintaining
  it. The client typically pays on a per-use basis.
• IaaS is one of three main categories of cloud
  computing service. The other two are Software as
  a Service (SaaS) and Platform as a Service
  (PaaS). Infrastructure as a Service is sometimes
  referred to as Hardware as a Service (HaaS).
• Characteristics and components of IaaS include
• Utility computing service and billing model.
• Automation of administrative tasks.
• Dynamic scaling.
• Desktop virtualization.
• Policy-based services.
• Internet connectivity.

6
Literature Review-1

• Trusted Launch of Virtual Machine Instances in
  Public IaaS Environments-Nicolae Paladi1,
  Christian Gehrmann1, Mudassar Aslam1, and
  Fredric Morenius2-20111
• Problem statement
• That no modications or customizations of the VM
  image to be launched are performed by the IaaS
  provider without the client's knowledge.
• Main contribution
• 1. Description of a trusted launch protocol for
  VM instances in public IaaS environments.
• 2. Implementation of the proposed protocol based
  on a widely-known IaaS platform.

7
Literature Review-1(continue)

• Methodology/Platform
• Open Stack IaaS platform
• ---- Simulation parameter
• Trusted VM launch protocol
• Conclusion
• Trusted computing offers capabilities to securely
  perform data manipulations on remote hardware
  owned and maintained by another party by
  potentially preventing the use of untrusted
  software on that hardware for such manipulations.
• Future work
• First is the extension of the trust chain to
  other operations on VM instances (migration,
  suspension, updates, etc.), as well as data
  storage and virtual network communications
  security. The second category includes addressing
  certain assumptions of the proposed launch
  protocol. The third category focuses on the
  design and implementation of the evaluation
  poli-cies of the TTP.

8
Literature Review-2

• Trusted Launch of Generic Virtual Machine Images
  in Public IaaS Environments-Nicolae Paladi1,
  Christian Gehrmann1, Mudassar Aslam1, and
  Fredric Morenius2-20112
• Problem statement
• That no modications or customizations of the VM
  image to be launched are performed by the IaaS
  provider without the client's knowledge.
• Main contribution
• 1. Introduction of the concept of generic virtual
  machine images in the context of IaaS
• security.
• 2. Description of a trusted launch protocol for
  generic VM images in IaaS environments.
• 3. Implementation of the proposed protocol based
  on a widely-known IaaS platform..

9
Literature Review-2(continue)

• Methodology/Platform
• Open Stack IaaS platform
• ---- Simulation parameter
• Trusted GVM image launch protocol
• Conclusion
• Trusted computing offers capabilities to securely
  perform data manipulations on remote hardware
  owned and maintained by another party by
  potentially preventing the use of untrusted
  software on that hardware for such manipulations.
• Future work
• First is the extension of the trust chain to
  other operations on VM instances (migration,
  suspension, updates, etc.), as well as data
  storage and virtual network communications
  security. The second category includes addressing
  certain assumptions of the proposed launch
  protocol. The third category focuses on the
  design and implementation of the evaluation
  poli-cies of the TTP.

10
Literature Review-3

• Secure Virtual Machine Execution under an
  Untrusted Management OS-Chunxiao Li, Anand
  Raghunathan, Niraj K. Jha-20103
• Methodology/Platform
• Virtualization
• Simulation parameter
• Xen hypervisor
• Conclusion
• The mechanism includes a secure network
  interface, secure secondary storage and most
  importantly, a secure run-time execution
  environment.
• We implemented the secure run-time environment in
  the Xen virtualization system. We believe that
  using the proposed secure virtualization
  architecture, even under an untrusted management
  OS, a trusted computing environment can be
  created for a VM which needs a high security
  level, with very small performance
• penalties.

11
Research Objective

• The Objectives of my dissertation work are
• Improvement of Virtual network communication
  security in IaaS services.
• Provide more secure cloud computing environment.
• Provide secure run-time virtual environment using
  Xen virtualization system.
• Secure Virtual Machine Execution under an
  Untrusted Management OS.

12
Simulation tools used

• Xen Hypervisor
• XEN (originally called XENoServers) project is
  funded by Engineering and Physical Sciences
  Research Council of the UK (UK - EPSRC) at the
  University of Cambridge. The XENoServers project
  is led by Ian Pratt, a Senior Lecturer at the
  University of Cambridge Computer Laboratory,
  Fellow of King s College Cambridge, and a
  leader of the Systems Research Group at the
  University of Cambridge. The aim of the
  XENoServers project is to develop a powerful,
  flexible infrastructure for global distributed
  computing. A key element of the XENoServers
  project is the ability to enable single machines
  to run different, or multiple, operating system
  instances and their associated applications in
  isolated, protected environments. These operating
  system instances can then separately account for
  resource use and provide unique system accounting
  and auditing information.

13
Problem Formulation

• Improvement of virtual network communication
  security of trusted launch of virtual machine in
  public IAAS environment
•  
• Proposed research work
• I proposed a virtualization architecture to
  ensure a secure VM execution environment under an
  untrusted management OS. And Comparison between
  an untrusted and trusted management OS. The
  mechanism includes a secure network interface,
  secure secondary storage and most importantly, a
  secure run-time execution environment.
•  
• I want to implement the secure run-time
  environment in the Xen virtualization system. And
  also go for identification which hypervisor is
  more convenient for trusted virtual network
  communication security.
• I want to demonstrate how it can be used to
  facilitate secure remote computing services.  
• I believe that using the proposed secure
  virtualization architecture, even under an
  untrusted management OS, a trusted computing
  environment can be created for a VM which needs a
  high security level, with very small performance
  penalties.
•  
•  
•  
•  
•  
•  
•  
•  

14
Proposed Methodology/Algorithm

• 1. Trusted VM launch protocol.
• 2. Open stack IaaS platform.
• 3. Secure virtual machine and untrusted OS.

15
Work Plan
Sr. No. Work Time Outcome
1. Module1(Introduction of cloud computing) --- Detail understanding about cloud computing
2. Module2(detail services of cloud computing) --- Service related different issues  
3. Module3(Detail study of IAAS) --- IAAS related detail issues  
4 Literature survey about Iaas services --- Concept is clear about Iaas services
5 Find final definition --- Clear final definition
6 Propose design --- Prototype module
7 Implementation of propose design using simulator ---  
8 Testing of work done ---  
9 Perforation study and comparison ---  
10 Plot Improvement graph and chart ---  
16
Expected Outcome

• Secure network interface.
• Secure run-time environment in the Xen
  virtualization system and compare to the other
  hypervisor.
• Secure remote computing services.

17
Conclusion

• The mechanism includes a secure network
  interface, secure secondary storage and most
  importantly, a secure run-time execution
  environment. We have implemented the secure
  run-time environment in the Xen virtualization
  system. I believe that using the proposed secure
  virtualization architecture, even under an
  untrusted management OS, a trusted computing
  environment can be created for a VM which needs a
  high security level, with very small performance
  penalties.

18
References

• Nicolae Paladi1, Christian Gehrmann1, Mudassar
  Aslam1, and Fredric Morenius2. Trusted Launch of
  Virtual Machine Instances in Public IaaS
  Environments October 2011, AFCEA cyber communit.
• Nicolae Paladi1, Christian Gehrmann1, Mudassar
  Aslam1, and Fredric Morenius2. Trusted Launch of
  Virtual Machine Instances in Public IaaS
  Environments October 2011, AFCEA cyber communit
• Chunxiao Li, Anand Raghunathan, Niraj K. Jha
  Secure Virtual Machine Execution under an
  Untrusted Management OS(2010).
•  

19
Bibliography

• http//www.eucalyptus.com
• Virtualization overview, White paper, VM Ware
• http//www.technomenace.com/2010/11/creating-xen-v
  irtual-machine-domu/
• http//www.cl.cam.ac.uk/research/srg/netos/xen/per
  formance.html
• http//www.xen.org