Secure Cloud Computing with Virtualized Network Infrastructure
Download
Report
Transcript Secure Cloud Computing with Virtualized Network Infrastructure
Secure Cloud Computing with
Virtualized Network Infrastructure
HotCloud 10
By Xuanran Zong
Cloud Security
• Two end of the spectrum
– Amazon EC2
• Shared, public cloud
• Resource multiplexing, low cost
• Low security
– Government cloud
• Dedicated infrastructure
• High cost
• High security
Design Goal
•
•
•
•
•
•
Isolation
Transparency
Location independence
Easy policy control
Scalability (?)
Low cost
Conventional data center architecture
• VLAN to ensure security
– Scalability issue: can take up to 4K id
– Management and control overhead
• Per-user security policy control
– But, how to enforce?
• End-host? Not secure enough
• Middlebox? Unnecessary traffic
Secure Elastic Cloud Computing
Reference: http://www.usenix.org/events/hotcloud10/tech/slides/hao.pdf
Numbering and addressing
•
•
•
•
Each customer has a unique cnet id
VM can be identified by (cnet id, IP)
Each domain has a unique eid
Use VLAN to separate different customer in
the same domain
• VLAN id can be reused in different domain
Customer network integration
• Private network can be treated as a special
domain where VPN is used to connect it to
core domain
Central controller
• Address mapping
– VM MAC <-> (cnet id, IP)
– VM MAC <-> eid
– eid <-> FE MAC list
– (cnet id, eid) <-> VLAN id
• Policy databas
– E.g. packet from customer A are first forwarded to
firewall F.
Forwarding elements
• Address lookup and mapping
– FE MAC of the destination domain
– VLAN ID
• Policy enforcement
– By default, packets designated to a different
customer are dropped
• Tunneling between FEs
– Encapsulate another MAC header
Data forwarding
Reference: http://www.usenix.org/events/hotcloud10/tech/slides/hao.pdf
How does it solve the limitation?
• VLAN scalability
– Partition network into smaller edge domain, each
maintains its own VLAN
– VLAN id can be reused
• Per-user security
– Security policy enforced by FE
– CC stores security policies for all customers
Discussion
• Security via isolation and access control
– Consider the co-residence problem proposed by
“Get off my cloud” paper
– Matching Dom0 IP address
• Disable traceroute
– Small round-trip time
• Every packet needs to go through FE
– Numerically close IP address
• Each customer has private IP address
Discussion
• Cached vs installed forwarding table
• VM migration
– Update CC (eid, VLAN id)
Discussion
• Pros
– Security enforcement via isolation and access control
– Scalable in terms of number of customers supported
by VLAN
– Most networking equipments are off-the-shelf
• Cons?
– Scalability? Centralized CC?
– Larger round trip time within the same edge domain
– Tunneling?