Transcript Secure Cloud Computing with Virtualized Network Infrastructure

Secure Cloud Computing with
Virtualized Network Infrastructure
HotCloud 10
By Xuanran Zong
Cloud Security
• Two end of the spectrum
– Amazon EC2
• Shared, public cloud
• Resource multiplexing, low cost
• Low security
– Government cloud
• Dedicated infrastructure
• High cost
• High security
Design Goal
•
•
•
•
•
•
Isolation
Transparency
Location independence
Easy policy control
Scalability (?)
Low cost
Conventional data center architecture
• VLAN to ensure security
– Scalability issue: can take up to 4K id
– Management and control overhead
• Per-user security policy control
– But, how to enforce?
• End-host? Not secure enough
• Middlebox? Unnecessary traffic
Secure Elastic Cloud Computing
Reference: http://www.usenix.org/events/hotcloud10/tech/slides/hao.pdf
Numbering and addressing
•
•
•
•
Each customer has a unique cnet id
VM can be identified by (cnet id, IP)
Each domain has a unique eid
Use VLAN to separate different customer in
the same domain
• VLAN id can be reused in different domain
Customer network integration
• Private network can be treated as a special
domain where VPN is used to connect it to
core domain
Central controller
• Address mapping
– VM MAC <-> (cnet id, IP)
– VM MAC <-> eid
– eid <-> FE MAC list
– (cnet id, eid) <-> VLAN id
• Policy databas
– E.g. packet from customer A are first forwarded to
firewall F.
Forwarding elements
• Address lookup and mapping
– FE MAC of the destination domain
– VLAN ID
• Policy enforcement
– By default, packets designated to a different
customer are dropped
• Tunneling between FEs
– Encapsulate another MAC header
Data forwarding
Reference: http://www.usenix.org/events/hotcloud10/tech/slides/hao.pdf
How does it solve the limitation?
• VLAN scalability
– Partition network into smaller edge domain, each
maintains its own VLAN
– VLAN id can be reused
• Per-user security
– Security policy enforced by FE
– CC stores security policies for all customers
Discussion
• Security via isolation and access control
– Consider the co-residence problem proposed by
“Get off my cloud” paper
– Matching Dom0 IP address
• Disable traceroute
– Small round-trip time
• Every packet needs to go through FE
– Numerically close IP address
• Each customer has private IP address
Discussion
• Cached vs installed forwarding table
• VM migration
– Update CC (eid, VLAN id)
Discussion
• Pros
– Security enforcement via isolation and access control
– Scalable in terms of number of customers supported
by VLAN
– Most networking equipments are off-the-shelf
• Cons?
– Scalability? Centralized CC?
– Larger round trip time within the same edge domain
– Tunneling?