Configuring Cloud Deployments for Integrity
نویسندگان
چکیده
Many cloud vendors now provide pre-configured OS distributions and network firewall policies to simplify deployment for customers. However, even with this help, customers have little insight into the possible attack paths that adversaries may use to compromise the integrity of their computations on the cloud. In this paper, we leverage the pre-configured security policies for cloud instances to compute the integrity protection required to protect cloud deployments. In particular, we show that it is possible to compute security configurations for cloud instance deployments that can prevent information flow integrity errors and that these configurations can be measured into attestations using trusted computing hardware. We apply these proposed methods to the OpenStack cloud platform, showing how web server application instance can be configured to protect their integrity in the cloud and how integrity measurement can be used to validate such configurations for approximately 3% overhead.
منابع مشابه
Towards a Formal Component Model for the Cloud
We consider the problem of deploying and (re)configuring resources in a “cloud” setting, where interconnected software components and services can be deployed on clusters of heterogeneous (virtual) machines that can be created and connected on-the-fly. We introduce the Aeolus component model to capture similar scenarii from realistic cloud deployments, and instrument automated planning of day-t...
متن کاملSENDIM for Incremental Development of Cloud Networks
Due to the limited and varying availability of cheap infrastructure and resources, cloud network systems and applications are tested in simulation and emulation environments prior to physical deployments, at different stages of development. Configuration management tools manage deployments and migrations across different cloud platforms, mitigating tedious system administration efforts. However...
متن کاملSecurity checklist for IaaS cloud deployments
In this article, we provide a cloud-security checklist for IaaS cloud deployments. The elements of the checklist are established by surveying the related literature on cloud-threat models and various security recommendations. We define the elements of the list on a level of abstraction that helps keep the size of the list manageable while preserving the lists practical applicability.
متن کاملStratos: A Network-Aware Orchestration Layer for Middleboxes in the Cloud
We see an increasing demand for in-the-cloud middlebox processing as applications and enterprises want their cloud deployments to leverage the same benefits that such services offer in traditional deployments. Unfortunately, today’s cloud middlebox deployments lack the same abstractions for flexible deployment and elastic scaling that have been instrumental to the adoption and success of cloud-...
متن کاملMagic Quadrant for Enterprise Network Firewalls
The enterprise network firewall market represented by this Magic Quadrant is composed primarily of purpose-built appliances for securing enterprise corporate networks. Products must be able to support single-enterprise firewall deployments and large and/or complex deployments, including branch offices, multitiered demilitarized zones (DMZs) and, increasingly, the option to include virtual versi...
متن کامل