Secure Cloud Computing with Virtualized Network Infrastructure HotCloud 10 By Xuanran Zong Cloud Security • Two end of the spectrum – Amazon EC2 • Shared, public cloud • Resource multiplexing, low cost • Low security – Government cloud • Dedicated infrastructure • High cost • High security Design Goal • • • • • • Isolation Transparency Location independence Easy policy control Scalability (?) Low cost Conventional data center architecture • VLAN to ensure security – Scalability issue: can take up to 4K id – Management and control overhead • Per-user security policy control – But, how to enforce? • End-host? Not secure enough • Middlebox? Unnecessary traffic Secure Elastic Cloud Computing Reference: http://www.usenix.org/events/hotcloud10/tech/slides/hao.pdf Numbering and addressing • • • • Each customer has a unique cnet id VM can be identified by (cnet id, IP) Each domain has a unique eid Use VLAN to separate different customer in the same domain • VLAN id can be reused in different domain Customer network integration • Private network can be treated as a special domain where VPN is used to connect it to core domain Central controller • Address mapping – VM MAC <-> (cnet id, IP) – VM MAC <-> eid – eid <-> FE MAC list – (cnet id, eid) <-> VLAN id • Policy databas – E.g. packet from customer A are first forwarded to firewall F. Forwarding elements • Address lookup and mapping – FE MAC of the destination domain – VLAN ID • Policy enforcement – By default, packets designated to a different customer are dropped • Tunneling between FEs – Encapsulate another MAC header Data forwarding Reference: http://www.usenix.org/events/hotcloud10/tech/slides/hao.pdf How does it solve the limitation? • VLAN scalability – Partition network into smaller edge domain, each maintains its own VLAN – VLAN id can be reused • Per-user security – Security policy enforced by FE – CC stores security policies for all customers Discussion • Security via isolation and access control – Consider the co-residence problem proposed by “Get off my cloud” paper – Matching Dom0 IP address • Disable traceroute – Small round-trip time • Every packet needs to go through FE – Numerically close IP address • Each customer has private IP address Discussion • Cached vs installed forwarding table • VM migration – Update CC (eid, VLAN id) Discussion • Pros – Security enforcement via isolation and access control – Scalable in terms of number of customers supported by VLAN – Most networking equipments are off-the-shelf • Cons? – Scalability? Centralized CC? – Larger round trip time within the same edge domain – Tunneling?