Last
 week at the 7th International Cloud Expo in Santa Clara, I sat on a 
panel discussing virtualization and the cloud. As a follow on to my 
contribution, it is my intention to expand on the position of 
virtualization and the cloud ecosystem.
It is generally accepted that the concept of cloud computing or, at least the amalgamation of services that infer the cloud ecosystem, lends to the premise of improvements in managing deployed services. This due to an assumed increase in efficiencies resulting from the sharing of hardware resources at one end of the spectrum.
According to NIST[1] There are five essential characteristics of Cloud Computing viz:
-On-demand self-service
-Broad network access
-Resource pooling
-Rapid elasticity
-Measured Service
Of these cloud-computing attributes, virtualization can be said to possess all except the ability to implement services through the utilization of Internet Technologies[2]
It is a known fact that the dynamic consolidation of application workloads through virtualization will increase server utilization. This in turn will reduce demands on power and system resources, especially within large-scale server clusters deployment that can support cloud based application services.
As we know with any system the surface area an attacker can target for attack increases with the introduction of a virtualization layer. This in turn will increase the vulnerability factor of the system for, in addition to the guest operating system being at risk, the hypervisor and VMM will also be prone to attack.
For clarification any virtualized system will include a new layer of software - the virtual machine monitor(VMM).Within the virtualized environment, current virtualization research assuming that the virtualized environment (VMM) has knowledge of the software being virtualized (the guest OS) however there is no verification of whether the memory layout of the running VM matches the symbol tables[3]
This can cause a problem especially with the increase of "intelligent malware systems" and the potential for false positives or worse yet no alarms or responses that will ensure cause for concern. In turn such a weakness can extend into the cloud ecosystem with the potential for malicious outcomes.
Worth mention at this juncture is research completed by Steinberg and Kauer [4] and their secure virtualization hardware: NOVA.
NOVA takes an extreme microkernel-like approach to virtualization by moving most functionality to user level. Because our entire system adheres to the principle of least privilege, we achieve a trusted computing base that is at least an order of magnitude smaller than that of other full virtualization environments.[4]
We all need to bear in mind that in today's rapidly evolving technology ecosystem, cost savings in any environment only goes so far to keep an enterprise competitive. Thus virtualization whilst important in any IT environment, is not the only path to cloud computing.
An argument to support a cloud computing ecosystem that minimises virtualized arguments can be drawn from a study conducted by Wang and Ng [5] which stated that "unstable network characteristics are caused by virtualization and processor sharing on server hosts."
In this climate, what virtualization can accomplish for any enterprise, after the realization of server virtualization cost savings is capped (savings from capital and power expenses, server sprawl reduction,utilization rates); will be to provide that most strategic path to a cloud computing build-out - be it a private or public cloud ecosystem for an enterprise.
So with the importance of virtualization within, as well as its impact on cloud computing, can we mitigate these security concerns as more enterprises move toward cloud adoption?
Cloud computing incorporates different dimensions of implementation as it can traverse a path beyond that driven solely by server virtualization. For instance some cloud services can be obtained at various levels within the IT stack, e.g. SaaS. So then, how do we ramp up and mitigate or manage risk that will arise in these settings?
This can lead one to consider the point that for cloud-computing, security applies to two layers in the software stack.[3]
According to Yuecel Karabulut [6] cloud security architectures,need to be designed on the premise that this ecosystem is dynamic, he stated that "as new threats emerge, code considered secure today may not be secure tomorrow."
Regardless of platform infrastructure, Karabulut went on to say that "the cloud still runs pieces of software;therefore a good start toward security within the cloud ecosystem, is to work on ensuring that software security is aligned to a defined SDLC process and that this process is adhered to from requirements analysis to testing."[6]
He further postulated that encryption within the cloud can improve trust and security parameters. A cloud vendor managing a customers encrypted data will only have access to metadata and not the customers encrypted content.
This can lead to a win-win situation for both vendors and customers as this will encourage scalability from no need for specialised software, there will be a reduction in processor load, and users will be freed from knowing the identities, and by extension the public keys, of individuals authorised for access.
As cloud computing incorporates aspects of web-services; another direction can be to understand the attack surfaces of Cloud applications and systems and reduce [6] or remove if possible vectors to known attack paths that will affect any one web-service and by extension a cloud-computing service.
In closing I wanted to touch on another study I recently reviewed. The researchers introduced
a new architecture for secure introspection the aim of which was to integrate discovery and integrity measurement of code and data starting from hardware state.[3] One purpose of this architecture was to address both the semantic gap present in virtual -machine introspection and the information gap specific to cloud computing[3]
It is generally accepted that the concept of cloud computing or, at least the amalgamation of services that infer the cloud ecosystem, lends to the premise of improvements in managing deployed services. This due to an assumed increase in efficiencies resulting from the sharing of hardware resources at one end of the spectrum.
According to NIST[1] There are five essential characteristics of Cloud Computing viz:
-On-demand self-service
-Broad network access
-Resource pooling
-Rapid elasticity
-Measured Service
Of these cloud-computing attributes, virtualization can be said to possess all except the ability to implement services through the utilization of Internet Technologies[2]
It is a known fact that the dynamic consolidation of application workloads through virtualization will increase server utilization. This in turn will reduce demands on power and system resources, especially within large-scale server clusters deployment that can support cloud based application services.
As we know with any system the surface area an attacker can target for attack increases with the introduction of a virtualization layer. This in turn will increase the vulnerability factor of the system for, in addition to the guest operating system being at risk, the hypervisor and VMM will also be prone to attack.
For clarification any virtualized system will include a new layer of software - the virtual machine monitor(VMM).Within the virtualized environment, current virtualization research assuming that the virtualized environment (VMM) has knowledge of the software being virtualized (the guest OS) however there is no verification of whether the memory layout of the running VM matches the symbol tables[3]
This can cause a problem especially with the increase of "intelligent malware systems" and the potential for false positives or worse yet no alarms or responses that will ensure cause for concern. In turn such a weakness can extend into the cloud ecosystem with the potential for malicious outcomes.
Worth mention at this juncture is research completed by Steinberg and Kauer [4] and their secure virtualization hardware: NOVA.
NOVA takes an extreme microkernel-like approach to virtualization by moving most functionality to user level. Because our entire system adheres to the principle of least privilege, we achieve a trusted computing base that is at least an order of magnitude smaller than that of other full virtualization environments.[4]
We all need to bear in mind that in today's rapidly evolving technology ecosystem, cost savings in any environment only goes so far to keep an enterprise competitive. Thus virtualization whilst important in any IT environment, is not the only path to cloud computing.
An argument to support a cloud computing ecosystem that minimises virtualized arguments can be drawn from a study conducted by Wang and Ng [5] which stated that "unstable network characteristics are caused by virtualization and processor sharing on server hosts."
In this climate, what virtualization can accomplish for any enterprise, after the realization of server virtualization cost savings is capped (savings from capital and power expenses, server sprawl reduction,utilization rates); will be to provide that most strategic path to a cloud computing build-out - be it a private or public cloud ecosystem for an enterprise.
So with the importance of virtualization within, as well as its impact on cloud computing, can we mitigate these security concerns as more enterprises move toward cloud adoption?
Cloud computing incorporates different dimensions of implementation as it can traverse a path beyond that driven solely by server virtualization. For instance some cloud services can be obtained at various levels within the IT stack, e.g. SaaS. So then, how do we ramp up and mitigate or manage risk that will arise in these settings?
This can lead one to consider the point that for cloud-computing, security applies to two layers in the software stack.[3]
According to Yuecel Karabulut [6] cloud security architectures,need to be designed on the premise that this ecosystem is dynamic, he stated that "as new threats emerge, code considered secure today may not be secure tomorrow."
Regardless of platform infrastructure, Karabulut went on to say that "the cloud still runs pieces of software;therefore a good start toward security within the cloud ecosystem, is to work on ensuring that software security is aligned to a defined SDLC process and that this process is adhered to from requirements analysis to testing."[6]
He further postulated that encryption within the cloud can improve trust and security parameters. A cloud vendor managing a customers encrypted data will only have access to metadata and not the customers encrypted content.
This can lead to a win-win situation for both vendors and customers as this will encourage scalability from no need for specialised software, there will be a reduction in processor load, and users will be freed from knowing the identities, and by extension the public keys, of individuals authorised for access.
As cloud computing incorporates aspects of web-services; another direction can be to understand the attack surfaces of Cloud applications and systems and reduce [6] or remove if possible vectors to known attack paths that will affect any one web-service and by extension a cloud-computing service.
In closing I wanted to touch on another study I recently reviewed. The researchers introduced
a new architecture for secure introspection the aim of which was to integrate discovery and integrity measurement of code and data starting from hardware state.[3] One purpose of this architecture was to address both the semantic gap present in virtual -machine introspection and the information gap specific to cloud computing[3]

Source :Cloud Security is Not (Just) Virtualization Security pg 99 [3]
This system in a nutshell proposed to integrate aspects of virtualization, secure introspection, known security metrics, known risks and flaws within this environment as well as those that can potentially exist within the cloud-computing environment.
In essense researchers Christodorescu, Sailer, Schales, Sgandurra and Zamboni has proposed an architecture which can mitigate and/or manage risk in a dynamic and responsive manner within the cloud-computing environment, as one of its functions.
References
[1] csrc.nist.gov/groups/SNS/cloud-computing/cloud-def-v15.doc
[2] http://en.wikibooks.org/wiki/Internet_Technologies
[3] Cloud Security is Not (Just) Virtualization Security ACM 978-1-60558-784-4/09/11
[4]Steinberg, Kauer April '10: NOVA: A Micro-Hypervisor based Secure Virtualization Architecture
[5] Wang, Ng:The Impact of Virtualization on Network Performance of Amazon EC2 Data Center,5-10
[6] Yuecel Karabulut - Chief Security Advisor & Head of Security Strategy, SAP: 7th International Cloud Expo Santa Clara Ca. Nov 10
 
No comments:
Post a Comment