Abstract
Multi-tenancy in the cloud is a double-edged sword. While it enables cost-effective resource sharing, it increases security risks for the hosted applications. Indeed, multiplexing virtual resources belonging to different tenants on the same physical substrate may lead to critical security concerns such as cross-tenants data leakage and denial of service. Particularly, virtual networks isolation failures are among the foremost security concerns in the cloud. To remedy these, automated tools are needed to verify security mechanisms compliance with relevant security policies and standards. However, auditing virtual networks isolation is challenging due to the dynamic and layered nature of the cloud. Particularly, inconsistencies in network isolation mechanisms across cloud-stack layers, namely, the infrastructure management and the implementation layers, may lead to virtual networks isolation breaches that are undetectable at a single layer. In this article, we propose an offline automated framework for auditing consistent isolation between virtual networks in OpenStack-managed cloud spanning over overlay and layer 2 by considering both cloud layers’ views. To capture the semantics of the audited data and its relation to consistent isolation requirement, we devise a multi-layered model for data related to each cloud-stack layer’s view. Furthermore, we integrate our auditing system into OpenStack, and present our experimental results on assessing several properties related to virtual network isolation and consistency. Our results show that our approach can be successfully used to detect virtual network isolation breaches for large OpenStack-based data centers in reasonable time.
- ISO. org. 2013. ISO/IEC 11889-1:2009.Google Scholar
- Perry Alexander, Lee Pike, Peter Loscocco, and George Coker. 2015. Model checking distributed mandatory access control policies. ACM Transactions on Information and System Security 18, 2 (July 2015), Article 6, 25 pages. Google Scholar
Digital Library
- Amazon. 2017. Amazon Virtual Private Cloud. Retrieved from https://aws.amazon.com/vpc.Google Scholar
- Mihir Bellare and Bennet Yee. 1997. Forward Integrity for Secure Audit Logs. Technical Report. Citeseer.Google Scholar
- Mordechai Ben-Ari. 2012. Mathematical Logic for Computer Science. Springer Science 8 Business Media, London. Google Scholar
Digital Library
- Sören Bleikertz. 2010. Automated Security Analysis of Infrastructure Clouds. Master’s thesis. Technical University of Denmark and Norwegian University of Science and Technology.Google Scholar
- Sören Bleikertz, Thomas Groß, and Sebastian Mödersheim. 2011. Automated verification of virtualized infrastructures. In Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop (CCSW’11). ACM, New York, 47--58. Google Scholar
Digital Library
- Sören Bleikertz, Thomas Gross, M. Schunter, and K. Eriksson. 2010. Automating Security Audits of Heterogeneous Virtual Infrastructures. Technical Report RZ3786. IBM.Google Scholar
- Sören Bleikertz, Thomas Groß, Matthias Schunter, and Konrad Eriksson. 2011. Automated information flow analysis of virtualized infrastructures. In Proceedings of ESORICS, Lecture Notes in Computer Science, Vol. 6879, Vijay Atluri and Claudia Díaz (Eds.). Springer, Berlin, 392--415. Google Scholar
Digital Library
- Sören Bleikertz, Carsten Vogel, and Thomas Groß. 2014. Cloud radar: Near real-time detection of security failures in dynamic virtualized infrastructures. In Proceedings of the 30th Annual Computer Security Applications Conference (ACSAC’14). ACM, New York, 26--35. Google Scholar
Digital Library
- Sören Bleikertz, Carsten Vogel, Thomas Groß, and Sebastian Mödersheim. 2015. Proactive security analysis of changes in virtualized infrastructures. In Proceedings of the 31st Annual Computer Security Applications Conference (ACSAC’15). ACM, New York, 51--60. Google Scholar
Digital Library
- N. M. Mosharaf Kabir Chowdhury and Raouf Boutaba. 2010. A survey of network virtualization. Comput. Netw. 54, 5 (2010), 862--876. Google Scholar
Digital Library
- Cloud Security Alliance. 2014. Cloud Control mMatrix CCM v3.0.1. Retrieved from DOI:https://cloudsecurityalliance.org/research/ccm/.Google Scholar
- Cloud Security Alliance. 2016. Cloud Computing Top Threats in 2016.Google Scholar
- Carlos Cotrini, Thilo Weghorn, David Basin, and Manuel Clavel. 2015. Analyzing first-order role based access control. In Proceedings of the 2015 IEEE 28th Computer Security Foundations Symposium. IEEE, 3--17. Google Scholar
Digital Library
- Crandall et al. 2012. Virtual Networking Management White Paper. Technical Report. DMTF. DMTF Draft White Paper.Google Scholar
- datacenterknowledge. 2015. Survey: One-Third of Cloud Users’ Clouds are Private, Heavily OpenStack. Retrieved from http://www.datacenterknowledge.com.Google Scholar
- Valentin Del Piccolo, Ahmed Amamou, Kamel Haddadou, and Guy Pujolle. 2016. A survey of network isolation solutions for multi-tenant data centers. IEEE Communications Surveys Tutorials PP, 99 (2016), 1--1. Google Scholar
Digital Library
- Mohan Dhawan, Rishabh Poddar, Kshiteej Mahajan, and Vijay Mann. 2015. SPHINX: Detecting security attacks in software-defined networks. In Proceedings of the NDSS Symposium. Internet Society.Google Scholar
Cross Ref
- Frank Doelitzscher, Christoph Reich, Martin Knahl, Alexander Passfall, and Nathan Clarke. 2012. An agent based business aware incident detection system for cloud environments. Journal of Cloud Computing 1, 1 (2012), Article 9, 9 pages.Google Scholar
- Hewlett Packard Enterprise. 2017. HPE Helion Eucalyptus. Retrieved from http://www8.hp.com/us/en/cloud/helion-eucalyptus.html.Google Scholar
- Open Networking Foundation. 2013. OpenFlow Switch Specification. Retrieved from http://www.gesetze-im-internet.de/englisch_bdsg.Google Scholar
- Google. 2017. Google Compute Engine Subnetworks Beta. Retrieved from https://cloud.google.com.Google Scholar
- Stephen Gutz, Alec Story, Cole Schlesinger, and Nate Foster. 2012. Splendid isolation: A slice abstraction for software-defined networks. In Proceedings of the 1st Workshop on Hot Topics in Software Defined Networks (HotSDN’12). ACM, New York, 79--84. Google Scholar
Digital Library
- Institute of Electrical and Electronics Engineers. 2005. IEEE 802.1q- 2005. 802.1q - Virtual Bridged Local Area Networks.Google Scholar
- ISO Std IEC. 2005. ISO 27002:2005.Google Scholar
- ISO Std IEC. 2012. ISO 27017.Google Scholar
- Peyman Kazemian, Michael Chan, Hongyi Zeng, George Varghese, Nick McKeown, and Scott Whyte. 2013. Real time network policy checking using header space analysis. In NSDI. USENIX, Lombard, IL, 99--111. Google Scholar
Digital Library
- Peyman Kazemian, George Varghese, and Nick McKeown. 2012. Header space analysis: Static checking for networks. In Proceedings of the 9th USENIX Symposium on Networked Systems Design and Implementation (NSDI'12). USENIX, 113--126. DOI:https://www.usenix.org/conference/nsdi12/technical-sessions/presentation/kazemian. Google Scholar
Digital Library
- Ahmed Khurshid, Xuan Zou, Wenxuan Zhou, Matthew Caesar, and P. Brighten Godfrey. 2013. VeriFlow: Verifying network-wide invariants in real time. In Proceedings of the 10th USENIX Symposium on Networked Systems Design and Implementation (NSDI’13). USENIX, 15--27. DOI:https://www.usenix.org/conference/nsdi13/technical-sessions/presentation/khurshid. Google Scholar
Digital Library
- Taous Madi, Suryadipta Majumdar, Yushun Wang, Yosr Jarraya, Makan Pourzandi, and Lingyu Wang. 2016. Auditing security compliance of the virtualized infrastructure in the cloud: Application to OpenStack. In Proceedings of the 6th ACM Conference on Data and Application Security and Privacy (CODASPY’16). ACM, New York, 195--206. Google Scholar
Digital Library
- Haohui Mai, Ahmed Khurshid, Rachit Agarwal, Matthew Caesar, P. Godfrey, and Samuel Talmadge King. 2011. Debugging the data plane with anteater. ACM SIGCOMM Computer Communication Review 41, 4 (2011), 290--301. Google Scholar
Digital Library
- Suryadipta Majumdar, Yosr Jarraya, Taous Madi, Amir Alimohammadifar, Makan Pourzandi, Lingyu Wang, and Mourad Debbabi. 2016. In Proactive Verification of Security Compliance for Clouds Through Pre-computation: Application to OpenStack. Springer International Publishing, Cham, 47--66.Google Scholar
- Suryadipta Majumdar, Taous Madi, Yushun Wang, Yosr Jarraya, Makan Pourzandi, Lingyu Wang, and Mourad Debbabi. 2015. Security compliance auditing of identity and access management in the cloud: Application to OpenStack. In IEEE CloudCom. IEEE, Vancouver, Canada, 58--65. Google Scholar
Digital Library
- Ruben Martins, Vasco Manquinho, and Inês Lynce. 2012. An overview of parallel SAT solving. Constraints 17, 3 (1 July 2012), 304--347. Google Scholar
Digital Library
- Microsoft. 2016. Microsoft Azure Virtual Network. Retrieved from https://azure.microsoft.com.Google Scholar
- Midokura. 2017. Run MidoNet at Scale. Retrieved from http://www.midokura.com/midonet/.Google Scholar
- H. Moraes, M. A. M. Vieira, Í. Cunha, and D. Guedes. 2016. Efficient virtual network isolation in multi-tenant data centers on commodity ethernet switches. In Proceedings of the 2016 IFIP Networking Conference (IFIP Networking) and Workshops. IEEE, 100--108.Google Scholar
- Yogesh Mundada, Anirudh Ramachandran, and Nick Feamster. 2011. Silverline: Data and network isolation for cloud services. In Proceedings of the 3rd USENIX Conference on Hot Topics in Cloud Computing (HotCloud’11). USENIX Association, 13--13. DOI:http://dl.acm.org/citation.cfm?id=2170444.2170457 Google Scholar
Digital Library
- Naoyuki Tamura. 2010. Syntax of Sugar CSP description. Retrieved from http://bach.istc.kobe-u.ac.jp/sugar/current/docs/syntax.html.Google Scholar
- NIST, SP. 2003. NIST SP 800-53.Google Scholar
- OpenStack. 2014. Ossa-2014-008: Routers Can Be Cross Plugged by Other Tenants. Retrieved from https://security.openstack.org/ossa/OSSA-2014-008.html.Google Scholar
- OpenStack. 2014. OSSA-2014-008: Routers Can Be Cross Plugged by Other Tenants. Retrieved from https://security.openstack.org/ossa/OSSA-2014-008.html.Google Scholar
- OpenStack. 2014. Policy as a Service (“Congress”). Retrieved from http://wiki.openstack.org/wiki/Congress.Google Scholar
- OpenStack. 2015. OpenStack Open Source Cloud Computing Software. Retrieved from http://www.openstack.org.Google Scholar
- Diego Perez-Botero, Jakub Szefer, and Ruby B. Lee. 2013. Characterizing hypervisor vulnerabilities in cloud computing servers. In Proceedings of the 2013 International Workshop on Security in Cloud Computing (Cloud Computing’13). ACM, New York, 3--10. Google Scholar
Digital Library
- Ben Pfaff, Justin Pettit, Teemu Koponen, Keith Amidon, Martin Casado, and Scott Shenker. 2009. Extending networking into the virtualization layer. In HotNets. ACM, NY.Google Scholar
- Penny Pritzker and Patrick D. Gallagher. 2013. NIST Cloud Computing Standards Roadmap. Technical Report. NIST, Gaithersburg, MD, United States. 108 pages. NIST Special Publication 500-291.Google Scholar
- Thibaut Probst, Eric Alata, Mohamed Kaâniche, and Vincent Nicomette. 2014. An approach for the automated analysis of network access controls in cloud computing infrastructures. In Network and System Security. Springer, Xi’an, China, 1--14.Google Scholar
- Kui Ren, Cong Wang, and Qian Wang. 2012. Security challenges for the public cloud. IEEE Internet Computing 16, 1 (Jan. 2012), 69--73. Google Scholar
Digital Library
- Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage. 2009. Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS’09). ACM, New York, 199--212. Google Scholar
Digital Library
- Cisco Systems Sean Convery. 2002. Hacking Layer 2: Fun with Ethernet switches. BlackHat Briefings.Google Scholar
- Naoyuki Tamura and Mutsunori Banbara. 2008. Sugar: A CSP to SAT translator based on order encoding. In Proceedings of the 2nd International CSP Solver Competition, 65--69.Google Scholar
- VMware. 2017. vCloud Director. Retrieved from https://www.vmware.com/fr/products/vcloud-director.html.Google Scholar
- Yang Xu, Yong Liu, Rahul Singh, and Shu Tao. 2015. Identifying SDN state inconsistency in OpenStack. In Proceedings of the 1st ACM SIGCOMM Symposium on Software Defined Networking Research (SOSR’15). ACM, New York, 11:1--11:7. Google Scholar
Digital Library
- Hongkun Yang and Simon S. Lam. 2013. Real-time verification of network properties using atomic predicates. In Proceedings of ICNP. IEEE, 1--11.Google Scholar
- Hongyi Zeng, Shidong Zhang, Fei Ye, Vimalkumar Jeyakumar, Mickey Ju, Junda Liu, Nick McKeown, and Amin Vahdat. 2014. Libra: Divide and conquer to verify forwarding tables in huge networks. In Proceedings of NSDI’14. USENIX Association, Seattle, WA, 87--99. Google Scholar
Digital Library
- Shuyuan Zhang and Sharad Malik. 2013. SAT based verification of network data planes. In Automated Technology for Verification and Analysis, Dang Van Hung and Mizuhito Ogawa (Eds.). Lecture Notes in Computer Science, Vol. 8172. Springer International Publishing, Cham, 496--505.Google Scholar
Cross Ref
Index Terms
ISOTOP: Auditing Virtual Networks Isolation Across Cloud Layers in OpenStack
Recommendations
Auditing Security Compliance of the Virtualized Infrastructure in the Cloud: Application to OpenStack
CODASPY '16: Proceedings of the Sixth ACM Conference on Data and Application Security and PrivacyCloud service providers typically adopt the multi-tenancy model to optimize resources usage and achieve the promised cost-effectiveness. Sharing resources between different tenants and the underlying complex technology increase the necessity of ...
The vAMP Attack: Taking Control of Cloud Systems via the Unified Packet Parser
CCSW '17: Proceedings of the 2017 on Cloud Computing Security WorkshopVirtual switches are a crucial component of cloud operating systems that interconnect virtual machines in a flexible manner. They implement complex network protocol parsing in the unified packet parser - parsing all supported packet header fields in a ...
Virtual Network Isolation: Are We There Yet?
SecSoN '18: Proceedings of the 2018 Workshop on Security in Softwarized Networks: Prospects and ChallengesWhile multi-tenant cloud computing provides great benefits in terms of resource sharing, it introduces a new security landscape and requires strong network isolation guarantees between the tenants. Such network isolation is typically implemented using ...






Comments