a0 841mmx1189mm
DESCRIPTION
A0 841mmx1189mm. Secure Out-of-band Remote Management i n Infrastructure as a Service. IaaS. User. m anagement VM. VNC server. VNC server. VNC server. VNC server. m anagement VM. u ser VM. s creen decrypt. key encrypt. key encrypt. VNC c lient. u ser VM. VPN. eavesdrop. - PowerPoint PPT PresentationTRANSCRIPT
A0841mmx1189mm
Tomohisa Egawa, Naoki Nishimura, and Kenichi Kourai (Kyushu Institute of Technology)
Secure Out-of-band Remote Managementin Infrastructure as a Service
Remote Management in IaaSOut-of-band remote management is useful
Users access their VMs via the management VMEven on network/system failures in the VMs
Network configuration errors, OS crashes, etc.
Management VM can be compromised by outside attackers or abused by IaaS administratorsSuch attackers can steal sensitive information of user VMs
Keystorokes, screenshots, etc.
FBCrypt protects sensitive information against the attackers in the management VM
By encrypting the inputs and outputs between a VNC client and a user VM using the VMMKeyboard/pointer inputs and framebuffer updates
FBCrypt
The Management VM is Not Always Trustworthy
FBCrypt performs remote attestation of the VMMTo guarantee the integrity of a booted VMM
The VMM is protected against the management VM by memory protection
The attackers cannot access code and data of the VMM
Protecting the VMM inside IaaS
The VMM decrypts the inputs encrypted by a VNC clientIt converts these encoding, instead of a VNC serverThe integrity of the inputs is also checked with the MACThe decrypted inputs are written into the I/O ring
Encrypting InputsThe VMM replicates a VFB and encrypts the replica
It synchronizes the two VFBs when pixel data is updatedA VNC server sends encrypted pixel data in the replica and
a VNC client decrypts them
Encrypting a Framebuffer
Experiments
User
VNCclient eavesdrop
password & screenshot
Informationleakage
VPN
IaaS
user VMmanagement VM
VNC server
attacker
VNC serverkey encrypt
user VMmanagement VMVNC client
VMM
screen decrypt
screen encrypt
key decrypt
0
20
40
60
80
100
120
140
Response Time Keyboard (ms)
113 120
original FBCrypt 0
50
100
150
200
250
Response Time Full-screen update (ms)
146192
original FBCrypt
We examined the response time in the client sideBy the keyboard input VNC client received updated
pixel data from the VNC server By the keyboard input VNC client received full screen
(800x600) updated data and re-drew the full screen
server Xen-4.1.1
client Tight-VNC Java viewer
VNC serverkey encrypt
user VMmanagement VMVNC client
VMM
decrypt& convert
I/O ring
Integritycheck
VNC serverscreen decrypt
user VMmanagement VMVNC client
VMMscreen encrypt
VFBVFBmonitor
I/Oring
User
VNCclient
IaaS
VNCserver
management VM
virtualdevices
user VMuser VM
user VM
VMM
managementVM
Verifier
signed measuament
TPM Hardwarehash