An Approach to Secure Cloud Computing Architectures

By Y. Serge JosephFAU security GroupFebruary 24th, 2011

Motivation

• A secure Cloud Computing architecture model requires a security layer at each design level.

• We are talking from a provider point of view. • Cloud Computing is a broad Subject.• We will only focus on the architecture of

Infrastructure as a Service layer

Cloud Computing Deployment models

• Private Cloud is concerned with the internal needs of an organization

• A public Cloud sells services to the general public

• Hybrid Cloud pools resources from different Clouds. It is a combination of public and private Cloud

• A community Cloud is a joint effort between different organizations to share resources

How does a provider choose a deployment model?

Deployment models are driven by:• Organization Needs• Prospective customers requirement• Cloud security concerns• Our design approach is based on the Cloud

Case Study example we present in the next slide

Example: Design a Cloud Computing for FAU with the following requirement

• On demand secure software development and testing environment for researchers/programmers: example .NET, Java, C++, database development environment

• Provide secure research laboratory as a service

• Pool cloud idle resources to run simulations; guaranty a minimum computation at peak time.

• offload computing to public Cloud such as Amazon EC2

What deployment model fit the above FAU Cloud?

• Choose a private Cloud solution with Amazon EC2 compatible API.

Let us Take a closer look at the requirement-- Provision of Simulation for research purpose

belongs to the SaaS layer-- The secure development and test environment

fit in PaaS layer-- On demand secure research laboratory

provision requires a IaaS Layer

Security Requirement for FAU Cloud

• We need to address security at each Level of the design

-- IaaS layer Security requirement (this Presentation)

-- PaaS layer Security requirement (Future Presentation)

-- SaaS layer Security requirement (Future Presentation)

Note

• We will respectively cover Security at the PaaS and SaaS in two future presentations

• At this point there will be no section reserved for Saas and PaaS

FAU Cloud IaaS Security requirement

• Availability: High throughput network bandwidth

• Physical Data Center temperature. • Restricted physical access to the Data Center• Redundant power source in case of power

failure.

FAU Cloud IaaS Security requirement

• Hardware maintenance agreement• Virtual Data Center policy• Compliance with electrical and data wiring• Cloud Server configuration Back up and

recovery policy• Fire prevention policy• Administrator Policy

IAAS Security Requirement

Secure protocol policyIntrusion Detection SystemFirewallAntivirusAnti malware

FAU Private Cloud Server Security Policy

• All server must have the following packages-- Intrusion Detection System (IDS)-- Firewall-- Antivirus-- Anti malwareSecure Protocol such as ssh, sftp, scopy

FAU Secure Private Cloud Architecture

We choose an Open Source solution: Eucalyptus Cloud -- Complement it with third party power management subsystem and -- Cloud Monitor Controller

The following components will be described in the next few slides• Node Controller• Storage Controller• Cloud Controller• Cluster controller• Walrus Storage• Power management Controller• Cloud Monitor System

Figure 1 shows a rough draft of the Eucalytus model (Courtesy of http://csrdu.org/blog/2010/10/23/introduction-to-private-cloud-computing-with-ubuntu-enterprise-cloud/)

Node Controller

• Runs as a server• Control Virtual machine instances• Discover hypervisors resources• Interfaces with Cluster Controller and Hypervisors • Provision resources to the VM• Propagate data to Cloud Controller Security measure:-- Apply server security policy as describe above

Use case for Node Controller

Storage Controller

• Similar to Amazon elastic block storage services

• Ability to create snapshots• Create and manage persistent block storage

device Security measure-- Apply server security policy as describe above

Use case for Storage Controller

Cloud Controller

• Monitor the overall cloud infrastructure• Monitor Node controller of hypervisor

resources• Interfaces with Cloud administrator• Provide resource arbitration• Monitor Virtual machine migrations• Run on top OS server

Cloud Controller (continued)

Security measure-- Apply server security policy as describe above

Use case for Cloud Controller

Cluster controller

• Process Cloud Controller to deploy instances• Select available hypervisor to deploy virtual

machines• Audit hypervisors and report to Cloud

Controller Security measure-- Apply server security policy as describe above

Use case for Cluster Controller

Walrus Storage Services

• Compatible with Amazon S3• Capacity to store virtual machine images• Store snapshot• Use S3 API to store files• Can coexist on the Cloud Controller server• Security measure:-- Apply server security policy as describe above

Use case for walrus services

Power management Controller

• Monitor power grid for failure• Failsafe to backup power subsystem• Auto detect grid power to return to normal

state• Security measure:• Use Secure channel to shutdown system• Allow trusted host by IP address and Mac

Address

Use case for Power Management

Cloud Monitor System

• Monitor room temperature• Monitor Cloud , Cluster, storage and

hypervisors controllers performance• Alert system administrator on any abnormality• Security measure:• Restrict access to admin• Patch daily as needed• Apply Organization security policy

Use case for Cloud Monitor system

Cloud administrator

• Manage Users• Manage Roles• Create Data Center• Manage VMs• Create Cloud Security Policy

Use case for cloud Administrator

The FAU Private Cloud ARchitecture

• Class diagram for Infrastructure as a service is shown in the next slide.

FAU private Cloud Architecture Class Diagram

Implementation of IaaS layer for the FAU Private Cloud

conclusion

• We only provide a secure architecture for Infrastructure as a Service in the FAU private Cloud Example.

• The design was based on security requirement for the respective layer

• Future presentation will address PaaS and SaaS Secure architecture