trusted computing and openstack - saweis.net › pdfs › weis-trusted-computing-openstack.pdf ·...
TRANSCRIPT
Trusted Computing & OpenStack
Steve Weis! PrivateCore!
!
OpenStack Security Meetup!July 2014
How safe are bare-metal clouds?
Attacks in the wild
Exploit all the things!• Operating Systems
• BIOS / EFI
• Device firmware / Option ROMs
• Master boot records
• Keyboard controllers
• Management engines and controllers
“Provide for the recovery of an !information system to a known state”
Source: NIST 800-53
Trusted Execution Technology
Kernel OS Config
BIOSSINITPlatform Config
Option ROMs
MeasureRemote Attest
CPUTPM
Firmware and software needed to boot
Example Measurements
OS
Credentials
☚
☚
☚
MLE☚Config☚
ACM☚
BIOS☚
☚
Gaps in Trusted Execution
Spoof CPU
PastHypotheticalCurrent
Kernel OS Config
BIOSSINITPlatform Config
Option ROMs
CPUTPM
Overflow
ForgeProvenance
Extract Keys
Hashcollision
Paperclip
Spoof Bus
Attestation in OpenStack
Trusted Compute PoolsNova
Scheduler
Attestation Server
UserNova
Compute ANova
Compute B
1. Run my payload on a trusted compute node
2. Which nodes are trusted?
3. TPM Quote
4. Node A is good
5. Run payload on compute node A
Nova Compute A
Nova Compute B
Implementations
• Open Attestation (OAT): https://01.org/openattestation
• Open source Java attestation server. Mostly developed by Intel.
• Intel Trust Attestation Solution (Mt. Wilson): Enterprise OAT
• PrivateCore vCage: Python / Django / Horizon attestation server
Gaps in Trusted Pool Model
Nova
Attestation Server
Nova ComputeGlanceSwiftCinder
Bad Compute
…
Compute PoolSeparate Trusted Environment?
Bad nodes already have control plane access?
Nova Compute
OpenStack Components
Compute Node
Toward a Better Model
Attestation Server
1. AttestOpenStack
Components
Credential Storage 3. Provision
1. Attest
Compute Node🔑
4. Enroll2. Authorize
Trust Perimeter
Suggested Improvements
1. Attest all servers in OpenStack: Not just compute nodes
2. Cloud providers should provide TPMs and compatible firmware
3. Vendors need to provide authoritative lists of measurement values
4. CPU vendors should ultimately remove dependency on TPMs