Field of the Disclosure
The present disclosure relates generally to systems for improving the security of virtual machines in cloud computing systems. More specifically, the present disclosure relates to a system and method for security health monitoring and attestation of virtual machines in cloud computing systems.
Related Art
In an Infrastructure as a Service (“IaaS”) computing environment, a customer can request to launch a Virtual Machine (“VM”) in the cloud system. The cloud provider places the VM in a virtualized cloud server, and allocates a specified amount of physical resources (CPU, memory, disk, networking, etc.) to the VM. The customer is granted remote access to the VM. During the VM's lifetime, the customer may want to know if the VM has good security health. A healthy VM is one that satisfies the security properties the customer requested for a particular VM. For example, if the customer stores sensitive data in the cloud server's storage, a healthy VM enforces confidentiality and protection of the data from other VMs, or from physical attackers. For another customer with time-critical service needs, a healthy VM may mean that resources that have been contracted for in the Service Level Agreement (SLA) are always available to the VM.
In cloud computing, different customers can share the same cloud server, as co-tenants or co-resident VMs. These VMs may belong to competitors, spies, or malicious attackers. The security health of a VM should take into account the other co-resident VMs (called “outside-VM” vulnerabilities), not just the attacks from within the VM (“inside-VM” vulnerabilities such as malware, guest OS root kits, etc.). Outside-VM vulnerabilities from “bad neighbor” VMs can steal critical information through side-channel attacks or covert channel attacks, which can compromise the VM's confidentiality health. Resource contention for shared resources between different VMs on the same server enable malicious VMs to perform Denial of Service attacks which can compromise the victim VM's availability health. Large cloud management software, including the hypervisor, can also have bugs, which can be exploited to compromise a VM's security health. Hence, a VM's security health depends on not only the activities inside the VM, but also the VM's interactions with the environment.
The prior art solutions on inside-VM threats proposed Virtual Machine Introspection (“VMI”) techniques. This can provide the service of VM health monitoring at the hypervisor level. Since the hypervisor manages the VMs and runs below the VMs, a hypervisor health monitor is outside the VM, it is able to detect the existence of malicious or untrusted entities inside the VM, while being isolated, and thus protected, from the VM. Since the introduction of the VMI technique and a Livewire intrusion detection system, many VMI-based architectures have been designed to monitor the inside-VM health. These architectures detect abnormal behaviors inside the VM, but do not consider the threats from co-resident VMs or other outside-VM entities. For instance, a VMI tool may be able to detect confidentiality breaches caused by malicious programs residing in the target VM, but it cannot detect attacks to the VM's environment that indirectly affect the VM's security health. The prior art systems do not address how to allow the remote customer to use monitoring services based on a set of security requirements.
Prior art solutions also fail to provide adequately for remote attestation of security health properties in VM environments. Remote attestation has been defined to enable remote customers to test the integrity of a targeted system based on the integrity hash measurements supplied by that system, i.e., binary attestation. Trusted Platform Module (“TPM”) based attestation can verify the platform integrity of a remote server when it booted up. The targeted server uses the TPM to calculate the binary hash values of the platform configurations and sends them to the customer. The customer compares these values with reference configurations, possibly via a trusted third party appraiser, and determines whether the state of the platform is in the unmodified (good) state. In the context of virtualization platforms, the virtual Trusted Platform Module (“vTPM”) was designed to provide the same usage model and services to the VMs as the hardware TPM. Accordingly, remote attestation can be carried out directly between the customers and their virtual machines by the vTPM instances. vTPM-based attestation raises some problems for VM monitoring: it cannot monitor the security conditions of the VM's environment. Furthermore, the monitoring tool resides in the guest OS, so it needs modification of the guest OS, and commodity OSes are also highly susceptible to attacks. As will be explained in greater detail below, providing adequately for remote attestation of security health properties in VM environments is introduced in the system of the present disclosure to overcome the above-mentioned problems in the prior art.
Prior work also attempt to teach the concept of property-based attestation to attest to different properties of a system. However, the specification, implementation and interpretation of properties to be attested remain as challenging, open problems. This makes it very difficult for computer architects to convert the concept of property-based attestation into real architectures. It is therefore desirable to provide a system to monitor host machines and VMs to see if different security properties are being enforced or violated, thus providing property-based attestation in cloud computing systems. It is also desirable to provide an infrastructure for property-based attestation of arbitrary security properties, not just integrity. Examples of security properties include degraded availability and loss of confidentiality through covert channels or side channels, or other explicit or implicit information leakage mechanisms. It also includes availability of resources when needed, provenance of data, audit logs, privacy-preserving operations, etc. It is further desirable to provide attestation not only on boot up and VM initiation, but also during VM runtime and migration. Finally, it is desirable to provide a system for ongoing periodic attestation for a VM's security health and to introduce a trusted property interpretation and certification server to transform the platform's security measurements into properties and vice versa, and determine if the platform's condition satisfies a given set of properties. Such a property interpretation and certification server (which we also call an attestation server) can also interpret measurements from multiple VMs and multiple servers to determine broader security health properties
Monitoring the VMs' security health poses a series of challenges in a cloud system. First, the customer's limited privileges prevent the customer from collecting comprehensive security measurements to monitor the VM's health securely. The customer only has access to the VM, but not to the host server. For inside-VM vulnerabilities, once the VM's operating system (OS) in the VM is compromised by an attacker, the customer may not get correct measurements. For outside-VM vulnerabilities, the customer cannot collect information about the co-resident VMs, hypervisor, etc. Second, the customer's desired security requirements are expressed in terms of the high-level security requirements of a VM, but the security measurements that can be collected efficiently usually involve low-level measurements of the physical server, the hypervisor and other entities related to this VM. This creates a semantic gap between what the customer wants to monitor and the type of measurements that can be collected. Third, the VMs go through different lifecycle stages and may migrate to different host servers. Fourth, there are numerous entities between the customers and where the VM performs operations, in typical cloud computing environments. It is important to collect, filter and interpret the monitored information securely, in order to attest, i.e., pass on to the customer in an unforgeable way, only the requested information.
As will be explained in greater detail below, the present application will overcome the problems in the prior art systems in at least the following ways by (1) providing a flexible architecture to monitor the security health of VMs on cloud servers over the VMs' lifecycle, (2) providing a framework for monitoring different aspects of security health, (3) bridging the semantic gap between security properties that the customer requests and actual security measurements of a VM, (4) providing different security monitoring and attestation activities during a VM's lifecycle, and (5) providing automatic remediation responses to failing security health indicated by negative attestation results.