Security for Private OpenStack Clouds

Slide 1

Slide 1 text

Slide 2

Slide 2 text

Slide 3

Slide 3 text

Slide 4

Slide 4 text

Slide 5

Slide 5 text

Slide 6

Slide 6 text

Slide 7

Slide 7 text

© 2014 Nebula, Inc. All rights reserved. Intelligence Services Serious Organized Crime Highly Capable Groups MoFvated Individuals Script Kiddies Likelihood of A,ack Sophis2ca2on & Likelihood of Exploita2on Source: OpenStack Security Guide

Slide 8

Slide 8 text

© 2014 Nebula, Inc. All rights reserved. Compromise User System VM Breakout API Vuln Dashboard Vuln Access Cloud As Admin Access Cloud As Outsider Access Cloud As User View Other Instances Abuse Cloud Resources View Data In Cloud View Data In Cloud Modify LDAP View External Data Follow VLANs into Corp Net Spear Phishing IniMal Access Touch Cloud Exploit Cloud Exploit Enterprise Compromise Instance

Slide 9

Slide 9 text

Slide 10

Slide 10 text

© 2014 Nebula, Inc. All rights reserved. API Endpoints Web Dashboard Compute Node Compute Node Storage Node Storage Node Guest Management Data Management and Control Plane Services Cloud Users / Administrators Cloud Operators Instance Instance Instance Instance External

Slide 11

Slide 11 text

Slide 12

Slide 12 text

© 2014 Nebula, Inc. All rights reserved. Cloud A/ack Vectors MiFgaFon Strategies API Endpoints Service hardening, mandatory access controls, code audits Web Dashboard CSP, expected domains, HTTPS, HSTS, allowed referrers InformaMon Leakage SSL/TLS, disable memory dedup, randomize resource assign VM Breakout Service hardening, mandatory access controls, code audits Hardware Sharing Avoid bare metal instances, avoid device pass-‐through Default Images Secure and maintain default images Secondary AYacks Least priv, mandatory access controls, SSL/TLS, strong auth

Slide 13

Slide 13 text

© 2014 Nebula, Inc. All rights reserved. Threat: Information Leakage •  TLS for network services –  API endpoints –  Web dashboard –  Log feeds –  AD / LDAP –  External Storage •  Cross-VM attacks (timing, cache effects, etc)

Slide 14

Slide 14 text

© 2014 Nebula, Inc. All rights reserved. Threat: VM Breakout •  Mandatory access controls –  SELinux + KVM (SVirt) •  Build hardening –  Remove unused device models from QEMU –  Compiler hardening flags •  General Node Hardening –  De-privilege node, with respect to cloud –  Boot + Runtime attestation, SELinux, etc

Slide 15

Slide 15 text

© 2014 Nebula, Inc. All rights reserved. Threat: Control Plane Compromise •  Layers of Security –  Firewall (bi-directional on control plane) –  Limit propagation of sensitive data –  Unique secrets everywhere –  Audit network service interface bindings –  TLS, SELinux, boot + runtime attestation •  Primary Focus: Limit damage from a bad actor on the control plane

Slide 16

Slide 16 text

© 2014 Nebula, Inc. All rights reserved. Threat: Vulnerabilities Upstream •  Targeted security audits –  Work closely with OpenStack and Linux communities •  Aggressive security update policies –  Cloud-specific triage process –  Be prepared to test and rollout quickly

Slide 17

Slide 17 text

© 2014 Nebula, Inc. All rights reserved. Threat: Poor Entropy for Instances •  Mix entropy from multiple sources –  Hardware generated from multiple vendors •  Distribute securely / fairly –  Entropy stream distributed throughout cloud –  Available to all instances, using RNG Tools

Slide 18

Slide 18 text

Slide 19

Slide 19 text