1. GOHEL VISHAL
LECTURER OF COMPUTER DEPT.
GPBHUJ
MO:9638893297
Improvement of virtual network
communication security of trusted
launch of virtual machine in public
IAAS environment”
2. Contents
• Introduction
• Literature Review (In Detail)
• Reserch Findings
• Research Objective
• Work Plan/Simulation tools used
• Problem Formulation (if any)
• Proposed Methodology/Algorithm(if any)
• Expected Outcome
• Conclusion
• Publication
• Bibliography
3. Introduction Of Cloud Computing
• What is Cloud Computing?
• Until recently, computing meant a program that ran on a desktop or laptop
computer on your desk, or a server in your lab. Or, using the internet, you could use
a program that was running on a server somewhere else in the world. But it was
always a specific piece of hardware in a specific location that was running the
program.
• In the context of cloud computing, cloud refers to the internet. And then, cloud
computing means that the computing is happening somewhere in the cloud. You
don't know where the computing is happening, most of the time, you can't know
where it is happening (since it can keep moving around), and the most important
factor is that you don't care.
4. Types of Cloud Service
• Software As A Service
software as a service (saas) is the model in which an application is hosted as a
service to customers who access it via the internet. when the software is hosted off-
site, the customer doesn’t have to maintain it or support it. on the other hand, it is
out of the customer ’s hands when the hosting service decideds to change it. the
idea is that you use the software out of the box as is and do not need to make a lot
of changes or require integration to other systems.
• Hardware As A Service
hardware as a service (haas) is the next form of service available in cloud
computing. where saas and paas are providing applications to customers, haas
doesn’t. it simply offers the hardware so that your organization can put whatever
they want onto it.
• Platform AS A Service
following on the heels of saas, platform as a service (paas) is another application
delivery model. paas supplies all the resources required to build applications and
services completely from the internet, without having to download or install
software.
5. Introduction of IIAS
• Infrastructure as a Service is a provision model in which an organization
outsources the equipment used to support operations, including storage,
hardware, servers and networking components. The service provider owns the
equipment and is responsible for housing, running and maintaining it. The
client typically pays on a per-use basis.
• IaaS is one of three main categories of cloud computing service. The other two
are Software as a Service (SaaS) and Platform as a Service (PaaS).
Infrastructure as a Service is sometimes referred to as Hardware as a Service
(HaaS).
• Characteristics and components of IaaS include:
• Utility computing service and billing model.
• Automation of administrative tasks.
• Dynamic scaling.
• Desktop virtualization.
• Policy-based services.
• Internet connectivity.
6. Literature Review-1
• Trusted Launch of Virtual Machine Instances in Public
IaaS Environments-Nicolae Paladi1, Christian Gehrmann1,
Mudassar Aslam1, and Fredric Morenius2-2011[1]
– Problem statement
That no modications or customizations of the VM image to be
launched are performed by the IaaS provider without the client's
knowledge.
– Main contribution
• 1. Description of a trusted launch protocol for VM instances in public IaaS
environments.
• 2. Implementation of the proposed protocol based on a widely-known IaaS
platform.
7. Literature Review-1(continue)
– Methodology/Platform
Open Stack IaaS platform
---- Simulation parameter
Trusted VM launch protocol
Conclusion
Trusted computing offers capabilities to securely perform data manipulations on
remote hardware owned and maintained by another party by potentially
preventing the use of untrusted software on that hardware for such
manipulations.
Future work
First is the extension of the trust chain to other operations on VM instances
(migration, suspension, updates, etc.), as well as data storage and virtual
network communications security. The second category includes addressing
certain assumptions of the proposed launch protocol. The third category
focuses on the design and implementation of the evaluation poli-cies of the
TTP.
8. Literature Review-2
• Trusted Launch of Generic Virtual Machine Images in Public IaaS
Environments-Nicolae Paladi1, Christian Gehrmann1, Mudassar
Aslam1, and Fredric Morenius2-2011[2]
– Problem statement
That no modications or customizations of the VM image to be launched are
performed by the IaaS provider without the client's knowledge.
– Main contribution
• 1. Introduction of the concept of generic virtual machine images in the context
of IaaS
• security.
• 2. Description of a trusted launch protocol for generic VM images in IaaS
environments.
• 3. Implementation of the proposed protocol based on a widely-known IaaS
platform..
9. Literature Review-2(continue)
– Methodology/Platform
Open Stack IaaS platform
---- Simulation parameter
Trusted GVM image launch protocol
Conclusion
Trusted computing offers capabilities to securely perform data manipulations on
remote hardware owned and maintained by another party by potentially
preventing the use of untrusted software on that hardware for such
manipulations.
Future work
First is the extension of the trust chain to other operations on VM instances
(migration, suspension, updates, etc.), as well as data storage and virtual
network communications security. The second category includes addressing
certain assumptions of the proposed launch protocol. The third category
focuses on the design and implementation of the evaluation poli-cies of the
TTP.
11. Research Objective
• The Objectives of my dissertation work are
• Improvement of Virtual network communication
security in IaaS services.
• Provide more secure cloud computing environment.
• Provide secure run-time virtual environment using
Xen virtualization system.
• Secure Virtual Machine Execution under an Untrusted
Management OS.
12. Simulation tools used
• Xen Hypervisor
• XEN (originally called XENoServers) project is funded by Engineering
and Physical Sciences Research Council of the UK (UK - EPSRC) at
the University of Cambridge. The XENoServers project is led by Ian
Pratt, a Senior Lecturer at the University of Cambridge Computer
Laboratory, Fellow of King ’ s College Cambridge, and a leader of the
Systems Research Group at the University of Cambridge. The aim of
the XENoServers project is to develop a powerful, flexible
infrastructure for global distributed computing. A key element of the
XENoServers project is the ability to enable single machines to run
different, or multiple, operating system instances and their associated
applications in isolated, protected environments. These operating
system instances can then separately account for resource use and
provide unique system accounting and auditing information.
13. Problem Formulation
“Improvement of virtual network communication security of
trusted launch of virtual machine in public IAAS
environment”
•
•Proposed research work
•I proposed a virtualization architecture to ensure a secure VM execution environment
under an untrusted management OS. And Comparison between an untrusted and trusted
management OS. The mechanism includes a secure network interface, secure
secondary storage and most importantly, a secure run-time execution environment.
•I want to implement the secure run-time environment in the Xen virtualization system.
And also go for identification which hypervisor is more convenient for trusted virtual
network communication security.
•I want to demonstrate how it can be used to facilitate secure remote computing
services.
•I believe that using the proposed secure virtualization architecture, even under an
untrusted management OS, a trusted computing environment can be created for a VM
which needs a high security level, with very small performance penalties.
14. Proposed Methodology/Algorithm
• 1. Trusted VM launch protocol.
• 2. Open stack IaaS platform.
• 3. Secure virtual machine and untrusted OS.
15. Work Plan
Sr.
No.
Work Time Outcome
1. Module1(Introduction of
cloud computing)
--- Detail understanding about
cloud computing
2. Module2(detail services of
cloud computing)
--- Service related different issues
3. Module3(Detail study of
IAAS)
--- IAAS related detail issues
4 Literature survey about Iaas
services
--- Concept is clear about Iaas
services
5 Find final definition --- Clear final definition
6 Propose design --- Prototype module
7 Implementation of propose
design using simulator
---
8 Testing of work done ---
9 Perforation study and
comparison
---
10 Plot Improvement graph and
chart
---
16. Expected Outcome
• Secure network interface.
• Secure run-time environment in the Xen
virtualization system and compare to the
other hypervisor.
• Secure remote computing services.
17. Conclusion
• The mechanism includes a secure network interface, secure
secondary storage and most importantly, a secure run-time
execution environment. We have implemented the secure run-
time environment in the Xen virtualization system. I believe
that using the proposed secure virtualization architecture, even
under an untrusted management OS, a trusted computing
environment can be created for a VM which needs a high
security level, with very small performance penalties.
18. References
1. Nicolae Paladi1, Christian Gehrmann1, Mudassar Aslam1,
and Fredric Morenius2. “Trusted Launch of Virtual Machine
Instances in Public IaaS Environments” October 2011,
AFCEA cyber communit.
2. Nicolae Paladi1, Christian Gehrmann1, Mudassar Aslam1,
and Fredric Morenius2. “Trusted Launch of Virtual Machine
Instances in Public IaaS Environments” October 2011,
AFCEA cyber communit
3. Chunxiao Li, Anand Raghunathan, Niraj K. Jha “Secure
Virtual Machine Execution under an Untrusted Management
OS”(2010).
19. Bibliography
• http://www.eucalyptus.com
• Virtualization overview, White paper, VM
Ware
• http://www.technomenace.com/2010/11/cre
ating-xen-virtual-machine-domu/
• http://www.cl.cam.ac.uk/research/srg/netos/
xen/performance.html
• http://www.xen.org