UVBond: Strong User Binding to VMs for Secure Remote Management in Semi-Trusted Clouds

2018 IEEE/ACM 11th International Conference on Utility and Cloud Computing (UCC) Pub Date : 2018-12-01 DOI:10.1109/UCC.2018.00030

Keisuke Inokuchi, Kenichi Kourai

{"title":"UVBond: Strong User Binding to VMs for Secure Remote Management in Semi-Trusted Clouds","authors":"Keisuke Inokuchi, Kenichi Kourai","doi":"10.1109/UCC.2018.00030","DOIUrl":null,"url":null,"abstract":"In Infrastructure-as-a-Service (IaaS) clouds, remote users access provided virtual machines (VMs) via the management server. The management server is managed by cloud operators, but not all the cloud operators are trusted in semi-trusted clouds. They can execute arbitrary management commands to users' VMs and redirect users' commands to malicious VMs, which is called the VM redirection attack. The root cause is that the binding of users to VMs is weak. In other words, it is difficult to enforce the execution of only users' management commands to their VMs. In this paper, we propose UVBond for strongly binding users to their VMs to solve this problem. UVBond boots user's VM by decrypting its encrypted disk inside the trusted hypervisor. Then it issues a VM descriptor to securely identify that VM. To bridge the semantic gap between high-level management commands and low-level hypercalls, UVBond uses hypercall automata, which accept the sequences of hypercalls issued by commands. We have implemented UVBond in Xen and confirmed that a VM descriptor and hypercall automata prevented attacks and that the overhead was not large.","PeriodicalId":288232,"journal":{"name":"2018 IEEE/ACM 11th International Conference on Utility and Cloud Computing (UCC)","volume":"3 4","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE/ACM 11th International Conference on Utility and Cloud Computing (UCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/UCC.2018.00030","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

In Infrastructure-as-a-Service (IaaS) clouds, remote users access provided virtual machines (VMs) via the management server. The management server is managed by cloud operators, but not all the cloud operators are trusted in semi-trusted clouds. They can execute arbitrary management commands to users' VMs and redirect users' commands to malicious VMs, which is called the VM redirection attack. The root cause is that the binding of users to VMs is weak. In other words, it is difficult to enforce the execution of only users' management commands to their VMs. In this paper, we propose UVBond for strongly binding users to their VMs to solve this problem. UVBond boots user's VM by decrypting its encrypted disk inside the trusted hypervisor. Then it issues a VM descriptor to securely identify that VM. To bridge the semantic gap between high-level management commands and low-level hypercalls, UVBond uses hypercall automata, which accept the sequences of hypercalls issued by commands. We have implemented UVBond in Xen and confirmed that a VM descriptor and hypercall automata prevented attacks and that the overhead was not large.

查看原文本刊更多论文

UVBond:支持用户与虚拟机的强绑定，用于半信任云环境下的安全远程管理

在基础设施即服务(IaaS)云中，远程用户通过管理服务器访问提供的虚拟机(vm)。管理服务器由云运营商管理，但在半信任的云中，并非所有云运营商都受信任。它们可以对用户的虚拟机执行任意的管理命令，并将用户的命令重定向到恶意虚拟机，称为虚拟机重定向攻击。根本原因是用户与虚拟机绑定弱。换句话说，很难强制只对用户的vm执行管理命令。在本文中，我们提出了UVBond，用于将用户与虚拟机强绑定以解决此问题。UVBond通过在可信管理程序中解密用户的加密磁盘来引导用户的虚拟机。然后，它发出一个VM描述符来安全地标识该VM。为了弥合高级管理命令和低级超调用之间的语义差距，UVBond使用了超调用自动机，它接受由命令发出的超调用序列。我们已经在Xen中实现了UVBond，并确认了VM描述符和超调用自动机可以防止攻击，并且开销并不大。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2018 IEEE/ACM 11th International Conference on Utility and Cloud Computing (UCC)

自引率

0.00%

发文量