Master Thesis Defense - April 19, 2017: TenantGuard:Scalable Runtime Verification of Cloud-Wide VM-Level Network Isolation

Yu Shun Wang

Wednesday, April 19, 2017 at 3:00 p.m.
Room EV003.309

You are invited to attend the following M.A.Sc. (Information Systems Security) thesis examination.

Examining Committee

Dr. A. Youssef, Chair
Dr. L. Wang, Supervisor
Dr. M. Debbabi, Supervisor
Dr. C. Assi, CIISE Examiner
Dr. Y. Liu, External Examiner (ECE)

Abstract

The multi-tenancy of a cloud usually leads to security concerns over network isolation around each cloud tenant’s virtual resources. However, verifying network isolation in cloud virtual networks poses several unique challenges. The sheer size of virtual networks implies a prohibitive complexity, whereas the constant changes in virtual resources demand a short response time. To make things worse, such networks typically allow fine-grained (e.g., VM-level) and distributed (e.g., security groups) network access control. Those challenges can either invalidate existing approaches or cause an unacceptable delay which prevents runtime applications. In this thesis, we present TenantGuard, a scalable system for verifying cloud-wide, VM-level network isolation at runtime. We take advantage of the hierarchical nature of virtual networks, efficient data structures, incremental verification, and parallel computation to reduce the performance overhead of security verification.

We implement our approach based on OpenStack and evaluate its performance both in-house and on Amazon EC2, which confirms its scalability and efficiency (13 seconds for verifying 168 millions of VM pairs). We further integrate TenantGuard with Congress, an OpenStack policy service, to verify the compliance of isolation results against tenant-specific high level security policies.