Physical attack protection with human-secure virtualization in data centers

Cloud computing-based data centers, which hold a large amount of customer data, are vulnerable to physical attacks and insider threats. Current protection and defense mechanisms for security of data held in data centers are either completely physical (sensors, barriers, etc.) or completely cyber (firewalls, encryption, etc.). In this paper we propose a novel cyber-physical security defense for cloud computing-based data centers against physical attacks. In our system, physical sensors detect an impending physical/human attack which triggers cyber defenses to protect or mitigate the attack. The key to the cyber defenses is that in cloud computing data centers the data is loosely coupled with the underlying physical hardware, and can be moved/migrated to other physical hardware in the presence of an attack. In this paper we propose a model for coupling such cyber defenses with physical attack-detection sensors. We further describe a preliminary architecture for building such a system with today's cloud computing infrastructure.

[1]  Rajkumar Buyya,et al.  Market-Oriented Cloud Computing: Vision, Hype, and Reality of Delivering Computing as the 5th Utility , 2009, 2009 9th IEEE/ACM International Symposium on Cluster Computing and the Grid.

[2]  Ruby B. Lee,et al.  Scalable architectural support for trusted software , 2010, HPCA - 16 2010 The Sixteenth International Symposium on High-Performance Computer Architecture.

[3]  Ramya Jayaram Masti On the security of virtual machine migration and related topics , 2010 .

[4]  Herbert J. Mattord,et al.  Principles of Information Security , 2004 .

[5]  Christoph Meinel,et al.  Infrastructure as a service security: Challenges and solutions , 2010, 2010 The 7th International Conference on Informatics and Systems (INFOS).

[6]  Ruby B. Lee,et al.  Architecture for protecting critical secrets in microprocessors , 2005, 32nd International Symposium on Computer Architecture (ISCA'05).

[7]  Sushil Jajodia,et al.  Moving Target Defense - Creating Asymmetric Uncertainty for Cyber Threats , 2011, Moving Target Defense.

[8]  Ruby B. Lee,et al.  Architectural support for hypervisor-secure virtualization , 2012, ASPLOS XVII.

[9]  Lawrence J. Fennelly Effective Physical Security , 2004 .

[10]  Sean W. Smith,et al.  Building the IBM 4758 Secure Coprocessor , 2001, Computer.

[11]  Ruby B. Lee,et al.  Hardware-rooted trust for secure key management and transient trust , 2007, CCS '07.