Magellan Final Report - Office of Science - U.S. Department of Energy

More documents

Recommendations

Info

Magellan Final Report The set of controls set out in the FedRAMP document are designated for low and medium baselines. For the current control baseline, we have a low impact cloud system. Since the focus of the FedRAMP document was on consumers of cloud resources rather than producers, we needed to digest the contents of the document from an alternate perspective. As well, since institutional responses to individual control entities are driven by local requirements, needs, and philosophy, any sort of detailed response is well outside the scope of this document. However, at a minimum, the following steps should be taken. 1. A “user” should be a uniquely identifiable entity (such as a user account) where a complete Access Control, Audit and Accountability process can take place, and who then is granted the right to launch a VM within their own system context. 2. For pre-vetted instances (where the user is not granted root access), site security controls must be applied for sections Access Controls (AC), Audit and Accountability (AU), and Identification and Authentication (IA ) from the NIST 800-53 publication. 3. For non-vetted images, or where the users will be granted root access, active scanning and analysis is required. In the same way that the technical aspects of computer security are evolving for cloud computing providers, identifying how this new technology will fit into the current sets of security controls remains an area for exploration. 8.3 Recommended Further Work There are a number of areas that we feel should be addressed to advance the state of security on a cloudbased system like Magellan. While many tools and techniques used with typical large multiuser systems can be applied to cloud-based systems, these tools and techniques would evolve more rapidly through tighter integration into the cloud-stack software. Further Security Control Automation. Some work was done during the project to integrate the cloud software with automated security systems. Additional work is required in this area. With the dynamic nature of cloud systems, the security controls must evolve to be similarly dynamic and flexible. The integration of security policy tools directly into the cloud control software would be ideal, as it would allow enforcement of a site’s security policies while the user worked instead of being applied after the fact by systems that monitor for changes. This would also enhance the responsiveness of the system. Security setting modifications could be requested by the user, checked against a site’s policies, and implemented or denied, all in a single integrated operation. Enhanced Forensic Capabilities. Due to the ephemeral nature of cloud resources, performing forensic analysis on these virtualized systems is fraught with many challenges, both technical and legal. When there is a need to analyze a physical system involved in a security incident or crime, the system is usually taken into evidence. Its storage devices are copied and verified, and those files are then analyzed. The practice of computer forensics is well established, and evidence produced through this analysis is accepted in courts worldwide. Virtualized systems provide a new twist for computer investigators. Should the need arise to collect evidence from a virtualized system, the methods and practices are not as clear-cut. Can the investigator capture an image of the virtual disk associated with a given resource, or must they analyze the physical hardware that underlies the infrastructure Depending on the size of the cloud itself and the underlying software, the answer to this question could have widespread effects on the cloud system. If a portion of the physical system must be removed for processing, the resources of the cloud could be diminished significantly. On the other hand, if an investigator captures and analyzes only the virtual disk associated with a given virtual system, will that satisfy the court Or will the opposing attorneys be able to raise enough doubt about the evidence in the judge or jury that it may be thrown out 42
Magellan Final Report Aside from legal questions, a survey of existing forensic tools for virtual systems should be made, and any gaps identified and plans made to address them. There may be some benefit to building forensic capture and analysis capabilities directly into the cloud software. This could speed response time during an incident and also provide vendors in the computer forensic space a way to integrate their tools with the cloud software. Improved Logging and Auditing Capabilities. A definite challenge the teams experienced while running the cloud testbeds was the lack of sufficiently detailed logs that could be used for auditing and reporting purposes. Calculating individual and project usage was difficult and required development of specialized tools to gather data from disparate sources and attempt to combine it to generate usage reports. This disjointed logging can also hamper security analysis and audits by needlessly complicating the required effort to review a system’s usage. It is our recommendation that some effort be made to consolidate and focus the log records of cloud systems to ensure they provide the necessary detail needed for not only troubleshooting but also regular auditing activities. Improved User Authentication and Role-Based Access Control. Depending on the software used to implement a cloud system, there are varying degrees of role-based access control available. Eucalyptus had very limited options for user roles and resource allocation. OpenStack options for role-based access controls were more advanced, and there was even basic resource management available to prevent a small number of users from utilizing too many resources. In order to meet DOE requirements, these features would need to be greatly expanded and enhanced beyond their current state. The ability to define roles and even delegate role assignment to project leads could allow more flexibility for the system users while making sure that security policies were being met. By formalizing roles and building them into the cloud system, auditing users and access would be greatly simplified. The addition of a “billing system” that tracked usage of resources among different users and projects accurately and automatically could allow for more advanced scheduling of resources beyond the current simplistic model, where resources are either available immediately or not at all. User authentication also needs improvement. The current model of authenticating users via certificate is usable, but is inflexible, for instance, it does not provide a way to incorporate two-factor authentication. There are workarounds that can address this issue for systems that might require it today, but more integrated options should be explored in this space. Perhaps storing the cloud authentication certificates on smart cards could be a possible solution. The software would need to be modified to make use of alternative authentication methods, and testing would show which methods are most effective and flexible for end users. Assessment of Public Cloud Infrastructures. As we have mentioned earlier, our work centered on evaluating operating a cloud computing infrastructure for scientific workloads. Our assumptions and conclusions should be considered in this context. While we did discuss public cloud infrastructures and how they compared to the Magellan cloud testbed, serious evaluation of those systems was not undertaken. Even though assessment of public cloud infrastructures was not in the scope of this project, we believe they should be evaluated and compared to privately run cloud systems to better understand the costs and challenges associated with those types of systems. 8.4 Summary Securing a cloud system has many parallels to securing large multi-user clusters. Of course there are some unique challenges, but our experiences suggest that these could be met if significant effort were spent on the system design, enhancing the existing tools, and building some key capabilities that do not exist today. Our work indicates that the risks of allowing users full reign over their virtual machines is not as onerous a problem as it first appears. Much of the risk involves user error, which might be mitigated by introducing a high-quality user interface that simplifies management tasks. Overall, the cloud systems we worked with did not reveal any security hurdles that were considered intractable. 43
Page 1 and 2:
The Magellan Report on Cloud Comput
Page 3 and 4:
Executive Summary The goal of Magel
Page 5 and 6: Key Findings The goal of the Magell
Page 7 and 8: Magellan Final Report Finding 8. DO
Page 9 and 10: Magellan Final Report role in addre
Page 11 and 12: Contents Executive Summary Key Find
Page 13 and 14: Magellan Final Report 9.7 Discussio
Page 15 and 16: Chapter 1 Overview Cloud computing
Page 17 and 18: Magellan Final Report • The Argon
Page 19 and 20: Chapter 2 Background The term “cl
Page 21 and 22: Magellan Final Report 2.1.4 Hardwar
Page 23 and 24: Magellan Final Report Table 3.1: Ke
Page 25 and 26: Magellan Final Report Little Magell
Page 27 and 28: Magellan Final Report 3.2 Advanced
Page 29 and 30: Chapter 4 Application Characteristi
Page 31 and 32: Magellan Final Report Table 4.1: Pe
Page 33 and 34: Magellan Final Report Output data
Page 35 and 36: Magellan Final Report of the pipeli
Page 37 and 38: Chapter 5 Magellan Testbed As part
Page 39 and 40: Magellan Final Report Figure 5.1: P
Page 41 and 42: Magellan Final Report Figure 5.2: P
Page 43 and 44: Magellan Final Report NERSC deploye
Page 45 and 46: Magellan Final Report Figure 6.1: A
Page 47 and 48: Magellan Final Report greater than
Page 49 and 50: Magellan Final Report specific QoS
Page 51 and 52: Magellan Final Report configuration
Page 53 and 54: Magellan Final Report 7.4 Summary U
Page 55: Magellan Final Report Firewalls are
Page 59 and 60: Magellan Final Report 9.1 Understan
Page 61 and 62: Magellan Final Report grid) on 256
Page 63 and 64: Magellan Final Report Table 9.1: HP
Page 65 and 66: Magellan Final Report 25  Ping 
Page 67 and 68: Magellan Final Report 100  12 
Page 69 and 70: Magellan Final Report case of GTC,
Page 71 and 72: Magellan Final Report 1.4 IB TCPo
Page 73 and 74: Magellan Final Report only affects
Page 75 and 76: Magellan Final Report Figure 9.11:
Page 77 and 78: Magellan Final Report charted as a
Page 79 and 80: Magellan Final Report Evaluation Cr
Page 81 and 82: Magellan Final Report Write Perform
Page 83 and 84: Magellan Final Report 3500 3000 G
Page 85 and 86: Magellan Final Report Histogram Plo
Page 87 and 88: Magellan Final Report SATA devices.
Page 89 and 90: Magellan Final Report MB/s Virident
Page 91 and 92: Magellan Final Report and the perfo
Page 93 and 94: Magellan Final Report (a) Hosts (b)
Page 95 and 96: Magellan Final Report Routing IP pa
Page 97 and 98: Chapter 10 MapReduce Programming Mo
Page 99 and 100: Magellan Final Report 10.3 Hadoop E
Page 101 and 102: Magellan Final Report 35000  3500
Page 103 and 104: Magellan Final Report summarize som
Page 105 and 106: Magellan Final Report Processing ti
Page 107 and 108:
Magellan Final Report in the networ
Page 109 and 110:
Magellan Final Report Workload Patt
Page 111 and 112:
Magellan Final Report This benchmar
Page 113 and 114:
Magellan Final Report Task Tracker
Page 115 and 116:
Magellan Final Report processing ti
Page 117 and 118:
Magellan Final Report Using ESnet
Page 119 and 120:
Magellan Final Report Figure 11.2:
Page 121 and 122:
Magellan Final Report data collecte
Page 123 and 124:
Magellan Final Report comparison to
Page 125 and 126:
Magellan Final Report 11.2.5 Integr
Page 127 and 128:
Magellan Final Report very large (4
Page 129 and 130:
Magellan Final Report for optimizat
Page 131 and 132:
Magellan Final Report One of the ad
Page 133 and 134:
Magellan Final Report commercial cl
Page 135 and 136:
Magellan Final Report Table 12.2: H
Page 137 and 138:
Magellan Final Report Cost per TF t
Page 139 and 140:
Magellan Final Report Productivity.
Page 141 and 142:
Magellan Final Report compute insta
Page 143 and 144:
Chapter 13 Conclusions Cloud comput
Page 145 and 146:
Magellan Final Report Inherently, t
Page 147 and 148:
Bibliography [1] G. Aldering, G. Ad
Page 149 and 150:
Magellan Final Report [30] I. Foste
Page 151 and 152:
Magellan Final Report [67] M. Palan
Page 153 and 154:
Appendix A Publications Selected Pr
Page 155 and 156:
Magellan Final Report Magellan Rese
Page 157 and 158:
Magellan Final Report Selected Mage
Page 159 and 160:
Appendix B Surveys B1
Page 161 and 162:
• Nuclear Physics - Accelarator P
Page 163 and 164:
Allow users to edit responses. What
Page 165 and 166:
Amazon Eucalyptus OpenStack Other:
Page 167 and 168:
Please list any publications/report
Page 169 and 170:
Hadoop Streaming Hadoop Native Prog
show all

Magellan Final Report - Office of Science - U.S. Department of Energy

Create successful ePaper yourself

Delete template?

Save as template?