Magellan Final Report - Office of Science - U.S. Department of Energy
Magellan Final Report - Office of Science - U.S. Department of Energy
Magellan Final Report - Office of Science - U.S. Department of Energy
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Magellan</strong> <strong>Final</strong> <strong>Report</strong><br />
Aside from legal questions, a survey <strong>of</strong> existing forensic tools for virtual systems should be made, and any<br />
gaps identified and plans made to address them. There may be some benefit to building forensic capture and<br />
analysis capabilities directly into the cloud s<strong>of</strong>tware. This could speed response time during an incident and<br />
also provide vendors in the computer forensic space a way to integrate their tools with the cloud s<strong>of</strong>tware.<br />
Improved Logging and Auditing Capabilities. A definite challenge the teams experienced while running<br />
the cloud testbeds was the lack <strong>of</strong> sufficiently detailed logs that could be used for auditing and reporting<br />
purposes. Calculating individual and project usage was difficult and required development <strong>of</strong> specialized tools<br />
to gather data from disparate sources and attempt to combine it to generate usage reports. This disjointed<br />
logging can also hamper security analysis and audits by needlessly complicating the required effort to review<br />
a system’s usage. It is our recommendation that some effort be made to consolidate and focus the log records<br />
<strong>of</strong> cloud systems to ensure they provide the necessary detail needed for not only troubleshooting but also<br />
regular auditing activities.<br />
Improved User Authentication and Role-Based Access Control. Depending on the s<strong>of</strong>tware used<br />
to implement a cloud system, there are varying degrees <strong>of</strong> role-based access control available. Eucalyptus<br />
had very limited options for user roles and resource allocation. OpenStack options for role-based access<br />
controls were more advanced, and there was even basic resource management available to prevent a small<br />
number <strong>of</strong> users from utilizing too many resources. In order to meet DOE requirements, these features<br />
would need to be greatly expanded and enhanced beyond their current state. The ability to define roles and<br />
even delegate role assignment to project leads could allow more flexibility for the system users while making<br />
sure that security policies were being met. By formalizing roles and building them into the cloud system,<br />
auditing users and access would be greatly simplified. The addition <strong>of</strong> a “billing system” that tracked usage<br />
<strong>of</strong> resources among different users and projects accurately and automatically could allow for more advanced<br />
scheduling <strong>of</strong> resources beyond the current simplistic model, where resources are either available immediately<br />
or not at all.<br />
User authentication also needs improvement. The current model <strong>of</strong> authenticating users via certificate<br />
is usable, but is inflexible, for instance, it does not provide a way to incorporate two-factor authentication.<br />
There are workarounds that can address this issue for systems that might require it today, but more integrated<br />
options should be explored in this space. Perhaps storing the cloud authentication certificates on smart cards<br />
could be a possible solution. The s<strong>of</strong>tware would need to be modified to make use <strong>of</strong> alternative authentication<br />
methods, and testing would show which methods are most effective and flexible for end users.<br />
Assessment <strong>of</strong> Public Cloud Infrastructures. As we have mentioned earlier, our work centered on<br />
evaluating operating a cloud computing infrastructure for scientific workloads. Our assumptions and conclusions<br />
should be considered in this context. While we did discuss public cloud infrastructures and how<br />
they compared to the <strong>Magellan</strong> cloud testbed, serious evaluation <strong>of</strong> those systems was not undertaken. Even<br />
though assessment <strong>of</strong> public cloud infrastructures was not in the scope <strong>of</strong> this project, we believe they should<br />
be evaluated and compared to privately run cloud systems to better understand the costs and challenges<br />
associated with those types <strong>of</strong> systems.<br />
8.4 Summary<br />
Securing a cloud system has many parallels to securing large multi-user clusters. Of course there are some<br />
unique challenges, but our experiences suggest that these could be met if significant effort were spent on<br />
the system design, enhancing the existing tools, and building some key capabilities that do not exist today.<br />
Our work indicates that the risks <strong>of</strong> allowing users full reign over their virtual machines is not as onerous a<br />
problem as it first appears. Much <strong>of</strong> the risk involves user error, which might be mitigated by introducing<br />
a high-quality user interface that simplifies management tasks. Overall, the cloud systems we worked with<br />
did not reveal any security hurdles that were considered intractable.<br />
43