security technologies for protecting virtual environments. Moreover, we design novel mechanisms that provide protection levels beyond those of today's non-virtualized systems.Cloud computing aims at flexibly scalable infrastructures using virtualized resources. Although virtualization improves efficiency and flexibility, it also introduces new threats. We mitigate these threats by means of new
Our projects follow two goals:
- to ensure that virtual infrastructures are at least as secure as traditional infrastructures.
- to leverage new capabilities to further strengthen security.
The first goal ensures that virtualized infrastructures provide a level of confidentiality, integrity, and availability which is similar to that of traditional infrastructures. One important requirement is the proper insulation of multiple customers. One example of a project in this space is the virtual systems security auditing project.
The second goal aims at using virtualization to provide stronger or more efficient security. For example, one goal we are pursuing in our virtualization project is the use of virtualized intrusion detection.
Security audits of heterogeneous virtual environments (SAVE)
This project performs configuration audits of heterogeneous virtual infrastructures. This includes storage, networks, and virtual machines on multiple types of hosts.
Our system discovers the actual detailed configuration of virtual systems and displays the logical layout, i.e., what network security zones exist and which virtual machine is connected to which networks and storage volumes.
We furthermore audit whether VM network monitoring tools (such as emerging tools from ISS) are correctly set up on each host. Our objective is to perform automatic validation of a virtual data center configuration against given security policies and best practices.
The main benefits of this project are
- Transparency of the configuration of virtual environments (machines, networks, storage),
- Detection of misconfiguration of virtual infrastructures,
- Discovery and display of internal configuration of different hypervisors,
- Composition/stitching into overall configuration data for virtual data centers, and
- Validation against given best practices.
TClouds — Trustworthy Clouds
TClouds is a European cloud-computing infrastructure project co-funded by the European FP7. TClouds develops and prototypes mechanisms for an advanced cloud infrastructure that can deliver a new level of secure, private and resilient computing and storage that is cost-efficient, simple and scalable.
The TClouds consortium includes IBM Research - Zurich, Sirrix AG security technologies (Germany), Portuguese energy and solution providers Energias de Portugal and EFACEC, the San Raffaele Hospital (Italy) and several additional European academic and corporate research organizations.