Ohjelmistokonttien hyödyntäminen pilvipohjaisen mobiiliverkon sovelluksissa

Mobile service providers and manufacturers have moved towards virtualized network functions, because the amount of mobile data traffic has increased a lot during the past few years. Virtual machines offer high flexibility and easier management. They also enable flexible scaling, which makes it easier to respond to the varying traffic patterns during the day. However, the traditional virtual machines contain overhead and have reduced performance in most of the operations. One high performing alternative to a virtual machine is a Linux container. Linux containers do not contain additional operating system or any unnecessary services. Containers are isolated user spaces which share host computer's kernel. This makes processes inside them perform almost as well as if they would be running directly on host. Also, the startup time of containers is extremely fast compared to virtual machines. This thesis studies, if Linux containers are suitable for telco applications. The research is conducted via proof-of-concept where parts of an existing telco application are moved to containers. First, the container technology and related tools are discussed. Benefits and requirements of the Linux containers are then studied based on the proof-of-concept. In this thesis, it was found out that containers are suitable for running small parts of the application. For example, the software update and scaling are a much more efficient processes with containers than with virtual machines. However, the isolation is weaker in containers than in virtual machines, and at the moment they are not suitable for applications or environments where strict isolation is a necessity.Mobiilidatan määrä on kasvanut voimakkaasti muutaman viime vuoden aikana. Tämän johdosta mobiiliverkon palveluntarjoajat ja laitevalmistajat ovat alkaneet virtualisoimaan mobiiliverkon laitteita. Virtualisointi tarjoaa joustavuutta ja helpottaa laitteiden hallintaa. Virtualisoinnin avulla mobiiliverkon laitteita voidaan skaalata verkon liikennemäärien mukaan. Virtuaalikoneet sisältävät ohjelmien suorituksen kannalta epäolennaisia palveluita ja niiden suorituskyky on usein heikompi verrattuna tavallisiin tietokoneisiin. Linux-kontit tarjoavat kevyemmän ja suorituskyvyltään tehokkaamman vaihtoehdon virtuaalikoneille. Ne eivät sisällä ylimääräistä käyttöjärjestelmää tai ylimääräisiä palveluita. Kontit ovat eristettyjä alueita käyttöjärjestelmän sisällä ja ne myös jakavat käyttöjärjestelmän ytimen. Tämän ansiosta prosessien suorituskyky kontin sisällä on lähes identtinen kuin ilman kontteja. Konttien käynnistymisaika on myös huomattavasti lyhyempi kuin virtuaalikoneiden. Tässä diplomityössä tutkitaan, soveltuvatko Linux-kontit mobiiliverkon sovellusten suorittamiseen. Tutkimus suoritetaan käytännön esimerkin avulla, jossa erään mobiiliverkon sovelluksen osia suoritetaan konteissa. Aluksi tutkitaan Linux-kontteja, niiden teknologista taustaa sekä niihin liittyviä työkaluja. Tämän jälkeen konttien hyötyjä ja niiden vaatimuksia tutkitaan edellä mainitun käytännön esimerkin avulla. Tässä työssä saatiin selville, että kontit soveltuvat pienien sovelluksen osien suorittamiseen. Esimerkiksi sovelluksen päivitys ja skaalaus on tehokkaampaa kontteja käytettäessä. Konttien eristys on kuitenkin heikompaa kuin virtuaalikoneiden ja tällä hetkellä ne eivät sovellu sovelluksille tai ympäristöihin, joissa vaaditaan vahvaa eristystä

Functionality-based application confinement: A parameterised and hierarchical approach to policy abstraction for rule-based application-oriented access controls

Access controls are traditionally designed to protect resources from users, and consequently make access decisions based on the identity of the user, treating all processes as if they are acting on behalf of the user that runs them. However, this user-oriented approach is insufficient at protecting against contemporary threats, where security compromises are often due to applications running malicious code, either due to software vulnerabilities or malware. Application-oriented access controls can mitigate this threat by managing the authority of individual applications. Rule-based application-oriented access controls can restrict applications to only allow access to the specific finely-grained resources required for them to carry out their tasks, and thus can significantly limit the damage that can be caused by malicious code. Unfortunately existing application-oriented access controls have policy complexity and usability problems that have limited their use. This thesis proposes a new access control model, known as functionality-based application confinement (FBAC). The FBAC model has a number of unique features designed to overcome problems with previous approaches. Policy abstractions, known as functionalities, are used to assign authority to applications based on the features they provide. Functionalities authorise elaborate sets of finely grained privileges based on high-level security goals, and adapt to the needs of specific applications through parameterisation. FBAC is hierarchical, which enables it to provide layers of abstraction and encapsulation in policy. It also simultaneously enforces the security goals of both users and administrators by providing discretionary and mandatory controls. An LSM-based (Linux security module) prototype implementation, known as FBAC-LSM, was developed as a proof-of-concept and was used to evaluate the new model and associated techniques. The policy requirements of over one hundred applications were analysed, and policy abstractions and application policies were developed. Analysis showed that the FBAC model is capable of representing the privilege needs of applications. The model is also well suited to automaiii tion techniques that can in many cases create complete application policies a priori, that is, without first running the applications. This is an improvement over previous approaches that typically rely on learning modes to generate policies. A usability study was conducted, which showed that compared to two widely-deployed alternatives (SELinux and AppArmor), FBAC-LSM had significantly higher perceived usability and resulted in significantly more protective policies. Qualitative analysis was performed and gave further insight into the issues surrounding the usability of application-oriented access controls, and confirmed the success of the FBAC model

Private computation on public clouds

Public clouds offer valuable services at the expense of privacy. Since the cloud provider controls the privileged software on their machines (the operating system and the hypervisor), they enjoy access to the secrets processed by the applications they host. As a result, users must either trust public clouds or avoid them. Recently, hardware manufacturers have extended CPU designs to provide trusted execution environments (TEEs). Hardware ensures the data inside a TEE can only be accessed by the code inside that TEE, protecting secrets from all software that the provider controls. However, TEEs do not provide meaningful security for many applications on their own. In practice, many applications are proprietary or make use of accelerators like GPUs. Code inside the TEE has access to user secrets and the freedom to communicate them to the outside world; users cannot vet proprietary code to ensure it does not exercise that freedom (accidentally or intentionally). GPUs are not controlled by the CPU directly but instead by drivers under the cloud provider’s control, making it trivial for the cloud provider to extract secrets that the user offloads to a GPU for processing. GPU TEEs can prevent unauthorized access to GPU memory, but communication with the GPU can still leak information. We demonstrate system designs that leverage existing (CPU) and pro- posed (GPU) TEEs that protect users‘ data even when the application code is colluding with the cloud provider to steal it, or when the user offloads parts of the application to GPUs.Computer Science