SeaCat: SDN End-to-End Application Containment
-
Upload
us-ignite -
Category
Technology
-
view
136 -
download
3
description
Transcript of SeaCat: SDN End-to-End Application Containment
![Page 1: SeaCat: SDN End-to-End Application Containment](https://reader034.fdocuments.in/reader034/viewer/2022042713/5473f0bdb4af9fa90a8b54dd/html5/thumbnails/1.jpg)
SeaCat: an SDN End-to-end Application
Containment ArchitecTure
Enabling Secure Role Based Access To Sensitive Healthcare Data
Junguk Cho, David Johnson, Makito Kano,
Kobus Van der Merwe and Brent Elieson
![Page 2: SeaCat: SDN End-to-End Application Containment](https://reader034.fdocuments.in/reader034/viewer/2022042713/5473f0bdb4af9fa90a8b54dd/html5/thumbnails/2.jpg)
Motivation
• “Everything” is networked– Nearly all business applications assume network
availability
• Also true in healthcare– Accessing patient records
– Remote diagnoses and consultation
– In-home monitoring
– Healthcare analytics
– Plus “regular” vocational applications• HR/payroll functions, accessing domain specific literature
– Plus non vocational use• Browsing the web, social networking etc.
![Page 3: SeaCat: SDN End-to-End Application Containment](https://reader034.fdocuments.in/reader034/viewer/2022042713/5473f0bdb4af9fa90a8b54dd/html5/thumbnails/3.jpg)
Motivation cont.
• Problem:– Same individual, using same device potentially using
several of these applications simultaneously
– Applications have very different security and performance constraints:• Healthcare records: stringent regulatory privacy and security
requirements
• In-home patient monitoring: different privacy and security needs + reliability and soft real time guarantees
• Web use: no impact on core healthcare applications
– Devices are increasingly mobile (tablets, laptops, smartphones)• Often not part of managed and trusted enterprise environment
![Page 4: SeaCat: SDN End-to-End Application Containment](https://reader034.fdocuments.in/reader034/viewer/2022042713/5473f0bdb4af9fa90a8b54dd/html5/thumbnails/4.jpg)
Motivation cont.
• Current approaches, combinations of:– Device scans when new devices attach to network
– Run applications on application servers with thin clients on devices
– Complex network and server access control policies
• Inadequate:– Device with up-to-date patch levels might still contain
malware
– Application servers with thin clients constrain the type of applications that can be used
– Access control policies only deal with access. Provide no protection once data is accessed
![Page 5: SeaCat: SDN End-to-End Application Containment](https://reader034.fdocuments.in/reader034/viewer/2022042713/5473f0bdb4af9fa90a8b54dd/html5/thumbnails/5.jpg)
Motivation cont.
• Problem generalizes to broad range of access to sensitive data
• Different sets of regulations/practices– Protected health information (PHI)
• HIPAA regulations
– Student educational records• FERPA regulations
– Federal government work• FISMA regulations
– Business requirements• PCI DSS regulations
– Institutional requirements• IRB regulations
![Page 6: SeaCat: SDN End-to-End Application Containment](https://reader034.fdocuments.in/reader034/viewer/2022042713/5473f0bdb4af9fa90a8b54dd/html5/thumbnails/6.jpg)
SeaCat Approach• Combine SDN and
application
containment:
– End-to-end application
containment
• Non-healthcare apps:
– default context
• Healthcare app:
– dynamic app specific
context
– app and data contained in
this end-to-end context
• Treat mobile device as
“semi-trusted” SDN
domain
– Inter-domain SDN
interaction to tie in
![Page 7: SeaCat: SDN End-to-End Application Containment](https://reader034.fdocuments.in/reader034/viewer/2022042713/5473f0bdb4af9fa90a8b54dd/html5/thumbnails/7.jpg)
Threat Model
• Concerned with security and performance of health care applications used from variety of devices in a health care environment
• Assume healthcare applications can be trusted– different from conventional threat model where device needs to be
protected against untrusted applications
• Specific concerns:– Unauthorized access
• role based authentication and policies
– Data leakage• end-to-end application containment
– Resource guarantees• context based resource allocation with preemption
– Denial of service• resource guarantees plus separation of resources
![Page 8: SeaCat: SDN End-to-End Application Containment](https://reader034.fdocuments.in/reader034/viewer/2022042713/5473f0bdb4af9fa90a8b54dd/html5/thumbnails/8.jpg)
SeaCat Architecture:
Endpoint Containment• Uses lightweight
containers
– Linux containers
• All applications execute
in containers:
– move “regular apps”
into default
container
• Minimize trusted
computing base:
– Only SeaCat Trusted
Daemon left in root
namespace
![Page 9: SeaCat: SDN End-to-End Application Containment](https://reader034.fdocuments.in/reader034/viewer/2022042713/5473f0bdb4af9fa90a8b54dd/html5/thumbnails/9.jpg)
SeaCat Architecture:
Endpoint Containment
• SeaCat Trusted Daemon manages containers:– Set default
container up: apps unaware that anything changed
– Use Overlay FS to restrict container storage accesses
– Dynamically create secure app container(s)
![Page 10: SeaCat: SDN End-to-End Application Containment](https://reader034.fdocuments.in/reader034/viewer/2022042713/5473f0bdb4af9fa90a8b54dd/html5/thumbnails/10.jpg)
SeaCat Architecture:
Endpoint Network Containment
• SeaCat Trusted Daemon:– Manages endpoint
SDN domain
• Single switch domain:– Sets up context for
default apps
– Sets up context for secure apps: based on interaction with enterprise SDN
![Page 11: SeaCat: SDN End-to-End Application Containment](https://reader034.fdocuments.in/reader034/viewer/2022042713/5473f0bdb4af9fa90a8b54dd/html5/thumbnails/11.jpg)
SeaCat Architecture:
Enterprise Network Containment
• SeaCat Server:– Manages enterprise SDN domain
• Sets up context for secure apps
• Includes SDN-enabled WiFi
– Interacts with SeaCat trusted daemon in endpoint• Instructs trusted daemon to start secure container
• Coordinates SDN across domains
![Page 12: SeaCat: SDN End-to-End Application Containment](https://reader034.fdocuments.in/reader034/viewer/2022042713/5473f0bdb4af9fa90a8b54dd/html5/thumbnails/12.jpg)
SeaCat Architecture:
Putting it all together• Enterprise network treats each mobile endpoint as semi-
trusted SDN domain
• Secure app user: authenticates using “normal” single-sign-on (SSO) technology– SeaCat server integrated with SSO
– Successful authentication triggers:• Creation of app specific SDN context in enterprise
• Signaling to endpoint SDN to:– Create secure container
– Create endpoint app specific SDN context
– Ties to enterprise SDN context
• App and data remains in this secure end-to-end context
• When app exits:– Complete context is destroyed
![Page 13: SeaCat: SDN End-to-End Application Containment](https://reader034.fdocuments.in/reader034/viewer/2022042713/5473f0bdb4af9fa90a8b54dd/html5/thumbnails/13.jpg)
SeaCat Workflow/Interaction
![Page 14: SeaCat: SDN End-to-End Application Containment](https://reader034.fdocuments.in/reader034/viewer/2022042713/5473f0bdb4af9fa90a8b54dd/html5/thumbnails/14.jpg)
SeaCat Workflow/Interaction
![Page 15: SeaCat: SDN End-to-End Application Containment](https://reader034.fdocuments.in/reader034/viewer/2022042713/5473f0bdb4af9fa90a8b54dd/html5/thumbnails/15.jpg)
SeaCat Workflow/Interaction
![Page 16: SeaCat: SDN End-to-End Application Containment](https://reader034.fdocuments.in/reader034/viewer/2022042713/5473f0bdb4af9fa90a8b54dd/html5/thumbnails/16.jpg)
EHRServer
Default Context
OtherAppsOther
AppsOtherApps
Internet/
Non HealthcareResources
Mobile Endpoint
SeaCat
Enterprise/Campus
Network
SeaCat
SSO
Secure Context1
2
SeaCat Workflow/Interaction
![Page 17: SeaCat: SDN End-to-End Application Containment](https://reader034.fdocuments.in/reader034/viewer/2022042713/5473f0bdb4af9fa90a8b54dd/html5/thumbnails/17.jpg)
EHRServer
Default Context
Other
AppsOtherAppsOther
AppsInternet/
Non HealthcareResources
Mobile Endpoint
SeaCat
Enterprise/CampusNetwork
SeaCat
SSO
Secure Context
3
SeaCat Workflow/Interaction
![Page 18: SeaCat: SDN End-to-End Application Containment](https://reader034.fdocuments.in/reader034/viewer/2022042713/5473f0bdb4af9fa90a8b54dd/html5/thumbnails/18.jpg)
EHRServer
Default Context
Other
AppsOtherAppsOtherApps
Internet/
Non HealthcareResources
Mobile Endpoint
SeaCat
Enterprise/CampusNetwork
SeaCat
SSO
Secure Context
4
5
SeaCat Workflow/Interaction
![Page 19: SeaCat: SDN End-to-End Application Containment](https://reader034.fdocuments.in/reader034/viewer/2022042713/5473f0bdb4af9fa90a8b54dd/html5/thumbnails/19.jpg)
EHRServer
Default Context
OtherAppsOther
AppsOtherApps
Internet/
Non HealthcareResources
Mobile Endpoint
SeaCat
Enterprise/Campus
Network
SeaCat
SSO
Secure Context
6
SeaCat Workflow/Interaction
![Page 20: SeaCat: SDN End-to-End Application Containment](https://reader034.fdocuments.in/reader034/viewer/2022042713/5473f0bdb4af9fa90a8b54dd/html5/thumbnails/20.jpg)
SeaCat Demo
• Mobile endpoint:– Linux WiFi-enabled tablet
– With SeaCat Trusted Daemon:• Container and SDN management
• Enterprise network:– SDN enabled WiFi access point
• Tallac Networks
• Virtual APs
• Mapped to OpenFlow switch
– Rest of enterprise SDN emulated in a Mininet instance
• Single Sign On (SSO):– Uses Shibboleth SSO
– SeaCat (Service Provider) to realize SeaCat functionality
• Medical application:– OpenMRS (Medical Record System)
![Page 21: SeaCat: SDN End-to-End Application Containment](https://reader034.fdocuments.in/reader034/viewer/2022042713/5473f0bdb4af9fa90a8b54dd/html5/thumbnails/21.jpg)
SeaCat Demo
WiFi AP
Emulated Network
HUB
Enterprise SDN Controller
VIF1
OVS
Other Apps
Client tablet
lxc
VIF0
Ryu controller
DHCPFLOW
MANAGER
ETH2
OVS
OpenMRS server
SSO:SeaCatService Provider SSO:
Identity Provider
ETH3
H1
H2
H3
MININET
ETH0
PolicyVAP
DefaultVAP
OVS
ETH0
ETH1
Wireless network
Real Ethernet network
Virtual Ethernet network
Trusted Daemon
LXC CONTROLLER
OVSCONTROLLER
OtherServer
H4
Enterprise/Campus Network
lxc
![Page 22: SeaCat: SDN End-to-End Application Containment](https://reader034.fdocuments.in/reader034/viewer/2022042713/5473f0bdb4af9fa90a8b54dd/html5/thumbnails/22.jpg)
Status and plans
• Have working prototype…
• Current focus on access to electronic health
records
• SeaCat is a general application framework…
– other health care apps
– other apps that require access to sensitive data
• Interested in exploring possibility of trial
deployment…