BlueShield: A Layer 2 Appliance for Enhanced Isolation and Security Hardening among Multi-tenant Cloud Workloads

摘要

Enhanced Isolation and Security (EIS) in a cloud are of significant concern. Many organizations are hesitant in migrating to a cloud based infrastructure due to the perceived limitations with EIS. Earlier, we had presented the quantitative risk and impact assessment framework (QUIRC) [1]. QUIRC can be used to assess the security risks associated with the cloud computing platforms. In the present work, design and implementation of Blue Shield is presented. Blue Shield is a Layer2 appliance for an EIS hardening among multi-tenant cloud workloads. Blue Shield architecture provides EIS, significantly reducing the threats faced by the tenants in a cloud environment. EIS provided by Blue Shield is validated using a proof of concept implementation. Then shortcomings of the various present approaches in addressing the identified security threats are explained. It is shown that the present security applications, deployed in a non-cloud environment, do not require modification during migration to Blue Shield based clouds. Furthermore, the proposed design provides high level of protection among the VMsin the same VLAN.