The Iris System: Tidying Up Under the Rug

Categories: IT Security

Virtualization helps conceal hardware complexity, one of its many benefits for programmers and administrators. But it’s also a rug under which security and reliability concerns can be all too easily swept.

Here’s a simple example. Suppose that a file system replicates data across two storage devices to prevent data loss in the advent of a drive crash. If these storage devices are virtual, they can well reside on the same physical hard drive. One physical drive crash, then, will wipe out the file system.

A drawback of fluid logical-to-physical resource mapping is uncertainty it creates about the physical configuration, location, and administration of underlying hardware. Virtualization amplifies software risks too, such as accidental or malicious state rollbacks.

RSA Labs has a long-term research program that aims to restore to both service providers and tenants the security visibility concealed by virtualization and cloud migration. A key element is an idea we call a security inlay, a module transparently introduced into virtualization infrastructure with hooks that make it easier to monitor systems’ security postures. Good inlays, we believe, can actually provide better visibility than even a traditional data center affords.

The Iris system, for example, can serve attractively as a security inlay to render virtualized storage more trustworthy.  Iris ensures the freshness and integrity of data retrieved from storage—any kind of storage in any location. If a corruption or rollback affects retrieved data, Iris will detect it. Iris is also the first system that enables practical, dynamic Proofs of Retrievability (PoRs). It can verify on the fly that all of the data in a file system is intact—down to the last bit. Magically, this operation in Iris touches only a small fraction of the contents of the file system.

One deployment option for Iris is as a security inlay. A tenant’s applications in a VM can, using Iris, detect corruption of retrieved data blocks; Iris is transparent, moreover, to the OS in the VM. At the same time, the tenant can remotely verify the intactness of the file system on demand. In this configuration, Iris brings two benefits: (1) It incorporates potentially untrustworthy storage into the trust perimeter of a tenant’s VMs and (2) It offers a new path or tool for monitoring file system state, and thus auditing compliance with data-retention requirements and regulations. (Note that Iris doesn’t do anything to improve availability or prevent failures: Other inlays or complementary mechanisms are needed to address these complementary issues.)

Here’s a figure illustrating this deployment of Iris.

Iris

You can learn more about Iris from our research paper here. The paper won an award a couple of months ago, incidentally, thanks to the excellent work of its lead author, Emil Stefanov, a student at UC Berkeley who worked on Iris during a summer internship at RSA Labs.

 

Dr. Ari Juels
Author:

Dr. Ari Juels is Chief Scientist and Director of RSA Laboratories, where he works to bring sparks of invention and insight from RSA's scientists and affiliates to the company as a whole. He joined RSA in 1996. Ari's dozens of research publications span a range of topics, including biometric security, RFID security and privacy, electronic voting, browser security, combinatorial optimization, and denial-of-service protection. Ari has served as the program chair or co-chair for a number of conferences and workshops, including Financial Cryptography in 2004, the DIMACS Workshop on Electronic Voting in 2004, the Industry Track of the ACM Conference on Computer and Communications Security in 2005, the ACM Workshop on Wireless Security (WiSe) in 2006, the IEEE International Workshop on Pervasive Computing Security (PerSec) in 2006, and the Security, Privacy, and Ethics track of WWW2006. He has been a frequent invited speaker at industry events, such as USENIX Security 2004 and CHES 2006. In 2004, MIT's Technology Review Magazine named Dr. Juels one of the world's top 100 technology innovators under the age of 35. Ari received his B.A. in Latin Literature and Mathematics from Amherst College in 1991 and his Ph.D. in Computer Science from U.C. Berkeley in 1996. Subscribe to Ari's RSS feed