Help Center/ Elastic Cloud Server/ Technical White Paper/ QingTian System Security Technical White Paper/ QingTian Threat Assumptions and Security Methods
Updated on 2025-10-17 GMT+08:00
View PDF
Share

QingTian Threat Assumptions and Security Methods

Threat Assumptions

To provide tenants with full-stack sensitive workload isolation and data protection capabilities, the QingTian system assumes the following three threat modes in its security design:

  • Threat type 1: An adversary attacks tenant VMs by controlling the VMM.

    Typical attack patterns include:

    • A malicious tenant on the cloud purchases an ECS and exploits a VMM zero-day vulnerability or side channel attack to perform a VM escape attack. As a result, the VMM is controlled and other tenant instances running on the same hardware are attacked.
    • Cloud service provider (CSP) internal personnel use valid credentials to remotely access hosts for deployment, change, commissioning, and diagnosis, and use attacker tools to read or tamper with sensitive data of tenant VMs.
  • Threat type 2: An adversary enters the data center to perform local physical attacks.

    Internal personnel of the data center need to access physical devices in the data center due to hardware deployment, maintenance, and repair. Typical attack patterns include:

    • After stealing a hard disk, an adversary uses tools to access the hard disk data offline.
    • An adversary eavesdrops on all traffic data transmitted between physical network devices.
    • An adversary pre-installs, changes, or injects malicious firmware into the server mainboard system.
  • Threat type 3: An adversary attacks sensitive applications of tenants by controlling the guest OS.

    Typical attack patterns include:

    • Attackers implant untrusted code through the software supply chain, exploit guest OS zero-day vulnerabilities or incorrect configurations to perform privilege escalation attacks, and use attacker tools to read or tamper with sensitive applications and their data after obtaining the root permission of the guest OS.
    • Internal personnel of customers use valid credentials to remotely access VMs for deployment, change, commissioning, and diagnosis, and use attacker tools to read or tamper with sensitive applications and their data running on VMs.

Security Methods

The QingTian system adopts the following principles and methods in security design to address the preceding three types of threats.

  • Defend against malicious use of VMM
    • The QingTian system uses the frontend and backend separated VMM architecture to offload VM management and I/O virtualization to the backend QingTian Cards. This isolates cloud system management from tenant workloads.
    • Based on the minimum trusted computing base (TCB) design principle, the frontend QingTian Hypervisor only retains the basic code for virtualization running, greatly reducing the risk of VM escape.
    • Based on the unidirectional control flow of "ECS Control Plane -> QingTian Cards -> QingTian Hypervisor", only unidirectional connection initialization is allowed. The threat radius of escape attacks is limited level by level to enhance in-depth security defense.
    • Based on the mandatory secure boot and trusted measurement methods, integrity protection and exception detection are provided for the frontend and backend system firmware, boot system, and hypervisor.
    • Based on zero-privilege O&M, O&M APIs are provided to replace traditional SSH remote login to access servers. The OS has been streamlined, with the protocol stack, file system, network packet capture tool, and memory export tool all removed.
  • Defense against local physical attacks
    • Based on data encryption, block storage encryption and Virtual Private Cloud (VPC) traffic encryption are supported to encrypt the I/O data related to tenant VMs after the data leaves QingTian compute nodes.
    • Based on the hardware-protected key method, data keys are distributed end-to-end from the KMS hardware to QingTian Cards hardware securely.
    • Based on hardware identity authentication and trusted measurement, untrusted hardware devices are prevented from being connected or mounted, and tampered system firmware is prevented from being booted.

    In addition, memory encryption and bus data encryption will be supported in next-generation servers to further improve the system security baseline.

  • Defense against malicious use of guest OSs
    • Based on trusted computing, UEFI secure boot and QingTian Trusted Platform Module (TPM) are available on tenant VM instances to support standard trusted measurement and remote attestation methods, as well as integrity monitoring of guest OSs.
    • Based on the design method of isolating tenant VMs from the cloud system, the QingTian Enclave feature is provided for VM instances to isolate sensitive workloads in VMs from guest OSs.

      Sensitive workloads of tenants only run in the QingTian Enclave environment. Even if attackers completely control the guest OS, the confidentiality and integrity of the Enclave runtime environment are not affected.