cloud computing : security and forensics
DESCRIPTION
The presentation deals with the security and forensic factors of Cloud computing paradigm..TRANSCRIPT
Cloud Computing : Security and Forensics
Seminar on
Govind [email protected]/govindmaheswarantwitter.com/RestlessMystic
Contents
Cloud Computing
Cloud security
Risk Assesment
Cloud Forensics
Conclusion
Cloud Computing
“Biggest Paradigm Shift in 20 years”
“Game Changers”
“Tremendous Cost Cutting”
“Just On”“Pay As You Go”
“From 46.4 billion $ to 150.8 billion $ in an year”
“The cloud is for everyone. The cloud is a democracy.”
“Cloud is loud”
Defining the CloudCloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage,
applications, and services) that can be rapidly provisioned and released with minimal management effort or service
provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three
service models, and four deployment models
I can get my data when I want, over some kind of network, and even though the data might be coming from different places and my
computing power shared with others, somehow the back end is going to scale up or down to fulfill my needs, and interestingly, bills me for
only what I use.
In Simple English,
Essential Characteristics
• Unilaterally provision computing capabilities as needed automatically, without requiring human interaction with a service provider
On-Demand Self-Service
• The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model
• Shared pools are assigned and reallocated as per requirement
Resource Pooling
• Upgrade? More memory required? New software version? Incompatibility with current version?
• “The Cloud Almighty” has it all…
Rapid Elasticity
• Available over the network and accessed through standard mechanisms
Broad Network Access
• Metering capability• Resource usage can be monitored, controlled, and
reported — providing transparency for both the provider and consumer
Measured Service
Service Models
• Servers and Network connections.
• User needs to install Required OS and Platform and Applications.(some vendors provide OS)
• Eg: Windows AzureInfrastructure as a Service[IaaS]
• Cloud OS and Platforms• All the user needs is to put up his applications.
• Eg : Windows Hyper V Cloud, Amazon EC2
Platform as a Service[PaaS]
• User gets the software as a web service.
• Eg : Google Docs, Office 365, Amazon S3
Software as a Service[SaaS]
ProcessorMemoryStorage
Operating System
RuntimeAPI
Web Server
ApplicationWeb
ServiceWeb UI
Deployment Models
Public Cloud Community Cloud
Private Cloud
Hybrid Cloud
A few cloud services…
Windows Azure Pricing..
Compute
Database Transaction
Storage
Why/Why Not Cloud…?Pro
s • Scale vs. Cost
• Multiplatform support
• Encapsulated Change Management
• Next-Gen Architecture
Cons • Lack of
Control• Reliability
Issues• Lock In• Data out of
Premises• Security
Cloud Security
“They're certainly a threat, and would be easy to make malicious.”
“We were hacked”
“click-and-pawn kind of situation”“May be I am an Idiot,but Cloud Computing is Non-Sensical”
“Cloud is vapourware”
“The technology demands of the cybersecurity adviser's job are
relatively trivial..”
“We are taking this incident very seriously.”
Cloud Security*Cloud is a relatively newer technology. So,
its security domains are not fully known.
*Cloud based Security Risks => CRISKS
Targets*Hardware
*Data
*Applications
*(in short, everything in the cloud)
Some major security Issues are discussed in the following slides
• Any kind of intentional and un-intentional malicious activity carried out or executed on a shared platform may affect the other tenants and associated stake holders.
• Eg : Blocking of IP Ranges, Confiscation of resources etc
• Sudden increase in the resource usage by one application can drastically affect the performance and availability of other applications shared in the same cloud infrastructure.
1. Shared Service Consequences
• Bankruptcy and catastrophes does not come with an early warning.
• Such a run-on-the-cloud may lead to acquisitions or mergers.
• Sudden take over can result in a deviation from the agreed Terms of Use & License Agreement which may lead to a Lock-In situation.
2. Run-on-the-cloud
• Migrating from cloud is difficult, as different cloud providers use various OS n middleware and APIs
• Also, sudden change of provider policies may make the user stuck with the cloud.
• The user may want to quit, but he cannot as his data is in the cloud.
• Lock-In Situation
3. Lock In
• Handled by the Provider
• User rarely has information about the protection facilities.
• Prevent unauthorized access by the priviledged employees of Service Provider
4. Data protection
• The service provider may be following good security procedures, but it is not visible to the customers and end users.
• May be due to security reasons.
• End user questions remains un-answered:• how the data is backed up, who back up the data,whether the cloud
service provider does it or has they outsourced to some third party,
5. Lack of Transparency
• Confidential data remains confidential.
• The information deleted by the customer may be available to the cloud solution provider as part of their regular backups.
• Insecure and inefficient deletion of data where true data wiping is not happening, exposing the sensitive information to other cloud users.
6. Privacy
• Vulnerabilities applicable to programs running in the conventional systems & networks are also applicable to cloud infrastructure.
• It also requires application security measures (application-level firewalls) be in place in the production environment.
7. Application security
• The cloud provider maintains logs of none/some/all of the cloud activities
• The end user has no access to these logs,neither are they aware of what exactly are being logged.
8. Record Keeping
• Security testing is a process to determine that an information system protects data and maintains functionality as intended.
• Cloud security testing is futile, due to the following reasons. Permission Issues
If a user traverse through unauthorised areas of a cloud, he may reach a black hole.
An application is tested today and found vulnerable or not, how do you know that the app tested tomorrow is the same one that was tested yesterday?
Security Testing in Cloud
Risk Assesment
“Who protects my data?”
“Should I put my data in the Cloud?”
“risk based approach”
“low-value assets doesn’t need the same level of security controls”
“15$ per user per month”
“Are we to skip on-site inspections, discoverability, and complex
encryption schemes..”
• Although Cloud can be considered a failure in terms of Security, there are still many takers for it.
• This is mainly due to the Multi-tenancy(cost sharing) aspect.
• A risk based approach needs to be adopted, after considering the profit and loss involved in moving the assets to the cloud.
Risk Assesment Framework for Cloud
An RA Framework is presented in the coming
slides…
Risk Assesment Framework
Identify the Asset
Evaluate The Asset
Map the asset to Existing cloud
Deployment Models
Evaluate Cloud
Service Models
and Providers
Sketch the Potential Data Flow
Identify the Asset
Evaluate The Asset
Map the asset to Existing cloud
Deployment Models
Evaluate Cloud
Service Models
and Providers
Sketch the Potential Data Flow
• Assets can be Data or Applications. Choose which all needs to be migrated to the cloud.
• In cloud, data and application need not reside at the same location.
• Thus,even parts of functions can be shifted to the cloud.• Make the choice based upon current data usage, and
potential data usage.
Identify the Asset
Evaluate The Asset
Map the asset to Existing cloud
Deployment Models
Evaluate Cloud
Service Models
and Providers
Sketch the Potential Data Flow
• Determine how Important and sensitive the asset is to the organisation.
• In short, evaluate the asset on the basis of Confidentiality and availability.
Identify the Asset
Evaluate The Asset
Map the asset to Existing cloud
Deployment Models
Evaluate Cloud
Service Models
and Providers
Sketch the Potential Data Flow
• Determine which deployment model is good for the organizational requirement
• Decide whether the organization can accept the risks implicit to the various deployment models (private, public, community, or hybrid).
Identify the Asset
Evaluate The Asset
Map the asset to Existing cloud
Deployment Models
Evaluate Cloud
Service Models
and Providers
Sketch the Potential Data Flow
• Determine which service deployment model is good for the organizational requirement
• Decide whether the organization is competent enough to implement the extra layers (in case of IaaS or PaaS)
Identify the Asset
Evaluate The Asset
Map the asset to Existing cloud
Deployment Models
Evaluate Cloud
Service Models
and Providers
Sketch the Potential Data Flow
• Required to analyse how and when data will move In and Out the cloud..
Cloud Forensics
“They're certainly a threat, and would be easy to make malicious.”
“Swift as the Wind”
“click-and-pawn kind of situation”“Conquer like the fire”
“Steady as the mountain”
“Quiet as the forest”
“Digital Forensics = Laws of human vs Laws of Computing”
DEFINITION:
“The use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis,
interpretation, documentation and presentation of digital evidence derived from digital sources for the purpose of
facilitating or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to
be disruptive to planned operations.”
Cloud Forensics refers to the usage of Digital Forensics Science in Cloud computing models.
Digital Forensics Science
• Cloud forensics is more cost effective than conventional Digital forensic methodologies.
• In case a cloud need to be shut down for data collection,it can be implemented with very less extra work (transfering data to another data center within the same cloud)
• Forensics may be implemented as a Cloud Service.
Opportunities
Legal Regulations
Legal & regulatory requirements and compliances may be lacking in the location(s) where the data is actually stored.
Record Retention Policies
There exists no standardized logging format for the cloud. Each provider logs in different formats, making log
crunching for forensics difficult in case of Cloud.
Identity Management
There exists no proper KYC norms in case of Cloud Providers. Anyone with a credit card can purchase a cloud account.
Challenges
Continously Overwriten Logs
The cloud keeps working, and its logs are replicated and overwritten continously. So it poses a great challenge to the forensic scientist to spot the state of the log file at the time of an attempted crime..
Admissibility
Along with finding the evidence, the scientist must also prove it to a legal non technical person. This part is worser than the real forensics process.
Privacy
Someone hacked something somewhere. Why should a Forensic guy check the data that i have put in my cloud ..?
Challenges
Cloud Conclusion
Conclusion
•Cloud is changing the way systems and services are provided and utilized.
• The more informed IT departments are about the cloud, the better the position they will be in when making decisions about deploying, developing, and maintaining systems in the cloud.
•With so many different cloud deployment and service models, and their hybrid permutations - no list of security controls can cover all these circumstances.
•Cloud has just crossed its inception states, and Researches on cloud security are still going on.
Conclusion
•Use a Risk Assesment framework before data is put on the cloud.
•Cloud forensics, being younger than Cloud computing, has very less to offer as of now.
•Watch your activities, keep in touch with your cloud service provider, read the user manual carefully.
• Cloud Security Alliance, a non Profit Cloud Evangelists Group
https://cloudsecurityalliance.org/
• Microsoft Corporation, Windows Azure
http://www.microsoft.com/windowsazure
• IEEE Paper “Cloud Computing: The impact on digital forensic investigations “
• IEEE Paper “Cloud computing: Forensic challenges for law enforcement “
• Cyber Forensics by Albert J Marcella and Robert greenfield
References
Questions..?
