powerpoint presentationcloudsecurity.ece.duke.edu/sites/...dsk-v2.pdf · university of canterbury...
TRANSCRIPT
http://www.anewmorning.com/2011/05/24/cloud-computing-comic/
Cloud Computing and its Security Issues
Dr. Dan (Dong-Seong) Kim
University of Canterbury, New Zealand
[email protected] http://www.cosc.canterbury.ac.nz/dongseong.kim
University of Canterbury (UC)
University of Canterbury (UC) • originated in 1873 in the centre of Christchurch as
Canterbury College (currently UC)
Alumni of UC • Ernest Rutherford1: physicist – Nobel Prize in chem.
• John Key–current Prime Minister of New Zealand
• Computer Science and Software Engineering department at UC has been ranked in the top 101-150 Computer Science departments in the 2011 International QS World University Rankings.
1: http://www.nobelprize.org/nobel_prizes/chemistry/laureates/1908/rutherford-bio.html
About myself
Lecturer (Assistant Professor in US) since Aug. 2011 • Full time/permanent
• Computer science and software engineering Dept.
• Research/teaching: Computer and Network Security
Postdoc at Duke U. from June 2008- July 2011 • (Kishor S. Trivedi group)
U of Maryland, USA in 2007 • Virgil D. Gligor group (former ACM SIGSAC chair)
Studied at KAU in Korea (BS, MS, PhD) • JongSou Park group (Penn. State PhD)
Outline
Why cloud computing?
What is cloud computing?
• NIST Definition
• Essential characteristics
• Service delivery models
• Deployment models
A Case Study
Why not using Cloud?
Taxonomy of Fear
• CIA or FBI?
Security and Privacy Issues
Why cloud computing?
Locally hosted Email vs. Cloud based.
Server utilization
How ??
Virtualization + automation = cloud
Migration to cloud computing
Case Study of a Cloud Deployment
Case Study Results Annual savings: $3.3M
(84%) $3.9M to $0.6M
Current
IT
Spend
Strategic
Change
Capacity
Hardware, labor &
power savings
reduced annual cost
of operation by
83.8% Hardware Costs
( - 88.7%)
Labor Costs
( - 80.7%)
100%
Deployment (1-time)
Note: 3-Year Depreciation Period with 10% Discount Rate
Hardware
Costs
(annualized)
New
Development Liberated
funding for new
development,
transformation
investment or
direct saving
Labor Costs (Operations and
Maintenance)
Power Costs (88.8%)
Power Costs
Software Costs
Software Costs
What is Cloud Computing?
Definition of Cloud Computing
NIST (National Institute of Standards and Technology) definition • a model for enabling ubiquitous, convenient, on-
demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction
Source: NIST
Essential characteristics of cloud computing
On-demand self service
Broadband network access
Resource pooling
Rapid elasticity
Measured service
http://www.eucalyptus.com/resources/cloud-overview/what-is-cloud-computing
Cloud Service Delivery Models
http://blog.appcore.com/blog/bid/168247/3-Types-of-Cloud-Service-Models http://it20.info/2010/11/random-thoughts-and-blasphemies-around-iaas-paas-saas-and-the-
cloud-contract/
Cloud Service Delivery Models (cont.)
SaaS (Software as a Service) • The capability provided to the consumer is to use the provider’s
applications running on a cloud infrastructure.
PaaS (Platform as a Service) • To deploy onto the cloud infrastructure consumer-created or
acquired applications created using program languages and tools supported by the provider
IaaS (Infrastructure as a Service) • To provision processing, storage, networks, and other fundamental
computing resources where the consumer is able to deploy and run arbitrary software which can include operation systems and applications.
XaaS • Data, Search, Security, Hacking, …
From [1] NIST
Cloud Deployment models
Cloud Deployment models (cont.)
Private cloud • Is operated solely for an organization.
Public cloud • Is made available to the general public or a large industry group
• Is owned by an organization (e.g., MS, Amazon) selling cloud services.
Community cloud • Is shared by several organizations and supports a specific
community that has shard concerns (e.g., mission, policy, and compliance considerations)
Hybrid cloud • Is a composition of two or more clouds (private, community, or
public) that remain unique entities but are bounded together by standardized (e.g., cloud bursting for load balancing between clouds)
A Case Study
19
The first & Best Cloud computing
Case Study: Amazon Cloud Infrastructure
S3 EC2
20
Amazon Cloud Infrastructure
Amazon Cloud Infrastructure
Powerful New IT Consumption Models
New York Times used
• S3/EC2 to process
• 4TB of TIFFs
• Into 1.5TB of PDFs
• Using 100 EC2 Xen VMs
• And HDFS (Hadoop)
In 24 hours
For USD 240!
http://cloudcomputersupes.wordpress.com/category/cloud-funny-messages/
Hesitate to use cloud computing?
If cloud computing is so great, why isn’t everyone doing it?
The cloud acts as a big black box, nothing inside the cloud is visible to the clients
Clients have no idea or control over what happens inside a cloud
Cloud
If cloud computing is so great, why isn’t everyone doing it? (cont.)
Even if the cloud provider is honest, it can have malicious system admins who can tamper with the VMs (Virtual Machines) and violate confidentiality and integrity
Clouds are still subject to traditional data confidentiality, integrity, availability, and privacy issues, plus some additional attacks
What is Confidentiality, Integrity, Availability?
Morocco and New Zealand
Alice in
South Island
Bob in North
island
Security objectives: Confidentiality
Alice in
South Island Bob in North
island
Internet
An example
Secret ? UGETGV
by Caesar with k=2
The data has not been viewed by a 3rd
party Confidentiality Encryption
by DES, 3DES, AES,
etc
E
Confidentiality: the protection of transmitted data from passive attacks (release of message contents and traffic analysis)
How?
secret UGETGV
Shift by 1 ? TFDSFU
by 2 ? UGETGV
??
Caesar cipher
key = 2
Substitution
(Transposition)
All blacks (AB)?
Q: What’s this?
How does AB relate to principle of ciphers?
New Zealand
National rugby team’s name
All blacks?
Substitution ?
Andrew Hore
Adam Thomson
Dan Carter
Cory Jane
Andrew Ellis
Richie McCaw
All blacks?
Transposition (permutation) ?
Adam Thomson
Dan Carter
Cory Jane
Richie McCaw
Use both Substitution and transposition to win the championship
Security objectives (cont.): Integrity
Alice in South
Island Bob in North
island
Internet
I love you
E
I hate you
The data has not been modified in transit
Integrity Crytographic Hash func.
New Zealand sport?
One way hash
All blacks
New Zealand fruit?
function
Kiwi
Use HMAC(Hashed message authentication code)
Integrity: the assurance that data received are exactly as sent by an authorized entity (i.e., contain no modification, insertion, deletion, or replay)
How ?
An illustrative example
A hash
function
Input
Divided by 23
and take
some values.
15029.95652173913043…
345689 Message
(pre-image)
Hash value
(message digest,
fingerprint)
A hash
function
I love you I hate
you
Integrity can be checked
Security objectives (cont.) : Availability
Alice in
South Island Bob in North
island
Internet
E
For any information system to serve its purpose, the information must be available when it is needed
Distributed Denial of
Service (DDoS) attacks
Source: http://memeburn.com
Availability
…
Security objectives : summary
Alice in
South Island Bob in North
island
Internet
The data has not been viewed by a 3rd
party
The data has not been modified in transit
The data must be available when it is needed
Confidentiality
Integrity
Availability
Encryption
Hash func.
Fault/intrusion tolerance
Companies are still afraid to use clouds
[Chow09ccsw]
Causes of Problems Associated with Cloud Computing
Most security problems stem from:
1. Loss of control
2. Lack of trust (mechanisms)
3. Multi-tenancy
1. Loss of Control in the Cloud
Consumer’s loss of control • Data, applications, resources are located with
provider
• User identity management is handled by the cloud
Customer Data
Cloud Provider Premises
Customer Code
Customer
1. Loss of Control in the Cloud (cont.)
User access control rules, security policies and enforcement are managed by the cloud provider
Consumer relies on provider to ensure
• Data security and privacy
• Resource availability
• Monitoring and repairing of services/resources
2. Lack of Trust in the Cloud
Trust in the cloud?
• the customers’ level of confidence in using the cloud
Main components of Trust in Cloud Computing
• Security – CIA + other.
• Privacy - Protection against the exposure or leakage of personal or confidential data (e.g. personally identifiable information).
• Accountability - complying with measures that give effect to practices articulated in given guidelines
o Preventive control (e.g., risk analysis)/detective control (e.g., Intrusion detection system)
• Auditability t- o ensure operational integrity and customer data protection
3. Multi-tenancy Issues in the Cloud
Cloud Computing brings new threats
• Multiple independent users share the same physical infrastructure
• Thus an attacker can legitimately be in the same physical machine as the target
How to provide separation between tenants?
Who are my neighbors? What is their objective?
They present another facet of risk and trust requirements
Taxonomy of Fear
Cloud Computing Security
Information Security Principles Unchanged
Taxonomy of Fear: Confidentiality
Fear of loss of control over data • Will the sensitive data stored on a cloud remain
confidential?
• Will cloud compromises leak confidential client data
Will the cloud provider itself be honest and won’t peek into the data?
44
From [5] www.cs.jhu.edu/~ragib/sp10/cs412
Taxonomy of Fear: Integrity
How do I know that the cloud provider is doing the computations correctly?
How do I ensure that the cloud provider really stored my data without tampering with it?
http://www.nbrella.com/the-integrity-problem-2/
Taxonomy of Fear: Availability
Will critical systems go down at the client, if the provider is attacked in a Denial of Service (DoS) attack?
What happens if cloud provider goes out of business?
Would cloud scale well-enough?
Often-voiced concern
• Although cloud providers argue their downtime compares well with cloud user’s own data centers
46
From [5] www.cs.jhu.edu/~ragib/sp10/cs412
http://www.ecnmag.com/articles/2011/08/return-zero-cloud-computing
Availability: Downtimes
Availability
Countermeasures • Evaluate provider measures to ensure availability
• Monitor availability carefully
• Plan for downtime
Use public clouds for less essential applications
Taxonomy of Fear - others
Privacy issues raised via massive data mining
• Cloud now stores data from a lot of clients, and can run data mining algorithms to get large amounts of information on clients
Increased attack surface
• Entity outside the organization now stores and computes data, and so
• Attackers can now target the communication link between cloud provider and client
• Cloud provider employees can be phished
50 From [5] www.cs.jhu.edu/~ragib/sp10/cs412
Taxonomy of Fear – others: Malicious behaviors using cloud
Taxonomy of Fear – others (cont.)
Auditability and forensics (out of control of data)
• Difficult to audit data held outside organization in a cloud
• Forensics also made difficult since now clients don’t maintain data locally
Legal quagmire and transitive trust issues
• Who is responsible for complying with regulations?
• If cloud provider subcontracts to third party clouds, will the data still be secure?
52 From [5] www.cs.jhu.edu/~ragib/sp10/cs412
Top Threats to Cloud Computing V1.0
By CSA (cloud security alliance)
1. Abuse and Nefarious Use of Cloud Computing
2. Insecure Interfaces and APIs
3. Malicious Insiders
4. Shared Technology Issues
5. Data Loss or Leakage
6. Account or Service Hijacking
7. Unknown Risk Profile
Cloud Providers, Services and Security Measures
Kai Hwang and Deyi Li, “Trusted Cloud Computing with Secure Resources
and Data Coloring”, IEEE Internet Computing, Sept. 2010
Security and Cloud computing
Security Analysis of Cloud Computing
Security Analysis using Cloud Computing
Enterprise
system
Environment Attack profile
*adm. activities
*users behavior
*random failures
*attack intensities
*cost/reward
*attack paths
*vulnerabilities
Stochastic
models
Cloud-Based
Security
Measurement
(CBSM)
“real-time”
Security Metrics
Security Analysis
NATO project
Cyber Security Analysis and Assurance using Cloud-Based Security Measurement System
• Funded by NATO Emerging Security Challenges Division Science for Peace and Security Programme
NATO project organization
NATO Partner Country (Morocco)
NATO Country (USA)
Research Areas: • Modeling techniques • Performance, reliability, dependability, &
security quantification • Modeling software packages • Network security • Secure network architecture design • Cloud computing security • Mobile computing security
Research Areas: • Applied stochastic processes • Stochastic control • Queuing theory • Performance analysis of computer networks
Major non-NATO allies Country
Assessing Network Security
Firewall
Internet
NIDS
Internal Network How
secure is my
network?
NIDS: network intrusion
detection system
Assessing Security (cont.)
To assess security, one requires 3Ms:
1. Security Measures o To collected required information.
2. Security Metrics o To represent the analysis of security.
3. Security Models (Attack Representation Model: ARM) o To capture security using simulation,
analytic models, or hybrid models.
Attack Representation Model (ARM) life cycles
Reachability
Vulnerability
Build (Update)
ARMs
Reachabilit
y
information
Vulnerability
information
Preprocessing Construction Evaluation
Security Analysis
Security metrics
ARMs Network
Applying
security best
practices
Change(s) in
the network
Update Updated
information
Modification Representation
Visualisation/ Storage
ARMs
(Generation)
Other if necc.
The ultimate goal is to provide security as service for any type of systems including cloud, enterprise
system, smart grid, etc
Security as a Service!
• Vulnerabilities Database
(NVD, CVE, SecurityFocus, etc)
• Connectivity (Topology)
• Attacks (threats)
• Detection/Mitigation
Attack Representation Models
(ARM)
G: Reset a single BGP session
A1: Send message to
router causing reset A2: Alter configuration
via compromised router
M2:
Secure
router
M1:Randomiz
e
Seq. Num.
D1: Trace-route
check D2: Router firewall
alert
AN
D
O
R
AN
D
AN
D
AN
D
Cloud-Based Security and
monitoring and Measurement
(CBSM) system
Real Enterprise systems
/Cloud systems
Security
Analysis results
Thank you!!
Hagley Park, Christchurch,
New Zealand
Thank you! Question?
References
S. Nair and T. Dimitrakos, On the Security of Data Stored in the Cloud, SecureClouud 2012
B. Bhargava et al., Research in Cloud Security and Privacy, Purdue U.
S. Privacy, Security and Trust in Cloud computing, HPL-2012-80R1
Others on the slides.
Who has control of the resources?
From [6] Cloud Security and Privacy by Mather and Kumaraswamy
1. Abuse and Nefarious Use of Cloud Computing
By abusing the relative anonymity behind these registration and usage models
areas of concern include • password and key cracking, DDOS, launching
dynamic attack points, hosting malicious data, botnet command and control, building rainbow tables, and CAPTCHA solving farms.
2. Insecure Interfaces and APIs
These interfaces must be designed to protect against both accidental and malicious attempts to circumvent policy.
Examples • Anonymous access and/or reusable tokens
• or passwords, clear-text authentication
• or transmission of content, inflexible access controls
• or improper authorizations, limited monitoring and logging capabilities, unknown service
• or API dependencies.
3. Malicious Insiders
The threat of a malicious insider is well-known to most organizations.
This threat is amplified for consumers of cloud services by the convergence of IT services and customers under a single management domain, combined with a general lack of transparency into provider process and procedure.
The level of access granted could enable such an adversary to harvest confidential data or gain complete control over the cloud services with little or no risk of detection.
4. Shared Technology Issues
IaaS vendors deliver their services in a scalable way by sharing infrastructure.
Often, the underlying components that make up this infrastructure (e.g., CPU caches, GPUs, etc.) were not designed to offer strong isolation properties for a multi-tenant architecture.
To address this gap, a virtualization hypervisor mediates access between guest operating systems and the physical compute resources.
Still, even hypervisors have exhibited flaws that have enabled guest operating systems to gain inappropriate levels of control or influence on the underlying platform
Customers should not have access to any other tenant’s actual or residual data, network traffic, etc
5. Data Loss or Leakage
There are many ways to compromise data. Deletion or alteration of records without a backup of the original content is an obvious example.
Examples • Insufficient authentication, authorization, and audit (AAA)
controls;
• inconsistent use of encryption and software keys;
• operational failures;
• persistence and remanence challenges: disposal challenges;
• risk of association;
• jurisdiction and political issues;
• data center reliability;
• and disaster recovery.
Example: Service Level Agreements (SLAs)
Amazon Web services: • AWS will use commercially reasonable efforts to
make Amazon S3 available with a Monthly Uptime Percentage (defined below) of at least 99.9% during any monthly billing cycle (the “Service Commitment”).
o Effective October 1st, 2007
o roughly an hour of downtime per year
• AWS will use commercially reasonable efforts to make Amazon EC2 available with an Annual Uptime Percentage (defined below) of at least 99.95% during the Service Year.
o Effective Date: October 23, 2008
Jinesh Varia. Amazon white paper on cloud architectures Sept. 2008, Available at: http://aws.amazon.com/about-aws/whats-new/2008/07/16/cloud-architectures-white-paper/
http://aws.amazon.com/s3-sla/ http://aws.amazon.com/ec2-sla/
6. Account or Service Hijacking
Cloud solutions add a new threat to the landscape.
If an attacker gains access to your credentials, they can eavesdrop on your activities and transactions, manipulate data, return falsified information, and redirect your clients to illegitimate sites.
Your account or service instances may become a new base for the attacker. From here, they may leverage the power of your reputation to launch subsequent attacks.
7. Unknown Risk Profile
Often the following questions are not clearly answered or are overlooked
• What about details or compliance of the internal security procedures, configuration hardening, patching, auditing, and logging?
• How are your data and related logs stored and who has access to them?
• What information if any will the vendor disclose in the event of a security incident?
leaving customers with an unknown risk profile that may include serious threats.
Towards a Secure Cloud blueprint
S. Nair and T. Dimitrakos, On the Security of Data Stored in the Cloud, SecureCloud 2012, May 2012.
Towards a Secure Cloud blueprint technical security subsystems
S. Nair and T. Dimitrakos, On the Security of Data Stored in the Cloud, SecureCloud 2012, May 2012.
Virtualization Key Security Issues
Identity management,
Data leakage (caused by multiple tenants sharing physical resources),
access control,
virtual machine (VM) protection,
persistent client-data security,
prevention of cross-VM side-channel attacks.