powerpoint presentationcloudsecurity.ece.duke.edu/sites/...dsk-v2.pdf · university of canterbury...

http://www.anewmorning.com/2011/05/24/cloud-computing-comic/

Cloud Computing and its Security Issues

Dr. Dan (Dong-Seong) Kim

University of Canterbury, New Zealand

dongseong.kim@canterbury.ac.nz http://www.cosc.canterbury.ac.nz/dongseong.kim

University of Canterbury (UC)

University of Canterbury (UC) • originated in 1873 in the centre of Christchurch as

Canterbury College (currently UC)

Alumni of UC • Ernest Rutherford1: physicist – Nobel Prize in chem.

• John Key–current Prime Minister of New Zealand

• Computer Science and Software Engineering department at UC has been ranked in the top 101-150 Computer Science departments in the 2011 International QS World University Rankings.

1: http://www.nobelprize.org/nobel_prizes/chemistry/laureates/1908/rutherford-bio.html

About myself

Lecturer (Assistant Professor in US) since Aug. 2011 • Full time/permanent

• Computer science and software engineering Dept.

• Research/teaching: Computer and Network Security

Postdoc at Duke U. from June 2008- July 2011 • (Kishor S. Trivedi group)

U of Maryland, USA in 2007 • Virgil D. Gligor group (former ACM SIGSAC chair)

Studied at KAU in Korea (BS, MS, PhD) • JongSou Park group (Penn. State PhD)

Outline

Why cloud computing?

What is cloud computing?

• NIST Definition

• Essential characteristics

• Service delivery models

• Deployment models

A Case Study

Why not using Cloud?

Taxonomy of Fear

• CIA or FBI?

Security and Privacy Issues

Why cloud computing?

Locally hosted Email vs. Cloud based.

Server utilization

How ??

Virtualization + automation = cloud

Migration to cloud computing

Case Study of a Cloud Deployment

Case Study Results Annual savings: $3.3M

(84%) $3.9M to $0.6M

Current

IT

Spend

Strategic

Change

Capacity

Hardware, labor &

power savings

reduced annual cost

of operation by

83.8% Hardware Costs

( - 88.7%)

Labor Costs

( - 80.7%)

100%

Deployment (1-time)

Note: 3-Year Depreciation Period with 10% Discount Rate

Hardware

Costs

(annualized)

New

Development Liberated

funding for new

development,

transformation

investment or

direct saving

Labor Costs (Operations and

Maintenance)

Power Costs (88.8%)

Power Costs

Software Costs

Software Costs

What is Cloud Computing?

Definition of Cloud Computing

NIST (National Institute of Standards and Technology) definition • a model for enabling ubiquitous, convenient, on-

demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction

Source: NIST

Essential characteristics of cloud computing

On-demand self service

Broadband network access

Resource pooling

Rapid elasticity

Measured service

http://www.eucalyptus.com/resources/cloud-overview/what-is-cloud-computing

Cloud Service Delivery Models

http://blog.appcore.com/blog/bid/168247/3-Types-of-Cloud-Service-Models http://it20.info/2010/11/random-thoughts-and-blasphemies-around-iaas-paas-saas-and-the-

cloud-contract/

Cloud Service Delivery Models (cont.)

SaaS (Software as a Service) • The capability provided to the consumer is to use the provider’s

applications running on a cloud infrastructure.

PaaS (Platform as a Service) • To deploy onto the cloud infrastructure consumer-created or

acquired applications created using program languages and tools supported by the provider

IaaS (Infrastructure as a Service) • To provision processing, storage, networks, and other fundamental

computing resources where the consumer is able to deploy and run arbitrary software which can include operation systems and applications.

XaaS • Data, Search, Security, Hacking, …

From [1] NIST

Cloud Deployment models

Cloud Deployment models (cont.)

Private cloud • Is operated solely for an organization.

Public cloud • Is made available to the general public or a large industry group

• Is owned by an organization (e.g., MS, Amazon) selling cloud services.

Community cloud • Is shared by several organizations and supports a specific

community that has shard concerns (e.g., mission, policy, and compliance considerations)

Hybrid cloud • Is a composition of two or more clouds (private, community, or

public) that remain unique entities but are bounded together by standardized (e.g., cloud bursting for load balancing between clouds)

A Case Study

19

The first & Best Cloud computing

Case Study: Amazon Cloud Infrastructure

S3 EC2

20

Amazon Cloud Infrastructure

Amazon Cloud Infrastructure

Powerful New IT Consumption Models

New York Times used

• S3/EC2 to process

• 4TB of TIFFs

• Into 1.5TB of PDFs

• Using 100 EC2 Xen VMs

• And HDFS (Hadoop)

In 24 hours

For USD 240!

http://cloudcomputersupes.wordpress.com/category/cloud-funny-messages/

Hesitate to use cloud computing?

If cloud computing is so great, why isn’t everyone doing it?

The cloud acts as a big black box, nothing inside the cloud is visible to the clients

Clients have no idea or control over what happens inside a cloud

Cloud

If cloud computing is so great, why isn’t everyone doing it? (cont.)

Even if the cloud provider is honest, it can have malicious system admins who can tamper with the VMs (Virtual Machines) and violate confidentiality and integrity

Clouds are still subject to traditional data confidentiality, integrity, availability, and privacy issues, plus some additional attacks

What is Confidentiality, Integrity, Availability?

Morocco and New Zealand

Alice in

South Island

Bob in North

island

Security objectives: Confidentiality

Alice in

South Island Bob in North

island

Internet

An example

Secret ? UGETGV

by Caesar with k=2

The data has not been viewed by a 3rd

party Confidentiality Encryption

by DES, 3DES, AES,

etc

E

Confidentiality: the protection of transmitted data from passive attacks (release of message contents and traffic analysis)

How?

secret UGETGV

Shift by 1 ? TFDSFU

by 2 ? UGETGV

??

Caesar cipher

key = 2

Substitution

(Transposition)

All blacks (AB)?

Q: What’s this?

How does AB relate to principle of ciphers?

New Zealand

National rugby team’s name

All blacks?

Substitution ?

Andrew Hore

Adam Thomson

Dan Carter

Cory Jane

Andrew Ellis

Richie McCaw

All blacks?

Transposition (permutation) ?

Adam Thomson

Dan Carter

Cory Jane

Richie McCaw

Use both Substitution and transposition to win the championship

Security objectives (cont.): Integrity

Alice in South

Island Bob in North

island

Internet

I love you

E

I hate you

The data has not been modified in transit

Integrity Crytographic Hash func.

New Zealand sport?

One way hash

All blacks

New Zealand fruit?

function

Kiwi

Use HMAC(Hashed message authentication code)

Integrity: the assurance that data received are exactly as sent by an authorized entity (i.e., contain no modification, insertion, deletion, or replay)

How ?

An illustrative example

A hash

function

Input

Divided by 23

and take

some values.

15029.95652173913043…

345689 Message

(pre-image)

Hash value

(message digest,

fingerprint)

A hash

function

I love you I hate

you

Integrity can be checked

Security objectives (cont.) : Availability

Alice in

South Island Bob in North

island

Internet

E

For any information system to serve its purpose, the information must be available when it is needed

Distributed Denial of

Service (DDoS) attacks

Source: http://memeburn.com

Availability

…

Security objectives : summary

Alice in

South Island Bob in North

island

Internet

The data has not been viewed by a 3rd

party

The data has not been modified in transit

The data must be available when it is needed

Confidentiality

Integrity

Availability

Encryption

Hash func.

Fault/intrusion tolerance

Companies are still afraid to use clouds

[Chow09ccsw]

Causes of Problems Associated with Cloud Computing

Most security problems stem from:

1. Loss of control

2. Lack of trust (mechanisms)

3. Multi-tenancy

1. Loss of Control in the Cloud

Consumer’s loss of control • Data, applications, resources are located with

provider

• User identity management is handled by the cloud

Customer Data

Cloud Provider Premises

Customer Code

Customer

1. Loss of Control in the Cloud (cont.)

User access control rules, security policies and enforcement are managed by the cloud provider

Consumer relies on provider to ensure

• Data security and privacy

• Resource availability

• Monitoring and repairing of services/resources

2. Lack of Trust in the Cloud

Trust in the cloud?

• the customers’ level of confidence in using the cloud

Main components of Trust in Cloud Computing

• Security – CIA + other.

• Privacy - Protection against the exposure or leakage of personal or confidential data (e.g. personally identifiable information).

• Accountability - complying with measures that give effect to practices articulated in given guidelines

o Preventive control (e.g., risk analysis)/detective control (e.g., Intrusion detection system)

• Auditability t- o ensure operational integrity and customer data protection

3. Multi-tenancy Issues in the Cloud

Cloud Computing brings new threats

• Multiple independent users share the same physical infrastructure

• Thus an attacker can legitimately be in the same physical machine as the target

How to provide separation between tenants?

Who are my neighbors? What is their objective?

They present another facet of risk and trust requirements

Taxonomy of Fear

Cloud Computing Security

Information Security Principles Unchanged

Taxonomy of Fear: Confidentiality

Fear of loss of control over data • Will the sensitive data stored on a cloud remain

confidential?

• Will cloud compromises leak confidential client data

Will the cloud provider itself be honest and won’t peek into the data?

44

From [5] www.cs.jhu.edu/~ragib/sp10/cs412

Taxonomy of Fear: Integrity

How do I know that the cloud provider is doing the computations correctly?

How do I ensure that the cloud provider really stored my data without tampering with it?

http://www.nbrella.com/the-integrity-problem-2/

Taxonomy of Fear: Availability

Will critical systems go down at the client, if the provider is attacked in a Denial of Service (DoS) attack?

What happens if cloud provider goes out of business?

Would cloud scale well-enough?

Often-voiced concern

• Although cloud providers argue their downtime compares well with cloud user’s own data centers

46

From [5] www.cs.jhu.edu/~ragib/sp10/cs412

http://www.ecnmag.com/articles/2011/08/return-zero-cloud-computing

Availability: Downtimes

Availability

Countermeasures • Evaluate provider measures to ensure availability

• Monitor availability carefully

• Plan for downtime

Use public clouds for less essential applications

Taxonomy of Fear - others

Privacy issues raised via massive data mining

• Cloud now stores data from a lot of clients, and can run data mining algorithms to get large amounts of information on clients

Increased attack surface

• Entity outside the organization now stores and computes data, and so

• Attackers can now target the communication link between cloud provider and client

• Cloud provider employees can be phished

50 From [5] www.cs.jhu.edu/~ragib/sp10/cs412

Taxonomy of Fear – others: Malicious behaviors using cloud

Taxonomy of Fear – others (cont.)

Auditability and forensics (out of control of data)

• Difficult to audit data held outside organization in a cloud

• Forensics also made difficult since now clients don’t maintain data locally

Legal quagmire and transitive trust issues

• Who is responsible for complying with regulations?

• If cloud provider subcontracts to third party clouds, will the data still be secure?

52 From [5] www.cs.jhu.edu/~ragib/sp10/cs412

Top Threats to Cloud Computing V1.0

By CSA (cloud security alliance)

1. Abuse and Nefarious Use of Cloud Computing

2. Insecure Interfaces and APIs

3. Malicious Insiders

4. Shared Technology Issues

5. Data Loss or Leakage

6. Account or Service Hijacking

7. Unknown Risk Profile

Cloud Providers, Services and Security Measures

Kai Hwang and Deyi Li, “Trusted Cloud Computing with Secure Resources

and Data Coloring”, IEEE Internet Computing, Sept. 2010

Security and Cloud computing

Security Analysis of Cloud Computing

Security Analysis using Cloud Computing

Enterprise

system

Environment Attack profile

*adm. activities

*users behavior

*random failures

*attack intensities

*cost/reward

*attack paths

*vulnerabilities

Stochastic

models

Cloud-Based

Security

Measurement

(CBSM)

“real-time”

Security Metrics

Security Analysis

NATO project

Cyber Security Analysis and Assurance using Cloud-Based Security Measurement System

• Funded by NATO Emerging Security Challenges Division Science for Peace and Security Programme

NATO project organization

NATO Partner Country (Morocco)

NATO Country (USA)

Research Areas: • Modeling techniques • Performance, reliability, dependability, &

security quantification • Modeling software packages • Network security • Secure network architecture design • Cloud computing security • Mobile computing security

Research Areas: • Applied stochastic processes • Stochastic control • Queuing theory • Performance analysis of computer networks

Major non-NATO allies Country

Assessing Network Security

Firewall

Internet

NIDS

Internal Network How

secure is my

network?

NIDS: network intrusion

detection system

Assessing Security (cont.)

To assess security, one requires 3Ms:

1. Security Measures o To collected required information.

2. Security Metrics o To represent the analysis of security.

3. Security Models (Attack Representation Model: ARM) o To capture security using simulation,

analytic models, or hybrid models.

Attack Representation Model (ARM) life cycles

Reachability

Vulnerability

Build (Update)

ARMs

Reachabilit

y

information

Vulnerability

information

Preprocessing Construction Evaluation

Security Analysis

Security metrics

ARMs Network

Applying

security best

practices

Change(s) in

the network

Update Updated

information

Modification Representation

Visualisation/ Storage

ARMs

(Generation)

Other if necc.

The ultimate goal is to provide security as service for any type of systems including cloud, enterprise

system, smart grid, etc

Security as a Service!

• Vulnerabilities Database

(NVD, CVE, SecurityFocus, etc)

• Connectivity (Topology)

• Attacks (threats)

• Detection/Mitigation

Attack Representation Models

(ARM)

G: Reset a single BGP session

A1: Send message to

router causing reset A2: Alter configuration

via compromised router

M2:

Secure

router

M1:Randomiz

e

Seq. Num.

D1: Trace-route

check D2: Router firewall

alert

AN

D

O

R

AN

D

AN

D

AN

D

Cloud-Based Security and

monitoring and Measurement

(CBSM) system

Real Enterprise systems

/Cloud systems

Security

Analysis results

Thank you!!

Hagley Park, Christchurch,

New Zealand

Thank you! Question?

References

S. Nair and T. Dimitrakos, On the Security of Data Stored in the Cloud, SecureClouud 2012

B. Bhargava et al., Research in Cloud Security and Privacy, Purdue U.

S. Privacy, Security and Trust in Cloud computing, HPL-2012-80R1

Others on the slides.

Who has control of the resources?

From [6] Cloud Security and Privacy by Mather and Kumaraswamy

1. Abuse and Nefarious Use of Cloud Computing

By abusing the relative anonymity behind these registration and usage models

areas of concern include • password and key cracking, DDOS, launching

dynamic attack points, hosting malicious data, botnet command and control, building rainbow tables, and CAPTCHA solving farms.

2. Insecure Interfaces and APIs

These interfaces must be designed to protect against both accidental and malicious attempts to circumvent policy.

Examples • Anonymous access and/or reusable tokens

• or passwords, clear-text authentication

• or transmission of content, inflexible access controls

• or improper authorizations, limited monitoring and logging capabilities, unknown service

• or API dependencies.

3. Malicious Insiders

The threat of a malicious insider is well-known to most organizations.

This threat is amplified for consumers of cloud services by the convergence of IT services and customers under a single management domain, combined with a general lack of transparency into provider process and procedure.

The level of access granted could enable such an adversary to harvest confidential data or gain complete control over the cloud services with little or no risk of detection.

4. Shared Technology Issues

IaaS vendors deliver their services in a scalable way by sharing infrastructure.

Often, the underlying components that make up this infrastructure (e.g., CPU caches, GPUs, etc.) were not designed to offer strong isolation properties for a multi-tenant architecture.

To address this gap, a virtualization hypervisor mediates access between guest operating systems and the physical compute resources.

Still, even hypervisors have exhibited flaws that have enabled guest operating systems to gain inappropriate levels of control or influence on the underlying platform

Customers should not have access to any other tenant’s actual or residual data, network traffic, etc

5. Data Loss or Leakage

There are many ways to compromise data. Deletion or alteration of records without a backup of the original content is an obvious example.

Examples • Insufficient authentication, authorization, and audit (AAA)

controls;

• inconsistent use of encryption and software keys;

• operational failures;

• persistence and remanence challenges: disposal challenges;

• risk of association;

• jurisdiction and political issues;

• data center reliability;

• and disaster recovery.

Example: Service Level Agreements (SLAs)

Amazon Web services: • AWS will use commercially reasonable efforts to

make Amazon S3 available with a Monthly Uptime Percentage (defined below) of at least 99.9% during any monthly billing cycle (the “Service Commitment”).

o Effective October 1st, 2007

o roughly an hour of downtime per year

• AWS will use commercially reasonable efforts to make Amazon EC2 available with an Annual Uptime Percentage (defined below) of at least 99.95% during the Service Year.

o Effective Date: October 23, 2008

Jinesh Varia. Amazon white paper on cloud architectures Sept. 2008, Available at: http://aws.amazon.com/about-aws/whats-new/2008/07/16/cloud-architectures-white-paper/

http://aws.amazon.com/s3-sla/ http://aws.amazon.com/ec2-sla/

6. Account or Service Hijacking

Cloud solutions add a new threat to the landscape.

If an attacker gains access to your credentials, they can eavesdrop on your activities and transactions, manipulate data, return falsified information, and redirect your clients to illegitimate sites.

Your account or service instances may become a new base for the attacker. From here, they may leverage the power of your reputation to launch subsequent attacks.

7. Unknown Risk Profile

Often the following questions are not clearly answered or are overlooked

• What about details or compliance of the internal security procedures, configuration hardening, patching, auditing, and logging?

• How are your data and related logs stored and who has access to them?

• What information if any will the vendor disclose in the event of a security incident?

leaving customers with an unknown risk profile that may include serious threats.

Towards a Secure Cloud blueprint

S. Nair and T. Dimitrakos, On the Security of Data Stored in the Cloud, SecureCloud 2012, May 2012.

Towards a Secure Cloud blueprint technical security subsystems

S. Nair and T. Dimitrakos, On the Security of Data Stored in the Cloud, SecureCloud 2012, May 2012.

Virtualization Key Security Issues

Identity management,

Data leakage (caused by multiple tenants sharing physical resources),

access control,

virtual machine (VM) protection,

persistent client-data security,

prevention of cross-VM side-channel attacks.