http://www.anewmorning.com/2011/05/24/cloud-computing-comic/ Cloud Computing and its Security Issues
Dr. Dan (Dong-Seong) Kim
University of Canterbury, New Zealand [email protected] http://www.cosc.canterbury.ac.nz/dongseong.kim
University of Canterbury (UC)
. University of Canterbury (UC) • originated in 1873 in the centre of Christchurch as Canterbury College (currently UC) . Alumni of UC • Ernest Rutherford1: physicist – Nobel Prize in chem.
• John Key–current Prime Minister of New Zealand
• Computer Science and Software Engineering department at UC has been ranked in the top 101-150 Computer Science departments in the 2011 International QS World University Rankings.
1: http://www.nobelprize.org/nobel_prizes/chemistry/laureates/1908/rutherford-bio.html About myself
. Lecturer (Assistant Professor in US) since Aug. 2011 • Full time/permanent • Computer science and software engineering Dept. • Research/teaching: Computer and Network Security
. Postdoc at Duke U. from June 2008- July 2011 • (Kishor S. Trivedi group)
. U of Maryland, USA in 2007 • Virgil D. Gligor group (former ACM SIGSAC chair)
. Studied at KAU in Korea (BS, MS, PhD) • JongSou Park group (Penn. State PhD)
Outline
. Why cloud computing? . What is cloud computing? • NIST Definition • Essential characteristics • Service delivery models • Deployment models . A Case Study . Why not using Cloud? . Taxonomy of Fear • CIA or FBI? . Security and Privacy Issues Why cloud computing? Locally hosted Email vs. Cloud based.
Server utilization
How ?? Virtualization + automation = cloud Migration to cloud computing
Case Study of a Cloud Deployment
New 100% Development Liberated funding for new Software Strategic Costs development, transformation Change investment or Capacity Power direct saving Costs Case Study Results Current Annual savings: $3.3M IT Deployment (1-time) Labor Costs (84%) Spend (Operations and Software $3.9M to $0.6M Maintenance) Costs
Power Costs (88.8%) Hardware, labor & power savings Hardware Labor Costs reduced annual cost Costs ( - 80.7%) of operation by annualized ( ) Hardware Costs 83.8% ( - 88.7%)
Note: 3-Year Depreciation Period with 10% Discount Rate What is Cloud Computing? Definition of Cloud Computing
. NIST (National Institute of Standards and Technology) definition • a model for enabling ubiquitous, convenient, on- demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction Source: NIST Essential characteristics of cloud computing
. On-demand self service . Broadband network access . Resource pooling . Rapid elasticity . Measured service
http://www.eucalyptus.com/resources/cloud-overview/what-is-cloud-computing Cloud Service Delivery Models
http://blog.appcore.com/blog/bid/168247/3-Types-of-Cloud-Service-Models http://it20.info/2010/11/random-thoughts-and-blasphemies-around-iaas-paas-saas-and-the- cloud-contract/ Cloud Service Delivery Models (cont.)
. SaaS (Software as a Service) • The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. . PaaS (Platform as a Service) • To deploy onto the cloud infrastructure consumer-created or acquired applications created using program languages and tools supported by the provider . IaaS (Infrastructure as a Service) • To provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software which can include operation systems and applications. . XaaS • Data, Search, Security, Hacking, …
From [1] NIST Cloud Deployment models Cloud Deployment models (cont.)
. Private cloud • Is operated solely for an organization. . Public cloud • Is made available to the general public or a large industry group • Is owned by an organization (e.g., MS, Amazon) selling cloud services. . Community cloud • Is shared by several organizations and supports a specific community that has shard concerns (e.g., mission, policy, and compliance considerations) . Hybrid cloud • Is a composition of two or more clouds (private, community, or public) that remain unique entities but are bounded together by standardized (e.g., cloud bursting for load balancing between clouds) A Case Study Case Study: Amazon Cloud Infrastructure
. The first & Best Cloud computing
S3 EC2
19 Amazon Cloud Infrastructure
20 Amazon Cloud Infrastructure
. Powerful New IT Consumption Models . New York Times used • S3/EC2 to process • 4TB of TIFFs • Into 1.5TB of PDFs • Using 100 EC2 Xen VMs • And HDFS (Hadoop) . In 24 hours . For USD 240! http://cloudcomputersupes.wordpress.com/category/cloud-funny-messages/ Hesitate to use cloud computing? If cloud computing is so great, why isn’t everyone doing it? . The cloud acts as a big black box, nothing inside the cloud is visible to the clients . Clients have no idea or control over what happens inside a cloud
Cloud If cloud computing is so great, why isn’t everyone doing it? (cont.) . Even if the cloud provider is honest, it can have malicious system admins who can tamper with the VMs (Virtual Machines) and violate confidentiality and integrity . Clouds are still subject to traditional data confidentiality, integrity, availability, and privacy issues, plus some additional attacks
What is Confidentiality, Integrity, Availability? Morocco and New Zealand
Bob in North island
Alice in South Island Security objectives: Confidentiality
An example
Internet
Alice in UGETGVSecret? Bob in North by DES, 3DES, AES, South Island island etc by Caesar with k=2
E
rd The data has not been viewed by a 3 Confidentiality Encryption party
Confidentiality: the protection of transmitted data from passive attacks (release of message contents and traffic analysis) How? ?? secret UGETGV Shift by 1 ? TFDSFU Substitution by 2 ? (Transposition) UGETGV Caesar cipher
key = 2 Q: What’s this?
All blacks (AB)?
New Zealand National rugby team’s name
How does AB relate to principle of ciphers? All blacks?
. Substitution ?
Richie McCaw Andrew Hore
Adam Thomson
Cory Jane
AndrewDan Carter Ellis All blacks?
. Transposition (permutation) ?
Richie McCaw
Adam Thomson
Cory Jane
Dan Carter
Use both Substitution and transposition to win the championship Security objectives (cont.): Integrity
How ? Use HMAC(Hashed message authentication code)
New Zealand sport? New Zealand fruit? Internet
One Alice in South way function Bob in North Island island hash II hatelove you
All blacks Kiwi E
The data has not been modified in Integrity Crytographic transit Hash func.
Integrity: the assurance that data received are exactly as sent by an authorized entity (i.e., contain no modification, insertion, deletion, or replay) An illustrative example
Input I love you I hate Message 345689 you (pre-image)
A hash Divided by 23 A hash function and take function some values.
Hash value (message digest, fingerprint) 15029.95652173913043…
Integrity can be checked Security objectives (cont.) : Availability
Internet Distributed Denial of Alice in Bob in North Service (DDoS) attacks South Island island
…
E
For any information system to serve its purpose, the information must Availability be available when it is needed
Source: http://memeburn.com Security objectives : summary
Internet
Alice in Bob in North South Island island
The data has not been viewed by a 3rd Confidentiality Encryption party
The data has not been modified in Integrity Hash func. transit
The data must be available when it is Availability Fault/intrusi needed on tolerance Companies are still afraid to use clouds
[Chow09ccsw] Causes of Problems Associated with Cloud Computing . Most security problems stem from: 1. Loss of control 2. Lack of trust (mechanisms) 3. Multi-tenancy
1. Loss of Control in the Cloud
. Consumer’s loss of control • Data, applications, resources are located with provider Cloud Provider Premises Customer Data Customer Customer Code
• User identity management is handled by the cloud 1. Loss of Control in the Cloud (cont.) . User access control rules, security policies and enforcement are managed by the cloud provider
. Consumer relies on provider to ensure • Data security and privacy • Resource availability • Monitoring and repairing of services/resources
2. Lack of Trust in the Cloud
. Trust in the cloud? • the customers’ level of confidence in using the cloud . Main components of Trust in Cloud Computing • Security – CIA + other. • Privacy - Protection against the exposure or leakage of personal or confidential data (e.g. personally identifiable information). • Accountability - complying with measures that give effect to practices articulated in given guidelines o Preventive control (e.g., risk analysis)/detective control (e.g., Intrusion detection system) • Auditability t- o ensure operational integrity and customer data protection
3. Multi-tenancy Issues in the Cloud
Who are my neighbors? What is their objective? They present another facet of risk and trust requirements
. Cloud Computing brings new threats • Multiple independent users share the same physical infrastructure • Thus an attacker can legitimately be in the same physical machine as the target . How to provide separation between tenants? Taxonomy of Fear Cloud Computing Security
. Information Security Principles Unchanged Taxonomy of Fear: Confidentiality
. Fear of loss of control over data • Will the sensitive data stored on a cloud remain confidential? • Will cloud compromises leak confidential client data . Will the cloud provider itself be honest and won’t peek into the data?
From [5] www.cs.jhu.edu/~ragib/sp10/cs412 44 Taxonomy of Fear: Integrity
. How do I know that the cloud provider is doing the computations correctly?
. How do I ensure that the cloud provider really stored my data without tampering with it?
http://www.nbrella.com/the-integrity-problem-2/ Taxonomy of Fear: Availability
. Will critical systems go down at the client, if the provider is attacked in a Denial of Service (DoS) attack? . What happens if cloud provider goes out of business? . Would cloud scale well-enough? . Often-voiced concern • Although cloud providers argue their downtime compares well with cloud user’s own data centers
46 From [5] www.cs.jhu.edu/~ragib/sp10/cs412 http://www.ecnmag.com/articles/2011/08/return-zero-cloud-computing Availability: Downtimes Availability
. Countermeasures • Evaluate provider measures to ensure availability • Monitor availability carefully • Plan for downtime . Use public clouds for less essential applications Taxonomy of Fear - others
. Privacy issues raised via massive data mining • Cloud now stores data from a lot of clients, and can run data mining algorithms to get large amounts of information on clients
. Increased attack surface • Entity outside the organization now stores and computes data, and so • Attackers can now target the communication link between cloud provider and client • Cloud provider employees can be phished
50 From [5] www.cs.jhu.edu/~ragib/sp10/cs412 Taxonomy of Fear – others: Malicious behaviors using cloud Taxonomy of Fear – others (cont.)
. Auditability and forensics (out of control of data) • Difficult to audit data held outside organization in a cloud • Forensics also made difficult since now clients don’t maintain data locally
. Legal quagmire and transitive trust issues • Who is responsible for complying with regulations?
• If cloud provider subcontracts to third party clouds, will the data still be secure?
52 From [5] www.cs.jhu.edu/~ragib/sp10/cs412 Top Threats to Cloud Computing V1.0
. By CSA (cloud security alliance) 1. Abuse and Nefarious Use of Cloud Computing 2. Insecure Interfaces and APIs 3. Malicious Insiders 4. Shared Technology Issues 5. Data Loss or Leakage 6. Account or Service Hijacking 7. Unknown Risk Profile Cloud Providers, Services and Security Measures
Kai Hwang and Deyi Li, “Trusted Cloud Computing with Secure Resources and Data Coloring”, IEEE Internet Computing, Sept. 2010 Security and Cloud computing
. Security Analysis of Cloud Computing . Security Analysis using Cloud Computing
Security Metrics Environment Attack profile Security Analysis
*adm. activities *cost/reward Stochastic *users behavior *attack paths models *random failures *vulnerabilities *attack intensities Cloud-Based “real-time” Security Measurement Enterprise (CBSM) system NATO project
. Cyber Security Analysis and Assurance using Cloud-Based Security Measurement System • Funded by NATO Emerging Security Challenges Division Science for Peace and Security Programme
NATO project organization
NATO Partner Country NATO Country (USA) (Morocco)
Research Areas: Major non-NATOResearch allies Areas: • Modeling techniques • Applied stochastic processes • Performance, reliability, dependability, & Country • Stochastic control security quantification • Queuing theory • Modeling software packages • Performance analysis of computer networks • Network security • Secure network architecture design • Cloud computing security • Mobile computing security Assessing Network Security
Internal Network How secure is my network?
NIDS
Internet
Firewall
NIDS: network intrusion detection system Assessing Security (cont.)
. To assess security, one requires 3Ms: 1. Security Measures o To collected required information.
2. Security Metrics o To represent the analysis of security.
3. Security Models (Attack Representation Model: ARM) o To capture security using simulation, analytic models, or hybrid models.
Attack Representation Model (ARM) life cycles
Preprocessing Construction Representation Evaluation Modification (Generation) Security Reachabilit metrics y Reachability information Applying security best Build ARMs ARMs practices Visualisation/ Security (Update) Network Other if necc. Storage Analysis ARMs Change(s) in the network Vulnerability Vulnerability information Update Updated information
The ultimate goal is to provide security as service for any type of systems including cloud, enterprise system, smart grid, etc Security as a Service!
• Vulnerabilities Database Attack Representation Models (NVD, CVE, SecurityFocus, etc) (ARM) • Connectivity (Topology) G: Reset a single BGP session • Attacks (threats) O R • Detection/Mitigation AN AN D D
A : Send message to 1 A : Alter configuration router causing reset AN 2 via compromised router AN D D
M :Randomiz D1: Trace-route 1 check e M : D : Router firewall 2 Seq. Num. 2 Secure alert router
Cloud-Based Security and monitoring and Measurement (CBSM) system Security Analysis results
Real Enterprise systems /Cloud systems Thank you!!
Hagley Park, Christchurch, New Zealand Thank you! Question? References
. S. Nair and T. Dimitrakos, On the Security of Data Stored in the Cloud, SecureClouud 2012 . B. Bhargava et al., Research in Cloud Security and Privacy, Purdue U. . S. Privacy, Security and Trust in Cloud computing, HPL-2012-80R1 . Others on the slides.
Who has control of the resources?
From [6] Cloud Security and Privacy by Mather and Kumaraswamy 1. Abuse and Nefarious Use of Cloud Computing . By abusing the relative anonymity behind these registration and usage models . areas of concern include • password and key cracking, DDOS, launching dynamic attack points, hosting malicious data, botnet command and control, building rainbow tables, and CAPTCHA solving farms. 2. Insecure Interfaces and APIs
. These interfaces must be designed to protect against both accidental and malicious attempts to circumvent policy. . Examples • Anonymous access and/or reusable tokens • or passwords, clear-text authentication • or transmission of content, inflexible access controls • or improper authorizations, limited monitoring and logging capabilities, unknown service • or API dependencies. 3. Malicious Insiders
. The threat of a malicious insider is well-known to most organizations. . This threat is amplified for consumers of cloud services by the convergence of IT services and customers under a single management domain, combined with a general lack of transparency into provider process and procedure. . The level of access granted could enable such an adversary to harvest confidential data or gain complete control over the cloud services with little or no risk of detection. 4. Shared Technology Issues
. IaaS vendors deliver their services in a scalable way by sharing infrastructure. . Often, the underlying components that make up this infrastructure (e.g., CPU caches, GPUs, etc.) were not designed to offer strong isolation properties for a multi- tenant architecture. . To address this gap, a virtualization hypervisor mediates access between guest operating systems and the physical compute resources. . Still, even hypervisors have exhibited flaws that have enabled guest operating systems to gain inappropriate levels of control or influence on the underlying platform . Customers should not have access to any other tenant’s actual or residual data, network traffic, etc 5. Data Loss or Leakage
. There are many ways to compromise data. Deletion or alteration of records without a backup of the original content is an obvious example. . Examples • Insufficient authentication, authorization, and audit (AAA) controls; • inconsistent use of encryption and software keys; • operational failures; • persistence and remanence challenges: disposal challenges; • risk of association; • jurisdiction and political issues; • data center reliability; • and disaster recovery. Example: Service Level Agreements (SLAs)
. Amazon Web services: • AWS will use commercially reasonable efforts to make Amazon S3 available with a Monthly Uptime Percentage (defined below) of at least 99.9% during any monthly billing cycle (the “Service Commitment”). o Effective October 1st, 2007 o roughly an hour of downtime per year • AWS will use commercially reasonable efforts to make Amazon EC2 available with an Annual Uptime Percentage (defined below) of at least 99.95% during the Service Year. o Effective Date: October 23, 2008
http://aws.amazon.com/s3-sla/ http://aws.amazon.com/ec2-sla/ Jinesh Varia. Amazon white paper on cloud architectures Sept. 2008, Available at: http://aws.amazon.com/about-aws/whats-new/2008/07/16/cloud-architectures-white-paper/ 6. Account or Service Hijacking
. Cloud solutions add a new threat to the landscape. . If an attacker gains access to your credentials, they can eavesdrop on your activities and transactions, manipulate data, return falsified information, and redirect your clients to illegitimate sites. . Your account or service instances may become a new base for the attacker. From here, they may leverage the power of your reputation to launch subsequent attacks. 7. Unknown Risk Profile
. Often the following questions are not clearly answered or are overlooked • What about details or compliance of the internal security procedures, configuration hardening, patching, auditing, and logging? • How are your data and related logs stored and who has access to them? • What information if any will the vendor disclose in the event of a security incident? . leaving customers with an unknown risk profile that may include serious threats. Towards a Secure Cloud blueprint
S. Nair and T. Dimitrakos, On the Security of Data Stored in the Cloud, SecureCloud 2012, May 2012. Towards a Secure Cloud blueprint technical security subsystems
S. Nair and T. Dimitrakos, On the Security of Data Stored in the Cloud, SecureCloud 2012, May 2012. Virtualization Key Security Issues
. Identity management, . Data leakage (caused by multiple tenants sharing physical resources), . access control, . virtual machine (VM) protection, . persistent client-data security, . prevention of cross-VM side-channel attacks.