CS 5410 - Computer and Network Security: Cloud Security Professor Kevin Butler Fall 2015 Southeastern Security for Enterprise and Infrastructure (SENSEI) Center
Imagine… Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 2
In the beginning… • In the past, industry was saddled between sufficient computing power and significant “Cap-Ex”. • Who could afford giving everyone a computer? • Users instead worked from “dumb” terminals, which became increasingly capable. • All the processing was handled by a single timesharing mainframe. Computing became indispensable and ubiquitous... • ... and the centralized model of computing all but disappeared. Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 3
… but then … • With an increasing number of computationally enabled users, the need for larger infrastructure grew... • ... to support wild fluctuations in traffic. • ... to calculate answers to really big questions. • ... to reduce the Cap-Ex of replacing “obsolete” PCs. • Resources can be pushed, pulled, moved, redistributed… Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 4
Grid Computing • Distributed computing has long been studied, but grid computing was the first to talk about federating these resources across multiple administrative domains. • Grid computing often centered around CPU scavenging, or the use of “wasted” cycles to perform useful work for the grid. • e.g., Distributed.net, SETI@home, Folding@home... • A number of companies offered software to coordinate the arbitrary execution of code (for a price). • e.g., IBM, Sun Microsystems and HP Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 5
Cloud Computing • Cloud computing is ... umm... • Acceptable definitions are hard to come by, but roughly it is “the use of computing resources over a network connection”. • Isn’t that just grid computing? • Isn’t that just... the Internet? Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 6
More Information • Cloud computing can more accurately be split into four sub-classes of service: • Infrastructure as a Service (IaaS) • Platform as a Service (PaaS) • Software as a Service (SaaS) • Network as a Service (NaaS) Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 7
IaaS • The most basic model of cloud computing. • Customers are allocated machines (generally VMs), upon which they can run (almost) arbitrary software. • Arbitrary, within the bounds of law of the hosting country. • Most common providers:Amazon EC2,Windows Azure Services Platform, Rackspace Cloud, etc • The infrastructure is flexible, and can be almost instantaneously allocated or deallocated by the administrator. • This is how many companies handle traffic spikes, expected or otherwise. Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 8
PaaS • Platform as a Service provides a “harness” for the execution of arbitrary software. • Allows developers to implement and run their software on a machine without worrying about the administrative details/lower layers. • Expands like IaaS, but happens automatically. • Why? See the above. • Examples: Google App Engine, Windows Azure Cloud Service... Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 9
SaaS • The cloud service installs and manages software, and users pay* to access this software through special clients. • *Either directly or through advertisements. • Load is automatically balanced over the infrastructure, allowing the application to use more resources as necessary. • Examples: Microsoft Office 365, Google Apps Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 10
NaaS • The least well known of the services. • Not the same thing as Network Area Storage (NAS). • Network resources and services, instead of computation, are the provisioned quantity. • The most popular services: bandwidth on demand, VPNs... Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 11
Dividing Lines • The services decrease in the complexity/ administration for which the user is willing to be responsible. • Want to be able to turn all the knobs? IaaS! • Want things just to work? SaaS! • The lines, are not entirely clear. • Some will debate where the borders are, but more interesting problems exist. Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 12
Cloud Security • Someone else, potentially across the planet, has access to your data. • What could possibly go wrong? • Data Exfiltration: • Policy configuration, in the VM, the OS, the “Harness”, or the application may make it easy to extract your sensitive data. • Risk: Many of these instances have virtually the same configuration, so a weakness in one may be representative of a widespread vulnerability. Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 13
Data Mining • Why exfiltrate data when you can gather statistics on it “in situ”. • Customer contact information • User behaviors • EVERYTHING • Your data is exposed, and there is very little that you can do to prevent this. Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 14
Targeting by Nation-States Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 15
Clouds as a Security Enhancement? • Are there any ways in which “the cloud” may actually be an improvement to security? Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 16
Co-Residency Detection • Cloud computing saves money by running many instances on a single physical piece of hardware. • There are many reasons two competing companies would not want to be on the same physical hardware: • Increased traffic could indicate something secret or private happening. • Knowing the location of a competitor’s VM may allow you to DoS it... or at least cost them additional money to provision more services. Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 17
Ristenpart Attack • 1. Use Amazon EC2 as a case study • U.S. Region - Linux Kernel • 2. Achieve PLACEMENT of their malicious VM on the same physical machine as that of a target customer. • Determine where in the cloud an instance is likely to be located. • Determine if two instances are co-residents. • Intentionally launch an instance to achieve co-residence with another user. • 3. Proceed to EXTRACT information and/or perpetrate all kinds of attacks Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 18
Mapping the Cloud • Hypothesis: different availability zones (and possibly instance types) are likely to correspond to different internal IP address ranges. • Since we already know that it’s possible to infer the internal IP address of an instance associated with a public IP through the EC2’s DNS service... • If this hypothesis holds, an adversary can use a map of EC2 to determine the instance type and availability zone of their target, dramatically reducing the number of instances needed to achieve co- residence. Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 19
So How Do We Do This? HTTP gets No HTTP gets 2e+06 1.5e+06 CPU cycles 1e+06 500000 0 0 10 20 30 40 50 60 70 80 90100 0 10 20 30 40 50 60 70 80 90 100 0 10 20 30 40 50 60 70 80 90 100 Trial 1 Trial 2 Trial 3 • Ristenpart, et al. use a “Prime+Probe” technique to see cache hits and misses. • Others have suggested a variety of additional side channels, including network load. Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 20
Does this attack still work? • The one published does not work any more • Amazon reads these papers too • But alternative approaches to mapping EC2 have been developed (USENIX Security’14) • Active mechanisms to determine co- residency (Bates et al., CCSW 2012) • Other side-channel mechanisms (Mike Reiter, talk on Friday about) Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 21
Regulation/Legal • Lots of the data that we generate comes encumbered with legal requirements. • Healthcare: HIPAA & HITECH • Financial: Graham-Leach-Bliley • Keeping the data within the US is a requirement for some customers. • Some countries have strong privacy requirements, which should offer more protection. • In reality, legislation such as the Patriot Act (and related Anti-Terrorism legislation) mean your data can be exposed without your knowledge. Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 22
There Must Be More… • Emerging cryptographic constructions allow for computation on encrypted data. • That is, you encrypt your data and a cloud provider can blindly but meaningfully make changes to your data. • Techniques: Homomorphic encryption, garbled circuits. • This changes the game! • All the power of the cloud, none of the risks... • We’ll discuss in the weeks ahead. Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 23
Recommend
More recommend
