Security in Cloud Computing A survey of the unique challenges and risks inherent to the Cloud Computing model. Presented By: Marissa Hollingsworth
Overview What is Cloud Computing? Unique Security Concerns in the Cloud Confidentiality Integrity Availability Intrusion Detection Conclusion
What’s it all about? CLOUD COMPUTING
Definition of Cloud Computing Applications delivered as a service over the internet using hardware and systems software in data centers that provide the services.
Key Characteristics On-demand self-service. ◦ Provision server time and network storage automatically without requiring human interaction (e.g. GoogleDocs) Broad network access. ◦ Available over network and accessed by client platforms. Resource Pooling. ◦ Multi-tenant model with dynamic assignment of resources depending on demand. Rapid Elasticity. Measured Service. ◦ Resource usage can be monitored, controlled, and reported – providing transparency for provider and consumer.
Service Models Software as a Service (SaaS) ◦ Consumer uses provider’s applications ◦ No management or control of underlying cloud infrastructure Platform as a Service (PaaS) ◦ Consumer deploys self-created or acquired applications using supported tools. ◦ No management or control of underlying cloud infrastructure ◦ Controls deployed applications and hosting environment configurations Infrastructure as a Service (IaaS) ◦ Consumer provisions processing, storage, networks, and other resources to run arbitrary software (e.g. operating systems and applications) ◦ No management or control of underlying cloud infrastructure ◦ Control over OS, storage, deployed applications, networking components (such as host firewalls)
Deployment Models Public Cloud ◦ Owned and managed by off-site third-party ◦ Available to the general public ◦ Multi-tenacity Need for segmentation, isolation, governance, service levels, etc. for different consumer needs. Private/Community Cloud ◦ Used for a single or multiple trusted organizations ◦ May still use third-party management Hybrid Cloud
DEPLOYMENT MODELS Public deployment model has the greatest risk of security breaches.
MAJOR SECURITY CONCERNS
Customers keep storage and application data in Customers must transfer storage and application secure, on-site databases managed by hired data to off-site, provider database locations employees. managed by third-party employees. Data Migration to the Cloud
Off-site data storage Considered the greatest concern in cloud security Third-party management ◦ Even authorized users may be a threat ◦ Customers lose exclusive access control of data Provider hiring standards ◦ Could allow security breach if standards are low
Off-Site Data Storage Security Principles Affected ◦ Confidentiality Data access shared with authorized employees. ◦ Integrity Data integrity becomes responsibility of third-party (may be careless or malicious). Most customers do not keep backup copies of data. ◦ Availability Customers need to have access to the data they need when they need it. Most customers move all data to the cloud.
Providers allocate virtual machines on Customers own and manage hardware. Only trusted data is stored on machine hardware. shared hardware to several customers. Machine Machine Machine Machine Hardware Hardware Hardware Hardware Company Company VM VM data data (Customer A) (Customer A) VM Company Company VM (Malicious data data (Customer B) Customer) Conventional Hardware Shared Hardware Infrastructure in Infrastructure the Cloud Shared Hardware in the Cloud
Shared Hardware Scalable way to deliver services ◦ Dynamic hardware allocation among users Underlying components often not designed to provide strong isolation ◦ CPU caches, GPUs, disk partitions, etc. Guest operating systems can gain influence over underlying platform.
Shared Hardware Security Principles Affected ◦ Confidentiality Shared hardware side-channel threats ◦ Integrity Inappropriate levels of underlying platform control could compromise data integrity ◦ Availability Denial-of-Service vulnerabilities
When resources on one VM instance are When resources are exhausted, incoming exhausted, a new VM will be allocated to fulfill requests are queued and wait for free resources. incoming requests. Dynamically Allocated VMs Server Server Server Server Server … VM … VM VM VM Requests being served Pending requests Static Hardware Adaption Static Hardware Adaption Dynamic Hardware Adaption
Dynamic Hardware Adaption Security Principles Affected ◦ Availability Denial-of-Service attacks Users need to be able to access data when they need it
“Privacy. Ensuring unauthorized disclosure of information” CONFIDENTIALITY
Confidentiality: Threats Malicious insiders ◦ Similar to conventional insider attacks, but amplified by third-party access ◦ Provider employees How is access granted to physical and virtual assets? How are employees monitored? ◦ Insiders can access confidential data with little or no risk of detection.
Confidentiality: Threats Co-residence ◦ Sharing physical machine hardware (public cloud model) ◦ Cross-virtual machine attacks Strategic virtual-machine placement to gain co-residence with victim Side-channels to monitor shared physical resources (CPU, data caches, keystroke over SSH, etc.) High-probability of co-residence when using “cloud cartography” ◦ Use heuristics such as local IP and creation time to obtain and verify co-residence ◦ Brute-force successful over 50% of the time
Confidentiality: Responsibilities Provider Customer Global encryption scheme Instance encryption scheme Secure data storage ◦ Ensure privacy even if provider is ◦ Partitioned RAM careless ◦ Local storage wiping Make sure that provider meets ◦ Strict access control and needed standards before monitoring migration Inhibit cloud cartography ◦ Make sure contracts are strict and (used in co-residence attacks) include all necessary precautions Blinding techniques to hide local IP addresses
“Correctness. Ensuring unauthorized modification of data.” INTEGRITY
Integrity: Threats Malicious Insiders ◦ Similar to confidentiality threats Third-party employees have access to modify cloud services, undetected ◦ Providers may threaten integrity to save money or space in the cloud Careless Providers ◦ Insufficient authorization controls ◦ Inconsistent encryption and software keys ◦ Data replication and persistence challenges
Integrity: Responsibilities Provider Customer Scheduled data backup Monitor data with integrity checking techniques Safe storage Carefully configure firewall ◦ Replication and disaster and access control lists recovery Strict access control Make sure that provider meets needed standards Allow customer to before migration configure firewall settings Monitor employee actions
“Ensuring data is available when needed.” AVAILABILITY
Availability: Threats Denial-of-Service Attacks ◦ Attempt to disrupt (or completely disable) availability of computer resources to intended users ◦ Dynamic resource allocation Allows attackers to easily saturate servers Focus attack on one server and when resources are low, more will be allocated. ◦ Direct Attack Flood a single target address ◦ Indirect Attack Perform computationally expensive operations on and instance co-residing with target
Availability: Threats Careless Providers ◦ Providers need to provide reliable service
Availability: Responsibilities Provider Customer Stable servers Monitor instance to ensure it is not used to execute Prevent denial-of-service denial-of-service attack attacks Monitor own client usage ◦ Monitor hardware usage ◦ Prevent unlimited resource allocation
“Risk management. Detecting and successfully reporting malicious behavior.” INTRUSION DETECTION
Intrusion Detection Systems Important to monitor all systems running in the Cloud. ◦ No Cloud can be more secure than its weakest link ◦ Need to prevent rapid infection in cloud Multi-tenacity ◦ Requires flexible settings Needs to be capable of monitoring thousands of diverse virtual machines on shared hardware Different operating systems, deployment models, hardware usage, etc.
IDS Design Considerations Separation of monitored systems and monitors ◦ Cannot trust alerts from a compromised machine Centralized and instance management systems How to stop intrusion once detected ◦ Cloud virtualization makes this easy Simply stop and resume the infected virtual machine
Intrusion Detection Systems: Responsibilities Provider Customer Monitor all infrastructure Centralized management resources they are using ◦ Control and monitor alerts throughout cloud ◦ Detect attacks on instances as well as the cloud as a whole Monitor service exploitation Monitor service exploitation ◦ Detect internal attacks ◦ Detect attacks on own instance ◦ Determine if Cloud has been ◦ Determine if instance has been used to attack other instances used to attack victims
Recommend
More recommend