A Model-driven Approach Towards Designing and Analysing Secure Systems for Multi-clouds Shaun Shei Secure and Dependable Software Systems (SenSe) Haralambos Mouratidis Stylianos Kapetanakis Aidan Delaney
Overview What is Cloud Computing? Current Challenges Cloud Modelling Language • Definitions • Relationships • Models Process • Activities Analysis Conclusion
1 What is Cloud Computing? “Delivery of hosted services over the Internet.”
2 Cloud Computing Properties • Why do we need to define and model cloud computing properties? • How are the properties determined from the literature? • What is our approach to capture these concepts? Traditional (On-premise) Cloud-based Physical access on host Remote access through Access machine network connection Acquisition Architecture management Service selection Initial capital, maintenance Pay-as-you-go based on Costs and support usage Provisioning Purchase, install and set-up Self-service, spin-up time in infrastructure, typically days minutes Dependent on service Security Company policy provider Elasticity according to Scalability Process for adding nodes demand User model Single-tenancy Multi-tenancy
3 Definitions National Institute of Technology and Standards (NIST) Definition 1 : "Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.” The cloud model is composed of five essential characteristics, three service models, and four deployment models. [1] Mell, Peter, and Tim Grance. "The NIST definition of cloud computing." (2011).
4 Definitions NIST Definition Model - http://www.cloudcontrols.org/wp-content/uploads/2011/06/NIST_Visual_Model_of_Cloud_Computing_Definition.jpg
5 Current Challenges • Lack of systematic approaches to tackle cloud-specific security issues at a requirements engineering level • Existing work fails to provide specialised concepts to capture security properties in cloud computing • No automated security analysis support to produce cloud security requirements Table 1: Limitations in related SRE work [1]. [1] Shei, S., Alcaniz, L. M., Mouratidis, H., Delaney, A., Rosado, D. G., & Fernández-Medina, E. (2015). Modelling secure cloud systems based on system requirements. Proceedings of the ESPRE, Ottawa, NT, Canada , 19-24.
6 Current Challenges • Data security • Loss of control • Geographical distribution • Multi-tenancy • Redundancy • Privacy issues • Jurisdiction • USA Patriot Act (law enforcement agencies can access your data without your consent or knowledge). Amazon Web Services - Infrastructure: North America and Europe AWS - http://aws.amazon.com/about-aws/global-infrastructure/
7 How do we describe concepts for modelling cloud security requirements with sufficient expressive power to capture RQ1 domain-specific cloud computing software systems from a security requirements engineering perspective? Why are we asking this question? We formulate this question because we need to know what concepts are required to describe cloud security issues in software systems. How do we answer this? -A cloud security framework is produced, consisting of three components (RC1) -Modelling language to capture cloud security concepts (RC2) -Systematic process to construct cloud models (RC3) -Architecture for automating analysis (RC4) How does this help advance the field? The framework builds upon established security requirements engineering work and extends the field with cloud computing specific concepts.
8 How do we systematically apply security and cloud computing concepts in order to model cloud computing RQ2 systems, perform security analysis and obtain cloud security requirements? Why are we asking this question? To ensure well-formed models of secure cloud systems are produced, allowing us to perform security analysis. How do we answer this? We formalise our concepts to provide the syntax and semantics for analysing cloud security through a formal approach (RC5). How does this help advance the field? There is a lack of work formalising cloud computing concepts from a security requirements engineering perspective. What still needs to be done? The formalisation process is iterative, where each cycle is carried out in conjunction with the validation through running examples.
9 How can we semi-automatically generate system configurations enforcing the security properties of cloud RQ3 deployments based on cloud security requirements? Why are we asking this question? To address the lack of support to automate security analysis using cloud models, to produce cloud security requirements. How do we answer this? We apply our formal concepts to perform security analysis on real-life case studies in order to validate our cloud security requirements (RC6). How does this help advance the field? This provides the groundwork for non-security experts to apply our framework and extend the formal concepts through tool support. What still needs to be done? Identifying case studies and applying our formal concepts in order to validate our claims.
10 Our Approach How is this addressed? -Cloud Modelling language to capture cloud security concepts -Cloud Meta-Model aligning concepts from requirements engineering, security and cloud computing domains -A cloud security framework to provide systematic guidance How does this help advance the field? The components of our framework builds upon established security requirements engineering work and extends the field with cloud computing specific concepts.
11 Structure of Thesis • Split into three parts; state of the art, secure cloud environment framework, validation and evaluation
12 What are the research deliverables? • Secure Cloud Framework • Security analysis (First-order logic) • Validation through case studies
13 Health-care Example Protection of Personal Data • Health Insurance Portability and Accountability Act (HIPAA) • European Parliament and Council Directive 95/46/EC Migrating to Cloud Computing Systems • Loss of control over sensitive assets • Reliance on third-parties to implement security measures
14 Organisational View
15 Cloud Modelling Language • Extension of the Secure Tropos methodology
Definitions 16 • Meta-model extended with cloud computing concepts
17 Definitions Cloud Service • A cloud service provides a specific computing capability, relies on a combination of virtual and physical assets and is enabled through cloud computing characteristics as defined by NIST. Capability: String Deployment Model: «Enumeration» DeploymentModel Service Model: «Enumeration» ServiceModel
18 Definitions Cloud Service Provider • A Cloud Service Provider (CSP) provides the resources required to deliver cloud services. Name: String
19 Definitions Cloud User • A Cloud user represents actors who require cloud services to satisfy their strategic needs. Name: String End-User: Bool
20 Definitions Virtual Resource • A virtual resource represents intangible assets in a cloud computing system. Resource Description: String Type: «Enumeration» ResourceType Visibility: «Enumeration» Visibility
21 Definitions Physical Infrastructure • A physical infrastructure represents a tangible system which, given a geographical location, hosts group of physical assets within its local proximity. Resource Description: String Node Set: [NodeID] Location: «Enumeration» JurisdictionType
22 Definitions Infrastructure Node • An infrastructure node represents a single instance of a computing component such as a server, data storage or network connection. Resource Description: String NodeID: Integer Type: «Enumeration» NodeType Location: «Enumeration» JurisdictionType Tenancy: «Enumeration» Tenancy
23 Definitions Security Constraint • A security restriction placed on a cloud service by an actor, representing the stakeholders security needs. Description: String Dependee: Cloud Service Provider Dependent: Actor Security Property: «Enumeration» HighlevelCloudSR Satisfaction: Bool
24 Definitions Security Objective • The security objective describes criteria contributing towards the satisfaction of security needs. Description: String Security Property: «Enumeration» HighlevelCloudSR
25 Definitions Threat • Threats represent circumstances that have the potential to cause loss; or problems that can put the security features of the system in danger, Description: String Impact: Int
26 Definitions Security Mechanism • A security mechanism represents security methods for satisfying security objectives. Description: String Security Property: «Enumeration» HighlevelCloudSR
27 Definitions Vulnerability • A weakness of an asset or group of assets that can be exploited by one or more threats. Description: String Attack Method: String Impact: Int
Relationships 28 • Meta-model showing relationships between the security and cloud computing concepts
Recommend
More recommend