CS 5410 - Computer and Network Security: Cloud Security Professor - - PowerPoint PPT Presentation

Southeastern Security for Enterprise and Infrastructure (SENSEI) Center

CS 5410 - Computer and Network Security: Cloud Security

Professor Kevin Butler Fall 2015

Southeastern Security for Enterprise and Infrastructure (SENSEI) Center

Imagine…

2

Southeastern Security for Enterprise and Infrastructure (SENSEI) Center

In the beginning…

• In the past, industry was saddled between sufficient

computing power and significant “Cap-Ex”.

• Who could afford giving everyone a computer?
• Users instead worked from “dumb” terminals, which

became increasingly capable.

• All the processing was handled by a single

timesharing mainframe. Computing became indispensable and ubiquitous...

• ... and the centralized model of computing 


all but disappeared.

3

Southeastern Security for Enterprise and Infrastructure (SENSEI) Center

… but then …

• With an increasing number of computationally

enabled users, the need for larger infrastructure grew...

• ... to support wild fluctuations in traffic.
• ... to calculate answers to really big questions.
• ... to reduce the Cap-Ex of replacing “obsolete” PCs.
• Resources can be pushed, pulled, moved,

redistributed…

4

Southeastern Security for Enterprise and Infrastructure (SENSEI) Center

Grid Computing

• Distributed computing has long been studied, but grid

computing was the first to talk about federating these resources across multiple administrative domains.

• Grid computing often centered around CPU scavenging,
• r the use of “wasted” cycles to perform useful work for

the grid.

• e.g., Distributed.net, SETI@home, Folding@home...
• A number of companies offered software 


to coordinate the arbitrary execution of 
 code (for a price).

• e.g., IBM, Sun Microsystems and HP

5

Southeastern Security for Enterprise and Infrastructure (SENSEI) Center

Cloud Computing

• Cloud computing is ... umm...
• Acceptable definitions are hard to come by, but

roughly it is “the use of computing resources over a network connection”.

• Isn’t that just grid computing?
• Isn’t that just... the Internet?

6

Southeastern Security for Enterprise and Infrastructure (SENSEI) Center

More Information

• Cloud computing can more accurately be

split into four sub-classes of service:

• Infrastructure as a Service (IaaS)
• Platform as a Service (PaaS)
• Software as a Service (SaaS)
• Network as a Service (NaaS)

7

Southeastern Security for Enterprise and Infrastructure (SENSEI) Center

IaaS

• The most basic model of cloud computing.
• Customers are allocated machines (generally VMs), upon

which they can run (almost) arbitrary software.

• Arbitrary, within the bounds of law of the hosting country.
• Most common providers:Amazon EC2,Windows Azure

Services Platform, Rackspace Cloud, etc

• The infrastructure is flexible, and can be almost

instantaneously allocated or deallocated by the administrator.

• This is how many companies handle traffic spikes,

expected or otherwise.

8

Southeastern Security for Enterprise and Infrastructure (SENSEI) Center

PaaS

• Platform as a Service provides a “harness” for

the execution of arbitrary software.

• Allows developers to implement and run

their software on a machine without worrying about the administrative details/lower layers.

• Expands like IaaS, but happens automatically.
• Why? See the above.
• Examples: Google App Engine,


Windows Azure Cloud Service...

9

Southeastern Security for Enterprise and Infrastructure (SENSEI) Center

SaaS

• The cloud service installs and manages

software, and users pay* to access this software through special clients.

• *Either directly or through advertisements.
• Load is automatically balanced over the

infrastructure, allowing the application to use more resources as necessary.

• Examples: Microsoft Office 365, Google Apps

10

Southeastern Security for Enterprise and Infrastructure (SENSEI) Center

NaaS

• The least well known of the services.
• Not the same thing as Network Area Storage (NAS).
• Network resources and services, instead of

computation, are the provisioned quantity.

• The most popular services: bandwidth on demand,

VPNs...

11

Southeastern Security for Enterprise and Infrastructure (SENSEI) Center

Dividing Lines

• The services decrease in the complexity/

administration for which the user is willing to be responsible.

• Want to be able to turn all the knobs? IaaS!
• Want things just to work? SaaS!
• The lines, are not entirely clear.
• Some will debate where the borders 


are, but more interesting problems 
 exist.

12

Southeastern Security for Enterprise and Infrastructure (SENSEI) Center

Cloud Security

• Someone else, potentially across the planet, has

access to your data.

• What could possibly go wrong?
• Data Exfiltration:
• Policy configuration, in the VM, the OS, the

“Harness”, or the application may make it easy to extract your sensitive data.

• Risk: Many of these instances have 


virtually the same configuration, so a weakness in one may be representative 


• f a widespread vulnerability.

13

Southeastern Security for Enterprise and Infrastructure (SENSEI) Center

Data Mining

• Why exfiltrate data when you can gather

statistics on it “in situ”.

• Customer contact information
• User behaviors
• EVERYTHING
• Your data is exposed, and there is very 


little that you can do to prevent this.

14

Southeastern Security for Enterprise and Infrastructure (SENSEI) Center

Targeting by Nation-States

15

Southeastern Security for Enterprise and Infrastructure (SENSEI) Center

Clouds as a Security Enhancement?

• Are there any ways in which “the cloud” may

actually be an improvement to security?

16

Southeastern Security for Enterprise and Infrastructure (SENSEI) Center

Co-Residency Detection

• Cloud computing saves money by running many

instances on a single physical piece of hardware.

• There are many reasons two competing companies

would not want to be on the same physical hardware:

• Increased traffic could indicate something secret or

private happening.

• Knowing the location of a competitor’s VM 


may allow you to DoS it... or at least cost 
 them additional money to provision more 
 services.

17

Southeastern Security for Enterprise and Infrastructure (SENSEI) Center

Ristenpart Attack

• 1. Use Amazon EC2 as a case study
• U.S. Region - Linux Kernel
• 2. Achieve PLACEMENT of their malicious VM on the same

physical machine as that of a target customer.

• Determine where in the cloud an instance is likely to be

located.

• Determine if two instances are co-residents.
• Intentionally launch an instance to achieve co-residence with

another user.

• 3. Proceed to EXTRACT information and/or perpetrate all kinds
• f attacks

18

Southeastern Security for Enterprise and Infrastructure (SENSEI) Center

Mapping the Cloud

• Hypothesis: different availability zones (and possibly

instance types) are likely to correspond to different internal IP address ranges.

• Since we already know that it’s possible to infer the

internal IP address of an instance associated with a public IP through the EC2’s DNS service...

• If this hypothesis holds, an adversary can use a map
• f EC2 to determine the instance type and

availability zone of their target, dramatically reducing the number of instances needed to achieve co- residence.

19

Southeastern Security for Enterprise and Infrastructure (SENSEI) Center

So How Do We Do This?

• Ristenpart, et al. use a “Prime+Probe”

technique to see cache hits and misses.

• Others have suggested a variety of additional

side channels, including network load.

20

500000 1e+06 1.5e+06 2e+06 0 10 20 30 40 50 60 70 80 90100 CPU cycles Trial 1 0 10 20 30 40 50 60 70 80 90 100 Trial 2 HTTP gets No HTTP gets 0 10 20 30 40 50 60 70 80 90 100 Trial 3

Southeastern Security for Enterprise and Infrastructure (SENSEI) Center

Does this attack still work?

• The one published does not work any more
• Amazon reads these papers too
• But alternative approaches to mapping EC2

have been developed (USENIX Security’14)

• Active mechanisms to determine co-

residency (Bates et al., CCSW 2012)

• Other side-channel mechanisms (Mike Reiter,

talk on Friday about)

21

Southeastern Security for Enterprise and Infrastructure (SENSEI) Center

Regulation/Legal

• Lots of the data that we generate comes encumbered

with legal requirements.

• Healthcare: HIPAA & HITECH
• Financial: Graham-Leach-Bliley
• Keeping the data within the US is a 


requirement for some customers.

• Some countries have strong privacy requirements,

which should offer more protection.

• In reality, legislation such as the Patriot Act (and related

Anti-Terrorism legislation) mean your data can be exposed without your knowledge.

22

Southeastern Security for Enterprise and Infrastructure (SENSEI) Center

There Must Be More…

• Emerging cryptographic constructions allow for

computation on encrypted data.

• That is, you encrypt your data and a cloud provider can

blindly but meaningfully make changes to your data.

• Techniques: Homomorphic encryption, garbled circuits.
• This changes the game!
• All the power of the cloud, 


none of the risks...

• We’ll discuss in the weeks ahead.

23

Southeastern Security for Enterprise and Infrastructure (SENSEI) Center

Conclusion

• The cloud is a very loosely defined set of services
• ffered over the network.
• Break down into IaaS, PaaS, SaaS and NaaS.
• From a security perspective, the problems are

significant.

• And in many ways, simple:
• All your data is unencrypted and held by

someone else.

• Attacks vary from unauthorized computation on

your data, exfiltration, side channels...

24