defining the cloud battlefield
play

Defining the Cloud Battlefield Supporting Security Assessments by - PowerPoint PPT Presentation

Nov 11, 2023 •207 likes •683 views

Defining the Cloud Battlefield Supporting Security Assessments by Cloud Customers Sren Bleikertz 1 Toni Masteli 2 Sebastian Pape 3 Wolter Pieters 4 Trajce Dimkov 5 1 IBM Research - Zurich 2 Vienna University of Technology 3 TU Dortmund 4 TU

  1. Defining the Cloud Battlefield Supporting Security Assessments by Cloud Customers Sören Bleikertz 1 Toni Mastelić 2 Sebastian Pape 3 Wolter Pieters 4 Trajce Dimkov 5 1 IBM Research - Zurich 2 Vienna University of Technology 3 TU Dortmund 4 TU Delft / University of Twente 5 Deloitte LLP IEEE International Conference on Cloud Engineering 2013 (IC2E) Sebastian Pape (TU Dortmund) 1/34

  2. Outline Introduction 1 Background Research goal System Model 2 Security Model 3 Security Objectives Attacker Model Threat Model Model Applications 4 Applying the Model to Practical Attacks Constructing What-if Attack Scenarios Conclusions and Future Work 5 Sebastian Pape (TU Dortmund) 2/34

  3. Introduction System Model Security Model Model Applications Conclusions and Future Work Introduction Background: Cloud Computing [wikipedia] Sebastian Pape (TU Dortmund) 3/34

  4. Introduction System Model Security Model Model Applications Conclusions and Future Work Introduction Background: Security Concerns in Cloud Computing ◮ Security is a major concern [Mell and Grance, 2009] ◮ Analysis of risks and threats [Cloud Security Alliance, 2010], [ENISA, 2009] ⇒ insider attacks and malicious insiders are a major technical risk ◮ Risk amplified due disappearance of physical boundaries [Hay et al., 2011], [Pieters, 2011] ◮ Variety of parties involved in a cloud service ⇒ cloud customers face difficulties in assessing risks and threats Sebastian Pape (TU Dortmund) 4/34

  5. Introduction System Model Security Model Model Applications Conclusions and Future Work Introduction Background: Sample Threats in Cloud Computing ◮ Malicious cloud administrator attacks virtual machine [Rocha and Correia, 2011] ◮ Malicious cloud customer attacks other customers who share physical resources [Ristenpart et al., 2009] ◮ Honest fault of a cloud administrator ⇒ outage of Amazon EC2 in 2011 [Amazon Web Services, 2011] ◮ Honest fault of cloud customers [Bugiel et al., 2011]: ◮ SSH public key for administrator account in image ◮ private SSH keys, Amazon credentials in image Sebastian Pape (TU Dortmund) 5/34

  6. Introduction System Model Security Model Model Applications Conclusions and Future Work Introduction Background: Sample Threats in Cloud Computing ◮ Malicious cloud administrator attacks virtual machine [Rocha and Correia, 2011] ◮ Malicious cloud customer attacks other customers who share physical resources [Ristenpart et al., 2009] ◮ Honest fault of a cloud administrator ⇒ outage of Amazon EC2 in 2011 [Amazon Web Services, 2011] ◮ Honest fault of cloud customers [Bugiel et al., 2011]: ◮ SSH public key for administrator account in image ◮ private SSH keys, Amazon credentials in image Samples cover only: ◮ Two entities: Cloud administrator and customer ◮ Two characteristics of attacker: honest faults and malicious Sebastian Pape (TU Dortmund) 5/34

  7. Introduction System Model Security Model Model Applications Conclusions and Future Work Introduction Research goal: Supporting Security Assessment of Infrastructure Clouds Aim: ◮ More fine-grained trust and attacker models ◮ Systematic specification of parties / capabilities / motivations → obtain a complete picture → support cloud customer’s risk and threat assessments ◮ Model for cloud customers → understandability and usability are important → informal model is more accessible to this audience. Challenge: ◮ Appropriate level of abstraction ◮ Combination of expressiveness and understandability Sebastian Pape (TU Dortmund) 6/34

  8. Introduction System Model Security Model Model Applications Conclusions and Future Work Introduction Framework Overview In summary, our framework combines ◮ System model of infrastructure clouds ◮ entities ◮ system components ◮ Security model ◮ security objectives of cloud customers ◮ attacker characteristics and motivation ◮ threats Sebastian Pape (TU Dortmund) 7/34

  9. Introduction System Model Security Model Model Applications Conclusions and Future Work Introduction Methodology: Designing an IaaS Threat Model ◮ Focus on infrastructure clouds (IaaS) ◮ partly covers higher layers ◮ needed for analysis of higher layers ◮ Design system model ◮ Design security model ◮ Identify and analyse attack scenarios ◮ Evaluation by mapping existing attacks to model ◮ Several iterations ◮ System. analysis by HAZOP approach [Winther et al., 2001] Identifying known attacks and map them to the model 1 Analyze remaining combinations of entities, attacker, threats 2 → reveal possible unknown attacks Sebastian Pape (TU Dortmund) 8/34

  10. Introduction System Model Security Model Model Applications Conclusions and Future Work System Model Background Cloud Computing ◮ Different abstraction layers: IaaS , PaaS , SaaS ◮ Focus on IaaS ⇐ generic threat model too hard for all layers SOMF Model Cloud Pyramid ◮ increasing diversion → SaaS ◮ c.f. Google GMail vs. Salesforce CRM ⇒ application-specific attack models ◮ Existing models not suitable ⇒ New cloud system model on IaaS layer consisting of NIST Cloud Model entities and components. Sebastian Pape (TU Dortmund) 9/34

  11. Introduction System Model Security Model Model Applications Conclusions and Future Work System Model Entities Chosen entities for the system model: Provider manages and operates a cloud infrastructure Manufacturer produces hardware resources used by the provider Developer produce software used by the provider Customer user of the cloud service provided by the provider Third-party not directly involved in IaaS service, represents user on higher layers of the cloud service (e.g., SaaS) Sebastian Pape (TU Dortmund) 10/34

  12. Introduction System Model Security Model Model Applications Conclusions and Future Work System Model Components Each entity has access to one or more components: Administration service, logical access to the cloud infrastructure Technical Support service, physical access to the cloud infrastr. Hardware e.g. hard-disk, processor, produced by a manufacturer , part of a cloud data center. Software e.g. hypervisor, cloud management software produced by a developer , part of a cloud infrastructure. Data information stored on hardware or being transmitted. Appliance executable piece of software deployed by a customer , includes higher layers of a cloud service, black box completely controlled by a customer . non running appliances considered as data Usage represents usage by third-party , logical access of an appliance Sebastian Pape (TU Dortmund) 11/34

  13. Introduction System Model Security Model Model Applications Conclusions and Future Work System Model Access type Provider Physical Logical Administration Tech. Support Developer Manufacturer Software Hardware Usage Appliance Data Access level Third-party Privileged Unprivileged None Customer Figure: System model with relations between entities and components. Sebastian Pape (TU Dortmund) 12/34 However, each entity or component can have multiple instances

  14. Introduction System Model Security Model Model Applications Conclusions and Future Work System Model Access Type / Periods Access attributes Access type Provider ◮ direction Physical Logical ◮ transitivity Administration Tech. Support Access Type Developer Manufacturer Software Hardware ◮ physically Usage Appliance Data ◮ logically Access level Third-party Privileged Access Periods Unprivileged None Customer ◮ One-time ◮ Periodic Figure: System model with relations between entities and components. ◮ Permanent Sebastian Pape (TU Dortmund) 12/34

  15. Introduction System Model Security Model Model Applications Conclusions and Future Work System Model Access Level Access Level Access type Provider levels: Physical Logical ◮ privileged ◮ unprivileged Administration Tech. Support Developer Manufacturer Software Hardware ◮ none between: Usage Appliance Data ◮ entity/comp. Access level Third-party Privileged (priv.) Unprivileged None Customer ◮ comp./comp. Figure: System model with relations between entities and components. Sebastian Pape (TU Dortmund) 12/34

  16. Introduction System Model Security Model Model Applications Conclusions and Future Work Introduction 1 Background Research goal System Model 2 Security Model 3 Security Objectives Attacker Model Threat Model Model Applications 4 Applying the Model to Practical Attacks Constructing What-if Attack Scenarios Conclusions and Future Work 5 Sebastian Pape (TU Dortmund) 13/34

  17. Introduction System Model Security Model Model Applications Conclusions and Future Work Security Model Security Objectives of Cloud Customers ◮ Security objectives from a cloud customer’s point of view ◮ Primary concern: exposure of sensitive data ◮ Focus on (CIA) ◮ confidentiality ◮ integrity ◮ availability ◮ with regard to ◮ computing ◮ storage ◮ network resources Sebastian Pape (TU Dortmund) 14/34

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cloud Computing & Cloud Models Cloud Models Topics Defining cloud computing

Cloud Computing & Cloud Models Cloud Models Topics Defining cloud computing

Cloud Computing & Cloud Models Cloud Models Topics Defining cloud computing Understanding: Distributed Application Design Resource Management Automation Virtualized Computing Environments High-performance Computing

1.02k views • 49 slides
@ Building the Caribbean Cloud Concepts, Progress and Priorities OVERVIEW Defining Accessing

@ Building the Caribbean Cloud Concepts, Progress and Priorities OVERVIEW Defining Accessing

@ Building the Caribbean Cloud Concepts, Progress and Priorities OVERVIEW Defining Accessing Building the Cloud the Cloud the Cloud WHAT IS THE CLOUD? Is the cloud... Hosted servers? Virtualization? Virtualized platform

379 views • 22 slides
Train ined to Kil ill: Battlefield Part rticipation in in Kurdish Fig ighters Matthew

Train ined to Kil ill: Battlefield Part rticipation in in Kurdish Fig ighters Matthew

Train ined to Kil ill: Battlefield Part rticipation in in Kurdish Fig ighters Matthew Cancia ian Can US training improve the battlefield participation of our partners? Combat motivation: the reasons why soldiers under fire believe that

742 views • 71 slides
Proposed Cloud Strategy: Fall 2018 v4.5 ITAG Meeting 19-NOV-18 Joe Johnson Director of Cloud

Proposed Cloud Strategy: Fall 2018 v4.5 ITAG Meeting 19-NOV-18 Joe Johnson Director of Cloud

Proposed Cloud Strategy: Fall 2018 v4.5 ITAG Meeting 19-NOV-18 Joe Johnson Director of Cloud Strategy joe.c.johnson@wisc.edu 608.263.1557 Agenda Strategy scope, goal, and stages Defining cloud Guiding Principles Quick

458 views • 22 slides
MEDICAL SUPPORT TO THE WARFIGHTER: FROM BATTLEFIELD TO TERTIARY CARE & BEYOND Lt Gen (ret)

MEDICAL SUPPORT TO THE WARFIGHTER: FROM BATTLEFIELD TO TERTIARY CARE & BEYOND Lt Gen (ret)

MEDICAL SUPPORT TO THE WARFIGHTER: FROM BATTLEFIELD TO TERTIARY CARE & BEYOND Lt Gen (ret) Douglas J. Robb, DO, MPH Chicago College of Osteopathic Medicine 84 1 The why AGENDA 2 the Why Not 3 and always keeping

1.01k views • 69 slides
National Park Service American Battlefield Protection Program Programmatic Agreement Fiscal Year

National Park Service American Battlefield Protection Program Programmatic Agreement Fiscal Year

National Park Service American Battlefield Protection Program Programmatic Agreement Fiscal Year 2019 Annual Meeting The National Park Service U.S. Department of the Interior American Battlefield Protection Program June 2, 2020 Nat

545 views • 33 slides
Embracing Cloud Ian Apperley Agenda A little about me What is Cloud and where did it come

Embracing Cloud Ian Apperley Agenda A little about me What is Cloud and where did it come

Embracing Cloud Ian Apperley Agenda A little about me What is Cloud and where did it come from? Why Cloud? Cloud for small, medium, enterprise, and government Barriers to adoption Embracing Cloud Social Mobile Cloud

972 views • 45 slides
Welcome to Saab Sensor seminar Using sensors to locate threats an advantage on the battlefield

Welcome to Saab Sensor seminar Using sensors to locate threats an advantage on the battlefield

Welcome to Saab Sensor seminar Using sensors to locate threats an advantage on the battlefield COMPANY RESTRICTED | NOT EXPORT CONTROLLED | NOT CLASSIFIED Your Name | Document Identification | Issue 1 Anders Carp Head of Business Area

679 views • 47 slides
Ra Ray-Trace Traced d Re Refl flect ctio ions ns in in Battlefield V Johannes

Ra Ray-Trace Traced d Re Refl flect ctio ions ns in in Battlefield V Johannes

It Just Works: Ra Ray-Trace Traced d Re Refl flect ctio ions ns in in Battlefield V Johannes Deligiannis Jan Schmid EA DICE *PL ACEHOL DER* * PLAY GAMESCOM TRAILER OR SIMILAR * TODAY we present Raytracing Project

1.1k views • 87 slides
SAS and (the) Cloud Dave Annis SAS Solutions onDemand SAS and (the) Cloud Everyones Cloud

SAS and (the) Cloud Dave Annis SAS Solutions onDemand SAS and (the) Cloud Everyones Cloud

SAS and (the) Cloud Dave Annis SAS Solutions onDemand SAS and (the) Cloud Everyones Cloud Tour of the buzzwords, myths and realities Whats in store for me, the boss, the company, the industry? Your cloud, our cloud their

224 views • 19 slides
The Role of Medical Care in the Civil War: The Hospital and the Battlefield An Online

The Role of Medical Care in the Civil War: The Hospital and the Battlefield An Online

The Role of Medical Care in the Civil War: The Hospital and the Battlefield An Online Professional Development Seminar We will begin promptly on the hour. The silence you hear is normal. If you do not hear anything when the images change,

419 views • 27 slides
MURI: Training Knowledge and Skills for the Networked Battlefield ARO Award No. W911NF-05-1-0153

MURI: Training Knowledge and Skills for the Networked Battlefield ARO Award No. W911NF-05-1-0153

MURI: Training Knowledge and Skills for the Networked Battlefield ARO Award No. W911NF-05-1-0153 Annual Report, 9/12/08-8/14/09 Alice Healy and Lyle Bourne, Principal Investigators Benjamin Clegg, Bengt Fornberg, Cleotilde Gonzalez, Eric

743 views • 51 slides
Customer Experience as the next decade competitive battlefield Kaspar Roos Director of

Customer Experience as the next decade competitive battlefield Kaspar Roos Director of

Customer Experience as the next decade competitive battlefield Kaspar Roos Director of InfoTrends Customer Engagement Technology Advisory Service June, 2015 1 Agenda 1. Introduction 2. Customer Communications State of the Market 3.

437 views • 33 slides
CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is

CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is

Cornell CS5412 Cloud Computing (Spring 2015) 1 CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is cheaper! The cloud business model is growing at an unparalleled pace without any limit in sight

632 views • 45 slides
CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is

CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is

1 CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is cheaper The cloud business model is growing at an unparalleled pace without any limit in sight In the future everything will be on the cloud

945 views • 65 slides
System: Battlefield Acupuncture and Beyond Chester Trip Buckenmaier III, MD COL (ret), MC,

System: Battlefield Acupuncture and Beyond Chester Trip Buckenmaier III, MD COL (ret), MC,

Introduction of Acupuncture to the Military Health System: Battlefield Acupuncture and Beyond Chester Trip Buckenmaier III, MD COL (ret), MC, USA Director, DVCIPM Oct 2019 COL (ret) Chester Buckenmaier III, MD (301)400-4228)

766 views • 31 slides
A FRAMEWORK TO EFFECTIVELY DEVELOP INSIDER THREAT CONTROLS Randy Trzeciak Dan Costa Director

A FRAMEWORK TO EFFECTIVELY DEVELOP INSIDER THREAT CONTROLS Randy Trzeciak Dan Costa Director

#RSAC SESSION ID: HUM-R02 A FRAMEWORK TO EFFECTIVELY DEVELOP INSIDER THREAT CONTROLS Randy Trzeciak Dan Costa Director Technical Solutions Team Lead CERT National Insider Threat Center CERT National Insider Threat Center Software

784 views • 35 slides
n Senior Survey Results o i t u b i r Office of Planning and Institutional Research t s

n Senior Survey Results o i t u b i r Office of Planning and Institutional Research t s

n Senior Survey Results o i t u b i r Office of Planning and Institutional Research t s i D Judith Jaffe r Mitchell Albury o f Xuchen Zhou t o N July 26, 2017 Senior Survey Presentation Introduction Overview n

901 views • 69 slides
SYSTEM BASICS 1 Table le of Contents Appointments Personnel Information Salary

SYSTEM BASICS 1 Table le of Contents Appointments Personnel Information Salary

PAYROLL/PERSONNEL SYSTEM BASICS 1 Table le of Contents Appointments Personnel Information Salary Scales Pay Schedules and Types Payroll/Personnel System Personnel Actions Two Types of PPS 2 APPOINTMENTS The first step

1.12k views • 72 slides
Facilitating Play Dates for a Child with Special Needs Presented by: Tracey Greenwood, M.A.

Facilitating Play Dates for a Child with Special Needs Presented by: Tracey Greenwood, M.A.

Facilitating Play Dates for a Child with Special Needs Presented by: Tracey Greenwood, M.A. Special Education Consulting Teacher March 6, 2018 Loudoun County Public Schools Tracey.Greenwood@lcps.org (571) 252-1000 1 Facilitating Play Dates

656 views • 39 slides
2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor,

2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor,

2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor, Region VII Office of Cybersecurity and Communications (CS&C) National Protection and Programs Directorate (NPPD) FOUO / UNCLASS Cyber Security

333 views • 12 slides
Social Science Perspectives and Countering Insider Threat The Framework Social science is

Social Science Perspectives and Countering Insider Threat The Framework Social science is

Social Science Perspectives and Countering Insider Threat Overview What is a Social Scientist? Why M ethods M atter The Application of Social Science Questions? 1 Social Science Perspectives and Countering Insider Threat The

294 views • 11 slides
PRESENT NEW OPPORTUNITIES FOR INSURERS: LESSONS LEARNT - Simani Wadi IIZ Winter School (August

PRESENT NEW OPPORTUNITIES FOR INSURERS: LESSONS LEARNT - Simani Wadi IIZ Winter School (August

NEW CYBER VULNERABILITIES PRESENT NEW OPPORTUNITIES FOR INSURERS: LESSONS LEARNT - Simani Wadi IIZ Winter School (August 2018) Definition of Cyber Risks Lessons Learnt Opportunities Presentation Flow DEFINITION OF CYBER RISK What are

563 views • 27 slides
Western Region Conference Healthcare Security Readiness and Maturity Assessment Janice Ahlstrom

Western Region Conference Healthcare Security Readiness and Maturity Assessment Janice Ahlstrom

Western Region Conference Healthcare Security Readiness and Maturity Assessment Janice Ahlstrom and Ken Zoline 1 Your presenters Janice Ahlstrom Ken Zoline DIRECTOR SENIOR MANAGER 35+ years experience 35+ years experience FHIMSS, CPHIMS,

493 views • 38 slides

More recommend