Security in Cloud Computing A survey of the unique challenges and - - PowerPoint PPT Presentation

Security in Cloud Computing

A survey of the unique challenges and risks inherent to the Cloud Computing model.

Presented By: Marissa Hollingsworth

Overview

 What is Cloud Computing?  Unique Security Concerns in the Cloud  Confidentiality  Integrity  Availability  Intrusion Detection  Conclusion

CLOUD COMPUTING

What’s it all about?

Definition of Cloud Computing

 Applications delivered as a service over

the internet using hardware and systems software in data centers that provide the services.

Key Characteristics

 On-demand self-service.

• Provision server time and network storage automatically

without requiring human interaction (e.g. GoogleDocs)

 Broad network access.

• Available over network and accessed by client platforms.

 Resource Pooling.

• Multi-tenant model with dynamic assignment of resources

depending on demand.

 Rapid Elasticity.  Measured Service.

• Resource usage can be monitored, controlled, and reported –

providing transparency for provider and consumer.

Service Models

 Software as a Service (SaaS)

• Consumer uses provider’s applications
• No management or control of underlying cloud infrastructure

 Platform as a Service (PaaS)

• Consumer deploys self-created or acquired applications using

supported tools.

• No management or control of underlying cloud infrastructure
• Controls deployed applications and hosting environment configurations

 Infrastructure as a Service (IaaS)

• Consumer provisions processing, storage, networks, and other

resources to run arbitrary software (e.g. operating systems and applications)

• No management or control of underlying cloud infrastructure
• Control over OS, storage, deployed applications, networking

components (such as host firewalls)

Deployment Models

 Public Cloud

• Owned and managed by off-site third-party
• Available to the general public
• Multi-tenacity

 Need for segmentation, isolation, governance, service levels,

• etc. for different consumer needs.

 Private/Community Cloud

• Used for a single or multiple trusted organizations
• May still use third-party management

 Hybrid Cloud

DEPLOYMENT MODELS

Public deployment model has the greatest risk of security breaches.

MAJOR SECURITY CONCERNS

Data Migration to the Cloud

Customers keep storage and application data in secure, on-site databases managed by hired employees. Customers must transfer storage and application data to off-site, provider database locations managed by third-party employees.

Off-site data storage

 Considered the greatest concern in cloud

security

 Third-party management

• Even authorized users may be a threat
• Customers lose exclusive access control of

data

 Provider hiring standards

• Could allow security breach if standards are

low

Off-Site Data Storage

 Security Principles Affected

• Confidentiality

 Data access shared with authorized employees.

• Integrity

 Data integrity becomes responsibility of third-party (may be careless or malicious).  Most customers do not keep backup copies of data.

• Availability

 Customers need to have access to the data they need when they need it.  Most customers move all data to the cloud.

Shared Hardware in the Cloud

Customers own and manage hardware. Only trusted data is stored on machine hardware.

Providers allocate virtual machines on shared hardware to several customers.

Machine Hardware

Company data Company data

Machine Hardware

Company data Company data

Machine Hardware

VM

(Customer A)

VM

(Customer B)

Machine Hardware

VM

(Customer A)

VM

(Malicious Customer)

Conventional Hardware Infrastructure Shared Hardware Infrastructure in the Cloud

Shared Hardware

 Scalable way to deliver services

• Dynamic hardware allocation among users

 Underlying components often not

designed to provide strong isolation

• CPU caches, GPUs, disk partitions, etc.

 Guest operating systems can gain

influence over underlying platform.

Shared Hardware

 Security Principles Affected

• Confidentiality

 Shared hardware side-channel threats

• Integrity

 Inappropriate levels of underlying platform control could compromise data integrity

• Availability

 Denial-of-Service vulnerabilities

Server

Dynamic Hardware Adaption

When resources are exhausted, incoming requests are queued and wait for free resources. When resources on one VM instance are exhausted, a new VM will be allocated to fulfill incoming requests.

Static Hardware Adaption Server Server Server Requests being served Pending requests Static Hardware Adaption Server

VM VM VM VM

Dynamically Allocated VMs … …

Dynamic Hardware Adaption

 Security Principles Affected

• Availability

 Denial-of-Service attacks  Users need to be able to access data when they need it

CONFIDENTIALITY

“Privacy. Ensuring unauthorized disclosure of information”

Confidentiality: Threats

 Malicious insiders

• Similar to conventional insider attacks, but

amplified by third-party access

• Provider employees

 How is access granted to physical and virtual assets?  How are employees monitored?

• Insiders can access confidential data with little
• r no risk of detection.

Confidentiality: Threats

 Co-residence

• Sharing physical machine hardware (public cloud

model)

• Cross-virtual machine attacks

 Strategic virtual-machine placement to gain co-residence with victim  Side-channels to monitor shared physical resources (CPU, data caches, keystroke over SSH, etc.)

 High-probability of co-residence when using

“cloud cartography”

• Use heuristics such as local IP and creation time to
• btain and verify co-residence
• Brute-force successful over 50% of the time

Confidentiality: Responsibilities

 Global encryption scheme  Secure data storage

• Partitioned RAM
• Local storage wiping
• Strict access control and

monitoring

 Inhibit cloud cartography

(used in co-residence attacks)

 Blinding techniques to hide

local IP addresses

 Instance encryption scheme

• Ensure privacy even if provider is

careless

 Make sure that provider meets

needed standards before migration

• Make sure contracts are strict and

include all necessary precautions

Provider Customer

INTEGRITY

“Correctness. Ensuring unauthorized modification of data.”

Integrity: Threats

 Malicious Insiders

• Similar to confidentiality threats

 Third-party employees have access to modify cloud services, undetected

• Providers may threaten integrity to save money
• r space in the cloud

 Careless Providers

• Insufficient authorization controls
• Inconsistent encryption and software keys
• Data replication and persistence challenges

Integrity: Responsibilities

 Scheduled data backup  Safe storage

• Replication and disaster

recovery

 Strict access control  Allow customer to

configure firewall settings

 Monitor employee actions  Monitor data with integrity

checking techniques

 Carefully configure firewall

and access control lists

 Make sure that provider

meets needed standards before migration

Provider Customer

AVAILABILITY

“Ensuring data is available when needed.”

Availability: Threats

 Denial-of-Service Attacks

• Attempt to disrupt (or completely disable)

availability of computer resources to intended users

• Dynamic resource allocation

 Allows attackers to easily saturate servers  Focus attack on one server and when resources are low, more will be allocated.

• Direct Attack

 Flood a single target address

• Indirect Attack

 Perform computationally expensive operations on and instance co-residing with target

Availability: Threats

 Careless Providers

• Providers need to provide reliable service

Availability: Responsibilities

 Stable servers  Prevent denial-of-service

attacks

• Monitor hardware usage
• Prevent unlimited resource

allocation

 Monitor instance to ensure

it is not used to execute denial-of-service attack

 Monitor own client usage

Provider Customer

INTRUSION DETECTION

“Risk management. Detecting and successfully reporting malicious behavior.”

Intrusion Detection Systems

 Important to monitor all systems running in

the Cloud.

• No Cloud can be more secure than its weakest

link

• Need to prevent rapid infection in cloud

 Multi-tenacity

• Requires flexible settings

 Needs to be capable of monitoring thousands of diverse virtual machines on shared hardware  Different operating systems, deployment models, hardware usage, etc.

IDS Design Considerations

 Separation of monitored systems and

monitors

• Cannot trust alerts from a compromised machine

 Centralized and instance management

systems

 How to stop intrusion once detected

• Cloud virtualization makes this easy

 Simply stop and resume the infected virtual machine

Intrusion Detection Systems: Responsibilities

 Centralized management

• Control and monitor alerts

throughout cloud

• Detect attacks on instances as

well as the cloud as a whole

 Monitor service exploitation

• Detect internal attacks
• Determine if Cloud has been

used to attack victims

 Monitor all infrastructure

resources they are using

 Monitor service exploitation

• Detect attacks on own instance
• Determine if instance has been

used to attack other instances

Provider Customer

Conclusions

 Main concerns involve:

• Third-party data access
• Shared hardware
• Dynamic hardware adaption

 Security in Cloud Computing is still an

• pen topic

 Security responsibilities for providers are

not standardized (yet)

THANK YOU!