UTSA Community-Based Secure Information and Resource Sharing in - - PowerPoint PPT Presentation

utsa
SMART_READER_LITE
LIVE PREVIEW

UTSA Community-Based Secure Information and Resource Sharing in - - PowerPoint PPT Presentation

Nov 23, 2022 501 likes •712 views

UTSA Community-Based Secure Information and Resource Sharing in Azure Cloud IaaS Cyber Incident Response Models for Information and Resource Sharing Yun Zhang, Farhan Patwa , Ravi Sandhu Institute for Cyber Security University of Texas at

slide-1
SLIDE 1

UTSA

Yun Zhang, Farhan Patwa, Ravi Sandhu Institute for Cyber Security University of Texas at San Antonio San Antonio, TX 78249 May 30, 2016

Presented by: Amy(Yun) Zhang

Community-Based Secure Information and Resource Sharing in Azure Cloud IaaS

Cyber Incident Response


Models for Information and Resource Sharing

slide-2
SLIDE 2

UTSA

Overview

  • Motivations
  • Scope
  • Background
  • Secure Isolated Domain (SID) Concept
  • Azure Access Control Model
  • Azure SID Model
  • Enforcement
  • Conclusion

2

slide-3
SLIDE 3

3

Ref: www.huffingtonpost.co.uk/2013/04/23/uk-government- faces-1000-cyber-attacks-a-day_n_3138164.html

Motivations

  • Cyber Collaboration Initiatives
  • Cyber attacks are becoming

increasingly sophisticated.

– Hard to defend by a single

  • rganization on its own.
  • Collaborate to enhance

situational awareness

– Share cyber information

  • Malicious activities
  • Technologies, tools,

procedures, analytics.

  • Dominant IaaS cloud platforms

are lacking models for group sharing

UTSA

slide-4
SLIDE 4

UTSA

Scope

  • Sharing models — sharing amongst a set of
  • rganizations

– Information, infrastructure, tools, analytics, etc. – May want to share malicious or infected code/ systems (e.g. virus, worms, etc.) – Sensitive

  • Cloud service models — focus on Infrastructure

as a Service (IaaS) — Microsoft Azure

  • Scenario — Cyber Incident Response

4

slide-5
SLIDE 5

UTSA

Traditional Cyber Collaboration

  • Traditional collaboration

– Subscription services – Limitations

  • Organizations Sharing information through

subscription.

  • Organizations are not actively participating in

analyzing and processing the cyber information they submit.

  • Organizations don't directly interact with each
  • ther on sharing activities.

5

slide-6
SLIDE 6

UTSA Cloud IaaS Advantages for 
 Cyber Incident Sharing

  • Virtualized resources

– Theoretically, one can take a snapshot and mobilize

  • Operational efficiency

– Light-weight and agile – Rapid deployment and configuration – Dynamic scaling – Self-service

6

slide-7
SLIDE 7

UTSA

Sharing Model in Cloud IaaS

Participant B

Sharing Group

Add/Remove Data Join/Leave Users Add/Remove Data Join/Leave Users Add/Remove Data Join/Leave Users

View #1: Org C View #1: Org B View #1: Org A Participant C Participant A

7

refer paper: Towards a framework for group-centric secure collaboration.

slide-8
SLIDE 8

UTSA Community Cyber Incident Response Governance

8

Incident Response Group Cyber Security Committee Organization Security Specialists External Experts Conditional Membership Shared Information

refer paper: RT-based administrative models for community cyber security information sharing.

slide-9
SLIDE 9

UTSA

Cyber Collaboration in Cloud

  • Cloud platform — IaaS

– Community in Cloud – Cyber Security Committee. – Organizations routinely collect cyber information. – Cross organization cyber collaborations.

9

slide-10
SLIDE 10

UTSA

Secure Isolated Domain (SID) Model

10 Secure Isolated Domain (SID) Core Project (CP) Open Project (OP) Secure Isolated Project SIP-1 Secure Isolated Project SIP-n Org-1 Org-m Community Expert-1 Expert-k Experts

slide-11
SLIDE 11

UTSA

Sharing Model in Cloud IaaS

Participant B

Secure Isolated Domain (SID)

Add/Remove Data Join/Leave Users Add/Remove Data Join/Leave Users Add/Remove Data Join/Leave Users

View #1: Org C View #1: Org B View #1: Org A Participant C Participant A

11

View #2: SID View #2: SID View #2: SID Can create multiple secure isolated projects (SIPs) within SID with different controls

slide-12
SLIDE 12

UTSA

Microsoft Azure

  • Popular public cloud software

– Microsoft Azure: is a cloud computing platform and infrastructure created by Microsoft for building, deploying, and managing applications and services through a global network of Microsoft-managed datacenters.

12

Ref: https://azure.microsoft.com/

slide-13
SLIDE 13

UTSA

Azure Access Control Model

13

Accounts (A) AADRoles (AADR) *Permission Assignment (PA) AAD User Ownership (AADUO) Services (S) Groups (G) Group Ownership (GO) user_ group PRMS Operations (OP) Object Types (OT) AADRoles Ownership (AADRO) OT Ownership (OTO) Azure Active Directories (AAD) Subscriptions (Sub) Subscription Assignment (SA) AAD Ownership (AADO) Subscription Ownership (SubO) SubAdmin User Assignment (SAUA) NonAAD Users (NAADU) AADAdmin User Assignment (AADAUA) AAD Users (AADU) SubRoles (SubR) RG Ownership (RGO) User Assignment (UA) SUBRole Ownership (SubRA) Account Ownership (AO) Resources (RS) Resource Co-Ownership (RO) Resource Co-Ownership (RO)

  • t_

resource RG-R pair Resource Groups (RG) Roles (R) Group Assignment (GA)

slide-14
SLIDE 14

UTSA

Azure Access Control Model with SID Extension

14

Permission Assignment (PA) Services (S) PRMS Operations (OP) Object Types (OT) OT Ownership (OTO) User Assignment (UA) Resources (RS)

  • t_

resource SIDs Open Project [Sub] SIPs [Sub] Core Project [Sub] Resource Co-Ownership (RO) Users (U) Expert Users (EU) RG Ownership (RGO) Resource Co-Ownership (RO) SIP/CP/OP Ownership (SIPO/CPO/OPO) Resource Groups (RG) Roles (R) Organization Accounts (OA) SID- Association (assoc) RG Ownership (RGO) RG Ownership (RGO) RG-R pair User Ownership (UO)

slide-15
SLIDE 15

UTSA

SID Service

15

slide-16
SLIDE 16

UTSA

Enforcement

16

  • Azure Account Resource Division

Azure Account Subscription 1 Subscription 2 Subscription N Resource Group 1-1 Resource Group 1-2 Resource Group 2-1 Resource Group N-1 Resource Group N-X VM1 VM2 VM1 VM1 VM2 VM3

slide-17
SLIDE 17

UTSA

Enforcement

17

  • Setting up SID service

– Create two roles in the Core Project account: CPadmin and CPmember

– CPadmin allows the user have limited administrative power to use the role CPmember and specify policies for users from his organization.

– Create one role in the Open Project account: OPmember

– CPadmin allows all users from the community to access the Open Project account.

– SID manager maintains a list of security administrative users (uSet) from organizations.

slide-18
SLIDE 18

UTSA

Enforcement

18

  • SIP request
slide-19
SLIDE 19

UTSA

Conclusion and future work

  • Developed sharing models

– Formal specification

  • Enhanced Azure Cloud IaaS with SID/SIP capabilities

– Cyber incident response capabilities

  • Self-service
  • SID/SIP specific security
  • Share data, tools, etc. in an isolated environment
  • Ability to execute and analyze malicious code in an isolated environment
  • Future work

– more fine grained access control within a SIP – compare SID/SIP enforcement on dominant IaaS cloud platforms (OpenStack, AWS and Azure)

19

slide-20
SLIDE 20

UTSA

20

Thanks!