Security and Privacy in Cloud ComputingPurdue … .ppt

Bharat Bhargavabbshailpurdue.eduComputer SciencePurdue University,Research in Cloud Security and Privacy,YounSun Chocho52cs.purdue.eduComputer SciencePurdue University,Anya Kimanya.kimnrl.navy.milNaval Research Lab,Talk Objectives,A high-level discussion of the fundamental challenges and issues/characteristics of cloud computingIdentify a few security and privacy issues within this frameworkPropose some approaches to addressing these issuesPreliminary ideas to think about,Outline,Part I:IntroductionPart II:Security and Privacy Issues in Cloud Computing Part III:Possible Solutions,3,Part I.Introduction,Cloud Computing BackgroundCloud ModelsWhy do you still hesitate to use cloud computing?Causes of Problems Associated with Cloud ComputingTaxonomy of FearThreat Model,4,Cloud Computing Background,FeaturesUse of internet-based services to support business processRent IT-services on a utility-like basisAttributesRapid deploymentLow startup costs/capital investmentsCosts based on usage or subscriptionMulti-tenant sharing of services/resourcesEssential characteristicsOn demand self-serviceUbiquitous network accessLocation independent resource poolingRapid elasticityMeasured service“Cloud computing is a compilation of existing techniques and technologies,packaged within a new infrastructure paradigm that offers improved scalability,elasticity,business agility,faster startup time,reduced management costs,and just-in-time availability of resources”,From 1 NIST,A Massive Concentration of Resources,Also a massive concentration of riskexpected loss from a single breach can be significantly largerconcentration of“users”represents a concentration of threats“Ultimately,you can outsource responsibility but you cant outsource accountability.”,From 2 John McDermott,ACSAC 09,Cloud Computing:who should use it?,Cloud computing definitely makes sense if your own security is weak,missing features,or below average.Ultimately,ifthe cloud providers security people are“better”than yours(and leveraged at least as efficiently),the web-services interfaces dont introduce too many new vulnerabilities,andthe cloud provider aims at least as high as you do,at security goals,then cloud computing has better security.,From 2 John McDermott,ACSAC 09,Cloud Models,Delivery ModelsSaaSPaaSIaaSDeployment ModelsPrivate cloudCommunity cloudPublic cloudHybrid cloudWe propose one more Model:Management Models(trust and tenancy issues)Self-managed 3rd party managed(e.g.public clouds and VPC),From 1 NIST,Delivery Models,9,While cloud-based software services are maturing,Cloud platform and infrastructure offering are still in their early stages!,From 6 Cloud Security and Privacy by Mather and Kumaraswamy,Impact of cloud computing on the governance structure of IT organizations,10,From 6 Cloud Security and Privacy by Mather and Kumaraswamy,If cloud computing is so great,why isnt everyone doing it?,The cloud acts as a big black box,nothing inside the cloud is visible to the clientsClients have no idea or control over what happens inside a cloudEven if the cloud provider is honest,it can have malicious system admins who can tamper with the VMs and violate confidentiality and integrityClouds are still subject to traditional data confidentiality,integrity,availability,and privacy issues,plus some additional attacks,11,Companies are still afraid to use clouds,12,Chow09ccsw,Causes of Problems Associated with Cloud Computing,Most security problems stem from:Loss of controlLack of trust(mechanisms)Multi-tenancyThese problems exist mainly in 3rd party management modelsSelf-managed clouds still have security issues,but not related to above,Loss of Control in the Cloud,Consumers loss of controlData,applications,resources are located with providerUser identity management is handled by the cloudUser access control rules,security policies and enforcement are managed by the cloud providerConsumer relies on provider to ensureData security and privacyResource availabilityMonitoring and repairing of services/resources,Lack of Trust in the Cloud,A brief deviation from the talk(But still related)Trusting a third party requires taking risksDefining trust and riskOpposite sides of the same coin(J.Camp)People only trust when it pays(Economists view)Need for trust arises only in risky situations Defunct third party management schemesHard to balance trust and riske.g.Key Escrow(Clipper chip)Is the cloud headed toward the same path?,Multi-tenancy Issues in the Cloud,Conflict between tenants opposing goalsTenants share a pool of resources and have opposing goalsHow does multi-tenancy deal with conflict of interest?Can tenants get along together and play nicely?If they cant,can we isolate them?How to provide separation between tenants?Cloud Computing brings new threatsMultiple independent users share the same physical infrastructure Thus an attacker can legitimately be in the same physical machine as the target,Taxonomy of Fear,ConfidentialityFear of loss of control over dataWill the sensitive data stored on a cloud remain confidential?Will cloud compromises leak confidential client data Will the cloud provider itself be honest and wont peek into the data?IntegrityHow do I know that the cloud provider is doing the computations correctly?How do I ensure that the cloud provider really stored my data without tampering with it?,17,From 5 www.cs.jhu.edu/ragib/sp10/cs412,Taxonomy of Fear(cont.),AvailabilityWill critical systems go down at the client,if the provider is attacked in a Denial of Service attack?What happens if cloud provider goes out of business?Would cloud scale well-enough?Often-voiced concernAlthough cloud providers argue their downtime compares well with cloud users own data centers,18,From 5 www.cs.jhu.edu/ragib/sp10/cs412,Taxonomy of Fear(cont.),Privacy issues raised via massive data miningCloud now stores data from a lot of clients,and can run data mining algorithms to get large amounts of information on clientsIncreased attack surfaceEntity outside the organization now stores and computes data,and soAttackers can now target the communication link between cloud provider and clientCloud provider employees can be phished,19,From 5 www.cs.jhu.edu/ragib/sp10/cs412,Taxonomy of Fear(cont.),Auditability and forensics(out of control of data)Difficult to audit data held outside organization in a cloudForensics also made difficult since now clients dont maintain data locallyLegal quagmire and transitive trust issuesWho is responsible for complying with regulations?e.g.,SOX,HIPAA,GLBA?If cloud provider subcontracts to third party clouds,will the data still be secure?,20,From 5 www.cs.jhu.edu/ragib/sp10/cs412,Taxonomy of Fear(cont.),21,Cloud Computing is a security nightmare and it cant be handled in traditional ways.John ChambersCISCO CEO,Security is one of the most difficult task to implement in cloud computing.Different forms of attacks in the application side and in the hardware components Attacks with catastrophic effects only needs one security flaw(http:/,Threat Model,A threat model helps in analyzing a security problem,design mitigation strategies,and evaluate solutionsSteps:Identify attackers,assets,threats and other componentsRank the threatsChoose mitigation strategiesBuild solutions based on the strategies,22,From 5 www.cs.jhu.edu/ragib/sp10/cs412,Threat Model,Basic components Attacker modelingChoose what attacker to considerinsider vs.outsider?single vs.collaborator?Attacker motivation and capabilitiesAttacker goalsVulnerabilities/threats,23,From 5 www.cs.jhu.edu/ragib/sp10/cs412,What is the issue?,The core issue here is the levels of trust Many cloud computing providers trust their customersEach customer is physically commingling its data with data from anybody else using the cloud while logically and virtually you have your own space The way that the cloud provider implements security is typically focused on they fact that those outside of their cloud are evil,and those inside are good.But what if those inside are also evil?,24,From 5 www.cs.jhu.edu/ragib/sp10/cs412,Attacker Capability:Malicious Insiders,At clientLearn passwords/authentication informationGain control of the VMsAt cloud providerLog client communicationCan read unencrypted dataCan possibly peek into VMs,or make copies of VMsCan monitor network communication,application patternsWhy?Gain information about client dataGain information on client behaviorSell the information or use itself,25,From 5 www.cs.jhu.edu/ragib/sp10/cs412,Attacker Capability:Outside attacker,What?Listen to network traffic(passive)Insert malicious traffic(active)Probe cloud structure(active)Launch DoS Goal?IntrusionNetwork analysisMan in the middleCartography,26,From 5 www.cs.jhu.edu/ragib/sp10/cs412,Challenges for the attacker,How to find out where the target is located?How to be co-located with the target in the same(physical)machine?How to gather information about the target?,27,From 5 www.cs.jhu.edu/ragib/sp10/cs412,Part II:Security and Privacy Issues in Cloud Computing-Big Picture,Infrastructure SecurityData Security and StorageIdentity and Access Management(IAM)PrivacyAnd more,28,From 6 Cloud Security and Privacy by Mather and Kumaraswamy,Infrastructure Security,Network LevelHost LevelApplication Level,29,The Network Level,Ensuring confidentiality and integrity of your organizations data-in-transit to and from your public cloud providerEnsuring proper access control(authentication,authorization,and auditing)to whatever resources you are using at your public cloud providerEnsuring availability of the Internet-facing resources in a public cloud that are being used by your organization,or have been assigned to your organization by your public cloud providersReplacing the established model of network zones and tiers with domains,30,From 6 Cloud Security and Privacy by Mather and Kumaraswamy,The Network Level-Mitigation,Note that network-level risks exist regardless of what aspects of“cloud computing”services are being used The primary determination of risk level is therefore not which*aaS is being used,But rather whether your organization intends to use or is using a public,private,or hybrid cloud.,31,From 6 Cloud Security and Privacy by Mather and Kumaraswamy,The Host Level,SaaS/PaaSBoth the PaaS and SaaS platforms abstract and hide the host OS from end usersHost security responsibilities are transferred to the CSP(Cloud Service Provider)You do not have to worry about protecting hostsHowever,as a customer,you still own the risk of managing information hosted in the cloud services.,32,From 6 Cloud Security and Privacy by Mather and Kumaraswamy,The Host Level(cont.),IaaS Host SecurityVirtualization Software SecurityHypervisor(also called Virtual Machine Manager(VMM)security is a keya small application that runs on top of the physical machine H/W layerimplements and manages the virtual CPU,virtual memory,event channels,and memory shared by the resident VMsAlso controls I/O and memory access to devices.Bigger problem in multitenant architecturesCustomer guest OS or Virtual Server SecurityThe virtual instance of an OS Vulnerabilities have appeared in virtual instance of an OS e.g.,VMWare,Xen,and Microsofts Virtual PC and Virtual ServerCustomers have full access to virtual servers.,33,From 6 Cloud Security and Privacy by Mather and Kumaraswamy,Case study:Amazons EC2 infrastructure,“Hey,You,Get Off of My Cloud:Exploring Information Leakage in Third-Party Compute Clouds”Multiple VMs of different organizations with virtual boundaries separating each VM can run within one physical servervirtual machines still have internet protocol,or IP,addresses,visible to anyone within the cloud.VMs located on the same physical server tend to have IP addresses that are close to each other and are assigned at the same time An attacker can set up lots of his own virtual machines,look at their IP addresses,and figure out which one shares the same physical resources as an intended targetOnce the malicious virtual machine is placed on the same server as its target,it is possible to carefully monitor how access to resources fluctuates and thereby potentially glean sensitive information about the victim,34,Local Host Security,Are local host machines part of the cloud infrastructure?Outside the security perimeterWhile cloud consumers worry about the security on the cloud providers site,they may easily forget to harden their own machines The lack of security of local devices can Provide a way for malicious services on the cloud to attack local networks through these terminal devices Compromise the cloud and its resources for other users,Local Host Security(Cont.),With mobile devices,the threat may be even strongerUsers misplace or have the device stolen from them Security mechanisms on handheld gadgets are often times insufficient compared to say,a desktop computer Provides a potential attacker an easy avenue into a cloud system.If a user relies mainly on a mobile device to access cloud data,the threat to availability is also increased as mobile devices malfunction or are lost Devices that access the cloud should have Strong authentication mechanisms Tamper-resistant mechanismsStrong isolation between applications Methods to trust the OSCryptographic functionality when traffic confidentiality is required,36,The Application Level,DoSEDoS(Economic Denial of Sustainability)An attack against the billing model that underlies the cost of providing a service with the goal of bankrupting the service itself.End user securityWho is responsible for Web application security in the cloud?SaaS/PaaS/IaaS application securityCustomer-deployed application security,37,From 6 Cloud Security and Privacy by Mather and Kumaraswamy,Data Security and Storage,Several aspects of data security,including:Data-in-transitConfidentiality+integrity using secured protocolConfidentiality with non-secured protocol and encryptionData-at-restGenerally,not encrypted,since data is commingled with other users dataEncryption if it is not associated with applications?But how about indexing and searching?Then homomorphic encryption vs.predicate encryption?Processing of data,including multitenancyFor any application to process data,not encrypted,38,From 6 Cloud Security and Privacy by Mather and Kumaraswamy,Data Security and Storage(cont.),Data lineageKnowing when and where the data was located w/i cloud is important for audit/compliance purposese.g.,Amazon AWS Store Process Restore Data provenanceComputational accuracy(as well as data integrity)E.g.,financial calculation:sum(2*3)*4)/6)-2)=$2.00?Correct:assuming US dollarHow about dollars of different countries?Correct exchange rate?,39,From 6 Cloud Security and Privacy by Mather and Kumaraswamy,Data Security and Storage,Data remanenceInadvertent disclosure of sensitive information is possibleData security mitigation?Do not place any sensitive data in a public cloudEncrypted data is placed into the cloud?Provider data and its security:storageTo the extent that quanti