Ragib Hasan Johns Hopkins University en.600.412 Spring 2010 Lecture 3 02/15/2010 Security and Privacy in Cloud Computing.

Slides:



Advertisements
Similar presentations
Distributed System Lab.1 Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds Thomas Ristenpart ¤, Eran Tromer, Hovav.
Advertisements

Rohit Kugaonkar CMSC 601 Spring 2011 May 9 th 2011
Lecture 5: Cloud Security: what’s new? Xiaowei Yang (Duke University)
Lecture 4: Cloud Computing Security: a first look Xiaowei Yang (Duke University)
Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds Yan Qiang,
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 8 04/04/2011 Security and Privacy in Cloud Computing.
The Case for Enterprise Ready Virtual Private Clouds Timothy Wood, Alexandre Gerber *, K.K. Ramakrishnan *, Jacobus van der Merwe *, and Prashant Shenoy.
Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 8 04/11/2011 Security and Privacy in Cloud Computing.
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing.
Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.
Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 11 04/25/2011 Security and Privacy in Cloud Computing.
Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1.
Kenichi Kourai (Kyushu Institute of Technology) Takeshi Azumi (Tokyo Institute of Technology) Shigeru Chiba (Tokyo University) A Self-protection Mechanism.
Hey You, Get Off My Cloud: Exploring information Leakage in third party compute clouds T.Ristenpart, Eran Tromer, Hovav Shacham and Steven Savage ACM CCS.
Hey, You, Get Off of My Cloud
Look Who’s Talking: Discovering Dependencies between Virtual Machines Using CPU Utilization HotCloud 10 Presented by Xin.
By Christopher Moran, Nicoara Talpes 1.  Solution is addressed to VMs that are web servers  Web servers should not have confidential information anyway.
Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds by Thomas Ristenpart et al. defended by Ning Xia & Najim Yaqubie.
Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 10 04/18/2011 Security and Privacy in Cloud Computing.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds By Thomas Ristenpart Eran Tromer Hovav Shacham Stefan Savage.
Authors: Thomas Ristenpart, et at.
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2013 Lecture 3 09/03/2013 Security and Privacy in Cloud Computing.
Secure Cloud Computing with Virtualized Network Infrastructure HotCloud 10 By Xuanran Zong.
5205 – IT Service Delivery and Support
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
PROJECT IN COMPUTER SECURITY MONITORING BOTNETS FROM WITHIN FINAL PRESENTATION – SPRING 2012 Students: Shir Degani, Yuval Degani Supervisor: Amichai Shulman.
Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.
1 Integrating a Network IDS into an Open Source Cloud Computing Environment 1st International Workshop on Security and Performance in Emerging Distributed.
Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 2 02/01/2010 Security and Privacy in Cloud Computing.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds Written by Thomas Ristenpart Eran Tromer Hovav Shacham Stehan.
Eliminating Fine Grained Timers in Xen Bhanu Vattikonda with Sambit Das and Hovav Shacham.
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2011 Lecture 16 10/11/2011 Security and Privacy in Cloud Computing.
Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 6 03/22/2010 Security and Privacy in Cloud Computing.
CIS 450 – Network Security Chapter 3 – Information Gathering.
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 4 09/10/2013 Security and Privacy in Cloud Computing.
DNS Security Pacific IT Pros Nov. 5, Topics DoS Attacks on DNS Servers DoS Attacks by DNS Servers Poisoning DNS Records Monitoring DNS Traffic Leakage.
# Ethical Hacking. 2 # Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting.
Team 6: (DDoS) The Amazon Cloud Attack Kevin Coleman, Jeffrey Starker, Karthik Rangarajan, Paul Beresuita, Arunabh Verma and Amay Singhal.
Thomas Ristenpart,Eran Tromer, Horav Shahcham and Stefan Savage
Cloud security Tom Ristenpart CS Software-as-a-service Infrastructure-as-a- service Cloud providers Cloud computing NIST: Cloud computing is a model.
HEY, YOU, GET OFF OF MY CLOUD: EXPLORING INFORMATION LEAKAGE IN THIRD-PARTY COMPUTE CLOUDS Eran Tromer MIT Hovav Shacham UCSD Stefan Savage UCSD ACM CCS.
A paper by Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage, Proceedings of the ACM Conference on Computer and Communications Security,
Network Security Chapter 11 powered by DJ 1. Chapter Objectives  Describe today's increasing network security threats and explain the need to implement.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
Security Vulnerabilities in A Virtual Environment
SEMINAR ON IP SPOOFING. IP spoofing is the creation of IP packets using forged (spoofed) source IP address. In the April 1989, AT & T Bell a lab was among.
References: “Hey, You, Get Off My Cloud: Exploring Information Leakage in Third-Party Compute Clouds” by Thomas Ristenpart, Eran Tromer – UC San Diego;
Hey, You, Get Off of My Cloud Thomas Ristenpart, Eran Tromer, Hovav Shacham, Stefan Savage Presented by Daniel De Graaf.
-SHAMBHAVI PARADKAR TE COMP  PORT SCANNING.  DENIAL OF SERVICE(DoS). - DISTRIBUTED DENIAL OF SERVICE(DDoS). REFER Pg.637 & Pg.638.
Secure Single Packet IP Traceback Mechanism to Identify the Source Zeeshan Shafi Khan, Nabila Akram, Khaled Alghathbar, Muhammad She, Rashid Mehmood Center.
Chapter 11 – Cloud Application Development. Contents Motivation. Connecting clients to instances through firewalls. Cloud Computing: Theory and Practice.
Logging and Monitoring. Motivation Attacks are common (see David's talk) – Sophisticated – hard to reveal, (still) quite limited in our environment –
DIVYA K 1RN09IS016 RNSIT1. Cloud computing provides a framework for supporting end users easily through internet. One of the security issues is how to.
Thomas Ristenpart , Eran Tromer, Hovav Shacham ,Stefan Savage CCS’09
Mapping/Topology attacks on Virtual Machines
Threat Modeling for Cloud Computing
Hey, You, Get Off of My Cloud
Alina Oprea Associate Professor, CCIS Northeastern University
Written by : Thomas Ristenpart, Eran Tromer, Hovav Shacham,
Anna Giannakou Christine Morin, Jean-Louis Pazat, Louis Rilling
Exploring Information Leakage in Third-Party Compute Clouds
Presentation transcript:

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 3 02/15/2010 Security and Privacy in Cloud Computing

Mapping/topology Attacks 2/15/2010en Spring 2010 Lecture 2 | JHU | Ragib Hasan2 Lecture Goal Learn about mapping attacks Discuss different techniques and mitigation strategies Analyze the practicality and impact Reading: Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds, Ristenpart et al., CCS 2009

Why Cloud Computing brings new threats? Traditional system security mostly means keeping bad guys out The attacker needs to either compromise the auth/access control system, or impersonate existing users 2/15/2010en Spring 2010 Lecture 2 | JHU | Ragib Hasan3

Why Cloud Computing brings new threats? But clouds allow co-tenancy : Multiple independent users share the same physical infrastructure So, an attacker can legitimately be in the same physical machine as the target 2/15/2010en Spring 2010 Lecture 2 | JHU | Ragib Hasan4

Challenges for the attacker How to find out where the target is located How to be co-located with the target in the same (physical) machine How to gather information about the target 2/15/2010en Spring 2010 Lecture 2 | JHU | Ragib Hasan5

Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds, Ristenpart et al., CCS 2009 First work on cloud cartography Attack launched against commercially available “real” cloud (Amazon EC2) Claims up to 40% success in co-residence with target VM 2/15/2010en Spring 2010 Lecture 2 | JHU | Ragib Hasan6

Strategy Map the cloud infrastructure to find where the target is located Use various heuristics to determine co- residency of two VMs Launch probe VMs trying to be co-resident with target VMs Exploit cross-VM leakage to gather info about target 2/15/2010en Spring 2010 Lecture 2 | JHU | Ragib Hasan7

Threat model Attacker model – Cloud infrastructure provider is trustworthy – Cloud insiders are trustworthy – Attacker is a malicious third party who can legitimately the cloud provider as a client Assets – Confidentiality aware services run on cloud – Availability of services run on cloud 2/15/2010en Spring 2010 Lecture 2 | JHU | Ragib Hasan8

Tools of the trade Nmap, hping, wget for network probing Amazon EC2’s own DNS to map dns names to IPs 2/15/2010en Spring 2010 Lecture 2 | JHU | Ragib Hasan9

Sidenote: EC2 configuration EC2 uses Xen, with up to 8 instances per physical machine 2/15/2010en Spring 2010 Lecture 2 | JHU | Ragib Hasan10 Dom0 is the first instance on the machine, connected to physical adapter All other instances route to external world via dom0 [Figures from Xen Wiki]

Task 1: Mapping the cloud Reverse engineering the VM placement schemes provides useful heuristics about EC2’s strategy 2/15/2010en Spring 2010 Lecture 2 | JHU | Ragib Hasan11 Different availability zones use different IP regions. Each instance has one internal IP and one external IP. Both are static. For example: External IP: External Name: ec computer-1.amazonaws.com Internal IP: Internal Name: domU D-C6.computer-1.internal

Task 1: Mapping the Cloud 2/15/2010en Spring 2010 Lecture 2 | JHU | Ragib Hasan12 Finding: same instance type within the same zone = similar IP regions Reverse engineered mapping decision heuristic: A /24 inherits any included sampled instance type. A /24 containing a Dom0 IP address only contains Dom0 IP address. All /24’s between two consecutive Dom0 /24’s inherit the former’s associated type.

Task #2: Determining co-residence Co-residence: Check to determine if a given VM is placed in the same physical machine as another VM Network based check: – Match Dom0 IP addresses, check packet RTT, close IP addresses (within 7, since each machine has 8 VMs at most) – Traceroute provides Dom0 of target – No false positives found during experiments 2/15/2010en Spring 2010 Lecture 2 | JHU | Ragib Hasan13

Task #3: Making a probe VM co-resident with target VM Brute force scheme – Idea: figure out target’s availability zone and type – Launch many probe instances in the same area – Success rate: 8.4% 2/15/2010en Spring 2010 Lecture 2 | JHU | Ragib Hasan14

Task #3: Making a probe VM co-resident with target VM Smarter strategy: utilize locality – Idea: VM instances launched right after target are likely to be co-resident with the target – Paper claims 40% success rate 2/15/2010en Spring 2010 Lecture 2 | JHU | Ragib Hasan15

Task #3: Making a probe VM co-resident with target VM 2/15/2010en Spring 2010 Lecture 2 | JHU | Ragib Hasan16 Window of opportunity is quite large, measured in days

Task #4: Gather leaked information Now that the VM is co-resident with target, what can it do? – Gather information via side channels – Perform DoS 2/15/2010en Spring 2010 Lecture 2 | JHU | Ragib Hasan17

Task 4.1: Gathering information If VM’s are separated and secure, the best the attacker can do is to gather information – Measure latency of cache loads – Use that to determine Co-residence Traffic rates Keystroke timing 2/15/2010en Spring 2010 Lecture 2 | JHU | Ragib Hasan18

Mitigation strategies #1: Mapping Use a randomized scheme to allocate IP addresses Block some tools (nmap, traceroute) 2/15/2010en Spring 2010 Lecture 2 | JHU | Ragib Hasan19

Mitigation strategies #2: Co-residence checks Prevent traceroute (i.e., prevent identification of dom0) 2/15/2010en Spring 2010 Lecture 2 | JHU | Ragib Hasan20

Mitigation strategies #3: Co-location Not allow co-residence at all – Beneficial for cloud user – Not efficient for cloud provider 2/15/2010en Spring 2010 Lecture 2 | JHU | Ragib Hasan21

Mitigation strategies #4: Information leakage Prevent cache load attacks? 2/15/2010en Spring 2010 Lecture 2 | JHU | Ragib Hasan22

Discussion How is the problem different from other attacks? What’s so special about clouds? 2/15/2010en Spring 2010 Lecture 2 | JHU | Ragib Hasan23

Discussion Cons – Are the side channels *really* effective? 2/15/2010en Spring 2010 Lecture 2 | JHU | Ragib Hasan24

2/15/201025en Spring 2010 Lecture 2 | JHU | Ragib Hasan Further Reading Amazon downplays report highlighting vulnerabilities in its cloud service Hypothetical example described in report much harder to pull off in reality, company says TechWorld, Oct 29,