Adversaries in Clouds: Protecting Data in Cloud-Based Applications Nick Feamster Georgia Tech.

Slides:

Advertisements

Similar presentations

1 OpenFlow Research on the Georgia Tech Campus Network Russ Clark Nick Feamster Students: Yogesh Mundada, Hyojoon Kim, Ankur Nayak, Anirudh Ramachandran,

Advertisements

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Akamai DNS Offerings RSA © Conference ©2013 AKAMAI | FASTER FORWARD TM Akamai DNS Solutions Enhanced DNS (eDNS) Scalable, outsourced, DNS solution.

Proposal by Cheryl Mesagna 10/15/ PROPOSAL A web server using a database back end and hosting SQL Ledger accounting software. Advantages of this.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

SilverLine: Preventing Data Leaks from Compromised Web Applications Yogesh Mundada Anirudh Ramachandran Nick Feamster Georgia Tech 1 Appeared in Annual.

Adding scalability to legacy PHP web applications Overview Mario A. Valdez-Ramirez.

2 An Overview of Telecommunications and Networks Telecommunications: the _________ transmission of signals for communications (home net) (home net)

Trusted End Host Monitors for Securing Cloud Datacenters Alan Shieh †‡ Srikanth Kandula ‡ Albert Greenberg ‡ †‡

Supervisor : Mr. Hadi Salimi Advanced Topics in Information Systems Mazandaran University of Science and Technology February 4, 2011 Survey on Cloud Computing.

Future Work Needed Kenneth Wade Najim Yaqubie. Outline 1.Model is simple 2.Too many assumptions 3.Conflicting internal architectures 4.Security Challenges.

MyCloudIT Removes the Complexity of Moving Cloud Customers’ Entire IT Infrastructures to Microsoft Azure – Including the Desktop MICROSOFT AZURE ISV: MYCLOUDIT.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica System architectures Updated: November 2014.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.

6/4/98SIGMOD'98 -- Cornell Predator Project1 Secure and Portable Database Extensibility Tobias Mayr Michael Godfrey Praveen Seshadri Thorsten von Eicken.

Virtual Machine approach to Security Gautam Prasad and Sudeep Pradhan 10/05/2010 CS 239 UCLA.

Web Server Security By Michael Huang. Web Server Security - Background Experts gets hacked (AOL, MSN, FBI, CIA, etc…) Loss of Trade Secrets, Company Embarrassment,

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Operating and Optimizing Multi-Tenant SaaS Applications in Windows Azure: An IT Pro Perspective Rainer Stropek CEO, Co-Founder software architects gmbh.

Platform as a Service (PaaS)

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

Software-Defined Networks Jennifer Rexford Princeton University.

 Prototype for Course on Web Security ETEC 550.  Huge topic covering both system/network architecture and programming techniques.  Identified lack.

Computer & Network Security

In the name of God :).

FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.

Jim Stikeleather Chief Innovation Officer November 22, 2010 Technical Exchange: Defending the Cloud in a Hostile Environment.

1 The Fast(est) Path to Building a Private/Hybrid Cloud October 25th, 2011 Paul Mourani RightScale.

1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.

Archiving Solutions Software vs. Hosted vs. Appliance Based.

Pedigree: Network-wide Protection Against Enterprise Data Leaks Team: Nick Feamster, Assistant Professor, School of CS Anirudh Ramachandran, PhD candidate,

Firewall Security.

Drew Reinders | GSEC Principal Solutions Engineer Defending Your Castle.

McLean HIGHER COMPUTER NETWORKING Lesson 14 Firewalls & Filtering Comparison of Internet content filtering methods: firewalls, Internet filtering.

POP-SNAQ: Privacy-preserving Open Platform for Social Network Application Queries Brian Thompson Huijun Xiong.

Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.

CRM in Education: Raising Standards. Saving Time. Presented by: Daniel Petersen Director of Business Solutions Applied Tech.

PwC New Technologies New Risks. PricewaterhouseCoopers Technology and Security Evolution Mainframe Technology –Single host –Limited Trusted users Security.

Security in Cloud Computing Zac Douglass Chris Kahn.

DATA COMPROMISE Controlling the flow of sensitive electronic information remains a major challenge, ranging from theft to accidental violation of policies.

Hello Cloud… Mike Benkovich

Scrapping the Internet Presented by Dhaval Joshi.

Chapter 11 – Cloud Application Development. Contents Motivation. Connecting clients to instances through firewalls. Cloud Computing: Theory and Practice.

By: Keith Reiter COSC 356. Today’s Agenda Introduction Types of firewalls Firewall Access Rules Firewall Logging Who needs a firewall Summary.

Cofax Scalability Document Version Scaling Cofax in General The scalability of Cofax is directly related to the system software, hardware and network.

Threat Management Server Eusebio Nieva Director Técnico Check Point España y Portugal.

Despite of spending high on digital information security, organizations still remain exposed to external threats. However, data center providers are helping.

Common System Exploits Tom Chothia Computer Security, Lecture 17.

Clouding with Microsoft Azure

Chapter 6: Securing the Cloud

Firewall Techniques Matt Cupp.

Web Application Vulnerabilities, Detection Mechanisms, and Defenses

Windows Server 2016 Secure IaaS Microsoft Build /1/2018 4:00 AM

Advanced Threat Protection

Outline Introduction Characteristics of intrusion detection systems

TYPES OF SERVER. TYPES OF SERVER What is a server.

Software Architecture in Practice

Network Services, Cloud Computing, and Virtualization

Using cryptography in databases and web applications

VMware NSX and Micro-Segmentation

Home Internet Vulnerabilities

Azure Cloud Solution Enables a More Powerful, Robust Multilayer Security for Client Web Assets “Microsoft Azure’s cloud technologies allow us to provide.

Design pattern for cloud Application

Security in Cloud Computing

Presentation transcript:

Adversaries in Clouds: Protecting Data in Cloud-Based Applications Nick Feamster Georgia Tech

Building Applications on the Cloud Used for a wide variety of services and applications Built using a variety of technology – Programming languages – Web servers – Load balancers – Application frameworks New opportunities for external adversaries – About 85% of data leaks occur due to external attacks at servers [Verizon data breach report]. – Existing attacks on software applications – But, applications are also hosted on untrusted platforms “You can’t trust code that you did not totally create yourself.” – Ken Thomson, Reflections on Trusting Trust

Possible Defenses Check the Web application for vulnerabilities – Doesn’t defend against zero-day attacks, programmer error, etc. – Must trust all underlying hardware and software infrastructure, as well – No protection once the account is compromised Isolate each session in a virtual machine – Significant performance overhead

Protect the Data (in addition to the application) Proposal: A data firewall for cloud-based Web applications Apply network-level information flow control to data hosted by Web applications – Associate a taint with a piece of data (e.g., row in a database table) – Rewrite queries to retrieve taints with data – Propagate taints across processes and network – Perform IFC based on taints associated with data

New Adversary Models The “foreign” code base is increasing – Application security is getting harder Position: Protect the data, not just the application Network-wide DLP could benefit cloud-based applications in other settings, too – Data isolation between multi-tenant application services