Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cloud Security Solutions

Published byAnne Lynch Modified over 6 years ago

Similar presentations

Presentation on theme: "Cloud Security Solutions"— Presentation transcript:

1 Cloud Security Solutions

2 Possible Solutions Minimize Lack of Trust Minimize Loss of Control
Policy Language Certification Minimize Loss of Control Monitoring Utilizing different clouds Access control management Identity Management (IDM) Minimize Multi-tenancy

3 Minimize Lack of Trust: Policy Language
Consumers have specific security needs but don’t have a say-so in how they are handled What the heck is the provider doing for me? Currently consumers cannot dictate their requirements to the provider (SLAs are one-sided) Standard language to convey one’s policies and expectations Agreed upon and upheld by both parties Standard language for representing SLAs Can be used in a intra-cloud environment to realize overarching security posture These SLAs typically state the high level policies of the provider (e.g. Will maintain uptime of 98%) and do not allow cloud consumers to dictate their requirements to the provider. COI clouds in particular have specific security policy requirements that must be met by the provider, due to the nature of COIs and the missions they are used for. These requirements need to be communicated to the provider and the provider needs to provide some way of stating that the requirements can be met. Cloud consumers and providers need a standard way of representing their security requirements and capabilities. Consumers also need a way to verify that the provided infrastructure and its purported security mechanisms meet the requirements stated in the consumer’s policy (proof of assertions). For example, if the consumer’s policy requires isolation of VMs, the provider can create an assertion statement that says it uses cache separation to support VM isolation.

4 Minimize Lack of Trust: Policy Language (Cont.)
Create policy language with the following characteristics: Machine-understandable (or at least processable), Easy to combine/merge and compare Examples of policy statements are, “requires isolation between VMs”, “requires geographical isolation between VMs”, “requires physical separation between other communities/tenants that are in the same industry,” etc. Need a validation tool to check that the policy created in the standard language correctly reflects the policy creator’s intentions (i.e. that the policy language is semantically equivalent to the user’s intentions).

5 Minimize Lack of Trust: Certification
Some form of reputable, independent, comparable assessment and description of security features and assurance Sarbanes-Oxley, DIACAP, DISTCAP, etc (are they sufficient for a cloud environment?) Risk assessment Performed by certified third parties Provides consumers with additional assurance

6 Minimize Loss of Control: Monitoring
Cloud consumer needs situational awareness for critical applications When underlying components fail, what is the effect of the failure to the mission logic What recovery measures can be taken (by provider and consumer) Requires an application-specific run-time monitoring and management tool for the consumer The cloud consumer and cloud provider have different views of the system Enable both the provider and tenants to monitor the components in the cloud that are under their control When the underlying components fail in the cloud, the effect of the failures to the mission logic needs to be known so that correct recovery measures can be performed. We propose an application-specific run-time monitoring and management tool. With this tool, the application logic can remain on the consumer’s host computer. This allows the consumer to centrally monitor all aspects of the application as well as data flow. Since all outputs from underlying services are sent to the application logic, any data incompatibility between services is not an issue. The capabilities of the run-time monitoring and management tool are as follows: 1) Enable application user to determine the status of the cloud resources that may be used to run the application (across multiple clouds), 2)  Enable application user to determine the real-time security posture and situational awareness of the application, 3) Provide the application user with the ability to move user’s application (or part of it) to another site (other VM in same cloud or different cloud altogether), 4) Provide the application user with the ability to change the application logic on the fly, 5) Provide communicate capabilities with cloud providers. There are a few cloud vendors such as NimSoft [41] and Hyperic [42] that provide application-specific monitoring tools that provide some of the above functionality. These monitoring tools may be further enhanced or used in conjunction with other tools to provide the degree of monitoring required. However, any tool that is to be used for military purposes must also receive some type of accreditation and certification procedure.

7 Minimize Loss of Control: Monitoring (Cont.)
Provide mechanisms that enable the provider to act on attacks he can handle. infrastructure remapping (create new or move existing fault domains) shutting down offending components or targets (and assisting tenants with porting if necessary Repairs Provide mechanisms that enable the consumer to act on attacks that he can handle (application-level monitoring). RAdAC (Risk-adaptable Access Control) VM porting with remote attestation of target physical host Provide ability to move the user’s application to another cloud

8 Minimize Loss of Control: Utilize Different Clouds
The concept of ‘Don’t put all your eggs in one basket’ Consumer may use services from different clouds through an intra-cloud or multi-cloud architecture Propose a multi-cloud or intra-cloud architecture in which consumers Spread the risk Increase redundancy (per-task or per-application) Increase chance of mission completion for critical applications Possible issues to consider: Policy incompatibility (combined, what is the overarching policy?) Data dependency between clouds Differing data semantics across clouds Knowing when to utilize the redundancy feature (monitoring technology) Is it worth it to spread your sensitive data across multiple clouds? Redundancy could increase risk of exposure Differering data semantics example: does a data item labeled secret in one cloud have the same semantics as another piece of data also labeled secret in a different cloud?

9 Minimize Loss of Control: Access Control
Many possible layers of access control E.g. access to the cloud, access to servers, access to services, access to databases (direct and queries via web services), access to VMs, and access to objects within a VM Depending on the deployment model used, some of these will be controlled by the provider and others by the consumer Regardless of deployment model, provider needs to manage the user authentication and access control procedures (to the cloud) Federated Identity Management: access control management burden still lies with the provider Requires user to place a large amount of trust on the provider in terms of security, management, and maintenance of access control policies. This can be burdensome when numerous users from different organizations with different access control policies, are involved In cloud computing (as well as other systems), there are many possible layers of access control. For example, access to the cloud, access to servers, access to services, access to databases (direct and queries via web services), access to VMs, and access to objects within a VM. Depending on the deployment model used, some of these will be controlled by the provider and others by the consumer. For example, Google Apps, a representative SaaS Cloud controls authentication and access to its applications, but users themselves can control access to their documents through the provided interface to the access control mechanism. In IaaS type approaches, the user can create accounts on its virtual machines and create access control lists for these users for services located on the VM. Regardless of the deployment model, the provider needs to manage the user authentication and access control procedures (to the cloud). While some providers allow federated authentication – enabling the consumer-side to manage its users, the access control management burden still lies with the provider. This requires the user to place a large amount of trust on the provider in terms of security, management, and maintenance of access control policies. This can be burdensome when numerous users from different organizations with different access control policies, are involved. This proposal focuses on access control to the cloud. However, the concepts here could be applied to access control at any level, if deemed necessary. We propose a way for the consumer to manage the access control decision-making process to retain some control, requiring less trust of the provider. Approach: This approach requires the client and provider to have a pre-existing trust relationship, as well as a pre-negotiated standard way of describing resources, users, and access decisions between the cloud provider and consumer. It also needs to be able to guarantee that the provider will uphold the consumer-side’s access decisions. Furthermore, we need to show that this approach is at least as secure as the traditional access control model. This approach requires the data owner to be involved in all requests. Therefore, frequent access scenarios should not use this method if traffic is a concern. However, many secure data outsourcing schemes require the user to grant keys/certificates to the query side, so that every time the user queries a database, the owner needs to be involved. Therefore, not much different than that so may not be a problem.

10 Minimize Loss of Control: Access Control (Cont.)
Consumer-managed access control Consumer retains decision-making process to retain some control, requiring less trust of the provider (i.e. PDP is in consumer’s domain) Requires the client and provider to have a pre-existing trust relationship, as well as a pre-negotiated standard way of describing resources, users, and access decisions between the cloud provider and consumer. It also needs to be able to guarantee that the provider will uphold the consumer-side’s access decisions. Should be at least as secure as the traditional access control model. Facebook and Google Apps do this to some degree, but not enough control Applicability to privacy of patient health records

11 Proposed IDM: Characteristics and Advantages
Ability to use Identity data on untrusted hosts Self Integrity Check Integrity compromised- apoptosis or evaporation Data should not be on this host Independent of Third Party Prevents correlation attacks Establishes the trust of users in IDM Through putting the user in control of who has his data Identity is being used in the process of authentication, negotiation, and data exchange. Minimal disclosure to the SP SP receives only necessary information.

12 Proposed IDM: Conclusion & Future Work
Problems with IDM in Cloud Computing Collusion of Identity Information Prohibited Untrusted Hosts Usage of Trusted Third Party Proposed Approaches IDM based on Anonymous Identification IDM based on Predicate over Encrypted data Future work Develop the prototype, conduct experiments and evaluate the approach

13 Minimize Multi-tenancy
Can’t really force the provider to accept less tenants Can try to increase isolation between tenants Strong isolation techniques (VPC to some degree) C.f. VM Side channel attacks (T. Ristenpart et al.) QoS requirements need to be met Policy specification Can try to increase trust in the tenants Who’s the insider, where’s the security boundary? Who can I trust? Use SLAs to enforce trusted behavior

14 Mitigating Cloud Computing Availability Issues
Risk analysts will tell you that when you confront a risk, you can try to eliminate the risk, you can mitigate/minimize the impact of the risk, or you can simply accept the risk. If you truly require non-stop availability, you can try using multiple cloud providers, or you could use public and private cloud nodes to improve redundancy. Some cloud computing services also offer service divided into multiple "regions." By deploying infrastructure in multiple regions, isolation from "single-region-only" events (such as the power outage mentioned previously) can be obtained. Availability issues may also be able to be at least partially mitigated at the application level by things like local caching. Sometimes, though, it may simply make financial sense for you to just accept the risk of a rare and brief outage. (Remember, availability==> 52+ minutes downtime/yr)

15 Mitigating Data Loss Risks
The risk of data loss (as in the T-Mobile Sidekick case) is an exception to the availability discussion on the preceding slide. Users may be able to tolerate an occasional service interrup-tion, but non-recoverable data losses can kill a business. Most cloud computing services use distributed and replicated global file systems which are designed to insure that hardware failures (or even loss of an entire data center) will not result in any permanent data loss, but I believe there is still value in doing a traditional off site backup of one's data, whether that data is in use by traditional servers or cloud computing servers. When looking for solutions, make sure you find ones that backs up data FROM the cloud (many backup solutions are meant to backup local data TO the cloud!)

16 Cloud Computing And Perimeter Security
There may be a misconception that cloud computing resources can't be sheltered behind a firewall (see for example "HP's Hurd: Cloud computing has its limits (especially when you face 1,000 attacks a day)," Oct 20th, 2009, ) Contrast that with "Amazon Web Services: Overview of Security Processes" (see the refs at the back). AWS has a mandatory inbound firewall configured in a default deny mode, and customers must explicitly open ports inbound.

17 Cloud Computing & Host-Based Intrusion Detection
While I'm not very enthusiastic about firewalls, I am a big fan of well-instrumented/well-monitored systems and networks. Choosing cloud computing does not necessarily mean forgoing your ability to monitor systems for hostile activity. One example of a tool that can help with this task is OSSEC (the Open Source Host-Based Intrusion Detection System), an IDS which supports virtualized environments:

18 Cloud Computing Also Relies on the Security of Virtualization
Because cloud computing is built on top of virtualization, if there are security issues with virtualization, then there will also security issues with cloud computing. For example, could someone escape from a guest virtual machine instance to the host OS? While the community has traditionally been somewhat skeptical of this possibility, that changed with Blackhat USA 2009, where Kostya Kortchinsky of Immunity Inc. presented "Cloudburst: A VMware Guest to Host Escape Story", see BHUSA09-Kortchinsky-Cloudburst-SLIDES.pdf Kostya opined: "VMware isn't an additional security layer, it's just another layer to find bugs in" [put another way, running a virtualization product increases the attack surface]

19 Choice of Cloud Provider
Cloud computing is a form of outsourcing, and you need a high level of trust in the entities you'll be partnering with. It may seem daunting at first to realize that your application depends (critically!) on the trustworthiness of your cloud providers, but this is not really anything new -- today, even if you're not using the cloud, you already rely on and trust: -- network service providers, -- hardware vendors, -- software vendors, -- service providers, -- data sources, etc. Your cloud provider will be just one more entity on that list.

20 Cloud Provider Location
You actually want to know (roughly) where your cloud lives. For example, one of the ways that cloud computing companies keep their costs low is by locating their mega data centers in locations where labor, electricity and real estate costs are low, and network connectivity is good. Thus, your cloud provider could be working someplace you may never have heard of, such as The Dalles, Oregon, where power is cheap and fiber is plentiful, or just as easily someplace overseas. If your application and data do end up at an international site, those systems will be subject to the laws and policies of that jurisdiction. Are you comfortable with that framework? Are you also confident that international connectivity will remain up and uncongested? Can you live with the latencies involved?

21 Cloud Provider Employees
If you're like most sites, you're probably pretty careful about the employees you hire for critical roles (such as sysadmins and network enginers). But what about your cloud provider? If your cloud provider has careless or untrustworthy system administrators, the integrity/privacy of your data's at risk. How can you tell if your cloud provider has careful and trustworthy employees? Ask them! -- Do backgrounds get checked before people get hired? -- Do employees receive extensive in-house training? -- Do employees hold relevant certifications? -- Do checklists get used for critical operations? -- Are system administrator actions tracked and auditable on a post hoc basis if there's an anomalous event? -- Do administrative privileges get promptly removed when employees leave or change their responsibilities?

22 Cloud Provider Transparency
You will only be able to assess the sufficiency of cloud provider security practices if the cloud provider is willing to disclose its security practices to you. If your provider treats security practices as a confidential or business proprietary thing, and won't disclose their security practices to you, you'll have a hard time assessing the sufficiency of their security practices. Unfortunately, you may need to consider using a different provider. Remember: "Trust, but verify." [A proverb frequently quoted by President Reagan during arms control negotiations] I'm not known for being a big Microsoft cheerleader, but Microsoft deserves recognition for promoting both their Cloud Computing Advancement Act and pressing cloud vendors to police themselves when it comes to transparency.

23 An Example of The Wrong Approach

24 Provider Failures Are Also A Real Possibility
Even for a red-hot technology like cloud computing, there is no guarantee that your providers will financially survive. What will you do if your provider liquidates?

25 Pen Testing; Working Incidents In The Cloud
Standard pen testing processes which you may use on your own infrastructure may not be an option in an outsourced environment (the cloud provider may not be able to distinguish your tests from an actual attack, or your tests may potentially impact other users in unacceptable ways) If you do have a security incident involving cloud-based operations, how will you handle investigating and working that incident? Will you have the access logs and network traffic logs you may need? Will you be able to tell what data may have been exfiltrated from your application? What if your system ends up being the origin of an attack? Are you comfortable with your provider's processes for disclosing information about you and your processes/data?

26 Conclusion Cloud computing is sometimes viewed as a reincarnation of the classic mainframe client-server model However, resources are ubiquitous, scalable, highly virtualized Contains all the traditional threats, as well as new ones In developing solutions to cloud computing security issues it may be helpful to identify the problems and approaches in terms of Loss of control Lack of trust Multi-tenancy problems

27 Questions

Download ppt "Cloud Security Solutions"

Similar presentations

Pros and Cons of Cloud Computing Professor Kam-Fai Wong Faculty of Engineering The Chinese University of Hong Kong.

Pros and Cons of Cloud Computing Professor Kam-Fai Wong Faculty of Engineering The Chinese University of Hong Kong.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
INTRODUCTION TO CLOUD COMPUTING CS 595 LECTURE 6 2/13/2015.

INTRODUCTION TO CLOUD COMPUTING CS 595 LECTURE 6 2/13/2015.
© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.

© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.
Security Controls – What Works

Security Controls – What Works
Network Management Overview IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Network Management Overview IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Presented by Sujit Tilak. Evolution of Client/Server Architecture Clients & Server on different computer systems Local Area Network for Server and Client.

Presented by Sujit Tilak. Evolution of Client/Server Architecture Clients & Server on different computer systems Local Area Network for Server and Client.
Mobile Data Sharing over Cloud Group No. 8 - Akshay Kantak - Swapnil Chavan - Harish Singh.

Mobile Data Sharing over Cloud Group No. 8 - Akshay Kantak - Swapnil Chavan - Harish Singh.
5205 – IT Service Delivery and Support

5205 – IT Service Delivery and Support
Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,

Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.

Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.
Cloud Computing Cloud Security– an overview Keke Chen.

Cloud Computing Cloud Security– an overview Keke Chen.
Osama Shahid ( ) Vishal ( ) BSCS-5B

Osama Shahid ( ) Vishal ( ) BSCS-5B
No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+

No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+

Similar presentations

Ads by Google