Presentation is loading. Please wait.

Presentation is loading. Please wait.

Off-line Risk Assessment of Cloud Service Provider

Published byAileen Greene Modified over 6 years ago

Similar presentations

Presentation on theme: "Off-line Risk Assessment of Cloud Service Provider"— Presentation transcript:

1 Off-line Risk Assessment of Cloud Service Provider
Amartya Sen & Sanjay Madria Department of Computer Science {asrp6,

2 Motivation Major concern while adopting cloud services – Security
Availability of standard cloud security, but uncertainty about individual application security Cloud Security – A big black box to clients

3 Security is the Major Issue
Fig: A user survey of cloud services concerns,

4 Objective Find client’s security requirements
Assess cloud vendor’s trustworthiness Cost benefit trade off analysis Selection of best cloud adoption strategy

5 Related Work Project Risk Assessment Cloud Vendor Risk Assessment
Microsoft SDL - STRIDE EMC’s DDTM Cloud Vendor Risk Assessment ENISA PCI DSS Security White Papers

6 Framework Mission Oriented Risk Assessment
Project Assessment through System Design Analyze system design for security threats Cloud Vendor Security Assessment Assess security measures of different cloud vendors Compare security measures with mission oriented security requirements Cloud Adoption Strategies Cost benefit Trade-off analysis Select Optimal Cloud Adoption Plan

7 Mission Oriented Risk Assessment
Analyze system design Scan System Data Flow Diagram (DFD) Identify Vulnerability – STRIDE Analysis Identify feasible attacks CAPEC Database Rank threats DREAD Select security requirements

8 STRIDE Analysis Acronym for the common vulnerabilities that can exist in a system Spoofing Tampering Repudiation Information Disclosure Denial of Service Elevation of Privilege

9 STRIDE Analysis (Cont’d)
Analyze system elements of a DFD based on STRIDE vulnerabilities Each system element is associated with a given set of vulnerabilities Analysis is element dependent and not application dependent Process elements – (S,T,R,I,D,E) Data store elements – (T,I,R,D) Narrow down applicable vulnerabilities by analyzing system design and available security measures

10 Fig: DFD of an Online Movie Streaming and Renting Application

11 CAPEC Database Common Attack Pattern Enumeration and Classification Database Exportable in xml file format Consists of detailed attack definition and mitigation of known attacks Determine attacks that can exploit the identified vulnerabilities

12 Derived Tree Structure from CAPEC
Considering Spoofing attack category and an instantiation of an attack, Identity Spoofing, under it: Spoofing Symlink Attack Content Spoofing Attack Identity Spoofing Attack Pharming Man in the Middle Phising Create Malicious Client Action Spoofing Attack

13 Mapping STRIDE Vulnerabilities to CAPEC Attack Patterns
STRIDE Vulnerability CAPEC Attack Pattern Category Spoofing Tampering Data Structure Attacks, Injection, Remote Code Inclusion Repudiation Attack categories of Spoofing and Tampering Information Disclosure Data Leakage Attacks, Path Traversal, Functionality Misuse Denial of Service Resource Depletion Attacks Elevation of Privilege Exploitation of Authentication, Exploitation of Privilege or Trust, Privilege of Escalation

14 DREAD Ranking Acronym representing fields to identify the impact of an attack Damage Reproducibility Exploitability Affected Users Discoverability

15 DREAD Ranking (Cont’d)
Subjective in nature Each DREAD category is mapped to a qualitative score of High, Medium, or Low Qualitative scores are then converted to quantitative scores based on ranking scale selected by an organization (0-3, 0-10, or 0-100)

16 DREAD Ranking - Example
For a quantitative scale of 0-10 High: 7-10 Medium: 3-7 Low: 0-3 Let for an attack, X, DREAD scores be as follows: D:10, R:10, E: 5, A: 5, Di: 5 Rank(X) = (D + R + E + A + Di)/5 A net rank of 7 out of 10

17 Cloud Vendor Security Assessment
Compare and contrast different Cloud Vendor security solution based on client’ requirements Security Coverage Risk Reduction Factor Trustworthiness

18 Security Coverage Assess available security measures employed by different cloud vendors Security white papers SLA Tendor notes Third party security assessments

19 Security Coverage (Cont’d)
Compare and contrast available security measures with client’s security requirements Cloud S1 S2 Si Sn Security Coverage Application Vulnerabilities V1 V2 Vi Vn User Application

20 Risk Reduction Factor Given a threat and its Security Coverage, risk reduction factor is the amount by which the impact of the threat is reduced in the presence of the security measure 𝑅 𝑇 = 𝑀𝑖 ∈𝑀 𝛼𝑖𝑗 if security coverage is disjunctive, otherwise 𝑅 𝑇 = 𝑀𝑖 ∈𝑀 (1 −𝛼𝑖𝑗) if security coverage is conjunctive. Where, 𝛼𝑖𝑗 is the reduction factor for a threat 𝑇𝑖 in the presence of a security measure 𝑀𝑗

21 Trustworthiness The difference in the impact of the set of threats in the presence of security measures from that of their impact in the absence of security measures For a set of threats T, with impact scores 𝜕(𝑇) and reduction factor 𝑅(𝑇) 𝑇𝑟𝑢𝑠𝑡= 𝜕 𝑇 − 𝜕 𝑇 ×𝑅(𝑇)

22 Cloud Adoption Strategies
Cloud Adoption Plans Selection of Optimal Cloud Migration Policy

23 Cloud Adoption Plans Each cloud adoption plan will consist of the system elements that is being considered to be migrated onto the cloud platform Each of the developed cloud adoption plans will be assessed on the following factors Security Coverage dispersed by cloud Security cost availed by clients (in absence of security for certain threats)

24 Optimal Cloud Migration Policy
For each plan, total cost incurred can then be summarized as: 𝑃𝑙𝑎𝑛𝐴𝑠𝑠𝑒𝑠𝑠𝑚𝑒𝑛𝑡 𝑖 =𝑉𝑒𝑛𝐶𝑜𝑠𝑡 𝑖 +𝐶𝑙𝑖𝑒𝑛𝑡𝐶𝑜𝑠𝑡(𝑖) Where, 𝑉𝑒𝑛𝐶𝑜𝑠𝑡 𝑖 is the cost incurred by cloud to implement its security measures 𝐶𝑙𝑖𝑒𝑛𝑡𝐶𝑜𝑠𝑡 𝑖 is the cost incurred by client to implement preventive measures and avail cloud services A cost benefit trade-off analysis is performed to select the most optimal plan.

25 Future Directions Working tool realizing our proposed Off-line Risk Assessment Framework Validate results using Attack Surface Measurement metric

26

27

28 References Microsoft’s “the stride threat model”, msdn.microsoft.com
Microsoft’s “Ranking threats with dread”, msdn.microsoft.com Microsoft’s SDL, “threat modeling tool”, msdn.microsoft.com MITRE, “Common Attack Enumeration and Classification”, capec.mitre.org D. Dhillon, “Developer-driven threat modeling: Lessons learned in the trenches.”, IEEE Security & Privacy, vol. 9, pp , 2011 ENISA, “Cloud computing security risk assessment”, European Network and Information Security Agency, 2009 P. K. Manadhata and J. M. Wing, “An Attack Surface Metric”, IEEE Transactions on Software Engineering, vol. 37, no. 3, pp , 2011.

Download ppt "Off-line Risk Assessment of Cloud Service Provider"

Similar presentations

Sachin Rawat Crypsis SDL Threat Modeling.

Sachin Rawat Crypsis SDL Threat Modeling.
Lesson Title: Threat Modeling Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas 1 This.

Lesson Title: Threat Modeling Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas 1 This.
Risk Assessment What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling.

Risk Assessment What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling.
Bridging the gap between software developers and auditors.

Bridging the gap between software developers and auditors.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing.

Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing.
Engineering Secure Software. Uses of Risk Thus Far  Start with the functionality Use cases  abuse/misuse cases p(exploit), p(vulnerability)  Start.

Engineering Secure Software. Uses of Risk Thus Far  Start with the functionality Use cases  abuse/misuse cases p(exploit), p(vulnerability)  Start.
1 OS II: Dependability & Trust Threat Modeling & Security Metrics Dependable Embedded Systems & SW Group www.deeds.informatik.tu-darmstadt.de Prof. Neeraj.

1 OS II: Dependability & Trust Threat Modeling & Security Metrics Dependable Embedded Systems & SW Group Prof. Neeraj.
Copyright © Microsoft Corp 2006 Introduction to Threat Modeling Michael Howard, CISSP Senior Security Program Manager Security Engineering and Communication.

Copyright © Microsoft Corp 2006 Introduction to Threat Modeling Michael Howard, CISSP Senior Security Program Manager Security Engineering and Communication.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Application Threat Modeling Workshop

Application Threat Modeling Workshop
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.

Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2010 Lecture 2 02/01/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 2 02/01/2010 Security and Privacy in Cloud Computing.
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
Storage Security and Management: Security Framework

Storage Security and Management: Security Framework
Lecture 7: Threat Modeling CS 436/636/736 Spring 2014 Nitesh Saxena.

Lecture 7: Threat Modeling CS 436/636/736 Spring 2014 Nitesh Saxena.
Architecting secure software systems

Architecting secure software systems
1 Threat Modeling at Symantec OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec Edward Bonver Principal Software Engineer, Symantec Product.

1 Threat Modeling at Symantec OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec Edward Bonver Principal Software Engineer, Symantec Product.
Computer Science and Engineering 1 Csilla Farkas Associate Professor Center for Information Assurance Engineering Dept. of Computer Science and Engineering.

Computer Science and Engineering 1 Csilla Farkas Associate Professor Center for Information Assurance Engineering Dept. of Computer Science and Engineering.

Similar presentations

Ads by Google