1 / 24

Security and Privacy in Cloud Computing

Security and Privacy in Cloud Computing. Ragib Hasan Johns Hopkins University en.600.412 Spring 2010. Lecture 2 02/01/2010. Threats, vulnerabilities, and enemies. Goal Learn the cloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud

cuneo
Télécharger la présentation

Security and Privacy in Cloud Computing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security and Privacy in Cloud Computing Ragib HasanJohns Hopkins Universityen.600.412 Spring 2010 Lecture 2 02/01/2010

  2. Threats, vulnerabilities, and enemies Goal Learn the cloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud Technique Apply different threat modeling schemes en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

  3. Assignment for next class • Review: Thomas Ristenpart et al., Hey, You, Get Off of My Cloud! Exploring Information Leakage in Third-Party Compute Clouds, proc. ACM CCS 2009. • Format: • Summary: A brief overview of the paper, 1 paragraph (5 / 6 sentences) • Pros: 3 or more issues • Cons: 3 or more issues • Possible improvements: Any possible suggestions to improve the work • Due: 2.59 pm 2/8/2010 • Submission: By email to rhasan7@jhu.edu (text only, no attachments please) en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

  4. Threat Model A threat model helps in analyzing a security problem, design mitigation strategies, and evaluate solutions Steps: • Identify attackers, assets, threats and other components • Rank the threats • Choose mitigation strategies • Build solutions based on the strategies en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

  5. Threat Model Basic components • Attacker modeling • Choose what attacker to consider • Attacker motivation and capabilities • Assets / Attacker Goals • Vulnerabilities / threats en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

  6. Recall: Cloud Computing Stack en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

  7. Recall: Cloud Architecture SaaS / PaaS Provider Client Cloud Provider (IaaS) en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

  8. Attackers en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

  9. Who is the attacker? • Insider? • Malicious employees at client • Malicious employees at Cloud provider • Cloud provider itself • Outsider? • Intruders • Network attackers? en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

  10. Attacker Capability: Malicious Insiders • At client • Learn passwords/authentication information • Gain control of the VMs • At cloud provider • Log client communication en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

  11. Attacker Capability: Cloud Provider • What? • Can read unencrypted data • Can possibly peek into VMs, or make copies of VMs • Can monitor network communication, application patterns en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

  12. Attacker motivation: Cloud Provider • Why? • Gain information about client data • Gain information on client behavior • Sell the information or use itself • Why not? • Cheaper to be honest? • Why? (again) • Third party clouds? en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

  13. Attacker Capability: Outside attacker • What? • Listen to network traffic (passive) • Insert malicious traffic (active) • Probe cloud structure (active) • Launch DoS en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

  14. Attacker goals: Outside attackers Intrusion Network analysis Man in the middle Cartography en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

  15. Assets en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

  16. Assets (Attacker goals) • Confidentiality: • Data stored in the cloud • Configuration of VMs running on the cloud • Identity of the cloud users • Location of the VMs running client code en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

  17. Assets (Attacker goals) • Integrity • Data stored in the cloud • Computations performed on the cloud en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

  18. Assets (Attacker goals) • Availability • Cloud infrastructure • SaaS / PaaS en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

  19. Threats en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

  20. Organizing the threats using STRIDE Spoofing identity Tampering with data Repudiation Information disclosure Denial of service Elevation of privilege en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

  21. Typical threats [STRIDE] en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

  22. Typical threats (contd.) [STRIDE] en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

  23. Summary A threat model helps in designing appropriate defenses against particular attackers Your solution and security countermeasures will depend on the particular threat model you want to address en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

  24. Further Reading Frank Swiderski and Window Snyder , “Threat Modeling “, Microsoft Press, 2004 The STRIDE Threat Model en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

More Related