Download
security and privacy in cloud computing n.
Skip this Video
Loading SlideShow in 5 Seconds..
Security and Privacy in Cloud Computing PowerPoint Presentation
Download Presentation
Security and Privacy in Cloud Computing

Security and Privacy in Cloud Computing

158 Views Download Presentation
Download Presentation

Security and Privacy in Cloud Computing

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Security and Privacy in Cloud Computing Ragib HasanUniversity of Alabama at BirminghamCS 491/691/791 Fall 2011 Lecture 2 08/18/2011

  2. Basic security concepts Goal Crash course on computer security!! Learn how to analyze the security of a system/scheme in a systematic manner. Examinecloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011

  3. What is computer security? In a nutshell – • Knowing who is who, for real !! (authentication) • Keeping bad guys out, letting good guys in (authorization) • Ensuring secrecy of sensitive info (confidentiality and privacy) • Making sure no one broke anything (integrity) • Preventing bad guys from paralyzing systems through resource starvation (availability) Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011

  4. What makes computer security different from most other CS topics? Security is mostly a human problem Most security problems are as old as human civilization itself!! Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011

  5. Authentication Problem: How do we verify the identity of an entity? Solution: Use the common authentication factors: • What you know • What you have • What you are • Who you know How does it relate to a cloud? Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011

  6. Authorization Problem: How do we figure out what an entity is allowed to access or do? Solution: Use access control rules/models/roles, capabilities, etc. How does it relate to a cloud? Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011

  7. Confidentiality and Privacy Problem: How can we keep secret information secret? (i.e., prevent unauthorized entities from reading it) Solution: Encryption How does it relate to a cloud? Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011

  8. Integrity Problem: How can we prevent/detect unauthorized modification of objects? Solution: • Tamper proofing (hard to do!!) • Tamper evidence (via signatures, hashes) How does it relate to a cloud? Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011

  9. Availability Problem: How can we prevent malicious parties from overloading our system? Solution: Throttling, puzzles, ip blacklisting How does it relate to a cloud? Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011

  10. Threat Model A threat model helps in analyzing a security problem, design mitigation strategies, and evaluate solutions Steps: • Identify attackers, assets, threats,and other components • Rank the threats • Choose mitigation strategies • Build solutions based on the strategies Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011

  11. Threat Model Basic components • Attacker modeling • Choose what attacker to consider • Attacker motivation and capabilities • Assets / Attacker Goals • Vulnerabilities / threats Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011

  12. Recall: Cloud Computing Stack Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011

  13. Recall: Cloud Architecture SaaS / PaaS Provider Client Cloud Provider (IaaS) Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011

  14. Attackers Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011

  15. Who is the attacker? • Insider? • Malicious employees at client • Malicious employees at Cloud provider • Cloud provider itself • Outsider? • Intruders • Network attackers? Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011

  16. Attacker Capability: Malicious Insiders • At client • Learn passwords/authentication information • Gain control of the VMs • At cloud provider • Log client communication Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011

  17. Attacker Capability: Cloud Provider • What? • Can read unencrypted data • Can possibly peek into VMs, or make copies of VMs • Can monitor network communication, application patterns Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011

  18. Attacker motivation: Cloud Provider • Why? • Gain information about client data • Gain information on client behavior • Sell the information or use itself • Why not? • Cheaper to be honest? • Why? (again) • Third party clouds? Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011

  19. Attacker Capability: Outside attacker • What? • Listen to network traffic (passive) • Insert malicious traffic (active) • Probe cloud structure (active) • Launch DoS Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011

  20. Assets Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011

  21. Threat Model Basic components • Attacker modeling • Choose what attacker to consider • Attacker motivation and capabilities • Assets / Attacker Goals • Vulnerabilities / threats Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011

  22. Attacker goals: Outside attackers • Intrusion • Network analysis • Man in the middle • Cartography Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011

  23. Assets (Attacker goals) • Confidentiality: • Data stored in the cloud • Configuration of VMs running on the cloud • Identity of the cloud users • Location of the VMs running client code Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011

  24. Assets (Attacker goals) • Integrity • Data stored in the cloud • Computations performed on the cloud Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011

  25. Assets (Attacker goals) • Availability • Cloud infrastructure • SaaS / PaaS Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011

  26. Threats Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011

  27. Organizing the threats using STRIDE • Spoofing identity • Tampering with data • Repudiation • Information disclosure • Denial of service • Elevation of privilege Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011

  28. Typical threats [STRIDE] Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011

  29. Typical threats (contd.) [STRIDE] Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011

  30. Summary • A threat model helps in designing appropriate defenses against particular attackers • Your solution and security countermeasures will depend on the particular threat model you want to address Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011

  31. Further Reading Frank Swiderski and Window Snyder , “Threat Modeling “, Microsoft Press, 2004 The STRIDE Threat Model Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011