Download
security and privacy in cloud computing n.
Skip this Video
Loading SlideShow in 5 Seconds..
Security and Privacy in Cloud Computing PowerPoint Presentation
Download Presentation
Security and Privacy in Cloud Computing

Security and Privacy in Cloud Computing

414 Views Download Presentation
Download Presentation

Security and Privacy in Cloud Computing

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Security and Privacy in Cloud Computing Ragib HasanUniversity of Alabama at BirminghamCS 491/691/791 Fall 2013 Lecture 3 09/03/2013

  2. Attacks and Attack Surfaces Goal: • Examine attack surfaces in a cloud • Learn about novel attacks on clouds Recommended reading (no reviews) Gruschka and Jensen, “Attack Surfaces: A Taxonomy for Attacks on Cloud Services”, 3rd International Conference on Cloud Computing, 2010 Ragib Hasan | UAB CIS | CS491/691/791 Fall 2013

  3. Announcements • Review Assignment #1 will be posted to course website this afternoon • Due: Tuesday, September 10, 12.29 pm • Please send reviews to ragib AT cis.uab.edu • Send review in plain text, in the email body (no attachments please) • Review format: Summary (5-6 sentences), Pros (3 or more points), Cons (3 or more points), Ideas for improvement Ragib Hasan | UAB CIS | CS491/691/791 Fall 2013

  4. Announcement Term Project • Must be a project related to cloud security • Form 2-member groups for the project • Project kickstart meeting: 9/5/2013, 12.30 pm-1.30 pm • Some sample project ideas will be provided • Feel free to come up with your own ideas • Amazon has donated compute time on the EC2 Cloud for this course Ragib Hasan | UAB CIS | CS491/691/791 Fall 2013

  5. Due dates • Project team formation: 9/5 • Project ideas: Due by 9/12 • Project progress meetings (Every 2 weeks, Sep-Nov) • Project demo: Early December Ragib Hasan | UAB CIS | CS491/691/791 Fall 2013

  6. Project Deliverables • Project Report: • A brief, 10-12 page writeup on the project and experiments • Project Demo: • (If possible and relevant) Ragib Hasan | UAB CIS | CS491/691/791 Fall 2013

  7. Traditional systems security vsCloud Computing Security Securing a cloud Securing a traditional system Ragib Hasan | UAB CIS | CS491/691/791 Fall 2013

  8. Traditional systems security vsCloud Computing Security Analogy Securing a motel Securing a house Owner and user are often the same entity Owner and users are almost invariably distinct entities Ragib Hasan | UAB CIS | CS491/691/791 Fall 2013

  9. Traditional systems security vsCloud Computing Security Securing a motel Securing a house Biggest user concerns Securing perimeter Checking for intruders Securing assets Biggest user concern Securing room against (the bad guy in next room | hotel owner) Ragib Hasan | UAB CIS | CS491/691/791 Fall 2013

  10. Attack Surfaces An attack surface is a vulnerability in a system that malicious users may utilize Ragib Hasan | UAB CIS | CS491/691/791 Fall 2013

  11. Clouds extend the attack surface • How? • By requiring users to communicate with the cloud over a public / insecure network • By sharing the infrastructure among multiple users Ragib Hasan | UAB CIS | CS491/691/791 Fall 2013

  12. Analyzing Attack Surfaces in Clouds Cloud attack surfaces can be modeled using a 3 entity model (user, service, cloud) Figure from: Gruschka et al., Attack Surfaces: A Taxonomy for Attacks on Cloud Services. Ragib Hasan | UAB CIS | CS491/691/791 Fall 2013

  13. Attack Surface: 1 • Service interface exposed towards clients • Possible attacks: Common attacks in client-server architectures • E.g., Buffer overflow, SQL injection, privilege escalation Ragib Hasan | UAB CIS | CS491/691/791 Fall 2013

  14. Attack Surface: 2 • User exposed to the service • Common attacks • E.g., SSL certificate spoofing, phishing Ragib Hasan | UAB CIS | CS491/691/791 Fall 2013

  15. Attack Surface: 3 • Cloud resources/interfaces exposed to service • Attacks run by service on cloud infrastructure • E.g., Resource exhaustion, DoS Ragib Hasan | UAB CIS | CS491/691/791 Fall 2013

  16. Attack Surface: 4 • Service interface exposed to cloud • Privacy attack • Data integrity attack • Data confidentiality attack Ragib Hasan | UAB CIS | CS491/691/791 Fall 2013

  17. Attack Surface: 5 • Cloud interface exposed to users • Attacks on cloud control Ragib Hasan | UAB CIS | CS491/691/791 Fall 2013

  18. Attack Surface: 6 • User exposed to cloud • How much the cloud can learn about a user? Ragib Hasan | UAB CIS | CS491/691/791 Fall 2013

  19. Attacking a cloud Question: Given enough resources, how would you attack a cloud? Ragib Hasan | UAB CIS | CS491/691/791 Fall 2013

  20. Attacking a cloud Options: • From outside • Launch denial of service attacks • Probe cloud from outside • From inside • Exhaust resources internally • Probe cloud and/or other Ragib Hasan | UAB CIS | CS491/691/791 Fall 2013

  21. Novel attacks on clouds • Question: Can you attack a cloud or other users, without violating any law? • Answer: Yes!! By launching side channel attacks, while not violating Acceptable User Policy. Ragib Hasan | UAB CIS | CS491/691/791 Fall 2013

  22. Utilizing Side Channels • A Side Channel is a passive attack in which attacker gains information about target through indirect observations. • Examples? Ragib Hasan | UAB CIS | CS491/691/791 Fall 2013

  23. Further Reading • Gruschka and Jensen, “Attack Surfaces: A Taxonomy for Attacks on Cloud Services”, 3rd International Conference on Cloud Computing, 2010 Ragib Hasan | UAB CIS | CS491/691/791 Fall 2013