1 / 5

Protecting Data in Cloud-Based Applications: Strategies Against External Threats

In an era where web applications dominate, safeguarding data in the cloud is paramount. With approximately 85% of data leaks attributed to external attacks, it is critical to recognize that cloud services are often built on untrusted platforms. This presentation explores the challenges posed by adversaries in cloud environments and offers innovative solutions, such as a proposed data firewall and information flow control mechanisms. By focusing on protecting data rather than just the applications, we can improve security and mitigate risks associated with external threats.

jaimie
Télécharger la présentation

Protecting Data in Cloud-Based Applications: Strategies Against External Threats

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Adversaries in Clouds: Protecting Data in Cloud-Based Applications Nick FeamsterGeorgia Tech

  2. Building Applications on the Cloud “You can’t trust code that you did not totally create yourself.” – Ken Thomson, Reflections on Trusting Trust • Used for a wide variety of services and applications • Built using a variety of technology • Programming languages • Web servers • Load balancers • Application frameworks • New opportunities for external adversaries • About 85% of data leaks occur due to external attacks at servers [Verizon data breach report]. • Existing attacks on software applications • But, applications are also hosted on untrusted platforms

  3. Possible Defenses • Check the Web application for vulnerabilities • Doesn’t defend against zero-day attacks, programmer error, etc. • Must trust all underlying hardware and software infrastructure, as well • No protection once the account is compromised • Isolate each session in a virtual machine • Significant performance overhead

  4. Protect the Data (in addition to the application) • Proposal: A data firewall for cloud-based Web applications • Apply network-level information flow control to data hosted by Web applications • Associate a taint with a piece of data (e.g., row in a database table) • Rewrite queries to retrieve taints with data • Propagate taints across processes and network • Perform IFC based on taints associated with data

  5. New Adversary Models • The “foreign” code base is increasing • Application security is getting harder • Position: Protect the data, not just the application • Network-wide DLP could benefit cloud-based applications in other settings, too • Data isolation between multi-tenant application services

More Related