Download
security and privacy in cloud computing n.
Skip this Video
Loading SlideShow in 5 Seconds..
Security and Privacy in Cloud Computing PowerPoint Presentation
Download Presentation
Security and Privacy in Cloud Computing

Security and Privacy in Cloud Computing

122 Views Download Presentation
Download Presentation

Security and Privacy in Cloud Computing

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Security and Privacy in Cloud Computing Ragib HasanJohns Hopkins Universityen.600.412 Spring 2011 Lecture 11 04/25/2011

  2. Attacking Availability • Goal: To see how availability of a cloud can be affected by DoS attacks launched from inside the cloud. • Review Assignment #10: • Han Liu, A New Form of DOS Attack in a Cloud and Its Avoidance Mechanism, ACM Cloud Computing Security Workshop 2010 en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan

  3. Announcement • Next week (5/2), we’ll have our final class, where we will discuss • A wrap-up of things we learned • A high level view of cloud security problem space • No new papers will be discussed next week (but you do have to turn in Review Assignment #10 by 5/2) en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan

  4. Recap: Anti-virus as a service Pros Cons Ideas en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan

  5. DoS attack on cloud • Network provisioning in data centers: • Many servers share the same link/router, so bandwidth is shared. en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan

  6. Data center networks are typically grossly under-provisioned • Typical ratios are 2.5:1 to 8:1 • 8:1 means servers get at most 1/8 of the bandwidth of their interface • Bandwidth is limited by the hierarchical nature of network, routers, and switches • Multiplexing in routers reduce the amount of bandwidth each server ultimately gets en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan

  7. Typical data center network Communication between H1-H4 and H5-H8 are routed through R5 and R6. en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan

  8. Under provisioning is not a problem in traditional networks Network admins can co-locate related servers in the same subnet Network admins can redesign network topologies to fine tune for worst case performance en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan

  9. Under provisioning IS a problem in clouds There are many more servers in a cloud, so provisioning ratios are much higher (e.g. 45:1) Many clients use the same network, and malicious clients can launch DoS Application owner/designer has no control over network topology en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan

  10. DoS attacks on clouds DoS attacks on traditional systems (from the outside) can be prevented via clever tricks such as moving to a cloud based virtualized model DoS attacks on clouds launched from *inside* the cloud are much harder to prevent en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan

  11. DoS attack on clouds Adversary launches attack from inside the cloud data center network After probing the network and reverse-engineering the topology, the adversary can identify bottlenecks Then the adversary can send DoS traffic to the bottleneck link to saturate it en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan

  12. Example To attack Link B, adversary sends packets from R1’s subnet to another subnet en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan

  13. Types of attacks Untargeted attack: No particular link or host is targeted Targeted attack: Adversary gains critical mass in a network to target a specific victim en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan

  14. Topology identification Knowledge of topology is important for the adversary en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan

  15. How to identify topology • Technique #1: Traceroute • Run traceroute between all pairs of hosts • Due to ip provisioning schemes, running traceroute for a few pairs of hosts is enough • Disadvantages: • Can’t identify switches (layer 2) • Can be disabled at router level en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan

  16. How to identify topology • Technique #2: Network probing • Idea: Use observed traffic rates to infer number of router between two hosts en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan

  17. How many malicious hosts is enough? • Untargeted attack: • Easy to get many hosts if VM assignment algorithm can be reverse engineered (as in “Hey You!” paper • Even brute force attack succeeds in getting many hosts in the same subnet • (Note: this is different fro co-location attack, where the goal was to co-locate of physical hardware rather than network) en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan

  18. How many malicious hosts is enough? • Targeted attack: • Pick victim, launch brute force attacks • Tests show it is easy to get VMs in same subnet as target en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan

  19. Launching the attack • Process: • Send a flood of packets through the link • UDP used. (Why?) • For adaptive applications, do not saturate link completely, rather “almost” saturate it (Why?) en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan

  20. Mitigation strategy Use a user side monitoring agent to monitor link saturation When a link degrades, or server detects bottleneck and sends help packet, the monitor initiates app migration en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan

  21. Comments Experiments / attacks were run on a real cloud (without knowledge of data center admin) en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan