Presentation is loading. Please wait.

Presentation is loading. Please wait.

Département de génie informatique et de génie logiciel École Polytechnique de Montréal © Khomh, 2015 INF6953G : Concepts avancés en infonuagique Cloud.

Published byBeverley Hodges Modified over 8 years ago

Similar presentations

Presentation on theme: "Département de génie informatique et de génie logiciel École Polytechnique de Montréal © Khomh, 2015 INF6953G : Concepts avancés en infonuagique Cloud."— Presentation transcript:

1 Département de génie informatique et de génie logiciel École Polytechnique de Montréal © Khomh, 2015 INF6953G : Concepts avancés en infonuagique Cloud Security Foutse Khomh foutse.khomh@polymtl.ca Local M-4123

2 Is Cloud Computing Secure? 2 …the level of security depends on the effectiveness of risk management and security policies that are in place…

3 Case study: The Amazon Cloud Attack 3

4 What Happened? Bitbucket was down for over 19 hours DDoS took down the connection between Bitbucket and Amazon EC2

5 What was the impact? Because of this attack Bitbucket received over 19 hours of downtime Their customers could not access any of their source code hosted by Bitbucket This attack showed the reality of the security risk in the cloud, even though DDoS attacks are not specific to cloud computing…

6 Why did the attack succeed? The initial complaint from Bitbucket was dismissed as temporary. The technical support at Amazon denied that anything was wrong with their system, asking Bitbucket to look at their own systems. It is only 8 hours after the problem was reported that Amazon acknowledged that the problem was on their system Because of this initial dismissal, it took Amazon some time to figure out the attack pattern Coordination is important on security issues and the security responsibility should be shared between the provider and the customer.

7 Why did the attack succeed? Amazon also did not have measures to detect a large number of UDP packets targeted to the same IP address Having this measure could have prevented this attack from happening While it is largely clear how the attack succeeded, it is still not clear how the internal EC2 and EBS were exposed to external internet traffic, since they are on the internal network between Amazon and its customers It was rumored that it might have been one of Amazon’s customers that launched this attack….

8 What happened in the aftermath? Bitbucket, considered switching service and received offers from various providers. Jesper Nøhr (founder of Bitbucket) speculates that their storage sits on the same network interface that connects the site with the outside world. He also said that Amazon urged him not to reveal the attack because it might help attackers develop new ways of DDoSing the site. Later on Amazon issued the following statement…

9 Amazon’s statement ".....one of our customers reported a problem with their Amazon Elastic Block Store (EBS). This issue was limited to this customer's single Amazon EBS volume....…. While the customer perceived this issue to be slowness of their EBS volume………. but rather that the customer's Amazon EC2 instance was receiving a very large amount of network traffic…….... we worked with the customer ….. to help mitigate the unwanted traffic they were receiving…. apply network filtering techniques which have kept their site functioning properly….…. continue to improve the speed with which we diagnose issues like this… use features like Elastic Load Balancing and Auto-Scaling to architect their services to better handle this sort of issue…."

10 Some Lessons from the case study? Amazon didn’t trust Bitbucket’s information, which caused them to lost 11 hours because of a poor diagnostic. Amazon didn’t have the proper security tool in place. Later on : – They enforced Transparency on Network Traffic information – They implemented better data filters and detection systems – Elastic Load Balance – Auto-Scaling – Distribute instances in multiple availability zones and regions. Relying on a single cloud provider is risky; spreading resources between multiple providers can prevent a complete system failure. 10

11 Despite Plausible Security Risks Cloud is Still Attractive CIO Agenda Insight, Gartner, 2015

12 The Promise of Cost Reduction is Appealing… KPMG International’s 2012 Global Cloud Provider Survey (n=179) But some fears persists…

13 Customers’ biggest concerns KPMG International’s 2012 Global Cloud Provider Survey (n=179)

14 Customers’ biggest concerns KPMG International’s 2012 Global Cloud Provider Survey (n=179)

15 Customers’ biggest concerns KPMG International’s 2012 Global Cloud Provider Survey (n=179)

16 Customers’ biggest concerns KPMG International’s 2012 Global Cloud Provider Survey (n=179)

17 Cloud security Challenges What’s not new? – Phishing, password, malware, downtime etc. What’s new? Understand… – Change in trust boundaries – Impact of using Public vs. private cloud IaaS vs. PaaS vs. SaaS – Division of responsibilities between customer and Cloud Service Provider (CSP)

18 Main Cloud Computing Models 18 Data Applications Virtual Machine Server Storage Network Traditional development Data Applications Server Storage Network Infrastructure as service (IaaS) Data Server Storage Network Platform as service (PaaS) Applications Virtual Machine Server Storage Network Software as service (SaaS) Virtual Machine Applications Data

19 Control, liability and accountability 19 Data Applications Virtual Machine Server Storage Network Traditional development Data Applications Server Storage Network Infrastructure as service (IaaS) Data Server Storage Network Platform as service (PaaS) Applications Virtual Machine Server Storage Network Software as service (SaaS) Virtual Machine Applications Data Organization has control Provider has control

20 Security management Availability Access control Monitoring Vulnerability, patching, configuration Incident response

21 Case of Amazon Web Services (AWS) Elastic Cloud Compute (EC2) “Virtual Servers in the Cloud” Simple Storage Service (S3) “Scalable Storage in the Cloud” DynamoDB “Fast, Predictable, Highly-scalable NoSQL data store” Other services … https://aws.amazon.com/

22 Availability Why is this important? – “Amazon Web Services suffers outage, takes down Vine, Instagram, Bitbucket, others,” Aug 26, 2013* E.g. AWS features – Distributed denial of service (DDoS) protection – Fault-tolerant, independent failure zones *http://www.zdnet.com/amazon-web-services-suffers-outage-takes-down-vine-instagram-flipboard-with-it-7000019842/

23 Access control Who should have access? – To VM, app, services etc. – Users, admin, business admin, others? E.g. AWS features – Built-in firewalls control access to instances – Multi-factor authentication: password + authentication code from MFA device – Monitor AWS employee accesses

24 Monitoring Monitor – Availability, unauthorized activities etc. E.g. AWS features – DoS, MITM, port scan, packet sniffing – Password brute-force detection – Access logs (request type, resource, IP, time etc.)

25 Vulnerability, patching, configuration E.g. AWS features – Patching Automatic Software Patching for Amazon supplied Windows image – Configuration Password expiration for AWS employees – Vulnerability Vulnerability scans on the host operating system, web application and DB in the AWS environment

26 Security Demands for Different Cloud Computing Models 26 Kai Hwang, Keynote address, International Conference on Parallel and Distributed Computing and Systems (PDCS 2010), Marina Del Rey, CA. Nov. 8, 2010

27 Security Features of Big Vendors 27 Kai Hwang, Trusted Cloud Computing with Secure Resources and Data Coloring, IEEE Internet Computing, Sept. 2010

28 Customer/Provider responsibilities Cloud is a shared environment

29 Customer/Provider responsibilities Cloud is a shared environment “AWS manages the underlying infrastructure but you must secure anything you put on the infrastructure.”

30 Customer/Provider responsibilities AWS requires customers to – Patch VM guest operating system – Prevent port scans – Change keys periodically – Vulnerability testing of apps – Others…

31 Data issue: confidentiality Transit between cloud and intranet – E.g. use HTTPS Possible for simple storage – E.g. data in Amazon S3 encrypted with AES-256 Difficult for data processed by cloud – Overhead of searching, indexing etc. E.g., iCloud does not encrypt data on mail server * – If encrypted, data decrypted before processing Is it possible to perform computations on encrypted data? *iCloud: iCloud security and privacy overview, Retrieved Oct 30, 2013, https://support.apple.com/kb/HT4865

32 Data issue: confidentiality Transit between cloud and intranet – E.g. use HTTPS Possible for simple storage – E.g. data in Amazon S3 encrypted with AES-256 Difficult for data processed by cloud – Overhead of searching, indexing etc. E.g., iCloud does not encrypt data on mail server * – If encrypted, data decrypted before processing Is it possible to perform computations on encrypted data? ^ – Homomorphic encryption is not yet operational…it’s still very slow *iCloud: iCloud security and privacy overview, Retrieved Oct 30, 2013, https://support.apple.com/kb/HT4865 ^See Fully Homomorphic Encryption Scheme, Wikipedia, http://en.wikipedia.org/wiki/Homomorphic_encryption

33 Encryption management Algorithms – Proprietary vs. standards Key size Key management – Ideally it should be done by customer – Does Cloud service provider have decryption keys? – E.g. Apple uses master key to decrypt iCloud data to screen “objectionable” content* *Apple holds the master decryption key when it comes to iCloud security, privacy, ArsTechnica, Apr 3, 2012

34 Comingled data Issues Cloud uses multi-tenancy – Data comingled with other users’ data Amazon provides both bucket-level and object-level access controls to allow customers to maintain full control over who has access to their data. Application vulnerabilities may allow unauthorized access – E.g. Google docs unauthorized sharing, Mar 2009 – “identified and fixed a bug which may have caused you to share some of your documents without your knowledge.”

35 Shared infrastructure issues Reputation-fate sharing – Blacklisting of shared IP addresses E.g. Spamhaus blacklisted AWS IP range sending spam 1 – An FBI takedown of data center servers may affect other companies co-hosted on the servers 2 Cross virtual-machine attacks – Malicious VM can attack other VMs hosted on the same physical server 3 E.g. stealing SSH keys 1 https://blog.commtouch.com/cafe/ip-reputation/spamhaus-unblocks-mail-from-amazon-ec2-%E2%80%93-sort-of/ 2 http://www.informationweek.com/security/management/are-you-ready-for-an-fbi-server-takedown/231000897 3 Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds, Ristenpart et al., ACM CCS 09

36 Lineage, provenance, remanence Identifying lineage for audit is difficult – i.e. tracing data as it flows in the cloud Ensuring provenance is difficult – i.e. computational accuracy of data processed by CSP Residual data may be accessible by other users – CSP should securely erase data

37 Access and authentication Protocol interoperability between CSPs Support for access from multiple devices and locations – E.g. SSO, augmented authentication etc. Finer grained access control – E.g. Support multiple roles such as user, admin, and business admin via RBAC

38 Privacy challenges Protect PII Ensure conformance to Federal Information Processing (FIP)s principles (USA) Compliance with laws and regulations – GLBA, HIPAA, PCI-DSS, Patriot Act etc. Multi-jurisdictional requirements – EU Directive, EU-US Safe Harbor

39 Key FIPs requirements Use limitation It is easier to combine data from multiple sources in the cloud. How do we ensure data is used for originally specified purposes? Retention Is CSP retention period consistent with company needs? Does CSP have proper backup and archival? DeletionDoes CSP delete data securely and from all storage sources? Security Does CSP provide reasonable security for data, e.g., encryption of PII, access control and integrity? Accountability Company can transfer liability to CSP, but not accountability. How does company identify privacy breaches and notify its users? AccessCan company provide access to data on the cloud?

40 Laws and regulations Require compliance with different Standards (e.g., FIPs) – Laws in different countries provide different privacy protections EU Directive more strict than US In US, data stored on public cloud has less protection than personal servers – May be subpoenaed without notice*

41 Mitigation Solutions: Service level agreements KPMG International’s 2012 Global Cloud Provider Survey (n=179) Do you [CSP] have SLAs in your cloud offerings today? Increasing to deal with loss of control – SLA permits CMU IRB data on Box.com; can’t use Dropbox Do you expect to have SLAs in cloud offerings within 3 years?

42 Top SLA parameters System availability Regulatory compliance Data security Functional capabilities Response time Other performance levels What do you [CSP] believe are the most important SLA parameters today?* *KPMG International’s 2012 Global Cloud Provider Survey (n=179 )

43 What steps are you [CSP] taking to improve data security and privacy in your cloud offerings? (top 3)* Mitigation Solutions: CSPs are improving security *KPMG International’s 2012 Global Cloud Provider Survey (n=179) Improving real-time threat detection Greater use of data encryption Tighter restrictions on user access

44 44 Security Protection Mechanisms for Public Clouds MechanismBrief Description Trust delegation and Negotiation Cross certificates must be used to delegate trust across different PKI domains. Trust negotiation among different CSPs demands resolution of policy conflicts. Worm containment and DDoS Defense Internet worm containment and distributed defense against DDoS attacks are necessary to secure all datacenters and cloud platforms. Reputation System Over Resource Sites Reputation system could be built with P2P technology. One can build a hierarchy of reputation systems from datacenters to distributed file systems. Fine-grain access control This refers to fine-grain access control at the file or object level. This adds up the security protection beyond firewalls and intrusion detection systems. Collusive Piracy prevention Piracy prevention achieved with peer collusion detection and content poisoning techniques.

45 Distributed Defense against DDoS Attacks over Multiple Network Domains Distributed Defense against DDoS Attacks over Multiple Network Domains (Chen, Hwang, and Ku, IEEE Trans. on Parallel and Distributed Systems, Dec. 2007 )

46 Amazon Virtual Private Cloud (VPC) http://aws.amazon.com/vpc/ VPC lets you provision a logically isolated section of the Amazon Web Services (AWS) Cloud

47 Nov.8, 2010 Physical Infrastructure Trusted Zones for VM Insulation Tenant #2 APP OS APP OS Virtual Infrastructure Physical Infrastructure Cloud Provider APP OS APP OS Virtual Infrastructure Tenant #1 Insulate information from cloud providers’ employees Insulate information from other tenants Insulate infrastructure from Malware, Trojans and cybercriminals Segregate and control user access Control and isolate VM in the virtual infrastructure Federate identities with public clouds Identity federation Virtual network security Access Mgmt Cybercrime intelligence Strong authentication Data loss prevention Encryption & key mgmt Tokenization Security Info. & Event Mgmt GRC Anti-malware

48 Mitigation Solutions: Private and hybrid clouds Rise in hybrid and private cloud for sensitive data Private cloud cost can be prohibitive Hybrid cloud ranks 4 on Gartner top 10 strategic technology trends, 2014 KPMG's The Cloud: Changing the Business Ecosystem, 2011 Models companies use/intend to use* (Larger companies prefer private)

49 Other approaches Move cloud to countries with better privacy protections – Many customers moving away from the US – US industry may lose $22 to $35 billion in next three years due to NSA surveillance* Depend on third-party certifications – E.g. AWS has ISO 27001, PCI-DSS Level 1 etc. Learn about CSP security under NDA *How Much Will PRISM Cost the U.S. Cloud Computing Industry? ITIF Report, Aug. 2013

50 Zoom in : Security for the SaaS stack 50 http://www.infosectoday.com/Articles/Securing_SaaS_Applications.htm

51 Zoom in : Security for the SaaS stack The following key points should be considered carefully: SaaS deployment model – Is the apps deployed on premise or in a public cloud? Data security – Carefully regulate accesses to data and consider encryption Network security – Use strong network traffic encryption techniques Regulatory compliance – Access, storage, and processing of sensitive data needs to be carefully controlled and is governed under regulations such as ISO-27001, Sarbanes-Oxley Act [SOX], Gramm-Leach-Bliley Act [GLBA], Health Insurance Portability and Accountability Act [HIPAA] and industry standards like Payment Card Industry Data Security Standard [PCI-DSS]. 51

52 Zoom in : Security for the SaaS stack Data segregation – Safeguards need to be adopted to ensure that data of an application tenant is not accessible to other applications. Availability – Multi-tier architecture needs to be adopted, and load-balancing. – Resiliency to hardware/software failures, as well as to denial of service attacks, needs to be built from the ground up within the application. Backup – Ensure that all sensitive enterprise data is regularly backed up to facilitate quick recovery in case of disasters. – Also the use strong encryption schemes to protect the backup data. Follow best practices in terms of identity management and sign-on process 52

53 Governance and Regulatory Compliance Audits Third party audits can help validate the conformance to government regulations and industry standards Security assessment should cover the following aspects 53

54 Cloud Security Alliance’s Cloud Control Matrix 54

55 Cloud Security Alliance’s Cloud Control Matrix 55

56 Cloud Security Alliance’s Cloud Control Matrix 56

57 Cloud Security Alliance’s Cloud Control Matrix 57

58 Cloud Security Alliance’s Cloud Control Matrix 58

59 Cloud Security Alliance’s Cloud Control Matrix 59

60 60

61 Cloud Security Alliance’s Cloud Control Matrix 61

62 Session recap Cloud is a tradeoff between cost, security and privacy Change in trust boundaries leads to security and privacy challenges Mostly no new security or privacy issues per se

63 References & Acknowledgment Cloud security and privacy, 2009, Mather et al. CIO Agenda Report, Gartner, 2013 KPMG International’s Global Cloud Provider Survey, 2012 KPMG's The Cloud: Changing the Business Ecosystem, 2011 How Much Will PRISM Cost the U.S. Cloud Computing Industry? ITIF Report, Aug. 2013 Apple holds the master decryption key when it comes to iCloud security, privacy, ArsTechnica, Apr 3, 2012 AWS Whitepaper: Overview of Security Processes, Oct 30, 2013 http://media.amazonwebservices.com/pdf/AWS_Security_Whitepape r.pdf iCloud: iCloud security and privacy overview, Oct 30, 2013, https://support.apple.com/kb/HT4865 Homomorphic Encryption Scheme, Wikipedia, http://en.wikipedia.org/wiki/Homomorphic_encryption 63

64 References & Acknowledgment Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance (Theory in Practice) Paperback – October 5, 2009 by Tim Mather (Author), Subra Kumaraswamy (Author), Shahed Latif (Author) http://www.theregister.co.uk/2009/10/05/amazon_bitbucket_outage / http://www.thewhir.com/web-hosting- news/100609_Outage_Hits_Amazon_Cloud_Customer_Hard http://www.theregister.co.uk/2009/10/09/amazon_cloud_bitbucket_ ddos_aftermath/ http://www.networkworld.com/community/node/45891 http://blog.bitbucket.org/2009/10/04/on-our-extended-downtime- amazon-and-whats-coming/ 64

Download ppt "Département de génie informatique et de génie logiciel École Polytechnique de Montréal © Khomh, 2015 INF6953G : Concepts avancés en infonuagique Cloud."

Similar presentations

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Hi – 5 Marcus Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi Security of Cloud Computing.

Hi – 5 Marcus Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi Security of Cloud Computing.
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.

The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Security and Privacy in the Age of Cloud Computing Ashwini Rao October 31, 2013 15-421/08-731/46-869, Fall 2013 – Lecture 15.

Security and Privacy in the Age of Cloud Computing Ashwini Rao October 31, /08-731/46-869, Fall 2013 – Lecture 15.
Dr. Bhavani Thuraisingham June 2013

Dr. Bhavani Thuraisingham June 2013
An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.

An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.
1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.

1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.
Security in the Cloud: Can You Trust What You Can’t Touch? Rob Johnson Security Architect, Cloud Engineering Unisys Corp.

Security in the Cloud: Can You Trust What You Can’t Touch? Rob Johnson Security Architect, Cloud Engineering Unisys Corp.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
Security Controls – What Works

Security Controls – What Works
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Supervisor : Mr. Hadi Salimi Advanced Topics in Information Systems Mazandaran University of Science and Technology February 4, 2011 Survey on Cloud Computing.

Supervisor : Mr. Hadi Salimi Advanced Topics in Information Systems Mazandaran University of Science and Technology February 4, 2011 Survey on Cloud Computing.
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
RSA Approach for Securing the Cloud Bernard Montel Directeur Technique RSA France Juillet 2010.

RSA Approach for Securing the Cloud Bernard Montel Directeur Technique RSA France Juillet 2010.
Pre-adoption concern 60% cited concerns around data security as a barrier to adoption 45% concerned that the cloud would result in a lack of data control.

Pre-adoption concern 60% cited concerns around data security as a barrier to adoption 45% concerned that the cloud would result in a lack of data control.
Cloud Computing Will Crowley Monica Lopez Jaimie Morrison.

Cloud Computing Will Crowley Monica Lopez Jaimie Morrison.
Oyinkan Adedun Adeleye Caitlyn Carney Tyler Nguyen.

Oyinkan Adedun Adeleye Caitlyn Carney Tyler Nguyen.
N. GSU Slide 1 Chapter 04 Cloud Computing Systems N. Xiong Georgia State University.

N. GSU Slide 1 Chapter 04 Cloud Computing Systems N. Xiong Georgia State University.

Similar presentations

Ads by Google