Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cloud Security: Infrastructure, Data Security, and Access Control

Similar presentations

Presentation on theme: "Cloud Security: Infrastructure, Data Security, and Access Control"— Presentation transcript:

1 Cloud Security: Infrastructure, Data Security, and Access Control
Adapted from slides by Keke Chen

2 Suggested Readings Reference book: “Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance (Theory in Practice)”, Tim Mather et al. Security Guidance for Critical Areas of Focus in Cloud Computing V3.0, Cloud Security Alliance

3 Outline Overview Infrastructure Security Data Security
Identity and access management Audit, compliance and federation of clouds Security and privacy concerns Security as a service Network security, policies (research)

4 How Does Cloud Security Differ?
What makes Cloud Security different from Normal Cyber Security Systems?

5 Cloud Security Standards
Cloud Security Alliance Security Guidance for Critical Areas of Focus in Cloud Computing Top Threats to Cloud Computing Cloud Audit (A6Automated Audit,Assertion,Assessment,and Assurance API) NIST Cloud Security Initiative Guidelines on Security and Privacy in Public Cloud Computing Military  IASE standards from DISA-CSD Federal Government FedRAMP(2011) Evolved from NIST , from 2009 Assessment procedures OASIS Identity in the cloud Open standards for identity deployment, provisioning and management

6 Different Kinds of Clouds (NIST)

7 Private versus Public Cloud Security

8 Security and Who Owns a Cloud?

9 Dimensions of Security

10 Tradeoffs and Security Provisions

11 Cloud Alliance 7 Concerns
Domain GUIDANCE DEALING WITH SECURITY Governance and Enterprise Risk Management Govern and measure enterprise risk Legal Issues: Contracts and Electronic Discovery Protection requirements, security breach disclosure laws, regulatory requirements, privacy requirements, international laws Compliance and Audit Proving compliance during audit Information Management and Data Security Identification and control of data in cloud. CAI Portability and Interoperability Move data services from one provider to another, interoperability Traditional Security, Business Continuity and Disaster Recovery Security of operational processes and procedures (security, business continuity and disaster recovery Data Center Operations Evaluation of Stability, On-going services

12 Domain GUIDANCE DEALING WITH SECURITY Incident Response, Notification and Remediation Provider and user levels to enable proper incident handling and forensics Application Security +Application migration Encryption and Key Management Appropriate encryption and scalable key management Identity and Access Management Organization’s identity, access controls Virtualization Multi-tenancy, VM isolation, VM co-residence, hypervisor vulnerabilities Security as a Service Third part facilitated security assurance, incident management, compliance attestation, identity and access oversight

13 NIST Guidelines on Security and Privacy in Public Cloud Computing, Wayne Jansen and Timothy Grance, NIST, January

14 Security: Pros v Cons of Cloud
Staff Specialization. Platform Strength. Resource Availability. Backup and Recovery. Mobile Endpoints. Data Concentration. Data Center Oriented. Cloud Oriented. System Complexity. Shared Multi-tenant Environment. Internet-facing Services Loss of Control. Botnets. Mechanism Cracking

15 Overview

16 Infrastructure Security
IaaS, PaaS, and SaaS Focus on public clouds No special security problems with private clouds – traditional security problems only Different levels Network level Host level Application level

17 Network level Confidentiality and integrity of data-in-transit
Amazon had security bugs with digital signature on SimpleDB, EC2, and SQS accesses (in 2008) Less or no system logging /monitoring Only cloud provider has this capability Thus, difficult to trace attacks Reassigned IP address Expose services unexpectedly Spammers using EC2 are difficult to identify Availability of cloud resources Some factors, such as DNS, controlled by the cloud provider. Physically separated tiers become logically separated E.g., 3 tier web applications

18 Private Cloud Network Security

19 Host level (IaaS) Hypervisor security Virtual machine security
“zero-day vulnerability” in VM, if the attacker controls hypervisor Virtual machine security SSH private keys (if mode is not appropriately set) VM images (especially private VMs) Vulnerable Services

20 Application level SaaS application security
Example: In an accident, Google Docs access control failed. All users can access all documents

21 Data Security Data-in-transit Data-at-rest
Processing of data, including multitenancy Data lineage Data provenance Data remanence

22 Data Security Data-in-transit Data-at-rest & processing data
Confidentiality and integrity Data-at-rest & processing data Possibly encrypted for static storage Cannot be encrypted for most PaaS and SaaS (such as Google Apps)  prevents indexing or searching Research on indexing/searching encrypted data Fully homomorphic encryption?

23 Data lineage Definition: tracking and managing data
For audit or compliance purpose Data flow or data path visualization E.g. data transferred to AWS on date x1 at time y1 and stored in a bucket on S3, then processed on date x2 at time y2 on EC2 in ec, then stored in another bucket,, then brought back locally on date x3 at time y3, … Time-consuming process even for inhouse data center Not possible for a public cloud

24 Data provenance Origin/ownership of data
Verify the authority of data Trace the responsibility e.g., financial and medical data Difficult to prove data provenance in a cloud computing scenario

25 Data remanence Data left intact by a nominal delete operation
In many DBMSs and file systems, data is deleted by flagging it. Lead to possible disclosure of sensitive information Department of Defense: National Industrial security program operating manual Defines data clearing and sanitization

26 Provider’s data and its security
The provider collects a huge amount of security-related data Data possibly related to service users If not managed well, it is a big threat to users’ security

27 What Do You know about Identity and Access Management?
What kinds of protocols and techniques are needed/used?

28 Identity and Access Management
Traditional trust boundary reinforced by network control VPN, Intrusion detection, intrusion prevention Loss of network control in cloud computing Have to rely on higher-level software controls Application security User access controls - IAM

29 Identity and Access Management
IAM components Authentication Authorization Auditing IAM processes User management Authentication management Authorization management Access management – access control Propagation of identity to resources Monitoring and auditing

30 IAM functional architecture
User management Activities for the effective governance and management of identity life cycles Authentication management Activities for the effective governance and management of the process for determining that an entity is who or what it claims to be Authorization management Activities for the effective governance and management of the process for determining entitlement rights that decide what resources an entity is permitted to access in accordance with the organization’s policies Access management Enforcement of policies for access control in response to a request from an entity (user, services) wanting to access an IT resource within the organization Data management and provisioning Propagation of identity and data for authorization to IT resources via automated or manual processes Monitoring and auditing Monitoring, auditing, and reporting compliance by users regarding access to resources within the organization based on the defined policies

31 IAM standards and specifications
Avoid duplication of identity, attributes, and credentials and provide a single sign-on user experience SAML(Security Assertion Markup Lang). Automatically provision user accounts with cloud services and automate the process of provisioning and deprovisioning SPML (service provisioning markup lang). Provision user accounts with appropriate privileges and manage entitlements XACML (extensible access control markup lang). Authorize cloud service X to access my data in cloud service Y without disclosing credentials Oauth (open authentication).

32 SAML Example ACS: Assertion Consumer Service SSO : single sign-on

33 SPML example

34 XACML Example PEP: policy enforcement point (app interface)
PDP: policy decision point

35 OAuth example

36 IAM standards/protocols
OpenID Information Cards Open Authentication (OATH) Issues for OpenID Phishing – malicious relying party forwards end-user to bogus identity provider authentication page Allows sniffing of certificate and replay

37 Difference Open ID versus Oauth (Thanks to Wikipedia)

38 IAM practice- Identity federation
Dealing with heterogeneous, dynamic, loosely coupled trust relationships Enabling “Login once, access different systems within the trust boundary” Single sign-on (SSO) Centralized access control services Yahoo! OpenID

39 Audit, compliance and federation of clouds

40 NIST: Interactions between Actors in Cloud Computing
Cloud Consumer Cloud Provider Cloud Broker Cloud Auditor Cloud Carrier Cloud Consumer Person or organization that maintains a business relationship with, and uses service from, Cloud Providers. Cloud Provider Person, organization, or entity responsible for making a service available to Cloud Consumers. Cloud Auditor A party that can conduct independent assessment of cloud services, information system operations, performance, and security of the cloud implementation. Cloud Broker An entity that manages the use, performance, and delivery of cloud services, and negotiates relationships between Cloud Providers and Cloud Consumers. Cloud Carrier The intermediary that provides connectivity and transport of cloud services from Cloud Providers to Cloud Consumers The communication path between a cloud provider & a cloud consumer The communication paths for a cloud auditor to collect auditing information The communication paths for a cloud broker to provide service to a cloud consumer

41 The Combined Conceptual Reference Diagram
Cloud Carrier Cloud Consumer Cloud Auditor Broker Security Audit Privacy Impact Audit Performance Cloud Service Management Service Layer Business Support Service Arbitrage Aggregation Service Intermediation Provisioning/ Configuration Portability/ Interoperability Physical Resource Layer IaaS SaaS PaaS Resource Abstraction and Control Layer Hardware Facility

42 Cloud Provider: Service Orchestration
Service Layer Physical Resource Layer IaaS SaaS PaaS Resource Abstraction and Control Layer Hardware Facility App/Svc Usage Scenarios Software as a Service Biz Process/ Operations Cloud Provider Platform as a Service Develop, Test, Deploy and Manage Usage Scenarios Application Development Infrastructure as a Service Develop, Test, Deploy and Manage Usage Scenarios IT Infrastructure & Operation

43 Federation of Clouds/Hybrid Clouds 1.
Using multiple clouds for different applications to match needs (local cloud and cloud bursting) Allocating components of an application to different environments (e.g., compute vs database tiers), whether internal or external (“application stretching”) Moving an application to meet requirements at specific stages in its lifecycle, from early development through unit test, scale testing, pre-production and ultimately full production scenarios

44 Federation of Clouds/Hybrid Clouds 2.
Moving workloads closer to end users across geographic locations, including user groups within the enterprise, partners and external customers Meeting peak demands efficiently in the cloud while the low steady-state is handled internally Keeping large data within country, geography or organization while allowing global distributed computation Maintaining confidential data on better protected clouds while allowing distributed computation on more computationally efficient ones.

45 Key Security and Privacy Issues
Governance -- control and oversight over policies, procedures, and standards for application development, as well as the design, implementation, testing, and monitoring of deployed services.

46 Key Security and Privacy Issues
Compliance -- conformance with an established specification, standard, regulation, or law. Data location --- trans-border data flows include whether the laws in the jurisdiction where the data was collected permit the flow, whether those laws continue to apply to the data post transfer, and whether the laws at the destination present additional risks or benefits Laws and Regulations --- OMB, Clinger-Cohen Act, FISMA, NARA (archives), HIPPA, PCI DSS (cards) Electronic Discovery --- FOIA, litigation

47 Key Security and Privacy Issues
Trust Insider Access --- (esp. DOS) Data Ownership --- Privacy versus data ownership. Composite Services --- Nesting and layering of services, trust is not transitive, liability and performance guarantees Visibility --- detailed network and system level monitoring, oversight Risk Management

48 Security as a Service Origins: Email Spam Today Naming: SaaS
Filtering Web Content Filtering Vulnerability Management Identity Management as a service Etc. Naming: SaaS NOT to be confused with Software as a Service! SecaaS: Security as a Service (Cloud Security Alliance)

49 SaaS Categorization by CSA
CSA: Cloud Security Alliance Identity and Access Management Data Loss Prevention Web Security Security Security Assessments Intrusion Management Security Information and Event Management (SIEM) Encryption Business Continuity and Disaster Recovery Network Security

50 Identity and Access Management (IAM)
SAML, SPML, XACML, (MOF/ECORE), OAuth, OpenID, Active Directory Federated Services (ADFS2), WS- Federation Commercial Cloud Examples CA Arcot Webfort CyberArk Software Privileged Identity Manager Novell Cloud Security Services ObjectSecurity OpenPMF (authorization policy automation, for private cloud only) Symplified Threats addressed Identity theft, Unauthorized access, Privilege escalation, Insider threat, Non-repudiation, Excess privileges / Excessive access, Delegation of authorizations / Entitlements, Fraud

51 Data Loss Prevention Monitoring, protecting, and verifying the security of data by running as a client on desktops / servers and running rules “No FTP” or “No uploads” to web sites “No documents with numbers that look like credit cards can be ed” “Anything saved to USB storage is automatically encrypted and can only be unencrypted on another office owned machine with a correctly installed DLP client” “Only clients with functioning DLP software can open files from the fileserver” Related to IAM Threats Addressed Data loss/leakage, Unauthorized access, Malicious compromises of data integrity, Data sovereignty issues, Regulatory sanctions and fines

52 Web Security Real-time protection
On-premise through software/appliance installation Proxying or redirecting web traffic to the cloud provider Prevent malware from entering the enterprise via activities such as web browsing Mail Server, Anti-virus, Anti-spam, Web Filtering, Web Monitoring, Vulnerability Management, Anti-phishing Threats addressed Keyloggers, Domain Content, Malware, Spyware, Bot Network, Phishing, Virus, Bandwidth consumption, Data Loss Prevention, Spam

53 Email Security Control over inbound and outbound email
Enforce corporate polices such as acceptable use and spam Policy-based encryption of s Digital signatures enabling identification and non-repudiation Services Content security, Anti- virus/Anti-malware, Spam filtering, encryption, DLP for outbound , Web mail, Anti-phishing Threats addressed Phishing, Intrusion, Malware, Spam, Address spoofing

54 Security Assessments Third-party audits of cloud services or assessments of local systems via cloud-provided solutions Well defined and supported by multiple standards such as NIST, ISO, and CIS Additional Cloud Challenges Virtualization awareness of the tool Support for common web frameworks in PaaS applications Compliance Controls for IaaS, PaaS, and SaaS platforms Services Internal and / or external penetration test, Application penetration test, Host and guest assessments, Firewall / IPS (security components of the infrastructure) assessments, Virtual infrastructure assessment Threats addressed Inaccurate inventory, Lack of continuous monitoring, Lack of correlation information, Lack of complete auditing, Failure to meet/prove adherence to Regulatory/Standards Compliance, Insecure / vulnerable configurations, Insecure architectures, Insecure processes / processes not being followed

55 Intrusion Management Using pattern recognition to detect and react to statistically unusual events IM tools are mature, however virtualization and massive multi-tenancy is creating new targets for intrusion raises many questions about the implementation of the same protection in cloud environments Services Packet Inspection, Detection, Prevention Threats addressed Intrusion, Malware

56 Security Information and Event Management (SIEM)
Accept log and event information Correlate and analyze to provide real-time reporting and alerting on incidents / events Services Log management, Event correlation, Security/Incident response, Scalability, Log and Event Storage, Interactive searching and parsing of log data, Logs immutable (for legal investigations) Threats addressed Abuse, Insecure Interfaces and APIs, Malicious Insiders, Shared Technology Issues, Data Loss and Leakage, Account or Service Hijacking, Unknown Risk Profile, Fraud

57 Encryption The process of obfuscating/encoding data using cryptographic algorithms Algorithm(s) that are computationally difficult to break Services VPN services, Encryption Key Management, Virtual Storage Encryption, Communications Encryption, Application Encryption, Database Encryption, digital signatures, Integrity validation Threats addressed Failure to meet Regulatory Compliance requirements, Mitigating insider and external threats to data, Intercepted clear text network traffic, Clear text data on stolen / disposed of hardware, Reducing the risk or and potentially enabling cross-border business opportunities, Reducing perceived risks and thus enabling Cloud's Adoption by government

58 Business Continuity and Disaster Recovery
Ensure operational resiliency in the event of any service interruptions Flexible and reliable failover Utilize cloud’s flexibility to minimize cost and maximize benefits Services File recovery provider, File backup provider, Cold site, Warm site, Hot site, Insurance, Business partner agreements, Replication (e.g. Databases)Threats addressed Natural disaster, Fire, Power outage, Terrorism/sabotage, Data corruption, Data deletion, Pandemic/biohazard

59 Network Security Services that allocate access, distribute, monitor, and protect the underlying resource services Address security controls at the network in aggregate, Or Specifically address at the individual network of each underlying resource In Clouds, likely to be provided by virtual devices alongside traditional physical devices Tight integration with the hypervisor to ensure full visibility of all traffic on the virtual network layer is key Services Firewall (perimeter and server tier), Web application firewall, DDOS protection/mitigation, DLP, IR management, IDS / IPS Threats addressed Data Threats, Access Control Threats, Application Vulnerabilities, Cloud Platform Threats, Regulatory, Compliance & Law Enforcement

60 Network Security (Research)
Policies about the configurations of the infrastructure are used for specifying security and availability requirements A critical device should be placed within a security perimeter Unprotected devices should not communicate with machines running critical services Computation on confidential data must performed on hosts under the control of DoD Policy-driven approach has been taken by FISMA, PCI-DSS, NERC Scalability Real-time detection of violations Requirements Monitoring itself needs to be secure Information needs to be shared across cloud providers

61 Middleware for Assured Clouds
Policy Distribution Reaction Agent Odessa Agent NetOdessa Agent DORA Subsystem Trustworthiness of Workflows Trust Calculation Module External Event Aggregator Formal Design and analysis of Assured Mission Critical Computations Evaluation on a distributed networked test-bed Distance from Compliance Calculation Risk Assessment Modules

62 Reaction Agents are part of the Middleware
When a policy violation is detected Security, availability, or timeliness requirements might not be satisfied We need to reconfigure the system We implemented a cloud-based OpenFlow reaction agent OpenFlow controller Flow information violation reconfigurations Reaction Agent

63 To Read Further Roy H. Campbell, Mirko Montanari, Reza Farivar, Middleware for Assured Clouds, Journal of Internet Services and Applications, 2011 [pdf] Kroske, E. ; Farivar, R. ; Montanari, M. ; Larson, K. ; Campbell, R.H., NetODESSA: Dynamic Policy Enforcement in Cloud Networks, 30th IEEE Symposium on Reliable Distributed Systems - Workshops (SRDSW), 2011 Mirko Montanari, Roy H. Campbell, Attack-resilient Compliance Monitoring for Large Distributed Infrastructure Systems, IEEE International Conference on Network and System Security (NSS), Sept 2011. [pdf] Mirko Montanari, Ellick Chan, Kevin Larson, Wucherl Yoo, Roy H. Campbell, "Distributed Security Policy Conformance," IFIP SEC 2011, Lucerne, Switzerland, June 2011. [pdf]

Download ppt "Cloud Security: Infrastructure, Data Security, and Access Control"

Similar presentations

Ads by Google