Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing.

Similar presentations


Presentation on theme: "Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing."— Presentation transcript:

1 Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing

2 Basic security concepts 8/18/2011Ragib Hasan | UAB CIS | CS491/691/791 Fall Goal 1.Crash course on computer security!! 1.Learn how to analyze the security of a system/scheme in a systematic manner. 2.Examine cloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud

3 What is computer security? In a nutshell – – Knowing who is who, for real !! (authentication) – Keeping bad guys out, letting good guys in (authorization) – Ensuring secrecy of sensitive info (confidentiality and privacy) – Making sure no one broke anything (integrity) – Preventing bad guys from paralyzing systems through resource starvation (availability) 8/18/2011Ragib Hasan | UAB CIS | CS491/691/791 Fall 20113

4 What makes computer security different from most other CS topics? Security is mostly a human problem Most security problems are as old as human civilization itself!! 8/18/2011Ragib Hasan | UAB CIS | CS491/691/791 Fall 20114

5 Authentication Problem: How do we verify the identity of an entity? Solution: Use the common authentication factors: – What you know – What you have – What you are – Who you know How does it relate to a cloud? 8/18/2011Ragib Hasan | UAB CIS | CS491/691/791 Fall 20115

6 Authorization Problem: How do we figure out what an entity is allowed to access or do? Solution: Use access control rules/models/roles, capabilities, etc. How does it relate to a cloud? 8/18/2011Ragib Hasan | UAB CIS | CS491/691/791 Fall 20116

7 Confidentiality and Privacy Problem: How can we keep secret information secret? (i.e., prevent unauthorized entities from reading it) Solution: Encryption How does it relate to a cloud? 8/18/2011Ragib Hasan | UAB CIS | CS491/691/791 Fall 20117

8 Integrity Problem: How can we prevent/detect unauthorized modification of objects? Solution: Tamper proofing (hard to do!!) Tamper evidence (via signatures, hashes) How does it relate to a cloud? 8/18/2011Ragib Hasan | UAB CIS | CS491/691/791 Fall 20118

9 Availability Problem: How can we prevent malicious parties from overloading our system? Solution: Throttling, puzzles, ip blacklisting How does it relate to a cloud? 8/18/2011Ragib Hasan | UAB CIS | CS491/691/791 Fall 20119

10 Threat Model A threat model helps in analyzing a security problem, design mitigation strategies, and evaluate solutions Steps: – Identify attackers, assets, threats, and other components – Rank the threats – Choose mitigation strategies – Build solutions based on the strategies 8/18/2011Ragib Hasan | UAB CIS | CS491/691/791 Fall

11 Threat Model Basic components Attacker modeling – Choose what attacker to consider – Attacker motivation and capabilities Assets / Attacker Goals Vulnerabilities / threats 8/18/2011Ragib Hasan | UAB CIS | CS491/691/791 Fall

12 Recall: Cloud Computing Stack 8/18/2011Ragib Hasan | UAB CIS | CS491/691/791 Fall

13 Recall: Cloud Architecture 8/18/2011Ragib Hasan | UAB CIS | CS491/691/791 Fall Client SaaS / PaaS Provider Cloud Provider (IaaS)

14 Attackers 8/18/2011Ragib Hasan | UAB CIS | CS491/691/791 Fall

15 Who is the attacker? 8/18/2011Ragib Hasan | UAB CIS | CS491/691/791 Fall Insider? Malicious employees at client Malicious employees at Cloud provider Cloud provider itself Outsider? Intruders Network attackers?

16 Attacker Capability: Malicious Insiders At client – Learn passwords/authentication information – Gain control of the VMs At cloud provider – Log client communication 8/18/2011Ragib Hasan | UAB CIS | CS491/691/791 Fall

17 Attacker Capability: Cloud Provider What? – Can read unencrypted data – Can possibly peek into VMs, or make copies of VMs – Can monitor network communication, application patterns 8/18/2011Ragib Hasan | UAB CIS | CS491/691/791 Fall

18 Attacker motivation: Cloud Provider Why? – Gain information about client data – Gain information on client behavior – Sell the information or use itself Why not? – Cheaper to be honest? Why? (again) – Third party clouds? 8/18/2011Ragib Hasan | UAB CIS | CS491/691/791 Fall

19 Attacker Capability: Outside attacker What? – Listen to network traffic (passive) – Insert malicious traffic (active) – Probe cloud structure (active) – Launch DoS 8/18/2011Ragib Hasan | UAB CIS | CS491/691/791 Fall

20 Assets 8/18/2011Ragib Hasan | UAB CIS | CS491/691/791 Fall

21 Threat Model Basic components Attacker modeling – Choose what attacker to consider – Attacker motivation and capabilities Assets / Attacker Goals Vulnerabilities / threats 8/18/2011Ragib Hasan | UAB CIS | CS491/691/791 Fall

22 Attacker goals: Outside attackers Intrusion Network analysis Man in the middle Cartography 8/18/2011Ragib Hasan | UAB CIS | CS491/691/791 Fall

23 Assets (Attacker goals) Confidentiality: – Data stored in the cloud – Configuration of VMs running on the cloud – Identity of the cloud users – Location of the VMs running client code 8/18/2011Ragib Hasan | UAB CIS | CS491/691/791 Fall

24 Assets (Attacker goals) Integrity – Data stored in the cloud – Computations performed on the cloud 8/18/2011Ragib Hasan | UAB CIS | CS491/691/791 Fall

25 Assets (Attacker goals) Availability – Cloud infrastructure – SaaS / PaaS 8/18/2011Ragib Hasan | UAB CIS | CS491/691/791 Fall

26 Threats 8/18/2011Ragib Hasan | UAB CIS | CS491/691/791 Fall

27 Organizing the threats using STRIDE Spoofing identity Tampering with data Repudiation Information disclosure Denial of service Elevation of privilege 8/18/2011Ragib Hasan | UAB CIS | CS491/691/791 Fall

28 Typical threats 8/18/2011Ragib Hasan | UAB CIS | CS491/691/791 Fall [STRIDE]

29 Typical threats (contd.) 8/18/2011Ragib Hasan | UAB CIS | CS491/691/791 Fall [STRIDE]

30 Summary A threat model helps in designing appropriate defenses against particular attackers Your solution and security countermeasures will depend on the particular threat model you want to address 8/18/2011Ragib Hasan | UAB CIS | CS491/691/791 Fall

31 8/18/201131Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011 Further Reading Frank Swiderski and Window Snyder, “Threat Modeling “, Microsoft Press, 2004 The STRIDE Threat Model


Download ppt "Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing."

Similar presentations


Ads by Google