Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 11 04/25/2011 Security and Privacy in Cloud Computing.

Similar presentations


Presentation on theme: "Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 11 04/25/2011 Security and Privacy in Cloud Computing."— Presentation transcript:

1 Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 11 04/25/2011 Security and Privacy in Cloud Computing

2 Attacking Availability Goal: To see how availability of a cloud can be affected by DoS attacks launched from inside the cloud. Review Assignment #10: – Han Liu, A New Form of DOS Attack in a Cloud and Its Avoidance Mechanism, ACM Cloud Computing Security Workshop /25/2011en Spring 2011 Lecture 11 | JHU | Ragib Hasan

3 Announcement Next week (5/2), we’ll have our final class, where we will discuss – A wrap-up of things we learned – A high level view of cloud security problem space No new papers will be discussed next week (but you do have to turn in Review Assignment #10 by 5/2) 4/25/2011en Spring 2011 Lecture 11 | JHU | Ragib Hasan

4 Recap: Anti-virus as a service Pros Cons Ideas 4/25/2011en Spring 2011 Lecture 11 | JHU | Ragib Hasan

5 DoS attack on cloud Network provisioning in data centers: – Many servers share the same link/router, so bandwidth is shared. 4/25/2011en Spring 2011 Lecture 11 | JHU | Ragib Hasan

6 Data center networks are typically grossly under-provisioned Typical ratios are 2.5:1 to 8:1 – 8:1 means servers get at most 1/8 of the bandwidth of their interface Bandwidth is limited by the hierarchical nature of network, routers, and switches Multiplexing in routers reduce the amount of bandwidth each server ultimately gets 4/25/2011en Spring 2011 Lecture 11 | JHU | Ragib Hasan

7 Typical data center network Communication between H1-H4 and H5-H8 are routed through R5 and R6. 4/25/2011en Spring 2011 Lecture 11 | JHU | Ragib Hasan

8 Under provisioning is not a problem in traditional networks Network admins can co-locate related servers in the same subnet Network admins can redesign network topologies to fine tune for worst case performance 4/25/2011en Spring 2011 Lecture 11 | JHU | Ragib Hasan

9 Under provisioning IS a problem in clouds There are many more servers in a cloud, so provisioning ratios are much higher (e.g. 45:1) Many clients use the same network, and malicious clients can launch DoS Application owner/designer has no control over network topology 4/25/2011en Spring 2011 Lecture 11 | JHU | Ragib Hasan

10 DoS attacks on clouds DoS attacks on traditional systems (from the outside) can be prevented via clever tricks such as moving to a cloud based virtualized model DoS attacks on clouds launched from *inside* the cloud are much harder to prevent 4/25/2011en Spring 2011 Lecture 11 | JHU | Ragib Hasan

11 DoS attack on clouds Adversary launches attack from inside the cloud data center network After probing the network and reverse- engineering the topology, the adversary can identify bottlenecks Then the adversary can send DoS traffic to the bottleneck link to saturate it 4/25/2011en Spring 2011 Lecture 11 | JHU | Ragib Hasan

12 Example To attack Link B, adversary sends packets from R1’s subnet to another subnet 4/25/2011en Spring 2011 Lecture 11 | JHU | Ragib Hasan

13 Types of attacks Untargeted attack: No particular link or host is targeted Targeted attack: Adversary gains critical mass in a network to target a specific victim 4/25/2011en Spring 2011 Lecture 11 | JHU | Ragib Hasan

14 Topology identification Knowledge of topology is important for the adversary 4/25/2011en Spring 2011 Lecture 11 | JHU | Ragib Hasan

15 How to identify topology Technique #1: Traceroute – Run traceroute between all pairs of hosts – Due to ip provisioning schemes, running traceroute for a few pairs of hosts is enough – Disadvantages: Can’t identify switches (layer 2) Can be disabled at router level 4/25/2011en Spring 2011 Lecture 11 | JHU | Ragib Hasan

16 How to identify topology Technique #2: Network probing – Idea: Use observed traffic rates to infer number of router between two hosts 4/25/2011en Spring 2011 Lecture 11 | JHU | Ragib Hasan

17 How many malicious hosts is enough? Untargeted attack: – Easy to get many hosts if VM assignment algorithm can be reverse engineered (as in “Hey You!” paper – Even brute force attack succeeds in getting many hosts in the same subnet – (Note: this is different fro co-location attack, where the goal was to co-locate of physical hardware rather than network) 4/25/2011en Spring 2011 Lecture 11 | JHU | Ragib Hasan

18 How many malicious hosts is enough? Targeted attack: – Pick victim, launch brute force attacks – Tests show it is easy to get VMs in same subnet as target 4/25/2011en Spring 2011 Lecture 11 | JHU | Ragib Hasan

19 Launching the attack Process: – Send a flood of packets through the link – UDP used. (Why?) – For adaptive applications, do not saturate link completely, rather “almost” saturate it (Why?) 4/25/2011en Spring 2011 Lecture 11 | JHU | Ragib Hasan

20 Mitigation strategy Use a user side monitoring agent to monitor link saturation When a link degrades, or server detects bottleneck and sends help packet, the monitor initiates app migration 4/25/2011en Spring 2011 Lecture 11 | JHU | Ragib Hasan

21 Comments Experiments / attacks were run on a real cloud (without knowledge of data center admin) 4/25/2011en Spring 2011 Lecture 11 | JHU | Ragib Hasan


Download ppt "Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 11 04/25/2011 Security and Privacy in Cloud Computing."

Similar presentations


Ads by Google