Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 10 04/18/2011 Security and Privacy in Cloud Computing.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 10 04/18/2011 Security and Privacy in Cloud Computing."— Presentation transcript:

1 Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 10 04/18/2011 Security and Privacy in Cloud Computing

2 Malware and Clouds Goal: To explore how clouds can be used in malware detection, and how malware can use clouds. Review Assignment #9: – CloudAV: N-Version Antivirus in the Network Cloud, USENIX Security, 2008. 4/18/2011en.600.412 Spring 2011 Lecture 10 | JHU | Ragib Hasan2

3 Cloud-AV: Putting the Antivirus on Clouds Main premise: – Executable analysis currently provided by host- based antivirus software can be more efficiently and effectively provided as an in-cloud network service. – Or – Anti-Virus-as-a-service 4/18/2011en.600.412 Spring 2011 Lecture 10 | JHU | Ragib Hasan3

4 Problems with host-based Anti-Virus Vulnerability window: – There is a significant vulnerability window between when a threat first appears and when antivirus vendors generate a signature. Undetected malware: – a substantial percentage of malware is never detected by antivirus software Vulnerable Anti-Virus: – Malware is actually using vulnerabilities in antivirus software itself as a means to infect systems 4/18/2011en.600.412 Spring 2011 Lecture 10 | JHU | Ragib Hasan4

5 Solution Approach Antivirus as a network service: – Run the Anti-virus on a cloud, while running a lightweight agent on user machines N-version protection – Run multiple versions/vendor Anti-Virus/scanners on the cloud to ensure better detection 4/18/2011en.600.412 Spring 2011 Lecture 10 | JHU | Ragib Hasan5

6 N-version programming Idea: Generate multiple functionally equivalent programs independently (by different teams) from the same initial specifications – Goal: Reduce possibility of bugs N version protection: – Run multiple scanners in parallel, to increase detection rate 4/18/2011en.600.412 Spring 2011 Lecture 10 | JHU | Ragib Hasan6

7 Advantages of cloud based anti-Virus Better detection of malicious software Enhanced forensics capabilities Retrospective detection Improved deployability and management No vendor lock-in … service is vendor agnostic 4/18/2011en.600.412 Spring 2011 Lecture 10 | JHU | Ragib Hasan7

8 System Architecture 4/18/2011en.600.412 Spring 2011 Lecture 10 | JHU | Ragib Hasan 3 major components: 1.a lightweight host agent run on end hosts 2.a network service that receives files from hosts and identifies malicious or unwanted content; and 3.an archival and forensics service that stores information about analyzed files and provides a management interface for operators. 8

9 Host agent A lightweight process running on host – Can be Implemented on Windows, Mac, Linux clients Tasks: – Capture accesses to executable files, – hashe files to extract unique ID, – check ID against local black/white lists, – send unknown executable files to network cloud service 4/18/2011en.600.412 Spring 2011 Lecture 10 | JHU | Ragib Hasan9

10 Network service Consists of multiple Anti-Virus, scanners, and behavioral analysis tools – Behavioral analysis tools attempt to detect anomaly by analyzing app behavior in a sandbox Combines scan results from multiple tools and sends report to host agent 4/18/2011en.600.412 Spring 2011 Lecture 10 | JHU | Ragib Hasan10

11 Forensic storage service Stores information about scan logs, hosts Can assist in forensic analysis and retroactive scans 4/18/2011en.600.412 Spring 2011 Lecture 10 | JHU | Ragib Hasan11

12 Challenges Network latency: – unlike existing antivirus software, files must transported into the network for analysis; Analysis scheme: – an efficient analysis system must be constructed to handle the analysis of files from many different hosts using many different detection engines in parallel; and Comparison with local scanners: – the performance of the system must be similar or better than existing detection systems such as antivirus software. 4/18/2011en.600.412 Spring 2011 Lecture 10 | JHU | Ragib Hasan12

13 Evaluations: Performance of multiple Anti-Virus engines 4/18/2011en.600.412 Spring 2011 Lecture 10 | JHU | Ragib Hasan13

14 Disadvantages Disconnected operation: – Host agent can’t detect new malicious files without network connectivity Lack of context: – Scanners do not have access to large local context Handling new malware: – Difficult to detect non executable malware (e.g., malicious word documents) 4/18/2011en.600.412 Spring 2011 Lecture 10 | JHU | Ragib Hasan14

15 Discussion What other services can be run on a cloud? 4/18/2011en.600.412 Spring 2011 Lecture 10 | JHU | Ragib Hasan15

16 Using Clouds for Malware Clouds can be used by malicious parties Misuse can include: – Cloud based botnets – Cloud based spammers – Cloud based cracking services WPACracker.com – Claims to break WPA passwords for $17 in under 20 minutes, using a cloud 4/18/2011en.600.412 Spring 2011 Lecture 10 | JHU | Ragib Hasan16

17 Discussion Is it realistic / feasible for a spammer to use a cloud? 4/18/2011en.600.412 Spring 2011 Lecture 10 | JHU | Ragib Hasan17

Download ppt "Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 10 04/18/2011 Security and Privacy in Cloud Computing."

Similar presentations

Ragib Hasan Johns Hopkins University en.600.412 Spring 2010 Lecture 3 02/15/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 3 02/15/2010 Security and Privacy in Cloud Computing.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 8 04/04/2011 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 8 04/04/2011 Security and Privacy in Cloud Computing.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 8 04/11/2011 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 8 04/11/2011 Security and Privacy in Cloud Computing.
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing.

Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 11 04/25/2011 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 11 04/25/2011 Security and Privacy in Cloud Computing.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
AVG- Protecting those who are vulnerable.  Free Anti-Virus Software ◦ J.R. Smith President of AVG oversees a lineup of antivirus products used by 110.

AVG- Protecting those who are vulnerable.  Free Anti-Virus Software ◦ J.R. Smith President of AVG oversees a lineup of antivirus products used by 110.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Presented by Justin Bode CS 450 – Computer Security February 17, 2010.

Presented by Justin Bode CS 450 – Computer Security February 17, 2010.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
LittleOrange Internet Security an Endpoint Security Appliance.

LittleOrange Internet Security an Endpoint Security Appliance.
Authors: Thomas Ristenpart, et at.

Authors: Thomas Ristenpart, et at.
Kaspersky Lab: The Best of Both Worlds Alexey Denisyuk, pre-sales engineer Kaspersky Lab Eastern Europe 5 th April 2012 / 2 nd InfoCom Security Conference.

Kaspersky Lab: The Best of Both Worlds Alexey Denisyuk, pre-sales engineer Kaspersky Lab Eastern Europe 5 th April 2012 / 2 nd InfoCom Security Conference.
Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.

Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Security Guidelines and Management

Security Guidelines and Management
Chapter Nine Maintaining a Computer Part III: Malware.

Chapter Nine Maintaining a Computer Part III: Malware.

Similar presentations

Ads by Google