Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Taxonomy of Cloud Attack Consequences and Mitigation Strategies The Role of Access Control and Privileged Access Management.

Published byFrederica Wilkinson Modified over 8 years ago

Similar presentations

Presentation on theme: "A Taxonomy of Cloud Attack Consequences and Mitigation Strategies The Role of Access Control and Privileged Access Management."— Presentation transcript:

1 A Taxonomy of Cloud Attack Consequences and Mitigation Strategies The Role of Access Control and Privileged Access Management

2 Overview  Find what are the cloud attack consequences  Find what are the recommended mitigation strategies  Thematic analysis to locate any common strategies  Find the mitigation strategy with the greatest impact  Present a plausible solution

3 Cloud prevalence  Microsoft Office 360  Dropbox  Number two in the top five areas for increase spending for organizations (IDC Computer World, 2015)

4 What is cloud?  NIST definition Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models.  Service Models Software as a Service, Platform as a Service, Infrastructure as a service  Deployment Models Public cloud, Private cloud, Community cloud, Hybrid cloud.

5 Categorisation of Cloud Security Consequences and Mitigation Strategies  Current Cloud Security Alliance’s (CSA) “The Notorious Nine Cloud Computing Top Threats”  We gathered the top threats that cloud service providers and users face and re- categorise to allow effective identification and mitigate the risk presented.  Our categorization differs from the CSA’s paper and places threats into potential consequences

6 Process Technology People People, Process and Technology  People Employees, individuals who operate the cloud, both from a customer and cloud service provider perspective  Process Processes which govern the operation of the cloud by the customer and service provider  Technology Technology that is used to run and secure the cloud environment to maintain confidentiality, integrity and availability.  Potential causing factor

7 Confidentiality, Integrity and Availability  Potential result if breached Integrity Confidentiality Availability  Confidentiality Data is only accessible by authorized entities and unauthorized access is prohibited to protected data  Integrity Data can only be altered by authorised parties or through authorized methods  Availability Data and services are accessible to authorized parties as required

8 Attack Consequences

9  Account hijacking  Compromised logs PeopleProcessTechnology ConfidentialityIntegrityAvailability PeopleProcessTechnology ConfidentialityIntegrityAvailability Eavesdropping Manipulation of data Return of falsified information Redirection of Clients to illegitimate sites Unauthorized access to management interfaces Alteration of auditable logs for: - Intrusion detection systems - Accountability management - Digital forensics

10 Attack Consequences  Data Breach  Data Loss PeopleProcessTechnology ConfidentialityIntegrityAvailability PeopleProcessTechnology ConfidentialityIntegrityAvailability When Sensitive, protected or confidential information is intentionally or unintentionally distributed, transmitted, viewed or stored by an unauthorized individual or organization Technical attacks, such as collecting side channel timing information to extract private keys used by other VM’s on a host and hypervisor vulnerabilities. Associated with undertrained staff who are unequipped to handle the complex storage environments present in cloud products. Physical hardware failures, malware, and software vulnerabilities can result in data loss.

11 Attack Consequences  Unauthorised Elevation and misuse of privilege  Interception, Injection and Redirection PeopleProcessTechnology ConfidentialityIntegrityAvailability PeopleProcessTechnology ConfidentialityIntegrityAvailability - Circumventing controls, social engineering, malware backdoors, physical theft - Key flaws include unclear roles and responsibilities, poor enforcement of role definitions and not applying the need to know priniciple - Hijacking of data to manipulate, block and eavesdrop - Typically exploit vulnerabilities in internet protocols such as man-in- the-middle attacks, IP spoofing, ARP spoofing, DNS poisoning and RIP attacks.

12 Attack Consequences  Isolation Failure  Resource Exhaustion PeopleProcessTechnology ConfidentialityIntegrityAvailability PeopleProcessTechnology ConfidentialityIntegrityAvailability Failure of components used for isolation - Disc partitions, CPU caches, Graphics processing units May lead to cross-VM side channel attacks, loss control over the physical resources Over provisioning customers or being under resourced to fulfil requests, resulting in opportunities for DoS or attacks on the cloud system hypervisor DOS, Cloud DNS wars

13 Mitigation Strategies

14 PeopleProcessTechnology ConfidentialityIntegrityAvailability PeopleProcessTechnology ConfidentialityIntegrityAvailability  Information Security  Operations Management Software tools, systems technologies dedicated to maintaining confidentiality and integrity. Includes technologies such as encryption to prevent technology based attacks data sniffing and spoofing attacks. Oversees the operation of infrastructure technologies DOS, Cloud DNS wars Virtualisation software isolation installation, configuration, patches, scanning configurations audited. IDS and IPS firewalls are included in the category.

15 Mitigation Strategies  Resiliency  Process Management PeopleProcessTechnology ConfidentialityIntegrityAvailability PeopleProcessTechnology ConfidentialityIntegrityAvailability Infrastructure technologies and contingency planning to ensure services are available to authorized parties. Development and enforcement of policy Such as Security policies

16 Mitigation Strategies PeopleProcessTechnology ConfidentialityIntegrityAvailability Access Management Authentication policies for access to infrastructure Authentication and privilege access management

17 Mitigation Strategies Attack Consequences Account Hijacking Compromised logs Data Breach Data Loss Unauthorized Elevation and Misuse of Privilege Interception, Injection and Redirection Isolation Failure Resource Exhaustion Information Security [1, 2][3, 4] [6] Operation Management [7] [7, 8][7] Resiliency [4, 10] [12] Process Management [3, 10] Access Management[2, 4, 10][1][3, 4][7][2, 15] [8]

18 What is Privilege Access Management  What is an administrator or a privileged user?  What can occur if administrators are unmanaged and have unlimited access?  What can be done to manage the access privileges?

19 Research Question  Can a privilege access management system solution be created to provide for finer control and automation over current security solutions in the academic and public space?

20 Privileged Access Management in IaaS Cloud Computing Conceptual PAM architecture for cloud

21 Software Used  VMware Workstation 11.1.1 build-2771112  Microsoft Windows Server 2012 R2 Datacenter x64  Microsoft Windows 10 education x64  Visual Studio 2015  Main programing language: C#

22 Group Policy  Used for Implement specific configurations for users and computers  Contained in GPOs  Linked to Active Directory directory service containers  Sites  Domains  Orgnaisation units  Based on Hierarchal  Allow the management of users and computer object

23 Applocker  Built further upon existing Software Restrictions Policies  Prevent unlicensed software from running in the desktop environment if the software is not on the allowed list  Prevent vulnerable, unauthorized applications from running in the desktop environment, including malware  Stop users from running applications that needlessly consume network bandwidth or otherwise affect the enterprise computing environment  Prevent users from running applications that destabilize their desktop environment and increase help desk support costs  Provide more options for effective desktop configuration management  Allow users to run approved applications and software updates based upon policies while preserving the requirement that only users with administrative credentials can install or run applications and software updates  Help to ensure that the desktop environment is in compliance with corporate policies and industry regulations

24 Proposed Graphical User Interface

25 Privileged access Managed

26 Prototyping  Prototyping is currently underway  Testing and metrics procedures are currently under review and are being refined

27 A Taxonomy of Cloud Attack Consequences and Mitigation Strategies The Role of Access Control and Privileged Access Management IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom 2015) Kin Suntana Tep Ray Hunt Ben Martini Kim-Kwang Raymond Choo

28 Conclusion  Cloud prevalence and security concerns  Current threats and consequences outlined  Mitigations strategies to combat  Access management a popular solution  Knowledge gap in Privilege access management

29 Thank you! Any Questions?

Download ppt "A Taxonomy of Cloud Attack Consequences and Mitigation Strategies The Role of Access Control and Privileged Access Management."

Similar presentations

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Mr C Johnston ICT Teacher

Mr C Johnston ICT Teacher
An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.

An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.
Tunis, Tunisia, 28 April 2014 Business Values of Virtualization Mounir Ferjani, Senior Product Manager, Huawei Technologies 2.

Tunis, Tunisia, 28 April 2014 Business Values of Virtualization Mounir Ferjani, Senior Product Manager, Huawei Technologies 2.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.

BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Cloud Usability Framework

Cloud Usability Framework
Wally Kowal, President and Founder Canadian Cloud Computing Inc.

Wally Kowal, President and Founder Canadian Cloud Computing Inc.
Be Smart, Use PwrSmart What Is The Cloud?. Where Did The Cloud Come From? We get the term “Cloud” from the early days of the internet where we drew a.

Be Smart, Use PwrSmart What Is The Cloud?. Where Did The Cloud Come From? We get the term “Cloud” from the early days of the internet where we drew a.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Cloud Computing Guide & Handbook SAI USA Madhav Panwar.

Cloud Computing Guide & Handbook SAI USA Madhav Panwar.
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.

Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.
Cloud computing Tahani aljehani.

Cloud computing Tahani aljehani.
THE DICOM 2013 INTERNATIONAL CONFERENCE & SEMINAR March 14-16Bangalore, India DICOM Medical Image Management the Challenges and Solutions – Cloud as a.

THE DICOM 2013 INTERNATIONAL CONFERENCE & SEMINAR March 14-16Bangalore, India DICOM Medical Image Management the Challenges and Solutions – Cloud as a.

Similar presentations

Ads by Google