310 likes | 499 Views
Security and Privacy in Cloud Computing. Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2011. Lecture 2 08/ 18/ 2011. Basic security concepts. Goal Crash course on computer security!! Learn how to analyze the security of a system/ scheme in a systematic manner.
E N D
Security and Privacy in Cloud Computing Ragib HasanUniversity of Alabama at BirminghamCS 491/691/791 Fall 2011 Lecture 2 08/18/2011
Basic security concepts Goal Crash course on computer security!! Learn how to analyze the security of a system/scheme in a systematic manner. Examinecloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011
What is computer security? In a nutshell – • Knowing who is who, for real !! (authentication) • Keeping bad guys out, letting good guys in (authorization) • Ensuring secrecy of sensitive info (confidentiality and privacy) • Making sure no one broke anything (integrity) • Preventing bad guys from paralyzing systems through resource starvation (availability) Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011
What makes computer security different from most other CS topics? Security is mostly a human problem Most security problems are as old as human civilization itself!! Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011
Authentication Problem: How do we verify the identity of an entity? Solution: Use the common authentication factors: • What you know • What you have • What you are • Who you know How does it relate to a cloud? Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011
Authorization Problem: How do we figure out what an entity is allowed to access or do? Solution: Use access control rules/models/roles, capabilities, etc. How does it relate to a cloud? Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011
Confidentiality and Privacy Problem: How can we keep secret information secret? (i.e., prevent unauthorized entities from reading it) Solution: Encryption How does it relate to a cloud? Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011
Integrity Problem: How can we prevent/detect unauthorized modification of objects? Solution: • Tamper proofing (hard to do!!) • Tamper evidence (via signatures, hashes) How does it relate to a cloud? Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011
Availability Problem: How can we prevent malicious parties from overloading our system? Solution: Throttling, puzzles, ip blacklisting How does it relate to a cloud? Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011
Threat Model A threat model helps in analyzing a security problem, design mitigation strategies, and evaluate solutions Steps: • Identify attackers, assets, threats,and other components • Rank the threats • Choose mitigation strategies • Build solutions based on the strategies Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011
Threat Model Basic components • Attacker modeling • Choose what attacker to consider • Attacker motivation and capabilities • Assets / Attacker Goals • Vulnerabilities / threats Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011
Recall: Cloud Computing Stack Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011
Recall: Cloud Architecture SaaS / PaaS Provider Client Cloud Provider (IaaS) Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011
Attackers Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011
Who is the attacker? • Insider? • Malicious employees at client • Malicious employees at Cloud provider • Cloud provider itself • Outsider? • Intruders • Network attackers? Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011
Attacker Capability: Malicious Insiders • At client • Learn passwords/authentication information • Gain control of the VMs • At cloud provider • Log client communication Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011
Attacker Capability: Cloud Provider • What? • Can read unencrypted data • Can possibly peek into VMs, or make copies of VMs • Can monitor network communication, application patterns Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011
Attacker motivation: Cloud Provider • Why? • Gain information about client data • Gain information on client behavior • Sell the information or use itself • Why not? • Cheaper to be honest? • Why? (again) • Third party clouds? Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011
Attacker Capability: Outside attacker • What? • Listen to network traffic (passive) • Insert malicious traffic (active) • Probe cloud structure (active) • Launch DoS Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011
Assets Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011
Threat Model Basic components • Attacker modeling • Choose what attacker to consider • Attacker motivation and capabilities • Assets / Attacker Goals • Vulnerabilities / threats Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011
Attacker goals: Outside attackers • Intrusion • Network analysis • Man in the middle • Cartography Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011
Assets (Attacker goals) • Confidentiality: • Data stored in the cloud • Configuration of VMs running on the cloud • Identity of the cloud users • Location of the VMs running client code Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011
Assets (Attacker goals) • Integrity • Data stored in the cloud • Computations performed on the cloud Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011
Assets (Attacker goals) • Availability • Cloud infrastructure • SaaS / PaaS Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011
Threats Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011
Organizing the threats using STRIDE • Spoofing identity • Tampering with data • Repudiation • Information disclosure • Denial of service • Elevation of privilege Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011
Typical threats [STRIDE] Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011
Typical threats (contd.) [STRIDE] Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011
Summary • A threat model helps in designing appropriate defenses against particular attackers • Your solution and security countermeasures will depend on the particular threat model you want to address Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011
Further Reading Frank Swiderski and Window Snyder , “Threat Modeling “, Microsoft Press, 2004 The STRIDE Threat Model Ragib Hasan | UAB CIS | CS491/691/791 Fall 2011