s ecurity challenges in a networked world
Download
Skip this Video
Download Presentation
S ecurity challenges in a networked world

Loading in 2 Seconds...

play fullscreen
1 / 8

S ecurity challenges in a networked world - PowerPoint PPT Presentation


  • 103 Views
  • Uploaded on

S ecurity challenges in a networked world . Theo Dimitrakos Chief Security Researcher –Security Futures Practice, BT Research & Technology Professor of Computer Science – School of Computing, University of Kent . Overview . Change factors New security threats Research challenges .

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' S ecurity challenges in a networked world ' - lainey


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
s ecurity challenges in a networked world

Security challenges in a networked world

Theo Dimitrakos

Chief Security Researcher –Security Futures Practice, BT Research & Technology

Professor of Computer Science – School of Computing, University of Kent

overview
Overview
  • Change factors
  • New security threats
  • Research challenges
commonly referenced cloud security incidents
Commonly referenced cloud security incidents

Service

Availability

  • Amazon: Hey Spammers, Get Off My Cloud! (2008)
  • Megaupload US prosecutor investigation (2012)

Bitbucket\'s Amazon DDoS - what went wrong (2009)

AWS EBS cloud storage services outage (2011) – impact on Netflix vs. Foursqaure

Bad co-hosts

Data Remanence

You can check out but can’t leave

In-cloud federated

Identity Management

Location & Privacy

Who looks at/after your data? And where? Jurisdictions?

Data Provanence

Where did the data come from?

Lack of Standards

An Empirical Study into the Security Exposure to Hosts of Hostile

Virtualized Environments (Tavis Ormandy, Google Inc.) http://taviso.decsystem.org/virtsec.pdf

Blue Pill http://en.wikipedia.org/wiki/Blue_Pill_(malware) see also http://invisiblethingslab.com/itl/About.html

Cloudburst: Arbitrary code execution vulnerability for VMWare

http://www.blackhat.com/presentations/bh-usa-09/KORTCHINSKY/BHUSA09-Kortchinsky-Cloudburst-SLIDES.pdf

Resettable Public-Key Encryption: How to Encrypt on a Virtual Machine

Security issues with Google Docs

Security Issues with Sony User Network

Diginotar (June 2011)

RSA SecureID (March2011)

Risk communication

& Response

Hypervisor &

Virtual Machine

Vulnerabilities

Crypto Ops

in VM

Entitlement

Management

cloud security the challenges
Cloud Security: the challenges

Near real-time virtual patching

Intrusion Prevention at Hypervisor level – below Guest OS

Malware prevention / detection at Hypervisor level

  • CSPs don’t:
  • allow clients to classify data
  • offer different levels of security based upon data sensitivity
  • offer DLP services

Robust at system level (modulo kernel bugs)

Issues at management plane Memory hijacking

Co-ordinate security

policies & provisioning for

network & server virtualisation

Location/resource optimisation

  • Guest OS needs
  • security protection
  • Resilient VM lifecycle
  • dynamic
  • at massive scale
  • Hypervisor / trusted VM:
  • the best place to secure
  • Limited compute resources
  • Security API standards
  • Difficult to exploit but high-impact
  • Do you trust Microsoft?
  • Do you trust VMWare?

Crypto doesn’t like virtual

Current algorithms set to

optimise resource pooling

Can’t always use specialised HW

Encryption key management

cloud security the challenges1
Cloud Security: the challenges

Provider & resource / data location

Cross-border data movement

PII and privacy obligations (HIPAA, GLBA)

Auditing and compliance (PCI, ISO 27001)

Poor quality of evidence

Lack of standards

Lack of interoperability

Limited service portability

Incompatible management processes

EU vs. US vs. China (Gov. access)

Differences in data protection

Cost of keeping data hosting in EUAudit data legally owned by CSP refusal to ‘hand over audit logs?Difficult to involve law enforcement

with CSP activities

Security of shared resources

Process isolation

Data segregation“Data sharding”

(fragment across images)

Entitlement & Access Mgmt

(policy issuing authority)

Latency sensitive applications

Enforcement of SLA obligations

Insufficient capabilities to cater for managing critical data

In-cloud segregation of data: difficult

Accidental seizure of customer data

during forensic investigations

VMs provided by IaaS provider

Platform stack by PaaS provider

IaaS, PaaS issues + application security

cloud security the challenges2
Cloud Security: the challenges

Credential Mapping

Authorization with Constrained Delegation

(Policy Integrity & Recognition of Authority)

Trust & Federation

Security Auditing

Active Directory/LDAP - Attributes, Credentials and Groups for Edge servers

Provisioning

Identity Integration

User Management

Credential Management

Entitlement Management

Device Credentials, PKI Infrastructure

Federation and Edge Server Security –

Secure Application Integration Fabric (Secure ESB Gateway)

questions
Questions

For more information please contact:

[email protected]

[email protected]

ad