Security and privacy in cloud computing
This presentation is the property of its rightful owner.
Sponsored Links
1 / 21

Security and Privacy in Cloud Computing PowerPoint PPT Presentation


  • 72 Views
  • Uploaded on
  • Presentation posted in: General

Security and Privacy in Cloud Computing. Ragib Hasan Johns Hopkins University en.600.412 Spring 2011. Lecture 11 04/25/2011. Attacking Availability. Goal: To see how availability of a cloud can be affected by DoS attacks launched from inside the cloud. Review Assignment #10:

Download Presentation

Security and Privacy in Cloud Computing

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Security and privacy in cloud computing

Security and Privacy in Cloud Computing

Ragib HasanJohns Hopkins Universityen.600.412 Spring 2011

Lecture 11

04/25/2011


Attacking availability

Attacking Availability

  • Goal: To see how availability of a cloud can be affected by DoS attacks launched from inside the cloud.

  • Review Assignment #10:

    • Han Liu, A New Form of DOS Attack in a Cloud and Its Avoidance Mechanism, ACM Cloud Computing Security Workshop 2010

en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan


Announcement

Announcement

  • Next week (5/2), we’ll have our final class, where we will discuss

    • A wrap-up of things we learned

    • A high level view of cloud security problem space

  • No new papers will be discussed next week (but you do have to turn in Review Assignment #10 by 5/2)

en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan


Recap anti virus as a service

Recap: Anti-virus as a service

Pros

Cons

Ideas

en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan


Dos attack on cloud

DoS attack on cloud

  • Network provisioning in data centers:

    • Many servers share the same link/router, so bandwidth is shared.

en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan


Data center networks are typically grossly under provisioned

Data center networks are typically grossly under-provisioned

  • Typical ratios are 2.5:1 to 8:1

    • 8:1 means servers get at most 1/8 of the bandwidth of their interface

  • Bandwidth is limited by the hierarchical nature of network, routers, and switches

  • Multiplexing in routers reduce the amount of bandwidth each server ultimately gets

en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan


Typical data center network

Typical data center network

Communication between H1-H4 and H5-H8 are routed through R5 and R6.

en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan


Under provisioning is not a problem in traditional networks

Under provisioning is not a problem in traditional networks

Network admins can co-locate related servers in the same subnet

Network admins can redesign network topologies to fine tune for worst case performance

en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan


Under provisioning is a problem in clouds

Under provisioning IS a problem in clouds

There are many more servers in a cloud, so provisioning ratios are much higher (e.g. 45:1)

Many clients use the same network, and malicious clients can launch DoS

Application owner/designer has no control over network topology

en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan


Dos attacks on clouds

DoS attacks on clouds

DoS attacks on traditional systems (from the outside) can be prevented via clever tricks such as moving to a cloud based virtualized model

DoS attacks on clouds launched from *inside* the cloud are much harder to prevent

en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan


Dos attack on clouds

DoS attack on clouds

Adversary launches attack from inside the cloud data center network

After probing the network and reverse-engineering the topology, the adversary can identify bottlenecks

Then the adversary can send DoS traffic to the bottleneck link to saturate it

en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan


Example

Example

To attack Link B, adversary sends packets from R1’s subnet to another subnet

en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan


Types of attacks

Types of attacks

Untargeted attack: No particular link or host is targeted

Targeted attack: Adversary gains critical mass in a network to target a specific victim

en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan


Topology identification

Topology identification

Knowledge of topology is important for the adversary

en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan


How to identify topology

How to identify topology

  • Technique #1: Traceroute

    • Run traceroute between all pairs of hosts

    • Due to ip provisioning schemes, running traceroute for a few pairs of hosts is enough

    • Disadvantages:

      • Can’t identify switches (layer 2)

      • Can be disabled at router level

en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan


How to identify topology1

How to identify topology

  • Technique #2: Network probing

    • Idea: Use observed traffic rates to infer number of router between two hosts

en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan


How many malicious hosts is enough

How many malicious hosts is enough?

  • Untargeted attack:

    • Easy to get many hosts if VM assignment algorithm can be reverse engineered (as in “Hey You!” paper

    • Even brute force attack succeeds in getting many hosts in the same subnet

    • (Note: this is different fro co-location attack, where the goal was to co-locate of physical hardware rather than network)

en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan


How many malicious hosts is enough1

How many malicious hosts is enough?

  • Targeted attack:

    • Pick victim, launch brute force attacks

    • Tests show it is easy to get VMs in same subnet as target

en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan


Launching the attack

Launching the attack

  • Process:

    • Send a flood of packets through the link

    • UDP used. (Why?)

    • For adaptive applications, do not saturate link completely, rather “almost” saturate it (Why?)

en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan


Mitigation strategy

Mitigation strategy

Use a user side monitoring agent to monitor link saturation

When a link degrades, or server detects bottleneck and sends help packet, the monitor initiates app migration

en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan


Comments

Comments

Experiments / attacks were run on a real cloud (without knowledge of data center admin)

en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan


  • Login