1 / 54

Lecture XIV: Cloud Software Security

Lecture XIV: Cloud Software Security. CS 4593 Cloud-Oriented Big Data and Software Engineering. Cloud Computing Parts. NIST defines cloud computing by: 5 essential characteristics 3 cloud service models 4 cloud deployment models. 2. Essential Characteristics. On-demand service

guillermina
Download Presentation

Lecture XIV: Cloud Software Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture XIV: Cloud Software Security CS 4593Cloud-Oriented Big Data and Software Engineering

  2. Cloud Computing Parts • NIST defines cloud computing by: • 5 essential characteristics • 3 cloud service models • 4 cloud deployment models 2

  3. Essential Characteristics • On-demand service • Get computing capabilities as needed automatically • Broad Network Access • Services available over the net using desktop, laptop, PDA, mobile phone 3

  4. Essential Characteristics • Resource pooling • Provider resources pooled to server multiple clients • Rapid Elasticity • Ability to quickly scale in/out service • Measured service • control, optimize services based on metering 4

  5. Cloud Service Models • Software as a Service (SaaS) • We use the provider apps • User doesn’t manage or control the network, servers, OS, storage or applications • Platform as a Service (PaaS) • User deploys their apps on the cloud • Controls their apps • User doesn’t manage servers, IS, storage 5

  6. Cloud Service Models • Infrastructure as a Service (IaaS) • Consumers gets access to the infrastructure to deploy their stuff • Doesn’t manage or control the infrastructure • Does manage or control the OS, storage, apps, selected network components 6

  7. Deployment Models • Public • Cloud infrastructure is available to the general public, owned by org selling cloud services • Private • Cloud infrastructure for single org only, may be managed by the org or a 3rd party, on or off premise 7

  8. Deployment Models • Community • Cloud infrastructure shared by several orgs that have shared concerns, managed by org or 3rd party • Hybrid • Combo of >=2 clouds bound by standard or proprietary technology 8

  9. Basic Security 9

  10. Confidentiality Authorized to Know 10

  11. Integrity Data Has Not Been Tampered With 11

  12. Availability Data Never LossMachine Never Fail 12

  13. Cloud Security !! A major Concern Customer Customer Data Customer Code Security concerns arising because both customer data and program are residing at Provider Premises. Security is always a major concern in Open System Architectures Provider Premises 13

  14. Security Is the Major Challenge 14

  15. Why Cloud Computing brings new threats? Traditional system security mostly means keeping bad guys out The attacker needs to either compromise the auth/access control system, or impersonate existing users 15

  16. Why Cloud Computing brings new threats? • Cloud Security problems are coming from : • Loss of control • Lack of trust (mechanisms) • Multi-tenancy • These problems exist mainly in 3rd party management models • Self-managed clouds still have security issues, but not related to above 16

  17. Why Cloud Computing brings new threats? Consumer’s loss of control • Data, applications, resources are located with provider • User identity management is handled by the cloud • User access control rules, security policies and enforcement are managed by the cloud provider • Consumer relies on provider to ensure • Data security and privacy • Resource availability • Monitoring and repairing of services/resources 17

  18. Why Cloud Computing brings new threats? Multi-tenancy : Multiple independent users share the same physical infrastructure So, an attacker can legitimately be in the same physical machine as the target 18

  19. Who is the attacker? • Insider? • Malicious employees at client • Malicious employees at Cloud provider • Cloud provider itself • Outsider? • Intruders • Network attackers? 19

  20. Attacker Capability: Malicious Insiders • At client • Learn passwords/authentication information • Gain control of the VMs • At cloud provider • Log client communication 20

  21. Attacker Capability: Cloud Provider • What? • Can read unencrypted data • Can possibly peek into VMs, or make copies of VMs • Can monitor network communication, application patterns 21

  22. Attacker Capability: Outside attacker • What? • Listen to network traffic (passive) • Insert malicious traffic (active) • Probe cloud structure (active) • Launch DoS 22

  23. Challenges for the attacker How to find out where the target is located How to be co-located with the target in the same (physical) machine How to gather information about the target 23

  24. Perimeter Security Model 24

  25. Perimeter Security with Cloud Computing? 25

  26. Perimeter Security Model Broken • Threats • Including the cloud in your perimeter • Lets attackers inside the perimeter • Prevents mobile users from accessing the cloud directly • Not including the cloud in your perimeter • Essential services aren’t trusted • No access controls on cloud • Countermeasures • Drop the perimeter model! 26

  27. Integrating Provider and Customer Security • Threat • Disconnected provider and customer security systems • Fired employee retains access to cloud • Misbehavior in cloud not reported to customer • Countermeasures • At least, integrate identity management • Consistent access controls • Better, integrate monitoring and notifications • Notes • Can use SAML, LDAP, RADIUS, XACML, IF-MAP, etc. 27

  28. Failures in Provider Security • Explanation • Provider controls servers, network, etc. • Customer must trust provider’s security • Countermeasures • Verify and monitor provider’s security • Notes • Outside verification may suffice • For small business, provider security may exceed customer security 28

  29. Security Issues from Virtualization • Virtualization providers provide • is using- ParaVirtualization or full system virtualization. • Instance Isolation:ensuring that Different instances running on the same physical machine are isolated from each other. • Control of Administrator on Host O/s and Guest o/s. • Current VMs do not offer perfect isolation: Many bugs have been found in all popular VMMs that allow to escape from VM! • Virtual machine monitor should be ‘root secure’, meaning that no level of privilege within the virtualized guest environment permits interference with the host system. 29

  30. Attacks by Other Customers • Threats • Provider resources shared with untrusted parties • CPU, storage, network • Customer data and applications must be separated • Countermeasures • Hypervisors for compute separation • MPLS, VPNs, VLANs, firewalls for network separation • Cryptography (strong) • Application-layer separation (less strong) 30

  31. Legal and Regulatory Issues • Threats • Laws and regulations may prevent cloud computing • Requirements to retain control • Certification requirements not met by provider • Geographical limitations – EU Data Privacy • New locations may trigger new laws and regulations • Countermeasures • Evaluate legal issues • Require provider compliance with laws and regulations • Restrict geography as needed 31

  32. Security Stack IaaS: entire infrastructure including facilities PaaS: application, Middleware, database, messaging supported by IaaS SaaS: self contained operating environment: content, presentation, apps, mgt 32

  33. Key Takeaways • SaaS • Service levels, security, governance, compliance, liability expectations of the service & provider are contractually defined • PaaS, IaaS • Customer sysadmins manage the same with provider handling platform, infrastructure security 33

  34. Governance Identify, implement process, controls to maintain effective governance, risk management, compliance Provider security governance should be assessed for sufficiency, maturity, consistency with user ITSEC process 34

  35. 3rd Party Governance Request clear docs on how facility & services are assessed Require definition of what provider considers critical services, info Perform full contract, terms of use due diligence to determine roles, accountability 35

  36. Legal, e-Discovery Functional: which functions & services in the Cloud have legal implications for both parties Jurisdictional: which governments administer laws and regulations impacting services, stakeholders, data assets Contractual: terms & conditions 36

  37. Legal, e-Discovery • Both parties must understand each other’s roles • Litigation hold, Discovery searches • Expert testimony • Provider must save primary and secondary (logs) data • Where is the data stored? • laws for cross border data flows 37

  38. Legal, e-Discovery Plan for unexpected contract termination and orderly return or secure disposal of assets You should ensure you retain ownership of your data in its original form 38

  39. Compliance & Audit Hard to maintain with your requirements, harder to demonstrate to auditors Right to Audit clause Analyze compliance scope Regulatory impact on data security Evidence requirements are met 39

  40. Info Lifecycle Management • Data security (CIA) • Data Location • All copies, backups stored only at location allowed by contract, SLA and/or regulation • Compliant storage (EU mandate) for storing e-health records 40

  41. Portability, Interoperability When you have to switch cloud providers Contract price increase Provider bankruptcy Provider service shutdown Decrease in service quality Business dispute 41

  42. Security • Centralization of data = greater insider threat from within the provider • Require onsite inspections of provider facilities • Disaster recover, Business continuity, etc 42

  43. Data Center Ops • How does provider do: • On-demand self service • Broad network access • Resource pooling • Rapid elasticity • Measured service 43

  44. Incident Response • Different trust boundaries for IaaS, PaaS, Saas • Cloud apps aren’t always designed with data integrity, security in mind • Provider keep app, firewall, IDS logs? • Provider deliver snapshots of your virtual environment? • Sensitive data must be encrypted for data breach regulations 44

  45. Application Security Different trust boundaries for IaaS, PaaS, Saas Provider web application security? Secure inter-host communication channel 45

  46. Encryption, Key Management • Encrypt data in transit, at rest, backup media • Secure key store • Protect encryption keys • Ensure encryption is based on industry/govt standards. • NO proprietary standard • Limit access to key stores • Key backup & recoverability • Test these procedures 46

  47. ID, Access Management • Determine how provider handles: • Authentication • Authorization, user profile management 47

  48. Mid-Term Exam& Final Exam • Mid-term • Oct 9th 2015 • In class: 3-3:50 • 100 points: 17.5% of the grade • Final: • Dec 10th 2015 • 3:15-5:45 • In class • 100 points: 17.5% of the grade 48

  49. Mid-Term Exam& Final Exam • Question types • Same for mid-term and final • 10 multiple choice (50 points total) • 3 question & answers (50 points total) 49

  50. Exam Contents-Mid Term • Cloud Computing Basic • Characteristics • Structures • Deployment models • Benefits • Risks • Differences between IAAS, PAAS, and SAAS 50

More Related