1 / 16

Security in Clouds Building a Malicious Client Detection module for BlobSeer

This project focuses on developing a module for BlobSeer that detects and enforces policies to identify and prevent malicious client activities. It provides secure access to web services and implements a trust level system.

jollyj
Download Presentation

Security in Clouds Building a Malicious Client Detection module for BlobSeer

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security in CloudsBuilding a Malicious Client Detection module for BlobSeer Catalin Leordeanu catalin.leordanu@cs.pub.ro

  2. Outline • Introduction • Secure access to Web Services over BlobSeer • Malicious Client detection • Policy enforcement • Trust level • Conclusions and future work

  3. Introduction • This work was done as part of the KerData-PUB associated team project. Coordinated projects: • BlobSeer Policy Enforcement – Cristina Basescu (Master internship, Rennes) • BlobSeer Trust Level – Ana-Maria Lepar • (Bachelor project, Bucharest) • Secure Access to Cloud Services over BlobSeer – Dumbrava Maria • (Bachelor project, Bucharest)

  4. Secure access to web services over BlobSeer • Goals: • To use BlobSeer as a backend for web services with Axis2. • To provide a secure environment to access and deploy web services

  5. Secure access to web services over BlobSeer • Security aspects: • For each deployed service we have its owner and a list of users with access rights to it • The administrator is the only one with complete access to all deployed services • Each client can access the web services deployed by him and request access to other services. • The actual blobs are hidden from the user and can only be accessed through service invocations.

  6. Service invocation patterns

  7. Conclusions and future work • Conclusions: • We demonstrated that we can use BlobSeer for data management for web services using Axis2. • We integrated simple authentication and authorization mechanisms to manage the users access rights. • Future work: • Test this framework for more complex services and orchestration • Implement the delegation of access rights from one user to another

  8. Malicious Client Detection • Types of malicious activity: • Protocol Breach • Heavy writing without the creation of a new version (WriteNoPublish) • Publish the version and create the metadata tree, but write nothing actually(PublishNoWrite). • Policy enforcement – matching of predefined policies • Denial of Service • Detection of suspicious activity • Crawling • Repeated reading of the same data • Abnormal client activity

  9. Malicious Client Detection • Challenges: • BlobSeer has no authentication mechanism or any way to distinguish the users • each client accesses the information in the same way • there is no way of certifying the users

  10. Malicious Client Detection • Anomaly Engine - Analyses the client behavior and looks for changes in access patterns • Matching Engine, Pattern Storage, Policy Enforcement – Reads the user history and looks for policy violations or malicious activity, based on a set of predefined patterns • Trust Level – Computes a Trust Level for each client based on the user history and feedback from the policy enforcement.

  11. Policy enforcement • Advantages: • Simple to use and easy to customize XML patterns that describe malicious activity • It can take complex actions in the case of policy violations • Directly • Through the TL • Disadvantages: • Unable to adapt to unknown malicious activity • Possible large delay due to the monitoring infrastructure and storage of user history.

  12. Policy example • <?xml version="1.0" encoding="UTF-8" ?> • - <securityPolicy id="1_25"> • <clientID rvalue="c" value="c" /> • <active value="true" /> • <priority value="1" /> • <start value="w1" /> • <end value="c1" /> • - <preconditions> • - <event id="w1" type="prov_write_summary"> • <watermark id="wa" rvalue="" value="w" /> • <blobId id="bId" rvalue="" value="b" /> • <clientID rvalue="" value="c" /> • <WriteSizeCount id="wsc" rvalue="" /> • <thresholdWriteSize id="tws" value="1080" /> • <supThresholdWriteSize id="stws" value="2000" /> • <firstDate id="fd" rvalue="" /> • <lastDate id="ld" rvalue="" /> • <distance id="dist" value="7000" />

  13. Policy example • <neg> - • <precededBy> • <refEvent value="p1" /> • <count value="1" /> • <distance value="> fd - 100" /> • </precededBy> • </neg> • - <neg> • - <followedBy> • <refEvent value="p2" /> • <count value="1" /> • <distance value="<= fd + dist" /> • </followedBy> • </neg> • </event> • - <event id="p1" type="vman_write"> • <watermark rvalue="" value="w" /> • <blobId rvalue="" value="b" /> • <clientID rvalue="" value="c" /> • <count rvalue="0" /> • <lastDate rvalue="" /> • </event> • - <event id="p2" type="vman_write"> • <watermark rvalue="" value="w" /> • <blobId rvalue="" value="b" /> • <clientID rvalue="" value="c" /> • <count rvalue="0" /> • <lastDate rvalue="" /> • </event>

  14. Trust Level • Each event has an effect on the Trust Level of the user • Also uses the system state of the providers to determine the gravity of the malicious activity • The Trust level can be between 0 and 100. • If a user has a high Trust Level he may be rewarded with relaxed security policies for a period of time. • A low Trust level may be punished by more restrictive policies.

  15. Conclusions and future work • Conclusions: • We designed a malicious client detection architecture • Right now, the Policy Enforcement and Trust Level modules are functional • Future work: • Build a complete, functional security framework for BlobSeer • Finish the implementation of the other modules • Connect the modules with each other • Test with large scenarios with many users

  16. Questions ? Thank you !

More Related