SlideShare a Scribd company logo

Cloud Cmputing Security

Download as PPTX, PDF
D
Devyani Vaidya

This document discusses threats and risks associated with cloud computing. It begins by defining cloud computing models and architectures. It then provides a detailed threat model identifying over 50 specific risks in areas such as resource exhaustion, data leakage, encryption issues, network attacks, hypervisor vulnerabilities, lack of access control and more. It emphasizes that cloud computing introduces new security challenges due to reduced control, shared infrastructure vulnerabilities and the immaturity of cloud security practices. The document provides resources for further information on cloud security standards and best practices.

Education
1 of 51
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
Deconstructing Cloud Computing Devyani Bharat Vaidya Polytechnic Student
The Problem with Emerging Technologies • No history of vulnerabilities and attacks to fall back o n • No institutional knowledge • “I need the security requirements by 5 pm today” • Will it be sustaining/evolutionary, disruptive, or simp ly fail? • Easy to get bogged down in the new stuff, and forget the fundamentals!
NIST Definition • On-demand self-service. • Broad network access. • Resource pooling. • Rapid elasticity. • Measured Service. • Does this really help us as auditors and security profe ssionals?
Architecture and Service Definitions • Three Cloud Service Delivery Models: 1. Infrastructure as a Service (IaaS) 2. Platform as a Service (PaaS) 3. Software as a Service (SaaS) • Four Cloud Service Deployment Models 1. Public 2. Private 3. Community 4. Hybrid
CSA Cloud Reference Model
Hypervisors • Runs multiple instances of an OS (or multiple OSes) on shared hardware • Native or “bare metal” – PR/SM on the IBM System 370 (1972!) – VMWare ESXi – Microsoft Hyper-V • Host based – Virtual PC – VMWare Server – Parallels • Can use direct physical storage and/or virtual disks • Mainly used for IaaS and PaaS
Native Hypervisor
What is Important Here? • Know where your organization ends and the other b egins – Patching, software licensing, data retention, etc. • Make sure that there is documented responsibility fo r EVERY layer in the cloud stack – “Hey man, it’s my responsibility to patch the hypervisors n ot the OSes.”
Threat Modeling 101 • Systematic way to develop requirements, test plans and testing tools • Three basic ways to approach a threat model: attack focused, asset focused, design focused • Model can be represented in many ways, including U ML, attack trees, and data flow diagrams • Microsoft Security Development Life Cycle (SDL), OC TAVE, Trike • Pick and choose what works best for your organizati on.
Examples
Cloud Computing Threat Model ENISA Cloud Computing Risk Assessment
Threat Model • Risk 1: Resource Exhaustion* • Risk 2: Customer Isolation Failure* • Risk 3: Management Interface Compromise • Risk 4: Interception of Data in Transmission • Risk 5: Data leakage on Upload/Download, Intra-clou d
Threat Model • Risk 6: Insecure or Ineffective Deletion of Data* • Risk 7: Distributed Denial of Service (DDoS) • Risk 8: Economic Denial of Service* • Risk 9: Loss or Compromise of Encryption Keys • Risk 10: Malicious Probes or Scans
Threat Model • Risk 11: Compromise of Service Engine/Hypervisor* • Risk 12: Conflicts between customer hardening proce dures and cloud environment • Risk 13: Subpoena and E-Discovery* • Risk 14: Risk from Changes of Jurisdiction* • Risk 15: Licensing Risks*
Threat Model • Risk 16: Network Failure • Risk 17: Networking Management • Risk 18: Modification of Network Traffic • Risk 19: Privilege Escalation* • Risk 20: Social Engineering Attacks
Threat Model • Risk 21: Loss or Compromise of Operation Logs • Risk 22: Loss or compromise of Security Logs • Risk 23: Backups Lost or Stolen • Risk 23: Unauthorized Access to Premises, Including Physical Access to Machines and Other Facilities • Risk 25: Theft of Computer Equipment.*
AAA • Insecure storage of cloud access credentials by custo mer • Insufficient roles available • Credentials stored on a transitory machine • Password-based authentication may become insuffici ent – Strong or two-factor authentication for accessing cloud res ources will be necessary
User Provisioning • Customer cannot control provisioning process • Identity of customer or billing information is not adequately v erified at registration • Delays in synchronization between cloud system components • Multiple, unsynchronized copies of identity data are made • Credentials are vulnerable to interception and replay • De-provisioned credentials are still valid due to time delays in roll-out of revocation
Remote Access To Management Interface • Allows vulnerabilities in end-point machines to comp romise the cloud infrastructure (single customer or C P) through, for example, weak authentication of resp onses and requests.
Hypervisor • Exploiting the hypervisor potentially means exploitin g every VM! • Guest to host escape • VM hopping • Virtual machine-based rootkits
Lack of Resource Isolation • Side channel attacks • Shared storage • Insecure APIs • Lack of tools to enforce resource utilization
Lack of Reputation Isolation • Activities from one customer impact the reputation of another customer • And can impact the reputation of the CP
Communication Encryption • Reading data in transit via MITM attacks • Poor authentication • Acceptance of self-signed certificates
Weak or No Encryption • Data in transit • Data held in archives and databases • Un-mounted virtual machine images • Forensic images and data, sensitive logs and other da ta at rest puts customer data at risk
Unable to Process Data in Encrypted Form • Encrypting data at rest is easy, but implementing homomorph ic encryption is not -- there is little prospect of any commercia l system being able to maintain data encryption during proces sing. • Bruce Schneier estimates that performing a web search with e ncrypted keywords would increase the amount of computing time by about a trillion.
Poor Encryption Key Management • Hardware security modules (HSM) required in multip le locations • Key management interfaces which are accessible via the public Internet • The rapid scaling of certificate authorities issuing key pairs to new virtual machines • Revocation of keys for decommissioned virtual machi nes
Low Entropy for Random Number Generation • The combination of standard system images, virtualiz ation technologies and a lack of input devices means that virtual systems have much less entropy than ph ysical RNGs!
Inaccurate Modeling of Resource Usage • Overbooking or over-provisioning • Failure of resource allocation algorithms due to extra ordinary events (e.g., outlying news events for conte nt delivery). • Failure of resource allocation algorithms using job or packet classification because resources are poorly cla ssified. • Failures in overall resource provisioning (as opposed to temporary overloads)
No Control of Vulnerability Assessment Process • Restrictions on port scanning and vulnerability testin g are an important vulnerability which, combined wit h a AUP which places responsibility on the customer for securing elements of the infrastructure, is a serio us security problem.
Internal (Cloud) Network Probing • Cloud customers can perform port scans and other t ests on other customers within the internal network.
Co-residence Checks • Side-channel attacks exploiting a lack of resource isol ation allow attackers to determine which resources a re shared by which customers.
Lack of Forensic Readiness • While the cloud has the potential to improve forensi c readiness, many providers do not provide appropri ate services and terms of use to enable this.
Media Sanitization • Shared tenancy of physical storage resources means that sensitive data may leak because data destructio n policies may be impossible to implement • Media cannot be physically destroyed because a disk is still being used by another tenant • Customer storage cannot be located or tracked as it moves through the cloud
SLA • Clauses with conflicting promises to different stakeh olders • Clauses may also be in conflict with promises made b y other clauses or clauses from other providers.
Audit or Certification Not Available to Customers • The CP cannot provide any assurance to the custome r via audit certification. • Open source hypervisors or customized versions of t hem (e.g., Xen) may not have Common Criteria certifi cation, etc.
Certification Schemes Not Adapted to Cloud • Very few if any cloud-specific control, which means t hat security vulnerabilities are likely to be missed.
Inadequate Resource Provisioning and Investme nts in Infrastructure • Infrastructure investments take time. If predictive m odels fail, the cloud provider service can fail for a lon g period.
No Policies for Resource Capping • If there is not a flexible and configurable way for the customer and/or the cloud provider to set limits on r esources, this can be problematic when resource use is unpredictable.
Storage of Data in Multiple Jurisdictions • Mirroring data for delivery by edge networks and red undant storage without real-time information availa ble to the customer of where data is stored.
Lack of Information on Jurisdictions • Data may be stored and/or processed in high risk juri sdictions where it is vulnerable to confiscation by for ced entry.
Lack of Cloud Security Awareness • Cloud customers and providers are not aware of the risks they could face when migrating into the cloud, particularly those risks that are generated from cloud specific threats, i.e. loss of control, vendor lock-in, ex hausted CP resources, etc.
Lack of Vetting Processes • Since there may be very high privilege roles within cl oud providers, due to the scale involved, the lack or i nadequate vetting of the risk profile of staff with suc h roles is an important vulnerability.
Unclear Roles and Responsibilities • Inadequate definition of roles and responsibilities in the cloud provider organization.
Poor Enforcement of Role Definitions • Within the cloud provider, a failure to segregate role s may lead to excessively privileged roles which can make extremely large systems vulnerable.
Need-to-know Principle Not Applied • Poorly defined roles and responsibilities • Parties should not be given unnecessary access to da ta.
Inadequate Physical Security Procedures • Lack of physical perimeter controls (smart card authe ntication at entry); • Lack of electromagnetic shielding for critical assets v ulnerable to eavesdropping.
Mismanagement • System or OS vulnerabilities • Untrusted software • Lack of - or a poor and untested - business continuity and disaster recover y plan • Lack of - or incomplete or inaccurate - asset inventory • Lack of - or poor or inadequate - asset classification • Unclear asset ownership
Poor Identification of Project Requirements • Lack of consideration of security and legal complianc e requirements • No systems and applications user involvement • Unclear or inadequate business requirements.
Application Vulnerabilities and Poor Patch Mana gement • Bugs in the application code • Conflicting patching procedures between provider an d customer • Application of untested patches • Vulnerabilities in browsers • Dormant virtual machines • Outdated virtual machine templates
Additional Vulnerabilities • Resource consumption vulnerabilities • Breach of NDA by provider • Liability from data loss (cp) • Lack of policy or poor procedures for logs collection and retention • Inadequate or misconfigured filtering resources
Resources • ENISA -- Cloud Computing Risk Assessment: http://www.enisa. europa.eu/act/rm/files/deliverables/cloud-computing-risk-ass essment • NIST Cloud Computing: http://csrc.nist.gov/groups/SNS/cloud -computing/ • Cloud Security Alliance: http://www.cloudsecurityalliance.org / • Microsoft SDL: http://www.microsoft.com/security/sdl/ • OCTAVE: http://www.cert.org/octave/ • QwestBusiness Blog: http://www.qwest.com/business/blog/

More Related Content

PPTX
Gary Homeland Security Presentation 102114
Gary Dischner
 
PDF
Lecture26 cc-security1
Ankit Gupta
 
PDF
Offensive cyber security engineer updated
InfosecTrain
 
PDF
Week 3 lecture material cc
Ankit Gupta
 
PPTX
Datacenter 2014: Symantec - Peter Schjøtt
Mediehuset Ingeniøren Live
 
PDF
Deploying Privileged Access Workstations (PAWs)
Blue Teamer
 
PPTX
PACE-IT: Network Access Control
Pace IT at Edmonds Community College
 
PDF
DDoS Defenses | DDoS Protection and Mitigation | MazeBolt
MazeBolt Technologies
 
Gary Homeland Security Presentation 102114
Gary Dischner
 
Lecture26 cc-security1
Ankit Gupta
 
Offensive cyber security engineer updated
InfosecTrain
 
Week 3 lecture material cc
Ankit Gupta
 
Datacenter 2014: Symantec - Peter Schjøtt
Mediehuset Ingeniøren Live
 
Deploying Privileged Access Workstations (PAWs)
Blue Teamer
 
PACE-IT: Network Access Control
Pace IT at Edmonds Community College
 
DDoS Defenses | DDoS Protection and Mitigation | MazeBolt
MazeBolt Technologies
 

What's hot (20)

PPTX
Cloud Security_ Unit 4
Integral university, India
 
DOCX
Brian updated resume
Brian Simon
 
PDF
Automatic DDoS Attack Simulator | MazeBolt Technologies
MazeBolt Technologies
 
PDF
Common Types of DDoS Attacks | MazeBolt Technologies
MazeBolt Technologies
 
PPTX
Secure Cloud Issues
Devyani Vaidya
 
PPTX
Software Security
Integral university, India
 
PPTX
Owasp Proactive Controls for Web developer
Sameer Paradia
 
PPTX
Cloud Computing security Challenges for Defense Forces
commandersaini
 
PDF
Why DDoS RADAR | MazeBolt Technologies
MazeBolt Technologies
 
PDF
Tips to Remediate your Vulnerability Management Program
BeyondTrust
 
PPTX
00. introduction to app sec v3
Eoin Keary
 
PPTX
Unit4
Integral university, India
 
PPTX
Migrating To Cloud & Security @ FOBE 2011
commandersaini
 
PPTX
cloud Resilience
Integral university, India
 
PDF
DDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBolt
MazeBolt Technologies
 
PDF
Controlling Access to IBM i Systems and Data
Precisely
 
DOCX
CLR Resume'
Clay Ramsey
 
DOC
08252016 John D Resume ITIL PMP CISSP CSM CISA1
jjdoylecomcast
 
PDF
Injection techniques conversys
Krishnendu Paul
 
PDF
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
Sherry Jones
 
Cloud Security_ Unit 4
Integral university, India
 
Brian updated resume
Brian Simon
 
Automatic DDoS Attack Simulator | MazeBolt Technologies
MazeBolt Technologies
 
Common Types of DDoS Attacks | MazeBolt Technologies
MazeBolt Technologies
 
Secure Cloud Issues
Devyani Vaidya
 
Software Security
Integral university, India
 
Owasp Proactive Controls for Web developer
Sameer Paradia
 
Cloud Computing security Challenges for Defense Forces
commandersaini
 
Why DDoS RADAR | MazeBolt Technologies
MazeBolt Technologies
 
Tips to Remediate your Vulnerability Management Program
BeyondTrust
 
00. introduction to app sec v3
Eoin Keary
 
Unit4
Integral university, India
 
Migrating To Cloud & Security @ FOBE 2011
commandersaini
 
cloud Resilience
Integral university, India
 
DDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBolt
MazeBolt Technologies
 
Controlling Access to IBM i Systems and Data
Precisely
 
CLR Resume'
Clay Ramsey
 
08252016 John D Resume ITIL PMP CISSP CSM CISA1
jjdoylecomcast
 
Injection techniques conversys
Krishnendu Paul
 
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
Sherry Jones
 
Ad

Viewers also liked (20)

PPTX
Ppt on open and close door using Applet
Devyani Vaidya
 
PPTX
Seminar on telephone directory
Devyani Vaidya
 
PPTX
Fuels Saver System
Devyani Vaidya
 
PPTX
Wireless mobile charging using microwaves
Devyani Vaidya
 
PPTX
Secued Cloud
Devyani Vaidya
 
PPTX
Ppt on use of biomatrix in secure e trasaction
Devyani Vaidya
 
PPTX
secued cloud
Devyani Vaidya
 
PPTX
Energy Harvesing Through Reverse Electrowetting
Devyani Vaidya
 
DOCX
Table of contents blue brain
koustuba
 
PPT
Wireless Charging Of Mobile
Devyani Vaidya
 
PPTX
Cloud Security
Devyani Vaidya
 
PPTX
History of Laptop
Devyani Vaidya
 
PPTX
Data As A Service
Devyani Vaidya
 
PPTX
Wireless network
Devyani Vaidya
 
PPTX
Digital Locker
Devyani Vaidya
 
PPT
Environmental law
Devyani Vaidya
 
PPTX
Resource management
Devyani Vaidya
 
PPTX
Data warehousing
Devyani Vaidya
 
PPTX
Applet programming
Devyani Vaidya
 
PPTX
Mobile Phone Cloning
Devyani Vaidya
 
Ppt on open and close door using Applet
Devyani Vaidya
 
Seminar on telephone directory
Devyani Vaidya
 
Fuels Saver System
Devyani Vaidya
 
Wireless mobile charging using microwaves
Devyani Vaidya
 
Secued Cloud
Devyani Vaidya
 
Ppt on use of biomatrix in secure e trasaction
Devyani Vaidya
 
secued cloud
Devyani Vaidya
 
Energy Harvesing Through Reverse Electrowetting
Devyani Vaidya
 
Table of contents blue brain
koustuba
 
Wireless Charging Of Mobile
Devyani Vaidya
 
Cloud Security
Devyani Vaidya
 
History of Laptop
Devyani Vaidya
 
Data As A Service
Devyani Vaidya
 
Wireless network
Devyani Vaidya
 
Digital Locker
Devyani Vaidya
 
Environmental law
Devyani Vaidya
 
Resource management
Devyani Vaidya
 
Data warehousing
Devyani Vaidya
 
Applet programming
Devyani Vaidya
 
Mobile Phone Cloning
Devyani Vaidya
 
Ad

Similar to Cloud Cmputing Security (20)

PDF
Lecture27 cc-security2
Ankit Gupta
 
PPTX
Myths of validation
Jeff Thomas
 
PPTX
Block Chain audit-Cloud Data Storagequad merkle-1-1.pptx
PadmaNaban32
 
PPTX
Trust and Cloud computing, removing the need for the consumer to trust their ...
David Wallom
 
PDF
Software Defined Networking in the ATMOSPHERE project
ATMOSPHERE .
 
PPTX
Trust and Cloud computing, removing the need for the consumer to trust their ...
David Wallom
 
PPT
Tutorial-security-privacy-cloud computing.ppt
shahid sultan
 
PPTX
Transforming cloud security into an advantage
Moshe Ferber
 
PPT
28_Security-Privacy-inxssudusd_Cloud.ppt
ajinkyajagtap23
 
PPT
28_Security-Privacy-in_Cloud_AND_real.ppt
kyogesh5
 
PPTX
Cloud Security_Module_1_Module_2_3_4.pptx
shahils1301
 
PPT
Security Issues of Cloud Computing
Falgun Rathod
 
PPTX
Trust and Cloud Computing, removing the need to trust your cloud provider
David Wallom
 
PPTX
ARCHITECTURAL_DESIGN_OF_COMPUTE_AND_STORAGE_CLOUDS[1] - Read-Only.pptx
Venkateshperadka2
 
PPTX
Bil Harmer - Myths of Cloud Security Debunked!
centralohioissa
 
PPT
Cloud complete
Navriti
 
PPTX
Securing Applications in the Cloud
Security Innovation
 
PPT
Tutorial-security-privacy-cloud-computing
SISTechnologies
 
PPTX
Cloud Security: A matter of trust?
Mark Williams
 
PPT
cloud-complete.ppt
NaradaDilshan
 
Lecture27 cc-security2
Ankit Gupta
 
Myths of validation
Jeff Thomas
 
Block Chain audit-Cloud Data Storagequad merkle-1-1.pptx
PadmaNaban32
 
Trust and Cloud computing, removing the need for the consumer to trust their ...
David Wallom
 
Software Defined Networking in the ATMOSPHERE project
ATMOSPHERE .
 
Trust and Cloud computing, removing the need for the consumer to trust their ...
David Wallom
 
Tutorial-security-privacy-cloud computing.ppt
shahid sultan
 
Transforming cloud security into an advantage
Moshe Ferber
 
28_Security-Privacy-inxssudusd_Cloud.ppt
ajinkyajagtap23
 
28_Security-Privacy-in_Cloud_AND_real.ppt
kyogesh5
 
Cloud Security_Module_1_Module_2_3_4.pptx
shahils1301
 
Security Issues of Cloud Computing
Falgun Rathod
 
Trust and Cloud Computing, removing the need to trust your cloud provider
David Wallom
 
ARCHITECTURAL_DESIGN_OF_COMPUTE_AND_STORAGE_CLOUDS[1] - Read-Only.pptx
Venkateshperadka2
 
Bil Harmer - Myths of Cloud Security Debunked!
centralohioissa
 
Cloud complete
Navriti
 
Securing Applications in the Cloud
Security Innovation
 
Tutorial-security-privacy-cloud-computing
SISTechnologies
 
Cloud Security: A matter of trust?
Mark Williams
 
cloud-complete.ppt
NaradaDilshan
 

More from Devyani Vaidya (9)

PPT
Hashing
Devyani Vaidya
 
PPT
Fundamental file structure concepts & managing files of records
Devyani Vaidya
 
PPT
Cosequential processing and the sorting of large files
Devyani Vaidya
 
PPT
Introduction to the design and specification of file structures
Devyani Vaidya
 
PPTX
Barcode Technology
Devyani Vaidya
 
PPTX
3D- Doctor
Devyani Vaidya
 
PPTX
3D-Password
Devyani Vaidya
 
PPTX
Cloud Security
Devyani Vaidya
 
PPTX
Bigtable a distributed storage system
Devyani Vaidya
 
Hashing
Devyani Vaidya
 
Fundamental file structure concepts & managing files of records
Devyani Vaidya
 
Cosequential processing and the sorting of large files
Devyani Vaidya
 
Introduction to the design and specification of file structures
Devyani Vaidya
 
Barcode Technology
Devyani Vaidya
 
3D- Doctor
Devyani Vaidya
 
3D-Password
Devyani Vaidya
 
Cloud Security
Devyani Vaidya
 
Bigtable a distributed storage system
Devyani Vaidya
 

Recently uploaded (20)

PPTX
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
PDF
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
PDF
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
PDF
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
PDF
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
PPTX
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
PDF
Mark Klimek Lecture Notes_240423 revision books _173037.pdf
pascalgumisiriza1
 
PDF
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
PDF
Basic Mud Logging Guide for educational purpose
wdandworks
 
PDF
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
PPTX
Week 4 Term 3 Study Techniques revisited.pptx
mansk2
 
PDF
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
PPTX
PPH.pptx obstetrics and gynecology in nursing
SrideviDevaraj5
 
PDF
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
PDF
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
PDF
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
PPTX
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
PPTX
The Healthy Child – Unit II | Child Health Nursing I | B.Sc Nursing 5th Semester
RAKESH SAJJAN
 
PPTX
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
PPTX
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
Mark Klimek Lecture Notes_240423 revision books _173037.pdf
pascalgumisiriza1
 
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
Basic Mud Logging Guide for educational purpose
wdandworks
 
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
Week 4 Term 3 Study Techniques revisited.pptx
mansk2
 
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
PPH.pptx obstetrics and gynecology in nursing
SrideviDevaraj5
 
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
The Healthy Child – Unit II | Child Health Nursing I | B.Sc Nursing 5th Semester
RAKESH SAJJAN
 
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 

Cloud Cmputing Security

  • 1. Deconstructing Cloud Computing Devyani Bharat Vaidya Polytechnic Student
  • 2. The Problem with Emerging Technologies • No history of vulnerabilities and attacks to fall back o n • No institutional knowledge • “I need the security requirements by 5 pm today” • Will it be sustaining/evolutionary, disruptive, or simp ly fail? • Easy to get bogged down in the new stuff, and forget the fundamentals!
  • 3. NIST Definition • On-demand self-service. • Broad network access. • Resource pooling. • Rapid elasticity. • Measured Service. • Does this really help us as auditors and security profe ssionals?
  • 4. Architecture and Service Definitions • Three Cloud Service Delivery Models: 1. Infrastructure as a Service (IaaS) 2. Platform as a Service (PaaS) 3. Software as a Service (SaaS) • Four Cloud Service Deployment Models 1. Public 2. Private 3. Community 4. Hybrid
  • 6. Hypervisors • Runs multiple instances of an OS (or multiple OSes) on shared hardware • Native or “bare metal” – PR/SM on the IBM System 370 (1972!) – VMWare ESXi – Microsoft Hyper-V • Host based – Virtual PC – VMWare Server – Parallels • Can use direct physical storage and/or virtual disks • Mainly used for IaaS and PaaS
  • 8. What is Important Here? • Know where your organization ends and the other b egins – Patching, software licensing, data retention, etc. • Make sure that there is documented responsibility fo r EVERY layer in the cloud stack – “Hey man, it’s my responsibility to patch the hypervisors n ot the OSes.”
  • 9. Threat Modeling 101 • Systematic way to develop requirements, test plans and testing tools • Three basic ways to approach a threat model: attack focused, asset focused, design focused • Model can be represented in many ways, including U ML, attack trees, and data flow diagrams • Microsoft Security Development Life Cycle (SDL), OC TAVE, Trike • Pick and choose what works best for your organizati on.
  • 11. Cloud Computing Threat Model ENISA Cloud Computing Risk Assessment
  • 12. Threat Model • Risk 1: Resource Exhaustion* • Risk 2: Customer Isolation Failure* • Risk 3: Management Interface Compromise • Risk 4: Interception of Data in Transmission • Risk 5: Data leakage on Upload/Download, Intra-clou d
  • 13. Threat Model • Risk 6: Insecure or Ineffective Deletion of Data* • Risk 7: Distributed Denial of Service (DDoS) • Risk 8: Economic Denial of Service* • Risk 9: Loss or Compromise of Encryption Keys • Risk 10: Malicious Probes or Scans
  • 14. Threat Model • Risk 11: Compromise of Service Engine/Hypervisor* • Risk 12: Conflicts between customer hardening proce dures and cloud environment • Risk 13: Subpoena and E-Discovery* • Risk 14: Risk from Changes of Jurisdiction* • Risk 15: Licensing Risks*
  • 15. Threat Model • Risk 16: Network Failure • Risk 17: Networking Management • Risk 18: Modification of Network Traffic • Risk 19: Privilege Escalation* • Risk 20: Social Engineering Attacks
  • 16. Threat Model • Risk 21: Loss or Compromise of Operation Logs • Risk 22: Loss or compromise of Security Logs • Risk 23: Backups Lost or Stolen • Risk 23: Unauthorized Access to Premises, Including Physical Access to Machines and Other Facilities • Risk 25: Theft of Computer Equipment.*
  • 17. AAA • Insecure storage of cloud access credentials by custo mer • Insufficient roles available • Credentials stored on a transitory machine • Password-based authentication may become insuffici ent – Strong or two-factor authentication for accessing cloud res ources will be necessary
  • 18. User Provisioning • Customer cannot control provisioning process • Identity of customer or billing information is not adequately v erified at registration • Delays in synchronization between cloud system components • Multiple, unsynchronized copies of identity data are made • Credentials are vulnerable to interception and replay • De-provisioned credentials are still valid due to time delays in roll-out of revocation
  • 19. Remote Access To Management Interface • Allows vulnerabilities in end-point machines to comp romise the cloud infrastructure (single customer or C P) through, for example, weak authentication of resp onses and requests.
  • 20. Hypervisor • Exploiting the hypervisor potentially means exploitin g every VM! • Guest to host escape • VM hopping • Virtual machine-based rootkits
  • 21. Lack of Resource Isolation • Side channel attacks • Shared storage • Insecure APIs • Lack of tools to enforce resource utilization
  • 22. Lack of Reputation Isolation • Activities from one customer impact the reputation of another customer • And can impact the reputation of the CP
  • 23. Communication Encryption • Reading data in transit via MITM attacks • Poor authentication • Acceptance of self-signed certificates
  • 24. Weak or No Encryption • Data in transit • Data held in archives and databases • Un-mounted virtual machine images • Forensic images and data, sensitive logs and other da ta at rest puts customer data at risk
  • 25. Unable to Process Data in Encrypted Form • Encrypting data at rest is easy, but implementing homomorph ic encryption is not -- there is little prospect of any commercia l system being able to maintain data encryption during proces sing. • Bruce Schneier estimates that performing a web search with e ncrypted keywords would increase the amount of computing time by about a trillion.
  • 26. Poor Encryption Key Management • Hardware security modules (HSM) required in multip le locations • Key management interfaces which are accessible via the public Internet • The rapid scaling of certificate authorities issuing key pairs to new virtual machines • Revocation of keys for decommissioned virtual machi nes
  • 27. Low Entropy for Random Number Generation • The combination of standard system images, virtualiz ation technologies and a lack of input devices means that virtual systems have much less entropy than ph ysical RNGs!
  • 28. Inaccurate Modeling of Resource Usage • Overbooking or over-provisioning • Failure of resource allocation algorithms due to extra ordinary events (e.g., outlying news events for conte nt delivery). • Failure of resource allocation algorithms using job or packet classification because resources are poorly cla ssified. • Failures in overall resource provisioning (as opposed to temporary overloads)
  • 29. No Control of Vulnerability Assessment Process • Restrictions on port scanning and vulnerability testin g are an important vulnerability which, combined wit h a AUP which places responsibility on the customer for securing elements of the infrastructure, is a serio us security problem.
  • 30. Internal (Cloud) Network Probing • Cloud customers can perform port scans and other t ests on other customers within the internal network.
  • 31. Co-residence Checks • Side-channel attacks exploiting a lack of resource isol ation allow attackers to determine which resources a re shared by which customers.
  • 32. Lack of Forensic Readiness • While the cloud has the potential to improve forensi c readiness, many providers do not provide appropri ate services and terms of use to enable this.
  • 33. Media Sanitization • Shared tenancy of physical storage resources means that sensitive data may leak because data destructio n policies may be impossible to implement • Media cannot be physically destroyed because a disk is still being used by another tenant • Customer storage cannot be located or tracked as it moves through the cloud
  • 34. SLA • Clauses with conflicting promises to different stakeh olders • Clauses may also be in conflict with promises made b y other clauses or clauses from other providers.
  • 35. Audit or Certification Not Available to Customers • The CP cannot provide any assurance to the custome r via audit certification. • Open source hypervisors or customized versions of t hem (e.g., Xen) may not have Common Criteria certifi cation, etc.
  • 36. Certification Schemes Not Adapted to Cloud • Very few if any cloud-specific control, which means t hat security vulnerabilities are likely to be missed.
  • 37. Inadequate Resource Provisioning and Investme nts in Infrastructure • Infrastructure investments take time. If predictive m odels fail, the cloud provider service can fail for a lon g period.
  • 38. No Policies for Resource Capping • If there is not a flexible and configurable way for the customer and/or the cloud provider to set limits on r esources, this can be problematic when resource use is unpredictable.
  • 39. Storage of Data in Multiple Jurisdictions • Mirroring data for delivery by edge networks and red undant storage without real-time information availa ble to the customer of where data is stored.
  • 40. Lack of Information on Jurisdictions • Data may be stored and/or processed in high risk juri sdictions where it is vulnerable to confiscation by for ced entry.
  • 41. Lack of Cloud Security Awareness • Cloud customers and providers are not aware of the risks they could face when migrating into the cloud, particularly those risks that are generated from cloud specific threats, i.e. loss of control, vendor lock-in, ex hausted CP resources, etc.
  • 42. Lack of Vetting Processes • Since there may be very high privilege roles within cl oud providers, due to the scale involved, the lack or i nadequate vetting of the risk profile of staff with suc h roles is an important vulnerability.
  • 43. Unclear Roles and Responsibilities • Inadequate definition of roles and responsibilities in the cloud provider organization.
  • 44. Poor Enforcement of Role Definitions • Within the cloud provider, a failure to segregate role s may lead to excessively privileged roles which can make extremely large systems vulnerable.
  • 45. Need-to-know Principle Not Applied • Poorly defined roles and responsibilities • Parties should not be given unnecessary access to da ta.
  • 46. Inadequate Physical Security Procedures • Lack of physical perimeter controls (smart card authe ntication at entry); • Lack of electromagnetic shielding for critical assets v ulnerable to eavesdropping.
  • 47. Mismanagement • System or OS vulnerabilities • Untrusted software • Lack of - or a poor and untested - business continuity and disaster recover y plan • Lack of - or incomplete or inaccurate - asset inventory • Lack of - or poor or inadequate - asset classification • Unclear asset ownership
  • 48. Poor Identification of Project Requirements • Lack of consideration of security and legal complianc e requirements • No systems and applications user involvement • Unclear or inadequate business requirements.
  • 49. Application Vulnerabilities and Poor Patch Mana gement • Bugs in the application code • Conflicting patching procedures between provider an d customer • Application of untested patches • Vulnerabilities in browsers • Dormant virtual machines • Outdated virtual machine templates
  • 50. Additional Vulnerabilities • Resource consumption vulnerabilities • Breach of NDA by provider • Liability from data loss (cp) • Lack of policy or poor procedures for logs collection and retention • Inadequate or misconfigured filtering resources
  • 51. Resources • ENISA -- Cloud Computing Risk Assessment: http://www.enisa. europa.eu/act/rm/files/deliverables/cloud-computing-risk-ass essment • NIST Cloud Computing: http://csrc.nist.gov/groups/SNS/cloud -computing/ • Cloud Security Alliance: http://www.cloudsecurityalliance.org / • Microsoft SDL: http://www.microsoft.com/security/sdl/ • OCTAVE: http://www.cert.org/octave/ • QwestBusiness Blog: http://www.qwest.com/business/blog/