Understanding Security of Cloud Computing by Keke Chen
Explore the implications, assumptions, and formal analysis of cloud security, including trust in providers, threat modeling, shared multi-tenancy, and user concerns about data security. Learn about the roles in cloud computing and the importance of confidentiality and integrity of cloud assets.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
Understanding Security of Cloud Computing Keke Chen 1
Understand the security assumptions and demands Ask yourself a few questions Do you trust your provider? If you do, what security mechanisms the provider has provided? 2
Whats the implication of using cloud computing Trust the provider will take care of the infrastructure level security for you Users may still need to manage the application-level Users may still have concerns about data security (insiders, etc.) 3
A more formal way to understand cloud security Threat Modeling Restrict the study/analysis with a certain assumption More specifically, by examining the assets, vulnerabilities, entry points, and actors in a cloud under the assumption 4
Threat Model A threat model helps in analyzing a security problem, design mitigation strategies, and evaluate solutions Basic components Assets / potentially attacked targets Attacker modeling Choose what attacker to consider Attacker motivation and capabilities Vulnerabilities / threats Steps: Identify attackers, assets, threats and other components Rank the threats Choose mitigation strategies Build solutions based on the strategies 5
Whats special about the cloud? Cloud provider might not be trustworthy A cloud is shared by multiple users (multi-tenancy) Other users are trusted or not? 6
Recall: roles in cloud computing SaaS / PaaS Provider Client Cloud Provider (IaaS) 7
Assets users concerns Confidentiality: Data stored in the cloud Identity of the cloud users VMs Configuration Location, etc 8
Assets Integrity Data stored in the cloud Computations performed on the cloud 9
Assets Availability Cloud infrastructure SaaS / PaaS 10
Types of attackers Insider Malicious employees at client Malicious employees at Cloud provider Cloud provider itself (rare - consider it s compromised by an attacker) Outsider traditional attackers Intruders Network attackers 11
Attacker Capability: Insiders At client side (user s company) Learn passwords/authentication information of another user Gain full control of the VMs At cloud provider Employees of cloud provider Successful intruders Can access almost all user information 12
Attacker Capability: Outside attacker What can the attacker do? Listen to network traffic (passive) Insert malicious traffic (active) Probe cloud structure (active) Launch DoS 13
What kind of assumptions? What kind of assets you want to protect? Cloud provider is trusted or not? Isolation is guaranteed or not? What an attacker can access? Different assumptions may lead to dramatically different threat models 14
A clearly defined threat model Allows us to focus on a more specific model for analysis and research Excludes unnecessary concerns 15
Types of threats: organizing the threats using STRIDE Spoofing identity Tampering with data Repudiation (refuse to do with, dispute) Information disclosure Denial of service Escalation of privilege 16
Spoofing identity illegally obtaining access and use of another person s authentication information Man in the middle URL phishing Email address spoofing (email spam) 17
Tampering with data Malicious modification of the data Often hard and costly to detect you might not find the modified data until some time has passed; once you find one tampered item, you ll have to thoroughly check all the other data on your systems 18
Repudiation a legitimate transaction will be disowned by one of the participants You sign a document first; and refused to confirm the signature Need a trusted third party to mitigate 19
Information/data disclosure an attacker can gain access, without permission, to data that the owner doesn t want him or her to have. 20
Denial of service an explicit attempt to prevent legitimate users from using a service or system. It involves the overuse of legitimate resources. You can stop all such attacks by removing the resource used by the attacker, but then real users can t use the resource either. 21
Escalation of privilege an unprivileged user gains privileged access. E.g. unprivileged user who contrives a way to be added to the Administrators group 22
Typical Mitigation techniques Mitigation technique Authentication Protect secrets Do not store secrets Authorization Hashes Message authentication codes Digital signatures Tamper-resistant protocols Threat type Spoofing identity Tampering with data Digital signatures Audit trails Repudiation 23
Typical threats (contd.) Mitigation technique Authorization Privacy-enhanced protocols Encryption Protect secrets Do not store secrets Authentication Authorization Filtering Throttling Quality of service Threat type Information disclosure Denial of service Escalation of privilege Principle of least privilege 24
