Scribd Logo
Upload

Welcome to Scribd!

  • Cloud Security

    Uploaded by

    ihab_karina
    14 views24 pages
    cloud security

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    cloud security

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    14 views24 pages

    Cloud Security

    Uploaded by

    ihab_karina
    cloud security

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 24

    Security and Privacy in

    Cloud Computing
    Ragib Hasan
    Johns Hopkins University
    en.600.412 Spring 2010

    Lecture 2
    02/01/2010

    Threats, vulnerabilities, and enemies


    Goal
    Learn the cloud computing threat model by examining the
    assets, vulnerabilities, entry points, and actors in a cloud
    Technique

    Apply different threat modeling schemes

    2/1/2010

    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

    Assignment for next class


    Review: Thomas Ristenpart et al., Hey, You, Get Off of My Cloud! Exploring Information
    Leakage in Third-Party Compute Clouds, proc. ACM CCS 2009.

    Format:
    Summary: A brief overview of the paper, 1 paragraph (5 / 6
    sentences)
    Pros: 3 or more issues
    Cons: 3 or more issues
    Possible improvements: Any possible suggestions to improve
    the work

    Due: 2.59 pm 2/8/2010


    Submission: By email to rhasan7@jhu.edu (text only, no attachments
    please)

    2/1/2010

    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

    Threat Model
    A threat model helps in analyzing a security
    problem, design mitigation strategies, and
    evaluate solutions

    Steps:
    Identify attackers, assets, threats and other
    components
    Rank the threats
    Choose mitigation strategies
    Build solutions based on the strategies
    2/1/2010

    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

    Threat Model
    Basic components
    Attacker modeling
    Choose what attacker to consider
    Attacker motivation and capabilities

    Assets / Attacker Goals

    Vulnerabilities / threats
    2/1/2010

    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

    Recall: Cloud Computing Stack

    2/1/2010

    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

    Recall: Cloud Architecture


    Client

    SaaS / PaaS
    Provider

    Cloud Provider
    (IaaS)

    2/1/2010

    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

    Attackers

    2/1/2010

    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

    Who is the attacker?


    Insider?
    Malicious employees at client
    Malicious employees at Cloud provider
    Cloud provider itself

    Outsider?
    Intruders
    Network attackers?

    2/1/2010

    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

    Attacker Capability: Malicious Insiders


    At client
    Learn passwords/authentication information
    Gain control of the VMs

    At cloud provider
    Log client communication

    2/1/2010

    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

    10

    Attacker Capability: Cloud Provider


    What?
    Can read unencrypted data
    Can possibly peek into VMs, or make copies of
    VMs
    Can monitor network communication, application
    patterns

    2/1/2010

    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

    11

    Attacker motivation: Cloud Provider


    Why?
    Gain information about client data
    Gain information on client behavior
    Sell the information or use itself

    Why not?
    Cheaper to be honest?

    Why? (again)
    Third party clouds?
    2/1/2010

    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

    12

    Attacker Capability: Outside attacker


    What?
    Listen to network traffic (passive)
    Insert malicious traffic (active)
    Probe cloud structure (active)
    Launch DoS

    2/1/2010

    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

    13

    Attacker goals: Outside attackers


    Intrusion
    Network analysis
    Man in the middle
    Cartography
    2/1/2010

    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

    14

    Assets

    2/1/2010

    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

    15

    Assets (Attacker goals)


    Confidentiality:
    Data stored in the cloud
    Configuration of VMs running on the cloud
    Identity of the cloud users
    Location of the VMs running client code

    2/1/2010

    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

    16

    Assets (Attacker goals)


    Integrity
    Data stored in the cloud
    Computations performed on the cloud

    2/1/2010

    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

    17

    Assets (Attacker goals)


    Availability
    Cloud infrastructure
    SaaS / PaaS

    2/1/2010

    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

    18

    Threats

    2/1/2010

    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

    19

    Organizing the threats using STRIDE

    Spoofing identity
    Tampering with data
    Repudiation
    Information disclosure
    Denial of service
    Elevation of privilege

    2/1/2010

    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

    20

    Typical threats
    Threat type

    Mitigation technique

    Spoofing identity

    Authentication
    Protect secrets
    Do not store secrets

    Tampering with data

    Authorization
    Hashes
    Message authentication codes
    Digital signatures
    Tamper-resistant protocols

    Repudiation

    Digital signatures
    Timestamps
    Audit trails
    [STRIDE]

    2/1/2010

    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

    21

    Typical threats (contd.)


    Threat type

    Mitigation technique

    Information disclosure

    Denial of service
    Elevation of privilege

    Authorization
    Privacy-enhanced protocols
    Encryption
    Protect secrets
    Do not store secrets
    Authentication
    Authorization
    Filtering
    Throttling
    Quality of service
    Run with least privilege
    [STRIDE]

    2/1/2010

    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

    22

    Summary
    A threat model helps in designing appropriate
    defenses against particular attackers
    Your solution and security countermeasures
    will depend on the particular threat model
    you want to address

    2/1/2010

    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

    23

    Further Reading
    Frank Swiderski and Window Snyder , Threat Modeling , Microsoft Press, 2004
    The STRIDE Threat Model

    2/1/2010

    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan

    24

    You might also like