security and privacy in cloud computing · learn the cloud computing threat model by examining the...
TRANSCRIPT
![Page 1: Security and Privacy in Cloud Computing · Learn the cloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud Technique Apply different](https://reader034.vdocument.in/reader034/viewer/2022042100/5e7ccb2c99953c6a3d2b57ef/html5/thumbnails/1.jpg)
Ragib HasanJohns Hopkins Universityen.600.412 Spring 2010
Lecture 202/01/2010
Security and Privacy in Cloud Computing
![Page 2: Security and Privacy in Cloud Computing · Learn the cloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud Technique Apply different](https://reader034.vdocument.in/reader034/viewer/2022042100/5e7ccb2c99953c6a3d2b57ef/html5/thumbnails/2.jpg)
Threats, vulnerabilities, and enemies
2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 2
Goal
Learn the cloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud
Technique
Apply different threat modeling schemes
![Page 3: Security and Privacy in Cloud Computing · Learn the cloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud Technique Apply different](https://reader034.vdocument.in/reader034/viewer/2022042100/5e7ccb2c99953c6a3d2b57ef/html5/thumbnails/3.jpg)
Assignment for next class• Review: Thomas Ristenpart et al., Hey, You, Get Off of My Cloud! Exploring Information
Leakage in Third-Party Compute Clouds, proc. ACM CCS 2009.
• Format:– Summary: A brief overview of the paper, 1 paragraph (5 / 6
sentences)– Pros: 3 or more issues– Cons: 3 or more issues– Possible improvements: Any possible suggestions to improve
the work
• Due: 2.59 pm 2/8/2010
• Submission: By email to [email protected] (text only, no attachments please)
2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 3
![Page 4: Security and Privacy in Cloud Computing · Learn the cloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud Technique Apply different](https://reader034.vdocument.in/reader034/viewer/2022042100/5e7ccb2c99953c6a3d2b57ef/html5/thumbnails/4.jpg)
Threat ModelA threat model helps in analyzing a security problem, design mitigation strategies, and evaluate solutions
Steps:– Identify attackers, assets, threats and other
components
– Rank the threats
– Choose mitigation strategies
– Build solutions based on the strategies
2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 4
![Page 5: Security and Privacy in Cloud Computing · Learn the cloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud Technique Apply different](https://reader034.vdocument.in/reader034/viewer/2022042100/5e7ccb2c99953c6a3d2b57ef/html5/thumbnails/5.jpg)
Threat Model
Basic components
• Attacker modeling– Choose what attacker to consider
– Attacker motivation and capabilities
• Assets / Attacker Goals
• Vulnerabilities / threats
2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 5
![Page 6: Security and Privacy in Cloud Computing · Learn the cloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud Technique Apply different](https://reader034.vdocument.in/reader034/viewer/2022042100/5e7ccb2c99953c6a3d2b57ef/html5/thumbnails/6.jpg)
Recall: Cloud Computing Stack
2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 6
![Page 7: Security and Privacy in Cloud Computing · Learn the cloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud Technique Apply different](https://reader034.vdocument.in/reader034/viewer/2022042100/5e7ccb2c99953c6a3d2b57ef/html5/thumbnails/7.jpg)
Recall: Cloud Architecture
2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 7
ClientSaaS / PaaS
Provider
Cloud Provider(IaaS)
![Page 8: Security and Privacy in Cloud Computing · Learn the cloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud Technique Apply different](https://reader034.vdocument.in/reader034/viewer/2022042100/5e7ccb2c99953c6a3d2b57ef/html5/thumbnails/8.jpg)
Attackers
2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 8
![Page 9: Security and Privacy in Cloud Computing · Learn the cloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud Technique Apply different](https://reader034.vdocument.in/reader034/viewer/2022042100/5e7ccb2c99953c6a3d2b57ef/html5/thumbnails/9.jpg)
Who is the attacker?
2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 9
Insider?• Malicious employees at client• Malicious employees at Cloud provider• Cloud provider itself
Outsider?•Intruders•Network attackers?
![Page 10: Security and Privacy in Cloud Computing · Learn the cloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud Technique Apply different](https://reader034.vdocument.in/reader034/viewer/2022042100/5e7ccb2c99953c6a3d2b57ef/html5/thumbnails/10.jpg)
Attacker Capability: Malicious Insiders
• At client
– Learn passwords/authentication information
– Gain control of the VMs
• At cloud provider
– Log client communication
2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 10
![Page 11: Security and Privacy in Cloud Computing · Learn the cloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud Technique Apply different](https://reader034.vdocument.in/reader034/viewer/2022042100/5e7ccb2c99953c6a3d2b57ef/html5/thumbnails/11.jpg)
Attacker Capability: Cloud Provider
• What?
– Can read unencrypted data
– Can possibly peek into VMs, or make copies of VMs
– Can monitor network communication, application patterns
2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 11
![Page 12: Security and Privacy in Cloud Computing · Learn the cloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud Technique Apply different](https://reader034.vdocument.in/reader034/viewer/2022042100/5e7ccb2c99953c6a3d2b57ef/html5/thumbnails/12.jpg)
Attacker motivation: Cloud Provider
• Why?
– Gain information about client data
– Gain information on client behavior
– Sell the information or use itself
• Why not?
– Cheaper to be honest?
• Why? (again)
– Third party clouds?
2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 12
![Page 13: Security and Privacy in Cloud Computing · Learn the cloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud Technique Apply different](https://reader034.vdocument.in/reader034/viewer/2022042100/5e7ccb2c99953c6a3d2b57ef/html5/thumbnails/13.jpg)
Attacker Capability: Outside attacker
• What?
– Listen to network traffic (passive)
– Insert malicious traffic (active)
– Probe cloud structure (active)
– Launch DoS
2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 13
![Page 14: Security and Privacy in Cloud Computing · Learn the cloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud Technique Apply different](https://reader034.vdocument.in/reader034/viewer/2022042100/5e7ccb2c99953c6a3d2b57ef/html5/thumbnails/14.jpg)
Attacker goals: Outside attackers
• Intrusion
• Network analysis
• Man in the middle
• Cartography
2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 14
![Page 15: Security and Privacy in Cloud Computing · Learn the cloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud Technique Apply different](https://reader034.vdocument.in/reader034/viewer/2022042100/5e7ccb2c99953c6a3d2b57ef/html5/thumbnails/15.jpg)
Assets
2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 15
![Page 16: Security and Privacy in Cloud Computing · Learn the cloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud Technique Apply different](https://reader034.vdocument.in/reader034/viewer/2022042100/5e7ccb2c99953c6a3d2b57ef/html5/thumbnails/16.jpg)
Assets (Attacker goals)
• Confidentiality:
– Data stored in the cloud
– Configuration of VMs running on the cloud
– Identity of the cloud users
– Location of the VMs running client code
2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 16
![Page 17: Security and Privacy in Cloud Computing · Learn the cloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud Technique Apply different](https://reader034.vdocument.in/reader034/viewer/2022042100/5e7ccb2c99953c6a3d2b57ef/html5/thumbnails/17.jpg)
Assets (Attacker goals)
• Integrity
– Data stored in the cloud
– Computations performed on the cloud
2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 17
![Page 18: Security and Privacy in Cloud Computing · Learn the cloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud Technique Apply different](https://reader034.vdocument.in/reader034/viewer/2022042100/5e7ccb2c99953c6a3d2b57ef/html5/thumbnails/18.jpg)
Assets (Attacker goals)
• Availability
– Cloud infrastructure
– SaaS / PaaS
2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 18
![Page 19: Security and Privacy in Cloud Computing · Learn the cloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud Technique Apply different](https://reader034.vdocument.in/reader034/viewer/2022042100/5e7ccb2c99953c6a3d2b57ef/html5/thumbnails/19.jpg)
Threats
2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 19
![Page 20: Security and Privacy in Cloud Computing · Learn the cloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud Technique Apply different](https://reader034.vdocument.in/reader034/viewer/2022042100/5e7ccb2c99953c6a3d2b57ef/html5/thumbnails/20.jpg)
Organizing the threats using STRIDE
• Spoofing identity
• Tampering with data
• Repudiation
• Information disclosure
• Denial of service
• Elevation of privilege
2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 20
![Page 21: Security and Privacy in Cloud Computing · Learn the cloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud Technique Apply different](https://reader034.vdocument.in/reader034/viewer/2022042100/5e7ccb2c99953c6a3d2b57ef/html5/thumbnails/21.jpg)
Typical threats
2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 21
Threat type Mitigation technique
Spoofing identity•Authentication•Protect secrets•Do not store secrets
Tampering with data
•Authorization•Hashes•Message authentication codes•Digital signatures•Tamper-resistant protocols
Repudiation•Digital signatures•Timestamps•Audit trails
[STRIDE]
![Page 22: Security and Privacy in Cloud Computing · Learn the cloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud Technique Apply different](https://reader034.vdocument.in/reader034/viewer/2022042100/5e7ccb2c99953c6a3d2b57ef/html5/thumbnails/22.jpg)
Typical threats (contd.)
2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 22
Threat type Mitigation technique
Information disclosure
•Authorization•Privacy-enhanced protocols•Encryption•Protect secrets•Do not store secrets
Denial of service
•Authentication•Authorization•Filtering•Throttling•Quality of service
Elevation of privilege •Run with least privilege
[STRIDE]
![Page 23: Security and Privacy in Cloud Computing · Learn the cloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud Technique Apply different](https://reader034.vdocument.in/reader034/viewer/2022042100/5e7ccb2c99953c6a3d2b57ef/html5/thumbnails/23.jpg)
Summary
• A threat model helps in designing appropriate defenses against particular attackers
• Your solution and security countermeasures will depend on the particular threat model you want to address
2/1/2010 en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan 23
![Page 24: Security and Privacy in Cloud Computing · Learn the cloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud Technique Apply different](https://reader034.vdocument.in/reader034/viewer/2022042100/5e7ccb2c99953c6a3d2b57ef/html5/thumbnails/24.jpg)
2/1/2010 24en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan
Further ReadingFrank Swiderski and Window Snyder , “Threat Modeling “, Microsoft Press, 2004
The STRIDE Threat Model