What is the current state of the art in cloud security?

greenpepperwhinnySecurity

Nov 3, 2013 (3 years and 9 months ago)

200 views

What is the current state of the
art in cloud security?

By: Muhammad
Nadeem

mn338@msstate.edu

1 0/3/2012

1

Acknowledgements


Dr. Edward B. Allen for his guidelines

1 0/3/2012

2

References


Bernd
Grobauer
, Tobias
Walloschek

and
Elmar

Stocker,
“Understanding Cloud Computing Vulnerabilities”,
IEEE
Journal of Security and Privacy
, vol. 9, no. 2, Apr. 2011,
pp. 50
-
57.



Cloud computing webcasts hosted on:
http://www.brighttalk.com

1 0/3/2012

3

1 0/3/2012

4

Contents


Basic terminology


Cloud specific vulnerabilities


Core technology vulnerabilities


Essential
cloud characteristic vulnerabilities


Vulnerabilities in standard security
controls


Prevalent
vulnerabilities
in
State
-
of
-
the
-
Art
cloud offerings


Conclusion


Discussion

1 0/3/2012

5

Vulnerability


Probability that an asset will be unable to resist
actions of a threat agent



Is there
any “cloud
-
specific
” vulnerabil
ity?



If
so, certain factors in cloud computing’s nature
must make a vulnerability cloud
-
specific.

1 0/3/2012

6

Cloud
-
Specific
Vulnerabilities


A
vulnerability is cloud specific
if:



It is
intrinsic to or prevalent in a
core cloud
computing
technology



It has
its root cause in one of
NIST’s essential cloud
characteristics



It is
caused when cloud innovations make tried
-
and
-
tested
security controls difficult
to implement



It is
prevalent

in
established state
-
of
-
the
-
art cloud
offerings

1 0/3/2012

7

Core Cloud Computing Technologies


Web applications and
services


SaaS

offerings are typically imple
mented as Web
applications


PaaS

provide
development and runtime environments for Web
apps


For
IaaS

offerings, administrators typically implement associated
services and
APIs (e.g., management
access for
customers)
using Web
application/service
technologies



Virtualization


IaaS

technologies
have virtualization techniques at their very
heart


Because
PaaS

and
SaaS

services are usually built on top of a supporting
IaaS

infrastructure, the importance of virtualization also extends to these
service
models



Cryptography


Many
cloud computing security re
quirements are solvable only by using
cryptographic
techniques

1 0/3/2012

8

Essential
Characteristics


On
-
demand self
-
service.
Users can order and manage services without human
interaction using
a Web portal and management interface. Provisioning and de
-
provi
sioning of services and associated resources occur automatically at the provider.



Ubiquitous network access.

Cloud services are accessed via the network
,
using
stan
dard mechanisms and protocols.



Resource pooling.
Computing resources used to pro
vide the cloud service are
realized using a homo
geneous infrastructure that’s shared between all service users.



Rapid elasticity.

Resources can be scaled up and down rapidly and elastically.



Measured service.
Resource/service usage is constantly metered, supporting
optimization of resource usage, usage
reporting,
and pay
-
as
-
you
-
go business models
.


Source
: US National Institute of Standards and Technology (NIST
)

1 0/3/2012

9

Cloud
-
Specific
Vulnerabilities


A
vulnerability is cloud specific
if:



It is
intrinsic to or prevalent in a
core cloud
computing
technology



It has
its root cause in one of
NIST’s essential cloud
characteristics



It is
caused when cloud innovations make tried
-
and
-
tested
security controls difficult
to implement



It is
prevalent

in
established state
-
of
-
the
-
art cloud
offerings

1 0/3/2012

10

Core
-
Technology
Vulnerabilities


Web
applica
tions
& services
, virtualization, and cryptography
-

have vulnerabilities that are either intrinsic to the
technology or
prevalent.



Examples


Virtual
machine
escape


Session hijacking


Insecure/obsolete cryptography



Virtualization vulnerabilities (Virtual machine
escape)


The
possibility that an attacker might success
fully escape from a
virtualized environment lies in virtualization’s very nature.
Hence, we must consider this vulnerability as intrinsic to
virtualization and highly relevant to cloud computing.


1 0/3/2012

11

Core
-
Technology
Vulnerabilities


Examples


Virtual machine escape


Session hijacking


Insecure/obsolete cryptography



Web
application technologies
vulnerabilities (Session
hijacking)


HTTP
proto
col is a stateless protocol, whereas Web applications
require some notion of session state.



Session
handling implementations are vulnerable to session riding
and session hijack
ing.



Such
vulnerabilities are certainly relevant for cloud computing
.

1 0/3/2012

12

Core
-
Technology
Vulnerabilities


Examples


Virtual machine escape


Session hijacking


Insecure/obsolete cryptography



Cryptographic vulnerabilities (obsolete cryptography)


cryptanalysis
advances can render any cryptographic mechanism
or algorithm
insecure



It’s common
to find crucial flaws in crypto
graphic algorithm
implementations



Because uptake
of cloud computing is unthinkable without the
use of
cryptog
raphy,
insecure or obsolete cryptography vulner
-
abilities are highly relevant for cloud computing.

1 0/3/2012

13

Cloud
-
Specific
Vulnerabilities


A
vulnerability is cloud specific
if:



It is
intrinsic to or prevalent in a
core cloud
computing
technology



It has
its root cause in one of
NIST’s essential cloud
characteristics



It is
caused when cloud innovations make tried
-
and
-
tested
security controls difficult
to implement



It is
prevalent

in
established state
-
of
-
the
-
art cloud
offerings

1 0/3/2012

14

Essential Cloud Characteristic
Vulnerabilities


NIST
describes five essential cloud characteristics:


on
-
demand
self
-
service,


ubiqui
tous
network access,


resource
pooling,


rapid
elasticity, and


measured service



Following
are examples of vulnerabilities with root causes in
one or more of these characteristics
:



Unauthorized access to management interface


Internet
protocol vulnerabilities


Data
recovery vulnerability


Metering
and billing evasion


1 0/3/2012

15

Essential Cloud Characteristic
Vulnerabilities

1 0/3/2012

16



Unauthorized
access to management
interface



The
cloud characteristic on
-
demand self
-
service
requires a management interface that’s accessible
to cloud ser
vice users.



Unauthorized
access to the management interface
is
relevant
vulnerability for cloud
systems



The
probability that unau
thorized access could
occur is much higher than for traditional systems
where the management func
tionality is accessible
only to a few administrators
.

Essential Cloud Characteristic
Vulnerabilities



Internet
protocol
vulnerabilities



The
cloud characteristic ubiquitous
network access means that cloud services
are accessed via network using standard
protocols.



In
most cases, this network is the Internet,
which must be considered untrusted.



Internet
protocol vulnerabilities
(e.g.,
man
-
in
-
the
-
middle
attacks
)
are therefore
relevant for cloud computing
.

1 0/3/2012

17

Essential Cloud Characteristic
Vulnerabilities



Data
recovery
vulnerability



The
cloud characteristics of
pooling and elasticity entail
that resources allocated to one
user will be reallocated to a
different user at a later time.



For
memory or storage
resources, it might therefore
be possible to recover data
written by a previous user.


1 0/3/2012

18

Essential Cloud Characteristic
Vulnerabilities



Metering
and billing
evasion



The
cloud characteristic of measured service
means that any cloud service has a metering
capability at an abstraction level ap
propriate to
the service type (such as storage, pro
cessing, and
active user accounts).



Metering
data is used to optimize service
delivery as well as billing. Relevant
vulnerabilities include metering and bill
ing data
manipulation and billing evasion.

1 0/3/2012

19

Cloud
-
Specific
Vulnerabilities


A
vulnerability is cloud specific
if:



It is
intrinsic to or prevalent in a
core cloud
computing
technology



It has
its root cause in one of
NIST’s essential cloud
characteristics



It is
caused when cloud innovations make tried
-
and
-
tested
security controls difficult
to implement



It is
prevalent

in
established state
-
of
-
the
-
art cloud
offerings

1 0/3/2012

20

Defects in Known Security
Controls


Vulnerabilities
in standard security
controls must be considered cloud
specific if cloud innovations directly
cause the difficulties in implementing
the controls
.



Insufficient network based controls in
virtualized networks



Key
management challenges



Non
existence of cloud security
metrics

1 0/3/2012

21

Defects in security controls


Insufficient network based controls in virtualized networks



Virtualized
networks offer insufficient net
work
-
based controls.



The
administrative access to
IaaS

network infrastructure and
ability
to tailor
network infrastructure are typically
limited



Standard
controls such as IP
-
based network zoning can’t be
applied



Tech
niques
such as network
-
based vulnerability scanning are usually forbidden
by
IaaS

providers
(Friendly
scans can’t be distinguished from at
tacker
activity)



Network
traffic occurs on both real and virtual networks, such as when two virtual
machine en
vironments (VMEs) hosted on the same server commu
nicate. Such
issues constitute a control challenge because tried and tested network
-
level
security controls might not work in a given cloud environment
.

1 0/3/2012

22

Defects in security controls


Key management challenges



The
second challenge is in poor key management
procedures
.



As per European
Network and Information
Security Agency
study,
cloud com
puting
infrastructures require management and stor
age
of many different kinds of keys.



Because
virtual machines don’t have a fixed
hardware infrastructure and cloud
-
based content
is often geographically dis
tributed, it’s more
difficult to apply standard con
trols
-

such as
hardware security module (HSM) storage
-

to
keys on cloud infrastructures.

1 0/3/2012

23

Defects in security controls


Non existence of cloud security metrics



Security
metrics aren’t adapted to cloud
infrastructures.



Currently
, there are no standardized cloud
-
specific security metrics that cloud customers
can use to monitor the security status of their
cloud resources.



Until
such standard security metrics are de
-
veloped and implemented, controls for
security assess
ment, audit, and accountability
are more difficult and costly, and might even
be impossible to employ.

1 0/3/2012

24

Cloud
-
Specific
Vulnerabilities


A
vulnerability is cloud specific
if:



It is
intrinsic to or prevalent in a
core cloud
computing
technology



It has
its root cause in one of
NIST’s essential cloud
characteristics



It is
caused when cloud innovations make tried
-
and
-
tested
security controls difficult
to implement



It is
prevalent

in
established state
-
of
-
the
-
art cloud
offerings

1 0/3/2012

25

Prevalent Vulnerabilities in State
-
of
-
the
-
Art Cloud
Offerings



If a
vulnerability is prevalent in state
-
of
-
the
-
art cloud
offerings, it must be regarded as cloud
-
specific.



Injection vulnerabilities are exploited by manipu
lating service or
application inputs to interpret and execute parts of them against
the programmer’s in
tentions.



SQL
injection
, in which the input contains SQL code that’s
erroneously executed in the database back end;



Command
injection
, in which the input contains commands
that are erroneously executed via the OS; and



Cross
-
site
scripting
, in which the input contains JavaScript
code that’s erroneously executed by a vic
tim’s browser
.

1 0/3/2012

26

Prevalent Vulnerabilities in State
-
of
-
the
-
Art Cloud
Offerings


In
addition, many widely used
authentication mechanisms are weak.



Insecure
user behavior (choosing weak
passwords, reusing passwords, and so
on
)



Limitations
of one
-
factor authentication
mechanisms



Credential interception and replay

1 0/3/2012

27

Examples: virtual images


Vulnerabilities may spread by cloning virtual
machine images



Attacker may rent a virtual server to analyze
vulnerabilities and later attack other customers

1 0/3/2012

28

Examples:
DoS

by account lockout


Several unsuccessful authentication attempts
might lock out the web based management
interface



1 0/3/2012

29

Examples: Cryptographic problems


Random number generation uses
hardware resources



Random number generation using virtual
machine are weak



Multiple virtual machines running on
same hardware impose limitations on
random number generation

1 0/3/2012

30

Examples: Insufficient logging and
monitoring

1 0/3/2012

31



Currently there are no standards or
mechanisms to give cloud customers
logging and monitoring facilities



Logging and monitoring is usually
centrally managed by service provider

Examples: Data destruction

1 0/3/2012

32


Data destruction policies at the
end of the life cycle may require
physical disk destruction



This might not be possible in
cloud computing, as physical
disk may be in use by other
tenants

Examples: Communication


In
IaaS

offerings, customers may share certain
network infrastructure components



Vulnerabilities in these shared infrastructure
components might enable network
-
based cross
tenant attacks



Implications of “real” vs. “virtual” network
traffic

1 0/3/2012

33

Conclusion


Many cloud
-
specific vulnerabilities
and challenges



Solutions and technologies are
emerging



There is a long way to go to
adequately secure Clouds

1 0/3/2012

34

1 0/3/2012

35

1 0/3/2012

36

Thanks…

1 0/3/2012

37