threats to machine clouds

Report

Post on 12-Nov-2014

781 Views

Category:

Technology

0 Downloads

Preview:

Click to see full reader

DESCRIPTION

Preliminary research into machine 2 machine clouds presented at B-Sides Cape Town by George Pranchke of SensePost.

TRANSCRIPT

Security Threats to Machine Clouds

george@sensepost.com

about: us

Georg-Christian Pranschke

http://www.sensepost.com/blog/7733.html

what we’re going to talk about

• the cloud• why this talk ?• machine clouds ?• results: cursory “testing”• what does all this mean ?

The Cloud

clobbering the cloud!

cloud security

Why This Talk ?

security threats to machine clouds• fast growing mobile connectivity • greater number of connected devices• management complexity and high costs

• web-based device management for connected devices

• inherits some of the web app threats plus new

ones

Machine Clouds ?

machine clouds?

machine clouds?• home automation• vehicle tracking• tele-medicine• location-based services• “M2M and connected products are changing our world”• “safer, simpler and more productive”• “less cost per year than full-time employee”

• i.e. ATMs monitoring -> access to finances• i.e. medical equipment -> ensuring very best patient care• i.e. smart signs -> law enforcement • i.e. cars -> driving behaviour to insurance carriers

machine cloud ui: the web application

machine - cloud integration

protocol dissection (i)

DHCP response

protocol dissection (ii)

restart request response

machine – cloud interaction (i)

machine – cloud interaction (ii)

connecting a machine

Results: Cursory “Testing”

#include <disclaimer.h>

approach

Business Logic

Application

Infrastructure

web application/web services <<>> “rogue machine”

the environment (i)

the environment (ii)

threat: exposed administrative interfaces

threats: cms layer (i)

threats: cms layer (ii)

threats: cms layer(iii)

threats: web app layer

clickjacking/ui redressing

SDKs (i)

SDKs (ii)

SDKs (iii)

SDKs (iv)

a side note…

transport layer encryption (i)

transport layer encryption (ii)

lame ? (i)

lame ? (ii)

lame ? (iii)

threat: malicious applets

a side note …

threat: rogue machines

putting it all together

• malicious applets• obtain vendor id or …• unauthorised connection• upload of XSS payload or …• XSS -> session hijacking and …

What Does All This Mean ?

what does all this mean

Security Threats to Machine Clouds

Thank You!

top related

threat modeling and analysis - kamm...threat modeling and...
Documents
storm clouds. cumulonimbus clouds cold rain process
Documents
network security -...
Documents
netpro-iti ethernet lans. common threats to physical...
Documents
2018-19 - dpsludhiana.com book-class 2.pdf · and clouds...
Documents
clouds cumulus cu low clouds - cumuliform -. clouds cumulus...
Documents
chapter 6. natural environmental threats supply system...
Documents
formation of clouds/types of clouds
Education
tackle unknown threats with symantec endpoint protection 14...
Technology
architecture réseau des clouds privés avec hyper-v et...
Technology
a new approach to threat detection · detecting threats in...
Documents
clouds weight the of a word. clouds clouds clouds
Documents
achieving adaptation through live virtual machine migration...
Documents
clouds clouds clouds
Entertainment & Humor
clouds, rain, clouds again
Documents
improving energy efficiency in nfv clouds with machine...
Documents
insider threat protection - etsi€¦ · engineered to...
Documents
artic - porcelanatoliquido.net · 4807126...
Documents
machine learning ebook - channel futures · fihtin...
Documents
machine learning rain formation and the impacts on clouds...
Documents