is 2620: developing secure systems the cloud computing paradigm part of slides are taken from...

IS 2620: Developing Secure Systems

The Cloud Computing Paradigm

Part of slides are taken from “Effectively and Securely Using the Cloud Computing Paradigm” by Peter Mell and Tim Grance from NIST

2/16/2012

2

Agenda Understanding Cloud Computing Cloud Computing Security Secure Cloud Migration Paths Foundational Elements of Cloud Computing Security & Privacy Challenges Policy Management

Understanding Cloud Computing

3

4

Origin of the term “Cloud Computing” “Comes from the early days of the Internet where we drew

the network as a cloud… we didn’t care where the messages went… the cloud hid it from us” – Kevin Marks, Google

First cloud around networking (TCP/IP abstraction) Second cloud around documents (WWW data abstraction) The emerging cloud abstracts infrastructure complexities

of servers, applications, data, and heterogeneous platforms (“muck” as Amazon’s CEO Jeff Bezos calls it)

5

A Working Definition of Cloud Computing

Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.

Essential Cloud Characteristics

On-demand self-service Get computing capabilities as needed

automatically

Broad network access Services available over the net using

desktop, laptop, PDA, mobile phone

6

Essential Cloud Characteristics (Cont.)

Resource pooling Location independence Provider resources pooled to server multiple clients

Rapid elasticity Ability to quickly scale in/out service

Measured service control, optimize services based on metering

7

Cloud Service Models

Cloud Software as a Service (SaaS) Use provider’s applications over a network User doesn’t manage or control the network, servers, OS,

storage or applications Cloud Platform as a Service (PaaS)

Users deploy their applications on a cloud Users control their apps Users don’t manage servers, IS, storage

8

Cloud Service Models (Cont.)• Cloud Infrastructure as a Service (IaaS)

– Rent processing, storage, network capacity, and other fundamental computing resources

– Consumers gets access to the infrastructure to deploy their stuff

– Don’t manage or control the infrastructure– Do manage or control the OS, storage, apps,

selected network components• To be considered “cloud” they must be deployed

on top of cloud infrastructure that has the key characteristics

9

Service Model ArchitecturesCloud Infrastructure

IaaS

PaaS

SaaS

Infrastructure as a Service (IaaS) Architectures

Platform as a Service (PaaS)Architectures

Software as a Service (SaaS)

Architectures

Cloud Infrastructure

SaaS


PaaS

SaaS


IaaS

PaaS


PaaS


IaaS

10

Cloud Deployment Models

Private cloud single org only, managed by the org or a 3rd party, on or off premise

Community cloud shared infrastructure for specific community several orgs that have shared concerns, managed by org or a 3rd party

11

Cloud Deployment Models (Cont.)

Public cloud Sold to the public, mega-scale infrastructure available to the general public

Hybrid cloud composition of two or more clouds bound by standard or proprietary technology

12

Common Cloud Characteristics

• Cloud computing often leverages:– Massive scale– Homogeneity– Virtualization– Resilient computing– Low cost software– Geographic distribution– Service orientation– Advanced security technologies

13

The NIST Cloud Definition Framework

14

CommunityCommunityCloudCloud

Private Private CloudCloud

Public CloudPublic Cloud

Hybrid Clouds

DeploymentModels

ServiceModels

EssentialCharacteristics

Common Characteristics

Software as a Service (SaaS)

Platform as a Service (PaaS)

Infrastructure as a Service (IaaS)

Resource Pooling

Broad Network Access Rapid Elasticity

Measured Service

On Demand Self-Service

Low Cost Software

Virtualization Service Orientation

Advanced Security

Homogeneity

Massive Scale Resilient Computing

Geographic Distribution

15

Cloud Computing Security

Security is the Major Issue

16

General Security Advantages

Shifting public data to a external cloud reduces the exposure of the internal sensitive data

Cloud homogeneity makes security auditing/testing simpler

Clouds enable automated security management

Redundancy / Disaster Recovery

17

General Security Challenges

Trusting vendor’s security model Customer inability to respond to audit findings Obtaining support for investigations Indirect administrator accountability Proprietary implementations can’t be examined Loss of physical control

18

Security Relevant Cloud Components

Cloud Provisioning Services Cloud Data Storage Services Cloud Processing Infrastructure Cloud Support Services Cloud Network and Perimeter Security Elastic Elements: Storage, Processing, and

Virtual Networks

19

Provisioning Service

Advantages Rapid reconstitution of services Enables availability

Provision in multiple data centers / multiple instances Advanced honey net capabilities

Challenges Impact of compromising the provisioning service

20

Data Storage Services

Advantages Data fragmentation and dispersal Automated replication Provision of data zones (e.g., by country) Encryption at rest and in transit Automated data retention

Challenges Isolation management / data multi-tenancy Storage controller

Single point of failure / compromise? Exposure of data to foreign governments

21

Cloud Processing Infrastructure

Advantages Ability to secure masters and push out secure

images Challenges

Application multi-tenancy Reliance on hypervisors Process isolation / Application sandboxes

22

Cloud Support Services

Advantages On demand security controls (e.g., authentication,

logging, firewalls…) Challenges

Additional risk when integrated with customer applications

Needs certification and accreditation as a separate application

Code updates

23

Cloud Network and Perimeter Security

Advantages Distributed denial of service protection VLAN capabilities Perimeter security (IDS, firewall, authentication)

Challenges Virtual zoning with application mobility

24

Cloud Security Advantages

Data Fragmentation and Dispersal Dedicated Security Team Greater Investment in Security Infrastructure Fault Tolerance and Reliability Greater Resiliency Hypervisor Protection Against Network Attacks Possible Reduction of C&A Activities (Access to

Pre-Accredited Clouds)

25

Cloud Security Advantages (Cont.)

Simplification of Compliance Analysis Data Held by Unbiased Party (cloud vendor

assertion) Low-Cost Disaster Recovery and Data Storage

Solutions On-Demand Security Controls Real-Time Detection of System Tampering Rapid Re-Constitution of Services Advanced Honeynet Capabilities

26

Cloud Security Challenges

• Data dispersal and international privacy laws– EU Data Protection Directive and U.S. Safe Harbor

program– Exposure of data to foreign government and data

subpoenas– Data retention issues

• Need for isolation management• Multi-tenancy • Logging challenges• Data ownership issues • Quality of service guarantees

27

Cloud Security Challenges (Cont.)

Dependence on secure hypervisors Attraction to hackers (high value target) Security of virtual OSs in the cloud Possibility for massive outages Encryption needs for cloud computing

Encrypting access to the cloud resource control interface

Encrypting administrative access to OS instances Encrypting access to applications Encrypting application data at rest

Public cloud vs internal cloud security Lack of public SaaS version control 28

Obstacles & Opportunities

29

Unique Features

Outsourcing Data and Applications Extensibility and Shared Responsibility Multi-tenancy Service-Level Agreements Virtualization and Hypervisors Heterogeneity Compliance and Regulations

31

Security Implications

32

Security and Privacy Challenges

Authentication and Identity Management interoperability password-based: inherited limitation How multi-tenancy can affect the privacy of

identity information isn’t yet well understood. multi-jurisdiction issue integrated with other security components.

33


Access Control and Accounting Heterogeneity and diversity of services, as well as

the domains’ diverse access requirements capture dynamic, context, or attribute- or

credential-based access requirements integrate privacy-protection requirements interoperability capture relevant aspects of SLAs

34


Trust Management and Policy Integration compose multiple services to enable bigger

application services efficiently capturing a generic set of parameters

required for establishing trust and to manage evolving trust and interaction/sharing requirements

address challenges such as semantic heterogeneity, secure interoperability, and policy-evolution management.

35


Secure-Service Management WSDL can’t fully meet the requirements of cloud

computing services description issues such as quality of service, price, and SLAs automatic and systematic service provisioning

and composition framework that considers security and privacy issues

36


Privacy and Data Protection storing data and applications on systems that

reside outside of on-premise datacenters shared infrastructure, risk of potential

unauthorized access and exposure. Privacy-protection mechanisms must be

embedded in all security solutions. Provenance Balancing between data provenance and privacy

37


Organizational Security Management shared governance can become a significant

issue if not properly addressed Dependence on external entities the possibility of an insider threat is significantly

extended when outsourcing data and processes to clouds.

38

Security and Privacy Approaches

Authentication and Identity Management User-centric IDM users control their digital identities and takes

away the complexity of IDM from the enterprises federated IDM solutions privacy-preserving protocols to verify various

identity attributes by using, for example, zero-knowledge proof-based techniques

40


Access Control Needs RBAC policy-integration needs credential-based RBAC, GTRBAC,8 location-

based RBAC

41


Secure Interoperation Multi-domain centralized approach decentralized approaches specification frameworks to ensure that the cross-

domain accesses are properly specified, verified, and enforced

Policy engineering mechanisms

42


Secure-Service Provisioning and Composition Open Services Gateway Initiative (OSGi) Declarative OWL-based language can be used to

provide a service definition manifest, including a list of distinct component types that make up the service, functional requirements, component grouping and topology instructions

43


Trust Management Framework trust-based policy integration Delegation must be incorporated in service composition

framework

44


Data-Centric Security and Privacy shifts data protection from systems and

applications documents must be self-describing and defending

regardless of their environments.

45


Managing Semantic Heterogeneity semantic heterogeneity among policies Use of an ontology is the most promising

approach policy framework and a policy enforcement

architecture inference engines

46

Policy Management

No single access control mechanism, single policy language or single policy management tool

diverse access control solutions policies may be composed in incompatible

ways Heterogeneity and distribution of policies

pose problems in administration

47

Case Study Implementation

Investigation Authentication mechanism How users can share resources with other users privacy/access setting options it provides policy language and mechanism it uses. What APIs it provides. change privacy settings using an API or in some

other ways. discover users' resources supports XACML or similar technologies.

48

Case Study Implementation

Amazon S3, Dropbox, LinkedIn, Flickr, and Twitter

developed a unified framework

49

Limitations of the Existing Policy Management Systems

Application Centric vs. User Centric Unified Policy Management System Heterogeneity and Interoperation Privacy Preservation

51

Proposed Semantic Based Policy Management Framework

designed on the concept of centrally expressing a users' security requirements

applied to a user's resources regardless of where they are stored

should be able to address interoperability and heterogeneity issues

52

Semantic Web and Policy Management

specify a domain of interest individuals, classes of individuals, properties axioms that assert constraints over them

structured vocabulary describes concepts and relationships between

them specification of the meaning of terms

53


In a policy management system access rules are specified based on

representations of concepts policy rules and these representations should be

able to make policy-based authorization decisions deal with the heterogeneity of cloud

these representations should be generic and flexible enough

54


The Web Ontology Language (OWL 2) a family of standard knowledge representation

languages for the Semantic Web based on Description Logic (DL)

Reasoner we can check whether all of the statements and

definitions in the ontology are mutually consistent tradeoff between expressiveness and

efficient reasoning

55


Use SWRL to enrich the models dened using OWL 2 to represent rules on the Semantic Web extends OWL 2 in order to provide a way to

express conditional knowledge not decidable

we use the DL-Safe context OWL 2 RL + SWRL with DL-Safe restriction

referred as OWL and SWRL56


offers high expressiveness Reasoning: rule-based engines which offer

good performance scalable reasoning without sacrificing too

much expressive power heterogeneity management and

interoperability separation between domain description and

policy description57

The Proposed Architectural Framework

58

Authorization Knowledge Management

Each CSP has its own information system SBPMS requires CSPs to provide such

information for authorization purposes Update

push and/or pull strategies privacy of cloud user's identity

59

Access Request Processing

The access requests are processed locally in each CSP

key advantage apply additional policies

60

The Implementation Architecture

61

Performance Evaluation

Prototype Generate policies Perform evaluations

62

Policy Specification Language Meta Model

Semantic Based Specification Language and Policy Generation Process

Target [Provider, Subject, Object, Action, Service]

63

Performance of the Ontology Construction

64

Performance of the Authorization API

65

References

Semantic Based Policy Management for Cloud Computing Environments, International Journal of Cloud Computing, 2012.

Security and Privacy Challenges in Cloud Computing Environments, IEEE Security and Privacy, Vol. 8, No. 6, 2010.

SecureCloud: Towards a Comprehensive Security Framework for Cloud Computing Environments, IEEE International Workshop on Emerging Applications for Cloud Computing (CloudApp 2010).

66

67

Questions?

PrivacyMonitor The goal of this project is to develop an

application that monitors the phone for possible privacy violation.

This app should be able to work with all the apps installed on the phone that connects to Internet such as social networks apps, IM apps, Email apps, etc.

The app provides an interface to user to specify privacy preferences and then runs in the background

PrivacyMonitor

checks privacy policies and activities of all the apps and alert the user if there is any conflict between the user’s specified policies and policies of the app.

It is useful when installing an app to see whether it satisfies user’s privacy preferences and also when using an app to check whether it complies with its own policies.

Possible Features Activate Application

Allows user to activate or deactivate the app Run as System Application

Allows user to run the app in the background Password Protection

Protects the app from unauthorized users Autoblock

It automatically blocks possible violations of privacy without users’ confirmation

Possible Features

Notifications Alert about possible risk and ask user about

continuing the action (the autoblock must be off for this feature to work). When a threat is detected a small icon appears in the corner of the screen. The color of the icon could vary based on severity of the threat and it can show a number representing the number of threats.

Sound Alert Plays a sound when a threat is detected.

Privacy for Mobile Apps

As mobile apps become more popular, people are becoming more concerned about privacy issues associated with those apps.

On the other hand, given how difficult privacy policies are to read on a large screen, there are concerns about the feasibility of reading them on small screens of mobile phones.


Currently, vast majority of applications that mobile phone users download do not have privacy policies at all

we need to answer the following questions What is a good approach for communicating

about app privacy policies to users? When and in what form should this

communication occur? What information should be included?


"Mobile Application Privacy Policy Framework" from the Mobile Marketing Association (MMA) Privacy & Advocacy Committee

"Privacy Policy Generator 3.0" initiative from TRUSTe

Policymaker from PrivacyChoice


What we suggest as a solution is to use standardized short table from the paper "A Nutrition Label for Privacy"(

http://cups.cs.cmu.edu/soups/2009/proceedings/a4-kelley.pdf ) to design a privacy policies format for mobile apps.

is 2620: developing secure systems the cloud computing paradigm part of slides are taken from...

Documents

cloud infrastructure

public cloud

cloud users

cloud model

cloud computing paradigm

understanding cloud

term cloud computing

applications cloud platform