is 2620: developing secure systems the cloud computing paradigm part of slides are taken from...
TRANSCRIPT
IS 2620: Developing Secure Systems
The Cloud Computing Paradigm
Part of slides are taken from “Effectively and Securely Using the Cloud Computing Paradigm” by Peter Mell and Tim Grance from NIST
2/16/2012
2
Agenda Understanding Cloud Computing Cloud Computing Security Secure Cloud Migration Paths Foundational Elements of Cloud Computing Security & Privacy Challenges Policy Management
Understanding Cloud Computing
3
4
Origin of the term “Cloud Computing” “Comes from the early days of the Internet where we drew
the network as a cloud… we didn’t care where the messages went… the cloud hid it from us” – Kevin Marks, Google
First cloud around networking (TCP/IP abstraction) Second cloud around documents (WWW data abstraction) The emerging cloud abstracts infrastructure complexities
of servers, applications, data, and heterogeneous platforms (“muck” as Amazon’s CEO Jeff Bezos calls it)
5
A Working Definition of Cloud Computing
Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.
Essential Cloud Characteristics
On-demand self-service Get computing capabilities as needed
automatically
Broad network access Services available over the net using
desktop, laptop, PDA, mobile phone
6
Essential Cloud Characteristics (Cont.)
Resource pooling Location independence Provider resources pooled to server multiple clients
Rapid elasticity Ability to quickly scale in/out service
Measured service control, optimize services based on metering
7
Cloud Service Models
Cloud Software as a Service (SaaS) Use provider’s applications over a network User doesn’t manage or control the network, servers, OS,
storage or applications Cloud Platform as a Service (PaaS)
Users deploy their applications on a cloud Users control their apps Users don’t manage servers, IS, storage
8
Cloud Service Models (Cont.)• Cloud Infrastructure as a Service (IaaS)
– Rent processing, storage, network capacity, and other fundamental computing resources
– Consumers gets access to the infrastructure to deploy their stuff
– Don’t manage or control the infrastructure– Do manage or control the OS, storage, apps,
selected network components• To be considered “cloud” they must be deployed
on top of cloud infrastructure that has the key characteristics
9
Service Model ArchitecturesCloud Infrastructure
IaaS
PaaS
SaaS
Infrastructure as a Service (IaaS) Architectures
Platform as a Service (PaaS)Architectures
Software as a Service (SaaS)
Architectures
Cloud Infrastructure
SaaS
Cloud Infrastructure
PaaS
SaaS
Cloud Infrastructure
IaaS
PaaS
Cloud Infrastructure
PaaS
Cloud Infrastructure
IaaS
10
Cloud Deployment Models
Private cloud single org only, managed by the org or a 3rd party, on or off premise
Community cloud shared infrastructure for specific community several orgs that have shared concerns, managed by org or a 3rd party
11
Cloud Deployment Models (Cont.)
Public cloud Sold to the public, mega-scale infrastructure available to the general public
Hybrid cloud composition of two or more clouds bound by standard or proprietary technology
12
Common Cloud Characteristics
• Cloud computing often leverages:– Massive scale– Homogeneity– Virtualization– Resilient computing– Low cost software– Geographic distribution– Service orientation– Advanced security technologies
13
The NIST Cloud Definition Framework
14
CommunityCommunityCloudCloud
Private Private CloudCloud
Public CloudPublic Cloud
Hybrid Clouds
DeploymentModels
ServiceModels
EssentialCharacteristics
Common Characteristics
Software as a Service (SaaS)
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)
Resource Pooling
Broad Network Access Rapid Elasticity
Measured Service
On Demand Self-Service
Low Cost Software
Virtualization Service Orientation
Advanced Security
Homogeneity
Massive Scale Resilient Computing
Geographic Distribution
15
Cloud Computing Security
Security is the Major Issue
16
General Security Advantages
Shifting public data to a external cloud reduces the exposure of the internal sensitive data
Cloud homogeneity makes security auditing/testing simpler
Clouds enable automated security management
Redundancy / Disaster Recovery
17
General Security Challenges
Trusting vendor’s security model Customer inability to respond to audit findings Obtaining support for investigations Indirect administrator accountability Proprietary implementations can’t be examined Loss of physical control
18
Security Relevant Cloud Components
Cloud Provisioning Services Cloud Data Storage Services Cloud Processing Infrastructure Cloud Support Services Cloud Network and Perimeter Security Elastic Elements: Storage, Processing, and
Virtual Networks
19
Provisioning Service
Advantages Rapid reconstitution of services Enables availability
Provision in multiple data centers / multiple instances Advanced honey net capabilities
Challenges Impact of compromising the provisioning service
20
Data Storage Services
Advantages Data fragmentation and dispersal Automated replication Provision of data zones (e.g., by country) Encryption at rest and in transit Automated data retention
Challenges Isolation management / data multi-tenancy Storage controller
Single point of failure / compromise? Exposure of data to foreign governments
21
Cloud Processing Infrastructure
Advantages Ability to secure masters and push out secure
images Challenges
Application multi-tenancy Reliance on hypervisors Process isolation / Application sandboxes
22
Cloud Support Services
Advantages On demand security controls (e.g., authentication,
logging, firewalls…) Challenges
Additional risk when integrated with customer applications
Needs certification and accreditation as a separate application
Code updates
23
Cloud Network and Perimeter Security
Advantages Distributed denial of service protection VLAN capabilities Perimeter security (IDS, firewall, authentication)
Challenges Virtual zoning with application mobility
24
Cloud Security Advantages
Data Fragmentation and Dispersal Dedicated Security Team Greater Investment in Security Infrastructure Fault Tolerance and Reliability Greater Resiliency Hypervisor Protection Against Network Attacks Possible Reduction of C&A Activities (Access to
Pre-Accredited Clouds)
25
Cloud Security Advantages (Cont.)
Simplification of Compliance Analysis Data Held by Unbiased Party (cloud vendor
assertion) Low-Cost Disaster Recovery and Data Storage
Solutions On-Demand Security Controls Real-Time Detection of System Tampering Rapid Re-Constitution of Services Advanced Honeynet Capabilities
26
Cloud Security Challenges
• Data dispersal and international privacy laws– EU Data Protection Directive and U.S. Safe Harbor
program– Exposure of data to foreign government and data
subpoenas– Data retention issues
• Need for isolation management• Multi-tenancy • Logging challenges• Data ownership issues • Quality of service guarantees
27
Cloud Security Challenges (Cont.)
Dependence on secure hypervisors Attraction to hackers (high value target) Security of virtual OSs in the cloud Possibility for massive outages Encryption needs for cloud computing
Encrypting access to the cloud resource control interface
Encrypting administrative access to OS instances Encrypting access to applications Encrypting application data at rest
Public cloud vs internal cloud security Lack of public SaaS version control 28
Obstacles & Opportunities
29
30
Unique Features
Outsourcing Data and Applications Extensibility and Shared Responsibility Multi-tenancy Service-Level Agreements Virtualization and Hypervisors Heterogeneity Compliance and Regulations
31
Security Implications
32
Security and Privacy Challenges
Authentication and Identity Management interoperability password-based: inherited limitation How multi-tenancy can affect the privacy of
identity information isn’t yet well understood. multi-jurisdiction issue integrated with other security components.
33
Security and Privacy Challenges
Access Control and Accounting Heterogeneity and diversity of services, as well as
the domains’ diverse access requirements capture dynamic, context, or attribute- or
credential-based access requirements integrate privacy-protection requirements interoperability capture relevant aspects of SLAs
34
Security and Privacy Challenges
Trust Management and Policy Integration compose multiple services to enable bigger
application services efficiently capturing a generic set of parameters
required for establishing trust and to manage evolving trust and interaction/sharing requirements
address challenges such as semantic heterogeneity, secure interoperability, and policy-evolution management.
35
Security and Privacy Challenges
Secure-Service Management WSDL can’t fully meet the requirements of cloud
computing services description issues such as quality of service, price, and SLAs automatic and systematic service provisioning
and composition framework that considers security and privacy issues
36
Security and Privacy Challenges
Privacy and Data Protection storing data and applications on systems that
reside outside of on-premise datacenters shared infrastructure, risk of potential
unauthorized access and exposure. Privacy-protection mechanisms must be
embedded in all security solutions. Provenance Balancing between data provenance and privacy
37
Security and Privacy Challenges
Organizational Security Management shared governance can become a significant
issue if not properly addressed Dependence on external entities the possibility of an insider threat is significantly
extended when outsourcing data and processes to clouds.
38
39
Security and Privacy Approaches
Authentication and Identity Management User-centric IDM users control their digital identities and takes
away the complexity of IDM from the enterprises federated IDM solutions privacy-preserving protocols to verify various
identity attributes by using, for example, zero-knowledge proof-based techniques
40
Security and Privacy Approaches
Access Control Needs RBAC policy-integration needs credential-based RBAC, GTRBAC,8 location-
based RBAC
41
Security and Privacy Approaches
Secure Interoperation Multi-domain centralized approach decentralized approaches specification frameworks to ensure that the cross-
domain accesses are properly specified, verified, and enforced
Policy engineering mechanisms
42
Security and Privacy Approaches
Secure-Service Provisioning and Composition Open Services Gateway Initiative (OSGi) Declarative OWL-based language can be used to
provide a service definition manifest, including a list of distinct component types that make up the service, functional requirements, component grouping and topology instructions
43
Security and Privacy Approaches
Trust Management Framework trust-based policy integration Delegation must be incorporated in service composition
framework
44
Security and Privacy Approaches
Data-Centric Security and Privacy shifts data protection from systems and
applications documents must be self-describing and defending
regardless of their environments.
45
Security and Privacy Approaches
Managing Semantic Heterogeneity semantic heterogeneity among policies Use of an ontology is the most promising
approach policy framework and a policy enforcement
architecture inference engines
46
Policy Management
No single access control mechanism, single policy language or single policy management tool
diverse access control solutions policies may be composed in incompatible
ways Heterogeneity and distribution of policies
pose problems in administration
47
Case Study Implementation
Investigation Authentication mechanism How users can share resources with other users privacy/access setting options it provides policy language and mechanism it uses. What APIs it provides. change privacy settings using an API or in some
other ways. discover users' resources supports XACML or similar technologies.
48
Case Study Implementation
Amazon S3, Dropbox, LinkedIn, Flickr, and Twitter
developed a unified framework
49
50
Limitations of the Existing Policy Management Systems
Application Centric vs. User Centric Unified Policy Management System Heterogeneity and Interoperation Privacy Preservation
51
Proposed Semantic Based Policy Management Framework
designed on the concept of centrally expressing a users' security requirements
applied to a user's resources regardless of where they are stored
should be able to address interoperability and heterogeneity issues
52
Semantic Web and Policy Management
specify a domain of interest individuals, classes of individuals, properties axioms that assert constraints over them
structured vocabulary describes concepts and relationships between
them specification of the meaning of terms
53
Semantic Web and Policy Management
In a policy management system access rules are specified based on
representations of concepts policy rules and these representations should be
able to make policy-based authorization decisions deal with the heterogeneity of cloud
these representations should be generic and flexible enough
54
Semantic Web and Policy Management
The Web Ontology Language (OWL 2) a family of standard knowledge representation
languages for the Semantic Web based on Description Logic (DL)
Reasoner we can check whether all of the statements and
definitions in the ontology are mutually consistent tradeoff between expressiveness and
efficient reasoning
55
Semantic Web and Policy Management
Use SWRL to enrich the models dened using OWL 2 to represent rules on the Semantic Web extends OWL 2 in order to provide a way to
express conditional knowledge not decidable
we use the DL-Safe context OWL 2 RL + SWRL with DL-Safe restriction
referred as OWL and SWRL56
Semantic Web and Policy Management
offers high expressiveness Reasoning: rule-based engines which offer
good performance scalable reasoning without sacrificing too
much expressive power heterogeneity management and
interoperability separation between domain description and
policy description57
The Proposed Architectural Framework
58
Authorization Knowledge Management
Each CSP has its own information system SBPMS requires CSPs to provide such
information for authorization purposes Update
push and/or pull strategies privacy of cloud user's identity
59
Access Request Processing
The access requests are processed locally in each CSP
key advantage apply additional policies
60
The Implementation Architecture
61
Performance Evaluation
Prototype Generate policies Perform evaluations
62
Policy Specification Language Meta Model
Semantic Based Specification Language and Policy Generation Process
Target [Provider, Subject, Object, Action, Service]
63
Performance of the Ontology Construction
64
Performance of the Authorization API
65
References
Semantic Based Policy Management for Cloud Computing Environments, International Journal of Cloud Computing, 2012.
Security and Privacy Challenges in Cloud Computing Environments, IEEE Security and Privacy, Vol. 8, No. 6, 2010.
SecureCloud: Towards a Comprehensive Security Framework for Cloud Computing Environments, IEEE International Workshop on Emerging Applications for Cloud Computing (CloudApp 2010).
66
67
Questions?
PrivacyMonitor The goal of this project is to develop an
application that monitors the phone for possible privacy violation.
This app should be able to work with all the apps installed on the phone that connects to Internet such as social networks apps, IM apps, Email apps, etc.
The app provides an interface to user to specify privacy preferences and then runs in the background
PrivacyMonitor
checks privacy policies and activities of all the apps and alert the user if there is any conflict between the user’s specified policies and policies of the app.
It is useful when installing an app to see whether it satisfies user’s privacy preferences and also when using an app to check whether it complies with its own policies.
Possible Features Activate Application
Allows user to activate or deactivate the app Run as System Application
Allows user to run the app in the background Password Protection
Protects the app from unauthorized users Autoblock
It automatically blocks possible violations of privacy without users’ confirmation
Possible Features
Notifications Alert about possible risk and ask user about
continuing the action (the autoblock must be off for this feature to work). When a threat is detected a small icon appears in the corner of the screen. The color of the icon could vary based on severity of the threat and it can show a number representing the number of threats.
Sound Alert Plays a sound when a threat is detected.
Privacy for Mobile Apps
As mobile apps become more popular, people are becoming more concerned about privacy issues associated with those apps.
On the other hand, given how difficult privacy policies are to read on a large screen, there are concerns about the feasibility of reading them on small screens of mobile phones.
Privacy for Mobile Apps
Currently, vast majority of applications that mobile phone users download do not have privacy policies at all
we need to answer the following questions What is a good approach for communicating
about app privacy policies to users? When and in what form should this
communication occur? What information should be included?
Privacy for Mobile Apps
"Mobile Application Privacy Policy Framework" from the Mobile Marketing Association (MMA) Privacy & Advocacy Committee
"Privacy Policy Generator 3.0" initiative from TRUSTe
Policymaker from PrivacyChoice
Privacy for Mobile Apps
What we suggest as a solution is to use standardized short table from the paper "A Nutrition Label for Privacy"(
http://cups.cs.cmu.edu/soups/2009/proceedings/a4-kelley.pdf ) to design a privacy policies format for mobile apps.