Upload File

threats to machine clouds

47
Security Threats to Machine Clouds [email protected]

Upload: sensepost

Post on 12-Nov-2014

781 views

Category:

Technology


0 download

Report

DESCRIPTION

Preliminary research into machine 2 machine clouds presented at B-Sides Cape Town by George Pranchke of SensePost.

TRANSCRIPT

Page 1: Threats to machine clouds

Security Threats to Machine Clouds

[email protected]

Page 2: Threats to machine clouds

about: us

Georg-Christian Pranschke

http://www.sensepost.com/blog/7733.html

Page 3: Threats to machine clouds

what we’re going to talk about

• the cloud• why this talk ?• machine clouds ?• results: cursory “testing”• what does all this mean ?

Page 4: Threats to machine clouds

The Cloud

Page 5: Threats to machine clouds

clobbering the cloud!

Page 6: Threats to machine clouds

cloud security

Page 7: Threats to machine clouds

Why This Talk ?

Page 8: Threats to machine clouds

security threats to machine clouds• fast growing mobile connectivity • greater number of connected devices• management complexity and high costs

• web-based device management for connected devices

• inherits some of the web app threats plus new

ones

Page 9: Threats to machine clouds

Machine Clouds ?

Page 10: Threats to machine clouds

machine clouds?

Page 11: Threats to machine clouds

machine clouds?• home automation• vehicle tracking• tele-medicine• location-based services• “M2M and connected products are changing our world”• “safer, simpler and more productive”• “less cost per year than full-time employee”

• i.e. ATMs monitoring -> access to finances• i.e. medical equipment -> ensuring very best patient care• i.e. smart signs -> law enforcement • i.e. cars -> driving behaviour to insurance carriers

Page 12: Threats to machine clouds
Page 13: Threats to machine clouds

machine cloud ui: the web application

Page 14: Threats to machine clouds

machine - cloud integration

Page 15: Threats to machine clouds

protocol dissection (i)

DHCP response

Page 16: Threats to machine clouds

protocol dissection (ii)

restart request response

Page 17: Threats to machine clouds

machine – cloud interaction (i)

Page 18: Threats to machine clouds

machine – cloud interaction (ii)

Page 19: Threats to machine clouds

connecting a machine

Page 20: Threats to machine clouds

Results: Cursory “Testing”

Page 21: Threats to machine clouds

#include <disclaimer.h>

Page 22: Threats to machine clouds

approach

Business Logic

Application

Infrastructure

web application/web services <<>> “rogue machine”

Page 23: Threats to machine clouds

the environment (i)

Page 24: Threats to machine clouds

the environment (ii)

Page 25: Threats to machine clouds

threat: exposed administrative interfaces

Page 26: Threats to machine clouds

threats: cms layer (i)

Page 27: Threats to machine clouds

threats: cms layer (ii)

Page 28: Threats to machine clouds

threats: cms layer(iii)

Page 29: Threats to machine clouds

threats: web app layer

Page 30: Threats to machine clouds

clickjacking/ui redressing

Page 31: Threats to machine clouds

SDKs (i)

Page 32: Threats to machine clouds

SDKs (ii)

Page 33: Threats to machine clouds

SDKs (iii)

Page 34: Threats to machine clouds

SDKs (iv)

Page 35: Threats to machine clouds

a side note…

Page 36: Threats to machine clouds

transport layer encryption (i)

Page 37: Threats to machine clouds

transport layer encryption (ii)

Page 38: Threats to machine clouds

lame ? (i)

Page 39: Threats to machine clouds

lame ? (ii)

Page 40: Threats to machine clouds

lame ? (iii)

Page 41: Threats to machine clouds

threat: malicious applets

Page 42: Threats to machine clouds

a side note …

Page 43: Threats to machine clouds

threat: rogue machines

Page 44: Threats to machine clouds

putting it all together

• malicious applets• obtain vendor id or …• unauthorised connection• upload of XSS payload or …• XSS -> session hijacking and …

Page 45: Threats to machine clouds

What Does All This Mean ?

Page 46: Threats to machine clouds

what does all this mean

Page 47: Threats to machine clouds

Security Threats to Machine Clouds

Thank You!


Machine Learning eBook - Channel Futures · FIHTIN RANSOMWARE AND ADVANCED THREATS WITH MACHINE LEARNIN ... dates back to the 1950s. Besides cybersecurity, the technology is being

Cost of Virtual Machine Live Migration in Clouds: A ...Cost of Virtual Machine Live Migration in Clouds: A Performance Evaluation William Voorsluys 1, James Broberg , Srikumar Venugopal2,

How do clouds form? LECTURE 6, Clouds

Nowcasting Thunderstorm Anvil Clouds over Kennedy Space ... · the threats of natural and triggered lightning to space launch and landing operations. The majority of anvil clouds

A Methodology to Create STL Files from Data Point Clouds ...sffsymposium.engr.utexas.edu/Manuscripts/1999/1999... · coordinate measuring machine and a rapid prototyping machine,

Machine Learning Rain Formation and the Impacts on Clouds ... · Affects microphysics of clouds and warm rain. May delay rain (Albrecht 1989) •Cloud Feedback •Largest uncertainty

Understanding How Machine Learning Defends Against Zero-Day Threats

Adversarial Machine Learning And Several Countermeasures · 2018. 1. 15. · Machine Learning Protect against tomorrow’s threats Adversarial Machine Learning And Several Countermeasures

THREATS AND CHALLENGES IN MACHINE LEARNING

Network Security - Labprotocols.netlab.uky.edu/~calvert/classes/571/lectureslides/NetSec.p… · Security Threats • Machine Compromise (breakin) – Exploiting software weaknesses

Clouds Clouds Clouds

Oct 2015 CRV SOLUTION PROFILE - boxercrv.com.au · full spectrum of battlefield threats including small arms, heavy machine guns, kinetic threats, ... The vehicle’s external profile

Clouds, Rain, Clouds Again

CLOUDS. What are clouds?

PERSONA REPORT Head in the Clouds · PERSONA REPORT Head in the Clouds: A study into User Behaviour to Better Understand Insider Threats Profiling employees To help IT leaders better

Improving Energy Efficiency in NFV Clouds with Machine Learning

A New Approach to Threat Detection · DETECTING THREATS IN THE CLOUD WITH THE CLOUD 2 Numerous security analytics products are trying to detect advanced threats using machine learning

2018-19 - dpsludhiana.com Book-Class 2.pdf · And clouds clouds clouds Clouds clouds clouds, today. This is the sky song What’s in sky tonight? Look up , what can u see? The moon

Clouds Cumulus CU Low clouds - cumuliform -. clouds Cumulus CU Low clouds - cumuliform -

Empire of the Clouds, Achievement of the Machine

1 cloud, 2 clouds, 3 clouds, tons

Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning

Application of Machine Learning and Crowdsourcing to Detection of Cyber Threats Jaime G. Carbonell Eugene Fink Mehrbod Sharifi

Insider Threat Protection - ETSI€¦ · Engineered to detect insider threats. FortiInsight. Wherever a machine is located and whatever network the machine is connected to, FortiInsight

Clouds, Clouds, and more Clouds!

Clouds Finding Out What Clouds Are All About. Cirrus Clouds

Architecture Réseau des clouds privés avec Hyper-V et System Center Virtual Machine Manager 2012 R2

types of clouds. Different kinds of clouds lead to ... · types of clouds. Different kinds of clouds lead to different types of weather. Cirrus clouds are the highest group of clouds

Mobile threat detection through machine learning · Mobile threat detection through machine learning MKT EN-US v2 Executive summary The types of threats targeting enterprises are

Building IaaS Clouds and the Art of Virtual Machine Management: A Practical Guide with OpenNebula

Clouds - Metlink...Cirrus made by an aeroplane (aircraft contrail cirrus) Clouds Cumulus 1 Clouds Cumulus 2 Clouds Cumulus 3 Clouds Nimbostratus Clouds Nimbostratus with rainbow Clouds

Threat Modeling and Analysis - KAMM...Threat Modeling and Analysis ... • Point Threats • Systems Threats • Distal Threats • Proximal Threats • Terminal Threats • Pathways

Security Threats in Software Defined Mobile Clouds (SDMC)

Artic - porcelanatoliquido.net · 4807126 -free-sky-wallpaper jpg clouds clouds texture6118jpg clouds clouds clouds clouds texture6110.jpg clouds texturE6115jpg clouds texture6120.jpg

Isolating the Ghost in the Machine: Unveiling Post Exploitation Threats · PDF fileIsolating the Ghost in the Machine: Unveiling Post Exploitation Threats. HTA-R11. Senior Security