Enterprise Cloud Security option · Enterprise Cloud Security option ... waf
Cloud-Security•There are still lots of Security Problems in Cloud‐Computing: show‐stopper! •...
Transcript of Cloud-Security•There are still lots of Security Problems in Cloud‐Computing: show‐stopper! •...
Claudia Eckert
Claudia Eckert
Fraunhofer‐Institute for Secure Information Technology (SIT)
Technische Universität München
Open Grid Forum, 16.3,. 2010, Munich
Cloud-Security:Show-Stopper or Enabling Technology?
Claudia Eckert
Overview
1. Cloud‐Characteristics
2. Security Implications
3. Some Attacks (real World)
4. Specific Challenge:
ID‐Management
5. Summary
2
Claudia Eckert
3
1. Cloud-Computing
Cloud:
• Pool of networked IT‐components
Cloud‐Characteristics
• Resources will be provided on demand
• User don’t have to maintain/operate an own infrastructure
• An ‚unlimited‘ amount of resources: capacities can be dynamically added:
• Scalability, flexibility, on‐demand usage,
• Access to outsourced data: at anytime, from anywhere
• Fast development of new web‐ applications offered as Cloud‐Services
• Software as a Service
Claudia Eckert
4
1. Cloud-Computing
Economic forecast:
Estimated Market Shares for
Cloud‐Computing‐Services:
– Merrill Lynch (2008): $169 Mrd. until 2011
– IDC (2009): $42 Mrd. until 2012
– Gartner (2009): $150 Mrd. until 2013
– BITKOM (2009): 564 Mio. € for Germany until 2011
Applications Infratsrucure
Claudia Eckert
5
1. Cloud-Computing
Main aspects forming the Cloud
• Types
• Features
• Models/Modes
• Stakeholders
• Benefitss
• And:
legislation!
Claudia Eckert
6
1. Cloud-Computing: Typs
Virtualization
Infrastructure layer
Platform layer
Software layer IaaS Pa
aS SaaS
User / CustomerInfrastructure as a Service (IaaS)e.g.: Elastic Compute Cloud
(Amazon): providingvirtual Server
Platform‐as‐a‐Service (PaaS)e.g.:Google App Engine:
Framework for applicationdevelopment & upload
Software as a Service (SaaS) (Mail, CRM, presentations, …)e.g.:Google Docs, GMail, gliffy
Claudia Eckert
1. Cloud-Computing: Show-Stopper Security?
7
Claudia Eckert
2. Security Implications
• User: e.g. Enterprises
• Change of paradigm from closed and supervised IT‐ infrastructures to
outsourced services and remotely operated IT‐ infrastructures
• Providers: e.g.
• Who uses the offered services? Who is liable for abuse of resources?
• General security implications
• Loss of control over data, infrastructures, processes, etc.
• Difficult Identity and Access management in the Cloud
• Compliance with security guidelines and legal standards , privacy issues
• Trustworthiness of service providers
8
Claudia Eckert
9
2. Security implications: Scenario
enterprise
collaborationservice
end user
Cloud-provider #3
Backup-service
email-service
social network
Cloud-provider #1
Cloud-provider #2
Claudia Eckert
10
2. Security ImplicationsCloud‐Characteristics and their effects on security
• Resources will be provided on demand:
• Confidentiality? Where is ‘my’ data (in which country?), which crypto
regulation rules apply, e.g. key‐escrow requirements?
• „unlimited“ amount of resources:
• Privacy? compliant with privacy legislation?
• Development of new web‐ applications as services
• Trustworthiness of Cloud‐Service ? How does the Cloud platform
handle access rights, key‐management, certificate management, etc.?
• Accesses to outsourced data: at anytime, from anywhere
• Availability? Which measures against DoS, risk of Data‐Lock‐in, ….
AND: Cloud‐Computing: Door‐opener for new kinds of attacks
Claudia Eckert
2. Security ImplicationTop Threats in Cloud Computing:
source: http://cloudsecurityalliance.org/topthreats.html
• Abuse of Cloud Computing Resources
• Shared Technology Vulnerabilities
• Data Loss Leakage
• Insecure Application Programmer Interface
• Account, Service & Traffic Hijacking
• Malicious Insiders
• Unknown risk profile
Some threats in more detail
Claudia Eckert
2. Security ImplicationAbuse of Cloud Computing Resources
Problem‐Statement:
• IaaS provider offer ‘unlimited’ resource usages coupled with frictionless
registration process, i.e. users might act relatively anonymously
• Spammers, Malicous Code authors other attackers take advantage of that
Attacks like DDoS, Passwort Cracking, controlling botnets, ….
Remediations: e.g.
• Improved initial registration and validation processes
• Comprehensive introspection (if compliant with legislation) of customer network
traffic
Claudia Eckert
2. Security ImplicationShared Technology Vulnerabilities
Problem‐Statement:
• IaaS vendors often share underlying infrastructure: cashes, storage, ..
• Improper isolation concepts are used: vulnerable hypervisor levels,
no isolation on network layer etc.
• Attacks: information leakage, unauthorized data access
Remediations: e.g.
• Strong compartmentalization
• Strong authentication and access controls
• Monitoring of access, activities
• Vulnerability scanning, configuration audits
Claudia Eckert
2. Security ImplicationData Loss Leakage
Problem‐Statement:
• Missing backup concepts: data loss due to alteration, deletion, …
• improper access controls
• Loss of encryption keys: data is lost
• Missing audit controls
• Attacks: Deletion or alteration of data, circumvent improper access controls,
identity theft (leaked credentials, hijacking sessions etc.)
Remediations: e.g.
• Strong access control, proper redundancy, backup‐concepts
• Data encryption and proper key management
Claudia Eckert
2. Security ImplicationInsecure Application Programmer Interface
Problem‐Statement:
• Providers offer APIs for services provisioning, orchestration,
monitoring etc. with improper or even missing security concepts:
Authentication, Encryption, logging, access control are often missing
• Third parties offer value‐added services using these APIs: e.g.
credentials are forwarded to third parties using (insecure?) APIs
• Attacks: exploiting weak authentication like clear‐text passwords,
reusable tokens, improper authorization, …..
Remediations: e.g.
• Security analysis of the providers API, model dependencies
• Use strong authentication, encryption, logging concepts on‐top
Claudia Eckert
3. Attacks
16
Quelle: http://wiki.cloudcommunity.org/wiki/CloudComputing:Incidents_Database
Claudia Eckert
3. Attacks
Example: Virtualization layer
• Vulnerable VMMonitor: access to all data
Possible Attack Scenario
• Distribution of virtual machines via public market places
• Amazon Machine Image (AMI) market place for EC2: Amazon:“AMIs are launched at the user's own risk. Amazon cannot vouch for the integrity or
security of AMIs shared by other users. […] Ideally, you should get the AMI ID from a
trusted source (a web site, another user, etc). If you do not know the source of an AMI,
we recommended that you search the forums for comments on the AMI before
launching it.”
• Attack: Setup of Bot‐nets, information leakages, …
17
Claudia Eckert
3. Attacks
DDos‐ attack on Bitbucket.org (Amazon)
• DDoS attack with UDP‐Flooding
• Service was unavailable for storing data in persistent storage
• Problem solution lasts 18 hours:
• No detection of DDoS through Amazon Support
• Isolation of Network traffic via QoS‐ guideline failed
• Connection over external IP‐ address instead of internal addresses
• Design flaws in architecture of Bitbucket
• no Load‐balancing
• no Redundancy over decentralized data centers,
• no dynamic allocation of resources
18
Claudia Eckert
3. Attacks
Cracking keys in the Cloud (10/2009)
• Costs for breaking a PGP‐ key with utilization of EDPR on Amazon EC2 Resources
19
source: http://news.electricalchemy.net/2009/10/password-cracking-in-cloud-part-5.html
Claudia Eckert
3. Attacks
Misuse of Google App Engine for controlling Bot‐Nets (11/2009)
• CPU‐time, storage, 500 MByte disc storage and up to 5millions Page
Views per month for free
• Command & Control‐Server of Bot‐ net by using Google App Engine
• Contacting Bot‐computers with the server, for receiving new
orders
• Google had to manually delete the application
20
sources: http://asert.arbornetworks.com/2009/11/malicious‐google‐appengine‐used‐as‐a‐cnc
Claudia Eckert
Risk AssessmentCloud‐Security‐Study from Fraunhofer SIT,
See: http://www.sit.fraunhofer.de/EN/News1.jsp
Aim: Framework and guidelines for risk assessments
Classification
Application and Platform
Infrastructure Administration Compliance
Data protection
Legal framework
Governance
Interoperability and Portability
Testing
Key management
Host
Virtualization
Network
Data security
Security as a service
Application security
Physical security
Identity and accessmanagementPlatform security
Risk management
Claudia Eckert
4. Identity Management in the CloudLesson learned so far:
• There are still lots of Security Problems in Cloud‐Computing: show‐stopper!
• Enabling technology: Strong Authentication spanning domains!
The IdM Cloud ecosystem:
• Identity Providers
• Governments (e.g. in Germany via nPA), Enterprises
• Large Internet Destinations (e.g. Google, Facebook, …)
• Cloud Providers: May also be Identity Providers
• SaaS/PaaS/IaaS (e.g. Amazon, Salesforce, Google, SAP, HP, IBM, ...)
• Users
• Consumers or Business
• Individuals may have many Identities
Claudia Eckert
4. Identity Management in the CloudCore IdM Challenges
• Identity provisioning and deprovisioning:
• secure and timely management of on‐boarding (provisioning) and
off‐boarding (deprovisioning) of users in the cloud.
• Extend user management processes within an enterprise to cloud services.
• Authorization & user profile management
• Establishing trusted user profile and policy information to control
access within the cloud service, and doing this in an auditable way.
• Delegation and Federation
• exchanging identity attributes surely and trustworthy,
• Establishing a identity lifecycle management
Claudia Eckert
4. Identity Management in the Cloud• Support for compliance
• Enable customers to pull together information about accounts,
access grants and segregation of duty enforcement in order to
• satisfy an enterprise's audit and compliance reporting requirements.
• Authentication
• How to provide cross‐domain strong multi‐factor authentication ?
• How to provide strict multi tenancy model: isolation on all levels?
• How to identify, manage fine‐grained components, like Applications?
• How to guarantee interoperability,
• How to support multi tenancy
Claudia Eckert
4. Identity Management in the CloudAuthentication: Scenario
SaaS
SaaS
Cloud-basedAuthentication Servicee.g. FireID
Cloud-based Service e.g. Mail-Servce
Enterprise User A
One Time PadAuthentication Service Provider
Service Provider
StrongAuthentication?
StrongAuthentication?
Request
Credentials
„true/false“
Claudia Eckert
6. Summary • Cloud‐Computing: Great Opportunities for enterprises and providers
• Security, Privacy and Trust are still open issues: Show‐Stopper?!
• Top threats: e.g. Abuse, Data Loss, Shared Technologies, Hijacking, …
• Privacy and Compliance are still unsolved problems
• Cloud‐Computing provides a valuable environment to launch attacks
Spamming, Bot‐net setup, Password and Key cracking
• Solved Security Problems will be Cloud‐Enablers!
• Trustworthy Identity Management within Clouds is one main issue
• Core Challenges and open research issues :
Identity provisioning and deprovisioning, Authentication, Delegation and
Federation, Authorization & user profile management, compliance
• Standards and Reference‐Architectures, Best Practice Guides are required
26
Claudia Eckert
27
Thank you for your kind attention
Contact:Claudia EckertFraunhofer Institute for Secure Information TechnologyTel: +49 89 3 22 99 86-292
+49 6151 869-285E-Mail: [email protected]: http://www.sit.fraunhofer.de