Your SlideShare is downloading. ×
0
600.412.Lecture02
600.412.Lecture02
600.412.Lecture02
600.412.Lecture02
600.412.Lecture02
600.412.Lecture02
600.412.Lecture02
600.412.Lecture02
600.412.Lecture02
600.412.Lecture02
600.412.Lecture02
600.412.Lecture02
600.412.Lecture02
600.412.Lecture02
600.412.Lecture02
600.412.Lecture02
600.412.Lecture02
600.412.Lecture02
600.412.Lecture02
600.412.Lecture02
600.412.Lecture02
600.412.Lecture02
600.412.Lecture02
600.412.Lecture02
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

600.412.Lecture02

554

Published on

CS 600.412 Security and Privacy in Cloud Computing

CS 600.412 Security and Privacy in Cloud Computing

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
554
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Security and Privacy in Cloud Computing
    Ragib HasanJohns Hopkins Universityen.600.412 Spring 2010
    Lecture 2
    02/01/2010
  • 2. Threats, vulnerabilities, and enemies
    2/1/2010
    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan
    2
    Goal
    Learn the cloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud
    Technique
    Apply different threat modeling schemes
  • 3. Assignment for next class
    Review: Thomas Ristenpart et al., Hey, You, Get Off of My Cloud! Exploring Information Leakage in Third-Party Compute Clouds, proc. ACM CCS 2009.
    Format:
    Summary: A brief overview of the paper, 1 paragraph (5 / 6 sentences)
    Pros: 3 or more issues
    Cons: 3 or more issues
    Possible improvements: Any possible suggestions to improve the work
    Due: 2.59 pm 2/8/2010
    Submission: By email to rhasan7@jhu.edu (text only, no attachments please)
    2/1/2010
    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan
    3
  • 4. Threat Model
    A threat model helps in analyzing a security problem, design mitigation strategies, and evaluate solutions
    Steps:
    Identify attackers, assets, threats and other components
    Rank the threats
    Choose mitigation strategies
    Build solutions based on the strategies
    2/1/2010
    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan
    4
  • 5. Threat Model
    Basic components
    Attacker modeling
    Choose what attacker to consider
    Attacker motivation and capabilities
    Assets / Attacker Goals
    Vulnerabilities / threats
    2/1/2010
    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan
    5
  • 6. Recall: Cloud Computing Stack
    2/1/2010
    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan
    6
  • 7. Recall: Cloud Architecture
    2/1/2010
    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan
    7
    SaaS / PaaS Provider
    Client
    Cloud Provider
    (IaaS)
  • 8. Attackers
    2/1/2010
    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan
    8
  • 9. Who is the attacker?
    2/1/2010
    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan
    9
    Insider?
    • Malicious employees at client
    • 10. Malicious employees at Cloud provider
    • 11. Cloud provider itself
    Outsider?
    • Intruders
    • 12. Network attackers?
  • Attacker Capability: Malicious Insiders
    At client
    Learn passwords/authentication information
    Gain control of the VMs
    At cloud provider
    Log client communication
    2/1/2010
    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan
    10
  • 13. Attacker Capability: Cloud Provider
    What?
    Can read unencrypted data
    Can possibly peek into VMs, or make copies of VMs
    Can monitor network communication, application patterns
    2/1/2010
    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan
    11
  • 14. Attacker motivation: Cloud Provider
    Why?
    Gain information about client data
    Gain information on client behavior
    Sell the information or use itself
    Why not?
    Cheaper to be honest?
    Why? (again)
    Third party clouds?
    2/1/2010
    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan
    12
  • 15. Attacker Capability: Outside attacker
    What?
    Listen to network traffic (passive)
    Insert malicious traffic (active)
    Probe cloud structure (active)
    Launch DoS
    2/1/2010
    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan
    13
  • 16. Attacker goals: Outside attackers
    Intrusion
    Network analysis
    Man in the middle
    Cartography
    2/1/2010
    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan
    14
  • 17. Assets
    2/1/2010
    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan
    15
  • 18. Assets (Attacker goals)
    Confidentiality:
    Data stored in the cloud
    Configuration of VMs running on the cloud
    Identity of the cloud users
    Location of the VMs running client code
    2/1/2010
    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan
    16
  • 19. Assets (Attacker goals)
    Integrity
    Data stored in the cloud
    Computations performed on the cloud
    2/1/2010
    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan
    17
  • 20. Assets (Attacker goals)
    Availability
    Cloud infrastructure
    SaaS / PaaS
    2/1/2010
    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan
    18
  • 21. Threats
    2/1/2010
    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan
    19
  • 22. Organizing the threats using STRIDE
    Spoofing identity
    Tampering with data
    Repudiation
    Information disclosure
    Denial of service
    Elevation of privilege
    2/1/2010
    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan
    20
  • 23. Typical threats
    2/1/2010
    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan
    21
    [STRIDE]
  • 24. Typical threats (contd.)
    2/1/2010
    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan
    22
    [STRIDE]
  • 25. Summary
    A threat model helps in designing appropriate defenses against particular attackers
    Your solution and security countermeasures will depend on the particular threat model you want to address
    2/1/2010
    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan
    23
  • 26. 2/1/2010
    24
    en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan
    Further Reading
    Frank Swiderski and Window Snyder , “Threat Modeling “, Microsoft Press, 2004
    The STRIDE Threat Model

×