SlideShare a Scribd company logo

Security Requirement Specification Model for Cloud Computing Services

Download as PPTX, PDF
Matteo Leonetti
Matteo Leonetti
EngineeringTechnologyBusiness
1 of 29
S Security Requirement Specification Model for Cloud Computing Services SECONDA UNIVERSITA’ DI NAPOLI FACOLTA’ DI INGEGNERIA Relatore Prof. Massimo Ficco Candidato Matteo Leonetti Matricola A18/064 Anno Accademico 2012/2013
S Contents • Main Cloud Computing Issues • Security Requirement Specification for Cloud • Existing Security Specification Languages • Why a New Model? • Modeling Secure Interactions • Use Case and Misuse Case • Stereotypes • Component and Deployment Diagram • IDPS Rule Description • Case Study • Intrusion Detection Architecture for Cloud • Suggestions for Future Works
Main Cloud Computing Issues 3
4 Security Requirement Specification for Cloud • Considering from the the early stage of SDLC; • Highliting ; • Considering to adopt; • Helping to define ; • Allowing Provider and Consumer to agree on ;
5 Existing Languages
6 Why a New Model? framework; • Describing both ; • Allowing to analyse different ; • Helping Cloud Consumer and Cloud Provider to agree on ; • Providing UML . with stereotypes for security concepts; • Allowing managing and replicas. • Presenting an useful model to describe ;
7 Modelling Secure Interactions (1/2) An is defined as every kind of data exchange among actors in a Cloud System. It is made of the triple: <INVOKER, PROVIDER, TARGET> CC Cloud Consumer CP Cloud Provider S Service R Resource Interaction Description Interaction Type Interaction Modalities Securit y Level First CC’s registration to CP <CC,CP,CP> Web Console with username and password 1 - - Web Console with OTP 2
8 Modelling Secure Interactions (2/2) are characterized by the triple: <THREAT, SECURITY REQUIREMENT, SECURITY MECHANISM> Threat Security Requirement Security Mechanism Packet Sniffing Confidentiality Routing Control Denial Of Service Availability Access Monitoring Wrapping Attack Authenticity Digital Signature SQL Injection Integrity, Confidentiality Parameterized Queries Man In The Middle Non repudiation Digital Signature
9 Use Case and Misuse Case (1/2) model all kind of legitimate interactions that describe the whole application behaviour. Some issues can affect these interactions and it is important to specify security mechanism in order to prevent failures. model all the malicious behaviours witch can occur to the Cloud System. Misuse Case is meant as a sequence of action that a Cloud Consumer should not be able to perform. Hackers are able to perform a whole range of attacks to harm the Cloud environment, independently of the Use Case. These kinds of attacks are completely uncorrelated from Use Cases Interaction and can be expressed by Misuse Case.
10 Use Case and Misuse Case (1/2)
11 Stereotypes Stereotype Base class Description Web Service Subsystem, Component Service made available to users or developers on demand via the Internet from a Service Provider. Intrusion Detection Component Any kind of Intrusion Detection System that that monitors network or system activities for malicious behaviour or policy violations and produces reports to a management station. “Mode” attribute specify if it is used “Standalone”, as a “Probe” that only collects information or as a “Manager” that only receive information and correlates them to take decisions. “Type” attribute can specify the resource to monitor: “Network”, “Host” or “Hybrid” Load Balancer Node, component Software that distributes processing and communications activity evenly across a virtual computer network so that no single virtual machine is overwhelmed. Virtual Machine Node Resource that can be used to run applications and workloads. Disaster Recovery Component Actions to minimize the negative effects of a disaster and maintain or quickly resume critical functions. Data Loss Prevention (DLP) Component System designed to detect potential data breach and prevent them by monitoring, detecting and blocking sensitive data. Replica Component, Node, Subsystem Data or computation replication can be adopted in order to provide fault tolerance solutions. “Mode” attribute specify the replication mechanism: “Active”, “Passive”. “Type” attribute specify different passive replicas: “Primary”, “Backup”.
12 Component and Deployment Diagram
13 IDPS Rule Description (1/2) An can be expressed by three basic elements:
14 IDPS Rule Description (2/2) IDS rule a . The condition that make true the considered rule is composed by events and rules using OR (+) and AND (X) operator. A rule or an event in grey means the negation of that.
15 Case Study: Introduction
16 Case Study: Interaction Diagram
17 Case Study: Use Case and Misuse Case : End User sends pictures to the Cloud service. : Hacker intrudes into a Virtual Machine and steals data from the storage.
18 Case Study: Security Requirement Specification
19 Case Study: IDPS Rules Description
20 Case Study: Component and Deployment Diagram
21 IDS Architecture for Cloud Computing receives information from Probes or lower-level SM; normalizes and correlates the events following rules; alerts Admin or sends alert to higher-level SM. Host Intrusion Detection System (HIDS) Network Intrusion Detection System (NIDS)
22 IDS Prototype for Cloud Computing Security Information Event Management (SIEM) Host Intrusion Detection System (HIDS) Network Intrusion Detection System (NIDS) IDMEF IDMEF
23 • Deriving all the and , splitting them in multiple interactions; • Considering all for each interaction specifying ; • Choosing the that match Cloud Consumer needs and Cloud Provider offers. • Making sure Cloud Provider adopt valid for each malicious interaction or think about additional security solution; • Representing application in the ; • Adding required to the diagram; • If required, designing new for detect and prevent the attack described; • If required, specifying type for a fault tolerance solution. Security Requirement Specification Model Briefly
24 • Tool witch that best meets Cloud Consumer needs; • Software that analyses Security Reuirement and to adopt; • Automated Tool witch components to cover vulnerabilities; • Smart tool that for the adopted IDPS; • Engine witch from past events and adds new Rules. Suggestions for Future Works
Thank you for your attention
S Security Requirement Specification Model for Cloud Computing Services SECONDA UNIVERSITA’ DI NAPOLI FACOLTA’ DI INGEGNERIA Relatore Prof. Massimo Ficco Candidato Matteo Leonetti Matricola A18/064 Anno Accademico 2012/2013
What is Cloud Computing? (1/3) “Cloud computing is a model for enabling to a shared pool of configurable computing that can be rapidly provisioned and released with or service provider interaction.” NIST 27
What is Cloud Computing? (2/3) self-service • Broad access • Rapid service 28
What is Cloud Computing? (3/3) 29

Recommended

Cloud Infrastructure Mechanisms
Cloud Infrastructure MechanismsCloud Infrastructure Mechanisms
Cloud Infrastructure MechanismsMohammed Sajjad Ali
 
Fundamental Cloud Architectures
Fundamental Cloud ArchitecturesFundamental Cloud Architectures
Fundamental Cloud ArchitecturesMohammed Sajjad Ali
 
Cloud models and platforms
Cloud models and platformsCloud models and platforms
Cloud models and platformsPrabhat gangwar
 
Cloud Computing - Introduction
Cloud Computing - IntroductionCloud Computing - Introduction
Cloud Computing - IntroductionDr. Sunil Kr. Pandey
 
Fundamental Concepts-and-Models Cloud Computing
Fundamental Concepts-and-Models Cloud ComputingFundamental Concepts-and-Models Cloud Computing
Fundamental Concepts-and-Models Cloud ComputingMohammed Sajjad Ali
 
Cloud Management Mechanisms
Cloud Management MechanismsCloud Management Mechanisms
Cloud Management MechanismsMohammed Sajjad Ali
 
Cloud computing architectures
Cloud computing architecturesCloud computing architectures
Cloud computing architecturesMuhammad Aitzaz Ahsan
 
Understanding Cloud Computing
Understanding Cloud ComputingUnderstanding Cloud Computing
Understanding Cloud ComputingMohammed Sajjad Ali
 

Recommended

Cloud Infrastructure Mechanisms
Cloud Infrastructure MechanismsCloud Infrastructure Mechanisms
Cloud Infrastructure MechanismsMohammed Sajjad Ali
 
Fundamental Cloud Architectures
Fundamental Cloud ArchitecturesFundamental Cloud Architectures
Fundamental Cloud ArchitecturesMohammed Sajjad Ali
 
Cloud models and platforms
Cloud models and platformsCloud models and platforms
Cloud models and platformsPrabhat gangwar
 
Cloud Computing - Introduction
Cloud Computing - IntroductionCloud Computing - Introduction
Cloud Computing - IntroductionDr. Sunil Kr. Pandey
 
Fundamental Concepts-and-Models Cloud Computing
Fundamental Concepts-and-Models Cloud ComputingFundamental Concepts-and-Models Cloud Computing
Fundamental Concepts-and-Models Cloud ComputingMohammed Sajjad Ali
 
Cloud Management Mechanisms
Cloud Management MechanismsCloud Management Mechanisms
Cloud Management MechanismsMohammed Sajjad Ali
 
Cloud computing architectures
Cloud computing architecturesCloud computing architectures
Cloud computing architecturesMuhammad Aitzaz Ahsan
 
Understanding Cloud Computing
Understanding Cloud ComputingUnderstanding Cloud Computing
Understanding Cloud ComputingMohammed Sajjad Ali
 
Cloud computing it703 unit iii
Cloud computing it703 unit iiiCloud computing it703 unit iii
Cloud computing it703 unit iiiJitendra s Rathore
 
Cloud architecture
Cloud architectureCloud architecture
Cloud architectureAdeel Javaid
 
Cloud models and platforms
Cloud models and platformsCloud models and platforms
Cloud models and platformspurplesea
 
NIST Definition of Cloud Computing v15
NIST Definition of Cloud Computing v15NIST Definition of Cloud Computing v15
NIST Definition of Cloud Computing v15Bill Annibell
 
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...Pushpa
 
Virtualization - cloud computing
Virtualization - cloud computingVirtualization - cloud computing
Virtualization - cloud computingSweta Kumari Barnwal
 
www.iosrjournals.org 57 | Page Latest development of cloud computing technolo...
www.iosrjournals.org 57 | Page Latest development of cloud computing technolo...www.iosrjournals.org 57 | Page Latest development of cloud computing technolo...
www.iosrjournals.org 57 | Page Latest development of cloud computing technolo...Sushil kumar Choudhary
 
An introduction to the cloud 11 v1
An introduction to the cloud 11 v1An introduction to the cloud 11 v1
An introduction to the cloud 11 v1charan7575
 
Moving to the Cloud When & Where
Moving to the Cloud When & WhereMoving to the Cloud When & Where
Moving to the Cloud When & WhereMohammed Sajjad Ali
 
CLOUD COMPUTING UNIT-5 NOTES
CLOUD COMPUTING UNIT-5 NOTESCLOUD COMPUTING UNIT-5 NOTES
CLOUD COMPUTING UNIT-5 NOTESTushar Dhoot
 
A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...
A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...
A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...IJTET Journal
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud ComputingAshish Patel
 
Fundamental cloud computing
Fundamental cloud computingFundamental cloud computing
Fundamental cloud computingAsmaa Ibrahim
 
Cloud Computing Strategy and Architecture
Cloud Computing Strategy and ArchitectureCloud Computing Strategy and Architecture
Cloud Computing Strategy and ArchitectureHendrix Yapputro , Certified IT Architect
 
Cloud Reference Model
Cloud Reference ModelCloud Reference Model
Cloud Reference ModelDr. Ramkumar Lakshminarayanan
 
Cs6703 grid and cloud computing unit 3
Cs6703 grid and cloud computing unit 3Cs6703 grid and cloud computing unit 3
Cs6703 grid and cloud computing unit 3RMK ENGINEERING COLLEGE, CHENNAI
 
A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...
A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...
A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...IJTET Journal
 
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26Bill Annibell
 
Virtualization for Cloud Environment
Virtualization for Cloud EnvironmentVirtualization for Cloud Environment
Virtualization for Cloud EnvironmentDr. Sunil Kr. Pandey
 
Cloud Management Mechanisms
Cloud Management MechanismsCloud Management Mechanisms
Cloud Management MechanismsSouparnika Patil
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptographyanusachu .
 
Enterprise Cloud Operating Model Design
Enterprise Cloud Operating Model DesignEnterprise Cloud Operating Model Design
Enterprise Cloud Operating Model DesignJoseph Schwartz
 

More Related Content

What's hot

Cloud computing it703 unit iii
Cloud computing it703 unit iiiCloud computing it703 unit iii
Cloud computing it703 unit iiiJitendra s Rathore
 
Cloud architecture
Cloud architectureCloud architecture
Cloud architectureAdeel Javaid
 
Cloud models and platforms
Cloud models and platformsCloud models and platforms
Cloud models and platformspurplesea
 
NIST Definition of Cloud Computing v15
NIST Definition of Cloud Computing v15NIST Definition of Cloud Computing v15
NIST Definition of Cloud Computing v15Bill Annibell
 
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...Pushpa
 
www.iosrjournals.org 57 | Page Latest development of cloud computing technolo...
www.iosrjournals.org 57 | Page Latest development of cloud computing technolo...www.iosrjournals.org 57 | Page Latest development of cloud computing technolo...
www.iosrjournals.org 57 | Page Latest development of cloud computing technolo...Sushil kumar Choudhary
 
An introduction to the cloud 11 v1
An introduction to the cloud 11 v1An introduction to the cloud 11 v1
An introduction to the cloud 11 v1charan7575
 
Moving to the Cloud When & Where
Moving to the Cloud When & WhereMoving to the Cloud When & Where
Moving to the Cloud When & WhereMohammed Sajjad Ali
 
CLOUD COMPUTING UNIT-5 NOTES
CLOUD COMPUTING UNIT-5 NOTESCLOUD COMPUTING UNIT-5 NOTES
CLOUD COMPUTING UNIT-5 NOTESTushar Dhoot
 
A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...
A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...
A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...IJTET Journal
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud ComputingAshish Patel
 
Fundamental cloud computing
Fundamental cloud computingFundamental cloud computing
Fundamental cloud computingAsmaa Ibrahim
 
A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...
A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...
A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...IJTET Journal
 
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26Bill Annibell
 
Virtualization for Cloud Environment
Virtualization for Cloud EnvironmentVirtualization for Cloud Environment
Virtualization for Cloud EnvironmentDr. Sunil Kr. Pandey
 
Cloud Management Mechanisms
Cloud Management MechanismsCloud Management Mechanisms
Cloud Management MechanismsSouparnika Patil
 

What's hot (20)

Cloud computing it703 unit iii
Cloud computing it703 unit iiiCloud computing it703 unit iii
Cloud computing it703 unit iii
 
Cloud architecture
Cloud architectureCloud architecture
Cloud architecture
 
Cloud models and platforms
Cloud models and platformsCloud models and platforms
Cloud models and platforms
 
NIST Definition of Cloud Computing v15
NIST Definition of Cloud Computing v15NIST Definition of Cloud Computing v15
NIST Definition of Cloud Computing v15
 
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
 
Virtualization - cloud computing
Virtualization - cloud computingVirtualization - cloud computing
Virtualization - cloud computing
 
www.iosrjournals.org 57 | Page Latest development of cloud computing technolo...
www.iosrjournals.org 57 | Page Latest development of cloud computing technolo...www.iosrjournals.org 57 | Page Latest development of cloud computing technolo...
www.iosrjournals.org 57 | Page Latest development of cloud computing technolo...
 
An introduction to the cloud 11 v1
An introduction to the cloud 11 v1An introduction to the cloud 11 v1
An introduction to the cloud 11 v1
 
Moving to the Cloud When & Where
Moving to the Cloud When & WhereMoving to the Cloud When & Where
Moving to the Cloud When & Where
 
CLOUD COMPUTING UNIT-5 NOTES
CLOUD COMPUTING UNIT-5 NOTESCLOUD COMPUTING UNIT-5 NOTES
CLOUD COMPUTING UNIT-5 NOTES
 
A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...
A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...
A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud Computing
 
Fundamental cloud computing
Fundamental cloud computingFundamental cloud computing
Fundamental cloud computing
 
Cloud Computing Strategy and Architecture
Cloud Computing Strategy and ArchitectureCloud Computing Strategy and Architecture
Cloud Computing Strategy and Architecture
 
Cloud Reference Model
Cloud Reference ModelCloud Reference Model
Cloud Reference Model
 
Cs6703 grid and cloud computing unit 3
Cs6703 grid and cloud computing unit 3Cs6703 grid and cloud computing unit 3
Cs6703 grid and cloud computing unit 3
 
A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...
A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...
A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...
 
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
 
Virtualization for Cloud Environment
Virtualization for Cloud EnvironmentVirtualization for Cloud Environment
Virtualization for Cloud Environment
 
Cloud Management Mechanisms
Cloud Management MechanismsCloud Management Mechanisms
Cloud Management Mechanisms
 

Viewers also liked

Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptographyanusachu .
 
Enterprise Cloud Operating Model Design
Enterprise Cloud Operating Model DesignEnterprise Cloud Operating Model Design
Enterprise Cloud Operating Model DesignJoseph Schwartz
 
Cursors, triggers, procedures
Cursors, triggers, proceduresCursors, triggers, procedures
Cursors, triggers, proceduresVaibhav Kathuria
 
Cloud Operating Model Design
Cloud Operating Model DesignCloud Operating Model Design
Cloud Operating Model DesignJoseph Schwartz
 
3 public key cryptography
3 public key cryptography3 public key cryptography
3 public key cryptographyRutvik Mehta
 
The Cloud Enabled IT Operating Model - Business
The Cloud Enabled IT Operating Model - BusinessThe Cloud Enabled IT Operating Model - Business
The Cloud Enabled IT Operating Model - BusinessAmazon Web Services
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key CryptographyGopal Sakarkar
 
PUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONPUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONraf_slide
 
Cloud Delivery Model Considerations
Cloud Delivery Model ConsiderationsCloud Delivery Model Considerations
Cloud Delivery Model ConsiderationsMohammed Sajjad Ali
 
6. Integrity and Security in DBMS
6. Integrity and Security in DBMS6. Integrity and Security in DBMS
6. Integrity and Security in DBMSkoolkampus
 
Encryption presentation final
Encryption presentation finalEncryption presentation final
Encryption presentation finaladrigee12
 
Oracle architecture ppt
Oracle architecture pptOracle architecture ppt
Oracle architecture pptDeepak Shetty
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key CryptographyAbhijit Mondal
 

Viewers also liked (17)

Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptography
 
Enterprise Cloud Operating Model Design
Enterprise Cloud Operating Model DesignEnterprise Cloud Operating Model Design
Enterprise Cloud Operating Model Design
 
Cursors, triggers, procedures
Cursors, triggers, proceduresCursors, triggers, procedures
Cursors, triggers, procedures
 
Cloud Operating Model Design
Cloud Operating Model DesignCloud Operating Model Design
Cloud Operating Model Design
 
3 public key cryptography
3 public key cryptography3 public key cryptography
3 public key cryptography
 
The Cloud Enabled IT Operating Model - Business
The Cloud Enabled IT Operating Model - BusinessThe Cloud Enabled IT Operating Model - Business
The Cloud Enabled IT Operating Model - Business
 
Encryption
EncryptionEncryption
Encryption
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptography
 
PUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONPUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTION
 
Cloud Delivery Model Considerations
Cloud Delivery Model ConsiderationsCloud Delivery Model Considerations
Cloud Delivery Model Considerations
 
6. Integrity and Security in DBMS
6. Integrity and Security in DBMS6. Integrity and Security in DBMS
6. Integrity and Security in DBMS
 
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
 
Encryption presentation final
Encryption presentation finalEncryption presentation final
Encryption presentation final
 
Oracle architecture ppt
Oracle architecture pptOracle architecture ppt
Oracle architecture ppt
 
Symmetric and asymmetric key
Symmetric and asymmetric keySymmetric and asymmetric key
Symmetric and asymmetric key
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptography
 
Public key cryptography and RSA
Public key cryptography and RSAPublic key cryptography and RSA
Public key cryptography and RSA
 

Similar to Security Requirement Specification Model for Cloud Computing Services

Cloud-based IDS architectures : APPLYING THE IDS APPROACHES INTO THE CLOUD EN...
Cloud-based IDS architectures : APPLYING THE IDS APPROACHES INTO THE CLOUD EN...Cloud-based IDS architectures : APPLYING THE IDS APPROACHES INTO THE CLOUD EN...
Cloud-based IDS architectures : APPLYING THE IDS APPROACHES INTO THE CLOUD EN...Hassan EL ALLOUSSI
 
Cloud computing challenges and solutions
Cloud computing challenges and solutionsCloud computing challenges and solutions
Cloud computing challenges and solutionsIJCNCJournal
 
Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...eSAT Publishing House
 
Cloud computing-security-issues
Cloud computing-security-issuesCloud computing-security-issues
Cloud computing-security-issuesAleem Mohammed
 
FAILURE FREE CLOUD COMPUTING ARCHITECTURES
FAILURE FREE CLOUD COMPUTING ARCHITECTURESFAILURE FREE CLOUD COMPUTING ARCHITECTURES
FAILURE FREE CLOUD COMPUTING ARCHITECTURESijcsit
 
IRJET- A Survey on SaaS-Attacks and Digital Forensic
IRJET- A Survey on SaaS-Attacks and Digital ForensicIRJET- A Survey on SaaS-Attacks and Digital Forensic
IRJET- A Survey on SaaS-Attacks and Digital ForensicIRJET Journal
 
IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...
IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...
IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...IJNSA Journal
 
A Collaborative Intrusion Detection System for Cloud Computing
A Collaborative Intrusion Detection System for Cloud ComputingA Collaborative Intrusion Detection System for Cloud Computing
A Collaborative Intrusion Detection System for Cloud Computingijsrd.com
 
Ijsrdv1 i4019
Ijsrdv1 i4019Ijsrdv1 i4019
Ijsrdv1 i4019ijsrd.com
 
Security Issues in Cloud Computing Solution of DDOS and Introducing Two-Tier ...
Security Issues in Cloud Computing Solution of DDOS and Introducing Two-Tier ...Security Issues in Cloud Computing Solution of DDOS and Introducing Two-Tier ...
Security Issues in Cloud Computing Solution of DDOS and Introducing Two-Tier ...ijccsa
 
IRJET- Detection and Isolation of Zombie Attack under Cloud Computing
IRJET- Detection and Isolation of Zombie Attack under Cloud ComputingIRJET- Detection and Isolation of Zombie Attack under Cloud Computing
IRJET- Detection and Isolation of Zombie Attack under Cloud ComputingIRJET Journal
 
Requirements and Challenges for Securing Cloud Applications and Services
Requirements and Challenges for Securing Cloud Applications and ServicesRequirements and Challenges for Securing Cloud Applications and Services
Requirements and Challenges for Securing Cloud Applications and ServicesIOSR Journals
 
A study on practical uses of common Network protocols
A study on practical uses of common Network protocolsA study on practical uses of common Network protocols
A study on practical uses of common Network protocolsNeranjan Viduranga
 
Fine grained two-factor access control for cloud
Fine grained two-factor access control for cloud Fine grained two-factor access control for cloud
Fine grained two-factor access control for cloud allan sam
 
Internal security on an ids based on agents
Internal security on an ids based on agentsInternal security on an ids based on agents
Internal security on an ids based on agentscsandit
 

Similar to Security Requirement Specification Model for Cloud Computing Services (20)

Cloud-based IDS architectures : APPLYING THE IDS APPROACHES INTO THE CLOUD EN...
Cloud-based IDS architectures : APPLYING THE IDS APPROACHES INTO THE CLOUD EN...Cloud-based IDS architectures : APPLYING THE IDS APPROACHES INTO THE CLOUD EN...
Cloud-based IDS architectures : APPLYING THE IDS APPROACHES INTO THE CLOUD EN...
 
Vertualisation
VertualisationVertualisation
Vertualisation
 
Cloud computing challenges and solutions
Cloud computing challenges and solutionsCloud computing challenges and solutions
Cloud computing challenges and solutions
 
Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...
 
Ijnsa050214
Ijnsa050214Ijnsa050214
Ijnsa050214
 
Cloud computing-security-issues
Cloud computing-security-issuesCloud computing-security-issues
Cloud computing-security-issues
 
Failure Free Cloud Computing Architectures
Failure Free Cloud Computing ArchitecturesFailure Free Cloud Computing Architectures
Failure Free Cloud Computing Architectures
 
FAILURE FREE CLOUD COMPUTING ARCHITECTURES
FAILURE FREE CLOUD COMPUTING ARCHITECTURESFAILURE FREE CLOUD COMPUTING ARCHITECTURES
FAILURE FREE CLOUD COMPUTING ARCHITECTURES
 
IRJET- A Survey on SaaS-Attacks and Digital Forensic
IRJET- A Survey on SaaS-Attacks and Digital ForensicIRJET- A Survey on SaaS-Attacks and Digital Forensic
IRJET- A Survey on SaaS-Attacks and Digital Forensic
 
IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...
IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...
IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...
 
A Collaborative Intrusion Detection System for Cloud Computing
A Collaborative Intrusion Detection System for Cloud ComputingA Collaborative Intrusion Detection System for Cloud Computing
A Collaborative Intrusion Detection System for Cloud Computing
 
Ijsrdv1 i4019
Ijsrdv1 i4019Ijsrdv1 i4019
Ijsrdv1 i4019
 
Security Issues in Cloud Computing Solution of DDOS and Introducing Two-Tier ...
Security Issues in Cloud Computing Solution of DDOS and Introducing Two-Tier ...Security Issues in Cloud Computing Solution of DDOS and Introducing Two-Tier ...
Security Issues in Cloud Computing Solution of DDOS and Introducing Two-Tier ...
 
publishable paper
publishable paperpublishable paper
publishable paper
 
IRJET- Detection and Isolation of Zombie Attack under Cloud Computing
IRJET- Detection and Isolation of Zombie Attack under Cloud ComputingIRJET- Detection and Isolation of Zombie Attack under Cloud Computing
IRJET- Detection and Isolation of Zombie Attack under Cloud Computing
 
Requirements and Challenges for Securing Cloud Applications and Services
Requirements and Challenges for Securing Cloud Applications and ServicesRequirements and Challenges for Securing Cloud Applications and Services
Requirements and Challenges for Securing Cloud Applications and Services
 
Incident response in cloud environments
Incident response in cloud environmentsIncident response in cloud environments
Incident response in cloud environments
 
A study on practical uses of common Network protocols
A study on practical uses of common Network protocolsA study on practical uses of common Network protocols
A study on practical uses of common Network protocols
 
Fine grained two-factor access control for cloud
Fine grained two-factor access control for cloud Fine grained two-factor access control for cloud
Fine grained two-factor access control for cloud
 
Internal security on an ids based on agents
Internal security on an ids based on agentsInternal security on an ids based on agents
Internal security on an ids based on agents
 

Recently uploaded

Indian Dairy Industry Present Status and.ppt
Indian Dairy Industry Present Status and.pptIndian Dairy Industry Present Status and.ppt
Indian Dairy Industry Present Status and.pptMadan Karki
 
Mine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptxMine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptxRomil Mishra
 
Steel Structures - Building technology.pptx
Steel Structures - Building technology.pptxSteel Structures - Building technology.pptx
Steel Structures - Building technology.pptxNikhil Raut
 
Risk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfRisk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfROCENODodongVILLACER
 
National Level Hackathon Participation Certificate.pdf
National Level Hackathon Participation Certificate.pdfNational Level Hackathon Participation Certificate.pdf
National Level Hackathon Participation Certificate.pdfRajuKanojiya4
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort servicejennyeacort
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxk795866
 
Vishratwadi & Ghorpadi Bridge Tender documents
Vishratwadi & Ghorpadi Bridge Tender documentsVishratwadi & Ghorpadi Bridge Tender documents
Vishratwadi & Ghorpadi Bridge Tender documentsSachinPawar510423
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AIabhishek36461
 
The SRE Report 2024 - Great Findings for the teams
The SRE Report 2024 - Great Findings for the teamsThe SRE Report 2024 - Great Findings for the teams
The SRE Report 2024 - Great Findings for the teamsDILIPKUMARMONDAL6
 
Transport layer issues and challenges - Guide
Transport layer issues and challenges - GuideTransport layer issues and challenges - Guide
Transport layer issues and challenges - GuideGOPINATHS437943
 
Correctly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleCorrectly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleAlluxio, Inc.
 
Arduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptArduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptSAURABHKUMAR892774
 
Earthing details of Electrical Substation
Earthing details of Electrical SubstationEarthing details of Electrical Substation
Earthing details of Electrical Substationstephanwindworld
 
NO1 Certified Black Magic Specialist Expert Amil baba in Uae Dubai Abu Dhabi ...
NO1 Certified Black Magic Specialist Expert Amil baba in Uae Dubai Abu Dhabi ...NO1 Certified Black Magic Specialist Expert Amil baba in Uae Dubai Abu Dhabi ...
NO1 Certified Black Magic Specialist Expert Amil baba in Uae Dubai Abu Dhabi ...Amil Baba Dawood bangali
 
Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...121011101441
 
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor CatchersTechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catcherssdickerson1
 

Recently uploaded (20)

Indian Dairy Industry Present Status and.ppt
Indian Dairy Industry Present Status and.pptIndian Dairy Industry Present Status and.ppt
Indian Dairy Industry Present Status and.ppt
 
Mine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptxMine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptx
 
Steel Structures - Building technology.pptx
Steel Structures - Building technology.pptxSteel Structures - Building technology.pptx
Steel Structures - Building technology.pptx
 
Risk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfRisk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdf
 
Design and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdfDesign and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdf
 
National Level Hackathon Participation Certificate.pdf
National Level Hackathon Participation Certificate.pdfNational Level Hackathon Participation Certificate.pdf
National Level Hackathon Participation Certificate.pdf
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptx
 
young call girls in Green Park🔝 9953056974 🔝 escort Service
young call girls in Green Park🔝 9953056974 🔝 escort Serviceyoung call girls in Green Park🔝 9953056974 🔝 escort Service
young call girls in Green Park🔝 9953056974 🔝 escort Service
 
Vishratwadi & Ghorpadi Bridge Tender documents
Vishratwadi & Ghorpadi Bridge Tender documentsVishratwadi & Ghorpadi Bridge Tender documents
Vishratwadi & Ghorpadi Bridge Tender documents
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AI
 
The SRE Report 2024 - Great Findings for the teams
The SRE Report 2024 - Great Findings for the teamsThe SRE Report 2024 - Great Findings for the teams
The SRE Report 2024 - Great Findings for the teams
 
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
 
Transport layer issues and challenges - Guide
Transport layer issues and challenges - GuideTransport layer issues and challenges - Guide
Transport layer issues and challenges - Guide
 
Correctly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleCorrectly Loading Incremental Data at Scale
Correctly Loading Incremental Data at Scale
 
Arduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptArduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.ppt
 
Earthing details of Electrical Substation
Earthing details of Electrical SubstationEarthing details of Electrical Substation
Earthing details of Electrical Substation
 
NO1 Certified Black Magic Specialist Expert Amil baba in Uae Dubai Abu Dhabi ...
NO1 Certified Black Magic Specialist Expert Amil baba in Uae Dubai Abu Dhabi ...NO1 Certified Black Magic Specialist Expert Amil baba in Uae Dubai Abu Dhabi ...
NO1 Certified Black Magic Specialist Expert Amil baba in Uae Dubai Abu Dhabi ...
 
Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...
 
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor CatchersTechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
 

Security Requirement Specification Model for Cloud Computing Services

  • 1. S Security Requirement Specification Model for Cloud Computing Services SECONDA UNIVERSITA’ DI NAPOLI FACOLTA’ DI INGEGNERIA Relatore Prof. Massimo Ficco Candidato Matteo Leonetti Matricola A18/064 Anno Accademico 2012/2013
  • 2. S Contents • Main Cloud Computing Issues • Security Requirement Specification for Cloud • Existing Security Specification Languages • Why a New Model? • Modeling Secure Interactions • Use Case and Misuse Case • Stereotypes • Component and Deployment Diagram • IDPS Rule Description • Case Study • Intrusion Detection Architecture for Cloud • Suggestions for Future Works
  • 4. 4 Security Requirement Specification for Cloud • Considering from the the early stage of SDLC; • Highliting ; • Considering to adopt; • Helping to define ; • Allowing Provider and Consumer to agree on ;
  • 6. 6 Why a New Model? framework; • Describing both ; • Allowing to analyse different ; • Helping Cloud Consumer and Cloud Provider to agree on ; • Providing UML . with stereotypes for security concepts; • Allowing managing and replicas. • Presenting an useful model to describe ;
  • 7. 7 Modelling Secure Interactions (1/2) An is defined as every kind of data exchange among actors in a Cloud System. It is made of the triple: <INVOKER, PROVIDER, TARGET> CC Cloud Consumer CP Cloud Provider S Service R Resource Interaction Description Interaction Type Interaction Modalities Securit y Level First CC’s registration to CP <CC,CP,CP> Web Console with username and password 1 - - Web Console with OTP 2
  • 8. 8 Modelling Secure Interactions (2/2) are characterized by the triple: <THREAT, SECURITY REQUIREMENT, SECURITY MECHANISM> Threat Security Requirement Security Mechanism Packet Sniffing Confidentiality Routing Control Denial Of Service Availability Access Monitoring Wrapping Attack Authenticity Digital Signature SQL Injection Integrity, Confidentiality Parameterized Queries Man In The Middle Non repudiation Digital Signature
  • 9. 9 Use Case and Misuse Case (1/2) model all kind of legitimate interactions that describe the whole application behaviour. Some issues can affect these interactions and it is important to specify security mechanism in order to prevent failures. model all the malicious behaviours witch can occur to the Cloud System. Misuse Case is meant as a sequence of action that a Cloud Consumer should not be able to perform. Hackers are able to perform a whole range of attacks to harm the Cloud environment, independently of the Use Case. These kinds of attacks are completely uncorrelated from Use Cases Interaction and can be expressed by Misuse Case.
  • 10. 10 Use Case and Misuse Case (1/2)
  • 11. 11 Stereotypes Stereotype Base class Description Web Service Subsystem, Component Service made available to users or developers on demand via the Internet from a Service Provider. Intrusion Detection Component Any kind of Intrusion Detection System that that monitors network or system activities for malicious behaviour or policy violations and produces reports to a management station. “Mode” attribute specify if it is used “Standalone”, as a “Probe” that only collects information or as a “Manager” that only receive information and correlates them to take decisions. “Type” attribute can specify the resource to monitor: “Network”, “Host” or “Hybrid” Load Balancer Node, component Software that distributes processing and communications activity evenly across a virtual computer network so that no single virtual machine is overwhelmed. Virtual Machine Node Resource that can be used to run applications and workloads. Disaster Recovery Component Actions to minimize the negative effects of a disaster and maintain or quickly resume critical functions. Data Loss Prevention (DLP) Component System designed to detect potential data breach and prevent them by monitoring, detecting and blocking sensitive data. Replica Component, Node, Subsystem Data or computation replication can be adopted in order to provide fault tolerance solutions. “Mode” attribute specify the replication mechanism: “Active”, “Passive”. “Type” attribute specify different passive replicas: “Primary”, “Backup”.
  • 13. 13 IDPS Rule Description (1/2) An can be expressed by three basic elements:
  • 14. 14 IDPS Rule Description (2/2) IDS rule a . The condition that make true the considered rule is composed by events and rules using OR (+) and AND (X) operator. A rule or an event in grey means the negation of that.
  • 17. 17 Case Study: Use Case and Misuse Case : End User sends pictures to the Cloud service. : Hacker intrudes into a Virtual Machine and steals data from the storage.
  • 18. 18 Case Study: Security Requirement Specification
  • 19. 19 Case Study: IDPS Rules Description
  • 20. 20 Case Study: Component and Deployment Diagram
  • 21. 21 IDS Architecture for Cloud Computing receives information from Probes or lower-level SM; normalizes and correlates the events following rules; alerts Admin or sends alert to higher-level SM. Host Intrusion Detection System (HIDS) Network Intrusion Detection System (NIDS)
  • 22. 22 IDS Prototype for Cloud Computing Security Information Event Management (SIEM) Host Intrusion Detection System (HIDS) Network Intrusion Detection System (NIDS) IDMEF IDMEF
  • 23. 23 • Deriving all the and , splitting them in multiple interactions; • Considering all for each interaction specifying ; • Choosing the that match Cloud Consumer needs and Cloud Provider offers. • Making sure Cloud Provider adopt valid for each malicious interaction or think about additional security solution; • Representing application in the ; • Adding required to the diagram; • If required, designing new for detect and prevent the attack described; • If required, specifying type for a fault tolerance solution. Security Requirement Specification Model Briefly
  • 24. 24 • Tool witch that best meets Cloud Consumer needs; • Software that analyses Security Reuirement and to adopt; • Automated Tool witch components to cover vulnerabilities; • Smart tool that for the adopted IDPS; • Engine witch from past events and adds new Rules. Suggestions for Future Works
  • 25. Thank you for your attention
  • 26. S Security Requirement Specification Model for Cloud Computing Services SECONDA UNIVERSITA’ DI NAPOLI FACOLTA’ DI INGEGNERIA Relatore Prof. Massimo Ficco Candidato Matteo Leonetti Matricola A18/064 Anno Accademico 2012/2013
  • 27. What is Cloud Computing? (1/3) “Cloud computing is a model for enabling to a shared pool of configurable computing that can be rapidly provisioned and released with or service provider interaction.” NIST 27
  • 28. What is Cloud Computing? (2/3) self-service • Broad access • Rapid service 28
  • 29. What is Cloud Computing? (3/3) 29

Editor's Notes

  1. I vantaggi dell’utilizzo Cloud Computing sono noti a tutti, ma questo lavoro di tesi si è concentrato sui problemi più gravi di questo paradigma e sugli attacchi di cui è vulnerabile. Attualmente, in ordine di gravità, i problemi riscontrati sono: Il furto dei dati si verifica quando gli hacker riescono a prelevare dati sensibili come password o carte di credito. Nell’ultimo anno ad i server Nasdaq, Apple, Google e Facebook sono state vittime di questo attacco. 2) La perdita dei dati a causa di errori del Cloud Provider o di eventi catastrofici, nel Cloud, dove i dati non sono disponibili localmente, è un altro problema di non poco conto. 3) Tramite SQL Injection o Cross Site Scripting è possibile rubare l’identità di un Cloud Consumer e accedere a servizi altrimenti privati. L’account hijacking è possibile in ogni web application, ma nel cloud questo attacco può avere effetti più devastanti se l’account rubato è quello di un amministratore del cloud provider. 4) Il cloud ha più interraccie esposte ad attacchi esterni rispetto alle altre architetture. A seconda del service model vi sono api e intrfacce diverse. Queste permettono ad esempio di sviluppare applicazioni oppure gestire virtual machine o storage. Ovviamente più interfacce ci sono, più aumenta il rischio di attacchi. 5) L’attacco più frequente a qualsiasi sito web è sicuramente il denial of service in cui gli hacker inviano una quantità di richieste al servizio fuori dal comune, in modo da congestionare il servizio. Nel Cloud Computing questo attacco ha un triplice effetto: 1) il servizio è inaccessibile per tutti gli utenti e questo viola la qualità del servizio stipulata nelle SLA; 2) in un contratto pay-per-use, il consumer si trova a pagare una bolletta salatissima per l’elevato consumo; 3) a causa dell’elasticità, il provider assegna più risorse al servizio attaccato, privandone agli altri servizi che diverranno anch’essi irraggiungibili. 6) A livello infrastructure, platform o service gli hacker possono introdursi nel sistema e provocare danni o prelevare dati. E’ quello che è successo ad esempio nel 2013 a Verizon, il noto operatore telefonico statunitense. 2.12
  2. Quelli che abbiamo visto sono solo alcuni dei problemi che possono causare gli attacchi ad un sistema Cloud. Ma bastano per capire quanto sia importante la sicurezza in questo ambito. Questo lavoro di tesi vuole dare un contributo al campo della specifica dei requisiti di sicurezza. Perché è così importante? Innanzitutto la sicurezza è un aspetto trasversale da tenere in conto fin dal primo step del ciclo di vita di un software; Permette di evidenziare le vulnerabilità del sistema; Permette di definire i meccanismi di sicurezza da adottare e prevenire gli attacchi; Aiuta a definire la Qualità del Servizio Documento per la stipulazione delle SLA tra Cloud Provider e Cloud Consumer
  3. è stato effettuato uno studio su tutti i più rilevanti linguaggi di specifica dei requisiti di sicurezza proposti in letteratura. Tra i tanti modelli studiati, ce ne sono sicuramente alcuni molto validi, ma che non ricoprono pienamente gli obbiettivi proposti. Alcuni di questi li vediamo in questa slide. Si possono suddividere in base alla caratteristica principale che li cotraddistingue. Le due più grandi famiglie sono la prima, che mira a una specifica dei requisiti semplice e chiara anche per i non esperti. Ne fanno parte abuse case, misuse case e secure tropos. Lo svantaggio è che propongono diagrammi che diventano troppo complessi e difficilmente consultabili se i requisiti devono essere descritti in dettaglio. Poi ci sono i linguaggi mirati esclusivamente a descrivere gli attacchi come AntiGoal, AsmlSec e STATL. Sono itili per l’utilizzo di Intrusion Detection System, ma non per la specifica dei requisiti. Alcuni dei linguaggi forniscono un’estensione di UML come SecureUML e UMLIntr, il primo relativo alla specifica dei requisiti, l’altro agli scenari di attacco. Ma risultano piuttosto limitanti nelle loro caratteristiche. e infine c’è CORAS che fornisce un valido strumento per l’analisi dei rischi. 4 min
  4. Il modello che verrà presentato in questo lavoro ha alcune caratteristiche che lo rendono utile per la descrizione dei requisiti di sicurezza in ambiente cloud, ma può anche essere applicato in altri contesti. Il framework prentato in questo lavoro è stato pensato per essere indipendentemente dal service model e dal deployment model utilizzato, è applicabile sia dal punto di vista del cloud provider che da quello dello sviluppatore, ed è universale per tutti i cloud provider o il tipo di servizio che si vuole sviluppare. Si possono specificare sia le vulnerabilità insite nelle funzioni offerte dal servizio, sia i comportamenti malevoli e gli attacchi che si vogliono evitare; Ogni strumento garantisce un dato livello di sicurezza ed è importante analizzarli e scegliere quello che incontra i requisiti richiesti Risulta quindi più facile contrattare i Service Level Agreenment tra Cloud Consumer e Cloud provider; Il framework propone anche di descrivere tutti i servizi ed i componenti distribuiti nell’ambiente cloud tramite un diagramma uml; Grazie all’estensione fornita, il diagramma può essere infatti arricchito da nuovi stereotipi sui concetti di sicurezza; Questo permette di includere nella specifica dei requisiti anche concetti come Intrusion detection System e Falult Tolerance; Infine viene presentato un modello per la descrizione di regole valido per qualsiasi Intrusion Detection System
  5. Il modello per la specifica dei requisiti si basa sulle interazioni. Un’interazione è qualsiasi scambio di dati tra gli attori del sistema Cloud. Ad alto livello gli attori principali sono CC, CP, S, R. L’interazione è composta da Invoker (colui che invia la richiesta), Provider (colui che fornisce il servizio o è responsabile della risorsa), Target (l’oggetto o l’azione coinvolta nella richiesta) Ogni interazione può essere implementata con diverse modalità, ognuno con il suo livello di sicurezza offerto, che viene valutato utilizzando una delle tecniche proposte in letteratura.
  6. Un’interazione può essere affetta da un particolare problema di sicurezza, THREAT Il modello prevede quindi di specificare i requisiti di sicurezza per ogni interazione e proporre dei meccanismi validi per risolverli. La tabella ne mostra alcuni esempi
  7. Utilizzando le interazioni andremo a specificare Use Case e Misuse Case. Gli Use Case esprimeranno azioni legittime, essenziali per il corretto funzionamento del servizio. Queste possono essere affette da vulnerabilità e perciò ne esprimiamo i requisiti di sicurezza. I Misuse Case sono tutti quei comportamenti malevoli che potrebbero verificarsi in un’architettura cloud, indipendenti dagli Use Case. Questi attacchi devono essere considerati per adottare quindi struemnti di sicurezza adeguati.
  8. In questa slide vediamo un esempio della rappresentazione di use case e misuse case tramite le interazioni e come, nella terza colonna sia possibile specificare i requisiti di sicurezza e i meccanismi di sicurezza da applicare.
  9. Un altro strumento che offre questo modello è il component e deployment diagram che può essere arricchito di nuovi stereotipi riguardanti il l’architettura cloud e la sicurezza in generale. Questo ci consente quindi di rappresentare i componenti che fanno parte dell’applicazione, i servizi esterni e i meccanismi di sicurezza che si dovranno implementare nelle fasi successive dello sviluppo.
  10. In questa slide vediamo un esempio di quello che dovrebbe essere il component and deployment diagram arricchito dei nuovi stereotipi. In seguito lo analizzeremo meglio facendo riferimento ad un caso di studio.
  11. Se si utilizza un Intrusion detection and prevention system come meccanismo di sicurezza, sarà sicuramente utile definirne le regole sin dalla fase di requisiti e design. I tool che permettono l’aggiunta di nuove regole e la correlazione tra esse adottano formalismi diversi. In questo lavoro si è voluto trovare un modello per esprimere le regole che fosse generico e indipendente dal tool utilizzato. Gli elementi in comune in tutte le regole sono dati da: Attributi che caratterizzano la regola, come ad esempio il protocollo, il file log o la rete interessata, le condizioni affinché la regola sia vera, composti da eventi e regole correlate con logica booleana e l’azione da adottare nel caso in cui le condizioni si verifichino, espresse tramite una lista di operazioni.
  12. Se le regole da correlare sono molte viene proposta anche una rappresentazione ad albero che aiuta ad analizzare la composizione.
  13. Nel caso di studio prendiamo in considerazione un servizio cloud che permette agli utenti di inviare le foto da diversi dispositivi, e ricevere le stampe dopo aver effettuato il pagamento. Oltre al’interfaccia grafica e ai componenti interni, vengono sfruttati due servizi esterni per il pagamento e la stampa delle foto.
  14. Le interazioni tra i componenti sono le seguenti: l’end user invia le foto attraverso la GUI, queste vengono poste in una coda, poi vengono prelevate, ridimensionate e salvate nello storage da un apposito componente. L’end user può pagare attraverso la GUI che rimanda la richiesta al servizio esterno e una volta fatto si può inviare la richiesta di stampa al secondo servizio esterno che stamperà el foto ricevute e le invierà all’indirizzo dell’utente.
  15. Prendiamo in considerazione come Use Case l’utente che invia le foto al servizio cloud. Come Misuse Case un hacker che riesce ad introdursi in una virtual machine e ruba dati dallo storage. L’use case coinvolge cloud consumer (questa volta l’end user) che vuole sfruttare un srrvizio, il target di questa interazione. L’use case può essere affetto da un attacco di flooding o da malware injection. Il Misuse case coinvolge il cloud consumer (questa volta un un end user malizioso) che vuole sfruttare una risorsa fornita dal cloud provider. Questo misuse case ci permette di definire l’intrusione e la diffusione dei dati, che in questo caso vogliamo evitare.
  16. Use Case e Misuse Case vengono poi suddivisi in interazioni elementari che coinvolgono componenti interni al sistema. Qusto ci permette di specificare altri requisiti di sicurezza come ad esempio evitare flooding anche nella coda. I meccanismi di sicurezza che possono essere implementati sono: un controllo sulle richieste e un filtro sui file inviati per evitare flooding e malware injection. Un controllo sulla coda. E infine un Intrusion Detection System per evitare intrusioni e furto di dati.
  17. Per evitare l’intrusione si può specificare la regola che dovrà poi essere implementata nelle fasi successive dello sviluppo. La regola è vera quando si verificano due eventi: traffico sospetto rilevato dalla rete e prelievo di dati inusuale rilevato dallo storage. La reazione potrebbe essere quella di disconnettere la VM compromessa, attivare una istanza pulita del servizio e segnalare l’amministratore.
  18. Successivamente è possibile realizzare Il Component and Deployment diagram distribuendo i componenti dell’applicazione in diverse virtual machine. Una che riceve le richieste e tramite load balancer le smista a diverse istanze del servizio. Poi notiamo i servizi esterni che inseriamo nel grafico ma vengono visti un po’ come delle black box. Questo grafico serve per aggiungere i componenti di sicurezza richiesti grazie agli stereotipi forniti in questo lavoro. Vediamo ad esempio un componente di sicurezza software che dovrà essere sviluppato per controllare le richieste e filtarre i file caricati. Le tre repliche attive dello storage, pronte per essere sostituite se lo storage utilizzato smette di funzionare. Vediamo poi i componenti di un intrusion detection sistem distribuito. In cui c’è un manager centrale che riceve dati delle sonde, network e host che li raccolgono.
  19. L’architettura di IDS a cui si fa riferimento in questo lavoro è quindi quella dove vi sono Security Manager che ricevno informazioni dalle sonde o da SM di livelli inferiori, normalizzano e correlano eventi, per riconoscere gli attacchi attraverso delle regole salvate nel database. Eventualemnte avvisano l’amministratore o inviano la segnalazione alle SM di alto livello; Le probe non delle sonde che collezionano informazioni utili agli attacchi e le inviano al SM. Una Host Probe può essere realizzata con un Host IDS mentre una Network Porbe con un Network IDS.
  20. Infine è stato realizzato anche un prototipo di questa architettura, utilizzando solo tool open source. Prelude come SIEM per il Security Manager; OSSEC, un HIDS come Host Probe SNORT, un NIDS come Hetwork Probe. I tool collegati assieme, comunicano attraverso intrusion detection message excange format. Prelude tra i vari componenti ha Prewikka, un’interfaccia grafica utile all’amministratore per tenere sotto controllo il sistema.
  21. Cloud Computing è un termine che si utilizza per definire un insieme di tecnologie che permettono l’accesso a un insieme risorse disribuite, fornite da un provider al cliente. Possiamo distinguere due attori principali, il Cloud Consumer che ha delle necessità e utilizza servizi e risorse on line. E un Cloud Provider che fornisce servizi e risorse ai clienti finali.
  22. Le caratteristiche che ci consentono di riconoscere un sistema cloud sono essenzialmente 4: Il consumatore può richiedere i servizi quando li necessita, in modo automatico I srrvizi devono essere accessibili tramite internet da diverse piattaforme Il provider assegna risorse fisiche e virtuali in base alle richieste dei consumer L’elasticità permette di aumentare o diminuire in modo automatico la quantità di risorse in base alle reali esigenze L’utilizzo delle risorse può essere controllato e misurato sia dal provider che dal consumer
  23. Infine è importante menzionare i modelli con cui si possono classificare i sistemi cloud. Nel service model vediamo come alla base ci sia l’Infrastracture as a Service in cui il Cloud Provider fornisce le risorse basilari per permettere al Consumer di sviluppare la sua personale applicazione. Nel modello Platform as a Service invece il Consumer ha a disposizione librerie e diversi tool per lo sviluppo. Mentre al vertice della piramide vi è il modello “Software as a Service” in cui il Consumer non è a conoscenza delle risorse utilizzate dal Provider, ma ne sfrutta solo le applicazioni messe a disposizione. Risulta chiaro come più si sale nella piramide, più le responsabilità del Consumer diminuiscono e quelle del Provider aumentano perché deve garantire la qualità del servizio offrendo sempre funzioni sempre più complesse. Il deployment model indica come l’infrasruttura cloud possa essere accessibile a diversi gruppi di consumer. Una singola organizzazione nel caso del modello Private. Più organizzazioni nel caso del Community, pubblico oppure un modello ibrido.