Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

About an Immune System Understanding for Cloud-native Applications - Biology Inspired Thoughts to Immunize the Cloud Forensic Trail

239 views

Published on

Presentation for 9th International Conference on Cloud Computing, GRIDS, and Virtualization (CLOUD COMPUTING 2018) in Barcelona, Spain, 2018.

There is no such thing as an impenetrable system, although the penetration of systems does get harder from year to year. The median days that intruders remained undetected on victim systems dropped from 416 days in 2010 down to 99 in 2016. Perhaps because of that, a new trend in security breaches is to compromise the forensic trail to allow the intruder to remain undetected for longer in victim systems and to retain valuable footholds for as long as possible. This paper proposes an immune system inspired solution which uses a more frequent regeneration of cloud application nodes to ensure that undetected compromised nodes can be purged. This makes it much harder for intruders to maintain a presence on victim systems. Basically the biological concept of cell-regeneration is combined with the information systems concept of append-only logs. Evaluation experiments performed on popular cloud service infrastructures (Amazon Web Services, Google Compute Engine, Azure and OpenStack) have shown that between 6 and 40 nodes of elastic container platforms can be regenerated per hour. Even a large cluster of 400 nodes could be regenerated in somewhere between 9 and 66 hours. So, regeneration shows the potential to reduce the foothold of undetected intruders from months to just hours.

Published in: Software
  • Be the first to comment

  • Be the first to like this

About an Immune System Understanding for Cloud-native Applications - Biology Inspired Thoughts to Immunize the Cloud Forensic Trail

  1. 1. About an Immune System Understanding for Cloud-native Applications Biology Inspired Thoughts to Immunize the Cloud Forensic Trail Nane Kratzke 9th International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2018); Barcelona, Spain, 2018
  2. 2. The next 20 minutes are about ... • Some scary considerations on zero-day exploits • Cyber attack life cycle model • What can be learned about cloud applications after more than 10 years of cloud computing • The idea to (permanently) jangle attackers nerves • Some evaluation results • Conclusions and open issues Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 2 Presentation URL Paper URL
  3. 3. Some scary considerations for introduction • In principle attackers can establish footholds in our systems whenever they want (zero-day exploits) • Cloud application security engineering efforts focus to harden the fortress walls. • Cloud applications rely on their defensive walls but seldom attack intruders actively. Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 3
  4. 4. We need a reactive component as well Biological systems are different. Defensive “walls” can be breached at several layers. An additional active defense system is needed to attack potential successful intruders - an immune system. Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 4
  5. 5. Cyber Attack Life Cycle Model Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 5
  6. 6. How long can presence be maintained? Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 6 Answer: Surprisingly long!
  7. 7. One basic idea Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 7 Play god, break this loop at arbitrary times at your will!
  8. 8. We need some guidance ... ClouNS – Cloud-native Application Reference Model Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 8 [KP2016] Kratzke, N., & Peinl, R. (2016). ClouNS - a Cloud-Native Application Reference Model for Enterprise Architects. In 2016 IEEE 20th International Enterprise Distributed Object Computing Workshop (EDOCW) (pp. 1–10). [QK2018a] Quint, P.-C., & Kratzke, N. (2018). Towards a Lightweight Multi-Cloud DSL for Elastic and Transferable Cloud-native Applications. In Proceedings of the 8th Int. Conf. on Cloud Computing and Services Science (CLOSER 2018, Madeira, Portugal).
  9. 9. We use this very basic model ... Prof. Dr. rer. nat. Nane Kratzke Praktische Informatik und betriebliche Informationssysteme 9 Operate application on current provider. Scale cluster into prospective provider. Shutdown nodes on current provider. Cluster reschedules lost container. Migration finished. Quint, P.-C., & Kratzke, N. (2016). Overcome Vendor Lock-In by Integrating Already Available Container Technologies - Towards Transferability in Cloud Computing for SMEs. In Proceedings of CLOUD COMPUTING 2016 (7th. International Conference on Cloud Computing, GRIDS and Virtualization). … mainly, to avoid Vendor Lock-In: • Make use of elastic container platforms to operate elastic services being deployable to any IaaS cloud infrastructure. • Transfer of these services from one private or public cloud infrastructure to another at runtime. Kratzke, N. (2017). Smuggling Multi-Cloud Support into Cloud-native Applications using Elastic Container Platforms. In Proceedings of the 7th Int. Conf. on Cloud Computing and Services Science (CLOSER 2017) (pp. 29–42).
  10. 10. A control loop tries permanently to reach an intended state Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 10 Operate application on current provider. Scale cluster into prospective provider. Shutdown nodes on current provider. Cluster reschedules lost container. Migration finished.
  11. 11. Most systems rely on their defence walls and just wait to be attacked Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 11 Successfully breached node (lateral movement)
  12. 12. Let us make the game more challenging for the attacker Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 12 We can create a race between a manual (time-intensive) breach and a fully automatic (and fast) regeneration. Regenerated node (randomly chosen at some point in time) Successfully breached node (lateral movement)
  13. 13. Sadly, the approach is limited Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 13
  14. 14. Regeneration evaluation: Runtime to regenerate one node Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 14 Request a node Adjust Security Groups Join Node Adjust Security Group Terminate Node
  15. 15. Diving into IaaS infrastructure specifics Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 15
  16. 16. Runtime to regenerate one node Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 16 Request a node Adjust Security Groups Join Node 0 100 200 300 400 500 600 700 AWS OpenStack GCE Azure Runtimes (median values in seconds) Creation Secgroup Joining Termination Adjust Security Group Terminate Node
  17. 17. Open issues and limitations • Can we reduce regenerations? • Can we identify suspect nodes automatically? • Limited to applications on CAMM Level 2 and above … (state management) • How to handle data-as-code dependencies and code injection vulnerabilities? • What is about exploits/attacks that are adaptable to bio-inspired systems? • How to protect the regeneration mechanism against attackers? • Large scale evaluation needed Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 17
  18. 18. Conclusion Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 18 • The presented approach means for attackers that their time being „undetected“ drops from months down to minutes. • However, biology inspired solutions come with downsides like • fever (too many nodes in regeneration at the same time, system runs hot) • auto-immune disease (healthy nodes are attacked too often) • Further research needed how to integrate • append-only logging systems • suspect node detection • avoidance of immune-system downsides like fever and auto- immune diseases • Several experts remarked independently that the basic idea is so „intruiging“, that it should be considered more consequently.
  19. 19. Acknowledgement • Virus: Pixabay (CC0 Public Domain) • Fortress: Pixabay (CC0 Public Domain) • Bowman: Pixabay (CC0 Public Domain) • Definition: Pixabay (CC0 Public Domain, PDPics) • Railway: Pixabay (CC0 Public Domain, Fotoworkshop4You) • Air Transport: Pixabay (CC0 Public Domain, WikiImages) Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 19 Picture Reference This research is partly funded by German Federal Ministry of Education and Research (13FH021PX4). Presentation URL Paper URL
  20. 20. About Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 20 Nane Kratzke CoSA: http://cosa.fh-luebeck.de/en/contact/people/n-kratzke Blog: http://www.nkode.io Twitter: @NaneKratzke GooglePlus: +NaneKratzke LinkedIn: https://de.linkedin.com/in/nanekratzke GitHub: https://github.com/nkratzke ResearchGate: https://www.researchgate.net/profile/Nane_Kratzke SlideShare: http://de.slideshare.net/i21aneka

×