About an Immune System Understanding for Cloud-native Applications - Biology Inspired Thoughts to Immunize the Cloud Forensic Trail

Nane Kratzke
Nane KratzkeProfessor for Computer Science at Lübeck University of Applied Sciences
About an Immune System Understanding for Cloud-native Applications Biology Inspired Thoughts to Immunize the Cloud Forensic Trail Nane Kratzke 9th International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2018); Barcelona, Spain, 2018
The next 20 minutes are about ... • Some scary considerations on zero-day exploits • Cyber attack life cycle model • What can be learned about cloud applications after more than 10 years of cloud computing • The idea to (permanently) jangle attackers nerves • Some evaluation results • Conclusions and open issues Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 2 Presentation URL Paper URL
Some scary considerations for introduction • In principle attackers can establish footholds in our systems whenever they want (zero-day exploits) • Cloud application security engineering efforts focus to harden the fortress walls. • Cloud applications rely on their defensive walls but seldom attack intruders actively. Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 3
We need a reactive component as well Biological systems are different. Defensive “walls” can be breached at several layers. An additional active defense system is needed to attack potential successful intruders - an immune system. Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 4
Cyber Attack Life Cycle Model Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 5
How long can presence be maintained? Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 6 Answer: Surprisingly long!
One basic idea Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 7 Play god, break this loop at arbitrary times at your will!
We need some guidance ... ClouNS – Cloud-native Application Reference Model Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 8 [KP2016] Kratzke, N., & Peinl, R. (2016). ClouNS - a Cloud-Native Application Reference Model for Enterprise Architects. In 2016 IEEE 20th International Enterprise Distributed Object Computing Workshop (EDOCW) (pp. 1–10). [QK2018a] Quint, P.-C., & Kratzke, N. (2018). Towards a Lightweight Multi-Cloud DSL for Elastic and Transferable Cloud-native Applications. In Proceedings of the 8th Int. Conf. on Cloud Computing and Services Science (CLOSER 2018, Madeira, Portugal).
We use this very basic model ... Prof. Dr. rer. nat. Nane Kratzke Praktische Informatik und betriebliche Informationssysteme 9 Operate application on current provider. Scale cluster into prospective provider. Shutdown nodes on current provider. Cluster reschedules lost container. Migration finished. Quint, P.-C., & Kratzke, N. (2016). Overcome Vendor Lock-In by Integrating Already Available Container Technologies - Towards Transferability in Cloud Computing for SMEs. In Proceedings of CLOUD COMPUTING 2016 (7th. International Conference on Cloud Computing, GRIDS and Virtualization). … mainly, to avoid Vendor Lock-In: • Make use of elastic container platforms to operate elastic services being deployable to any IaaS cloud infrastructure. • Transfer of these services from one private or public cloud infrastructure to another at runtime. Kratzke, N. (2017). Smuggling Multi-Cloud Support into Cloud-native Applications using Elastic Container Platforms. In Proceedings of the 7th Int. Conf. on Cloud Computing and Services Science (CLOSER 2017) (pp. 29–42).
A control loop tries permanently to reach an intended state Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 10 Operate application on current provider. Scale cluster into prospective provider. Shutdown nodes on current provider. Cluster reschedules lost container. Migration finished.
Most systems rely on their defence walls and just wait to be attacked Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 11 Successfully breached node (lateral movement)
Let us make the game more challenging for the attacker Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 12 We can create a race between a manual (time-intensive) breach and a fully automatic (and fast) regeneration. Regenerated node (randomly chosen at some point in time) Successfully breached node (lateral movement)
Sadly, the approach is limited Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 13
Regeneration evaluation: Runtime to regenerate one node Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 14 Request a node Adjust Security Groups Join Node Adjust Security Group Terminate Node
Diving into IaaS infrastructure specifics Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 15
Runtime to regenerate one node Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 16 Request a node Adjust Security Groups Join Node 0 100 200 300 400 500 600 700 AWS OpenStack GCE Azure Runtimes (median values in seconds) Creation Secgroup Joining Termination Adjust Security Group Terminate Node
Open issues and limitations • Can we reduce regenerations? • Can we identify suspect nodes automatically? • Limited to applications on CAMM Level 2 and above … (state management) • How to handle data-as-code dependencies and code injection vulnerabilities? • What is about exploits/attacks that are adaptable to bio-inspired systems? • How to protect the regeneration mechanism against attackers? • Large scale evaluation needed Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 17
Conclusion Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 18 • The presented approach means for attackers that their time being „undetected“ drops from months down to minutes. • However, biology inspired solutions come with downsides like • fever (too many nodes in regeneration at the same time, system runs hot) • auto-immune disease (healthy nodes are attacked too often) • Further research needed how to integrate • append-only logging systems • suspect node detection • avoidance of immune-system downsides like fever and auto- immune diseases • Several experts remarked independently that the basic idea is so „intruiging“, that it should be considered more consequently.
Acknowledgement • Virus: Pixabay (CC0 Public Domain) • Fortress: Pixabay (CC0 Public Domain) • Bowman: Pixabay (CC0 Public Domain) • Definition: Pixabay (CC0 Public Domain, PDPics) • Railway: Pixabay (CC0 Public Domain, Fotoworkshop4You) • Air Transport: Pixabay (CC0 Public Domain, WikiImages) Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 19 Picture Reference This research is partly funded by German Federal Ministry of Education and Research (13FH021PX4). Presentation URL Paper URL
About Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 20 Nane Kratzke CoSA: http://cosa.fh-luebeck.de/en/contact/people/n-kratzke Blog: http://www.nkode.io Twitter: @NaneKratzke GooglePlus: +NaneKratzke LinkedIn: https://de.linkedin.com/in/nanekratzke GitHub: https://github.com/nkratzke ResearchGate: https://www.researchgate.net/profile/Nane_Kratzke SlideShare: http://de.slideshare.net/i21aneka
1 of 20

About an Immune System Understanding for Cloud-native Applications - Biology Inspired Thoughts to Immunize the Cloud Forensic Trail

Download to read offline
Software

Presentation for 9th International Conference on Cloud Computing, GRIDS, and Virtualization (CLOUD COMPUTING 2018) in Barcelona, Spain, 2018. There is no such thing as an impenetrable system, although the penetration of systems does get harder from year to year. The median days that intruders remained undetected on victim systems dropped from 416 days in 2010 down to 99 in 2016. Perhaps because of that, a new trend in security breaches is to compromise the forensic trail to allow the intruder to remain undetected for longer in victim systems and to retain valuable footholds for as long as possible. This paper proposes an immune system inspired solution which uses a more frequent regeneration of cloud application nodes to ensure that undetected compromised nodes can be purged. This makes it much harder for intruders to maintain a presence on victim systems. Basically the biological concept of cell-regeneration is combined with the information systems concept of append-only logs. Evaluation experiments performed on popular cloud service infrastructures (Amazon Web Services, Google Compute Engine, Azure and OpenStack) have shown that between 6 and 40 nodes of elastic container platforms can be regenerated per hour. Even a large cluster of 400 nodes could be regenerated in somewhere between 9 and 66 hours. So, regeneration shows the potential to reduce the foothold of undetected intruders from months to just hours.

Nane Kratzke
Nane KratzkeProfessor for Computer Science at Lübeck University of Applied Sciences

Recommended

About being the Tortoise or the Hare? Making Cloud Applications too Fast and ... by
About being the Tortoise or the Hare? Making Cloud Applications too Fast and ...About being the Tortoise or the Hare? Making Cloud Applications too Fast and ...
About being the Tortoise or the Hare? Making Cloud Applications too Fast and ...Nane Kratzke
531 views13 slides
SciNet -- Pushing scientific boundaries by
SciNet -- Pushing scientific boundaries SciNet -- Pushing scientific boundaries
SciNet -- Pushing scientific boundaries Lenovo Data Center
141 views5 slides
A Back Propagation Neural Network Intrusion Detection System Based on KVM by
A Back Propagation Neural Network Intrusion Detection System Based on KVMA Back Propagation Neural Network Intrusion Detection System Based on KVM
A Back Propagation Neural Network Intrusion Detection System Based on KVMInternational Journal of Innovation Engineering and Science Research
83 views9 slides
Bergman Enabling Computation for neuro ML external by
Bergman Enabling Computation for neuro ML externalBergman Enabling Computation for neuro ML external
Bergman Enabling Computation for neuro ML externalazlefty
293 views32 slides
Data-intensive bioinformatics on HPC and Cloud by
Data-intensive bioinformatics on HPC and CloudData-intensive bioinformatics on HPC and Cloud
Data-intensive bioinformatics on HPC and CloudOla Spjuth
1.4K views45 slides
Top Cited Papers - International Journal of Network Security & Its Applicatio... by
Top Cited Papers - International Journal of Network Security & Its Applicatio...Top Cited Papers - International Journal of Network Security & Its Applicatio...
Top Cited Papers - International Journal of Network Security & Its Applicatio...IJNSA Journal
6 views14 slides

More Related Content

What's hot

A time efficient approach for detecting errors in big sensor data on cloud by
A time efficient approach for detecting errors in big sensor data on cloudA time efficient approach for detecting errors in big sensor data on cloud
A time efficient approach for detecting errors in big sensor data on cloudLeMeniz Infotech
269 views3 slides
Top Cited Papers - International Journal of Network Security & Its Applicatio... by
Top Cited Papers - International Journal of Network Security & Its Applicatio...Top Cited Papers - International Journal of Network Security & Its Applicatio...
Top Cited Papers - International Journal of Network Security & Its Applicatio...IJNSA Journal
37 views14 slides
Genestack Genomics Applications Platform by
Genestack Genomics Applications PlatformGenestack Genomics Applications Platform
Genestack Genomics Applications Platformgenestack
979 views12 slides
prj exam by
prj examprj exam
prj examShweta Dolhare
355 views39 slides
A TIME EFFICIENT APPROACH FOR DETECTING ERRORS IN BIG SENSOR DATA ON CLOUD by
A TIME EFFICIENT APPROACH FOR DETECTING ERRORS IN BIG SENSOR DATA ON CLOUDA TIME EFFICIENT APPROACH FOR DETECTING ERRORS IN BIG SENSOR DATA ON CLOUD
A TIME EFFICIENT APPROACH FOR DETECTING ERRORS IN BIG SENSOR DATA ON CLOUDI3E Technologies
323 views1 slide
ICCT2017: A user mode implementation of filtering rule management plane using... by
ICCT2017: A user mode implementation of filtering rule management plane using...ICCT2017: A user mode implementation of filtering rule management plane using...
ICCT2017: A user mode implementation of filtering rule management plane using...Ruo Ando
111 views14 slides

What's hot(20)

A time efficient approach for detecting errors in big sensor data on cloud by LeMeniz Infotech
A time efficient approach for detecting errors in big sensor data on cloudA time efficient approach for detecting errors in big sensor data on cloud
A time efficient approach for detecting errors in big sensor data on cloud
LeMeniz Infotech269 views
Top Cited Papers - International Journal of Network Security & Its Applicatio... by IJNSA Journal
Top Cited Papers - International Journal of Network Security & Its Applicatio...Top Cited Papers - International Journal of Network Security & Its Applicatio...
Top Cited Papers - International Journal of Network Security & Its Applicatio...
IJNSA Journal37 views
Genestack Genomics Applications Platform by genestack
Genestack Genomics Applications PlatformGenestack Genomics Applications Platform
Genestack Genomics Applications Platform
genestack979 views
prj exam by Shweta Dolhare
prj examprj exam
prj exam
Shweta Dolhare355 views
A TIME EFFICIENT APPROACH FOR DETECTING ERRORS IN BIG SENSOR DATA ON CLOUD by I3E Technologies
A TIME EFFICIENT APPROACH FOR DETECTING ERRORS IN BIG SENSOR DATA ON CLOUDA TIME EFFICIENT APPROACH FOR DETECTING ERRORS IN BIG SENSOR DATA ON CLOUD
A TIME EFFICIENT APPROACH FOR DETECTING ERRORS IN BIG SENSOR DATA ON CLOUD
I3E Technologies323 views
ICCT2017: A user mode implementation of filtering rule management plane using... by Ruo Ando
ICCT2017: A user mode implementation of filtering rule management plane using...ICCT2017: A user mode implementation of filtering rule management plane using...
ICCT2017: A user mode implementation of filtering rule management plane using...
Ruo Ando111 views
Access Control & Encryption In Cloud Environments by James Wernicke
Access Control & Encryption In Cloud EnvironmentsAccess Control & Encryption In Cloud Environments
Access Control & Encryption In Cloud Environments
James Wernicke538 views
International Journal of Network Security & Its Applications (IJNSA) by IJNSA Journal
International Journal of Network Security & Its Applications (IJNSA)International Journal of Network Security & Its Applications (IJNSA)
International Journal of Network Security & Its Applications (IJNSA)
IJNSA Journal4 views
Sgg crest-presentation-final by marpierc
Sgg crest-presentation-finalSgg crest-presentation-final
Sgg crest-presentation-final
marpierc501 views
Sept2016 sv dnanexus_benchmarking by GenomeInABottle
Sept2016 sv dnanexus_benchmarkingSept2016 sv dnanexus_benchmarking
Sept2016 sv dnanexus_benchmarking
GenomeInABottle624 views
IJARCCE 20 by Nahan Rahman
IJARCCE 20IJARCCE 20
IJARCCE 20
Nahan Rahman211 views
Binary Clone Wars at CanSecWest 2009 by Derek Callaway
Binary Clone Wars at CanSecWest 2009Binary Clone Wars at CanSecWest 2009
Binary Clone Wars at CanSecWest 2009
Derek Callaway114 views
Top Cited Papers - International Journal of Network Security & Its Applicatio... by IJNSA Journal
Top Cited Papers - International Journal of Network Security & Its Applicatio...Top Cited Papers - International Journal of Network Security & Its Applicatio...
Top Cited Papers - International Journal of Network Security & Its Applicatio...
IJNSA Journal9 views
Improving Data Storage Security in Cloud using Hadoop by IJERA Editor
Improving Data Storage Security in Cloud using HadoopImproving Data Storage Security in Cloud using Hadoop
Improving Data Storage Security in Cloud using Hadoop
IJERA Editor285 views
Dagrep v006-i009-complete by sandeep1721
Dagrep v006-i009-completeDagrep v006-i009-complete
Dagrep v006-i009-complete
sandeep1721184 views
Big data meets docker by smart_bit
Big data meets dockerBig data meets docker
Big data meets docker
smart_bit131 views
Grid computing by punjab engineering college, chandigarh
Grid computingGrid computing
Grid computing
punjab engineering college, chandigarh142 views
Role Based Access Control Model (RBACM) With Efficient Genetic Algorithm (GA)... by dbpublications
Role Based Access Control Model (RBACM) With Efficient Genetic Algorithm (GA)...Role Based Access Control Model (RBACM) With Efficient Genetic Algorithm (GA)...
Role Based Access Control Model (RBACM) With Efficient Genetic Algorithm (GA)...
dbpublications57 views
Reliable and confidential cloud storage with efficient data forwarding functi... by ieeepondy
Reliable and confidential cloud storage with efficient data forwarding functi...Reliable and confidential cloud storage with efficient data forwarding functi...
Reliable and confidential cloud storage with efficient data forwarding functi...
ieeepondy79 views
A hybrid cloud approach for secure authorized deduplication by LeMeniz Infotech
A hybrid cloud approach for secure authorized deduplicationA hybrid cloud approach for secure authorized deduplication
A hybrid cloud approach for secure authorized deduplication
LeMeniz Infotech279 views

Similar to About an Immune System Understanding for Cloud-native Applications - Biology Inspired Thoughts to Immunize the Cloud Forensic Trail

There is no impenetrable system - So, why we are still waiting to get breached? by
There is no impenetrable system - So, why we are still waiting to get breached?There is no impenetrable system - So, why we are still waiting to get breached?
There is no impenetrable system - So, why we are still waiting to get breached?Nane Kratzke
330 views11 slides
ClouNS - A Cloud-native Application Reference Model for Enterprise Architects by
ClouNS - A Cloud-native Application Reference Model for Enterprise ArchitectsClouNS - A Cloud-native Application Reference Model for Enterprise Architects
ClouNS - A Cloud-native Application Reference Model for Enterprise ArchitectsNane Kratzke
2.2K views28 slides
What the cloud has to do with a burning house? by
What the cloud has to do with a burning house?What the cloud has to do with a burning house?
What the cloud has to do with a burning house?Nane Kratzke
776 views38 slides
About Microservices, Containers and their Underestimated Impact on Network Pe... by
About Microservices, Containers and their Underestimated Impact on Network Pe...About Microservices, Containers and their Underestimated Impact on Network Pe...
About Microservices, Containers and their Underestimated Impact on Network Pe...Nane Kratzke
9.9K views18 slides
Cloud Operations and Analytics: Improving Distributed Systems Reliability usi... by
Cloud Operations and Analytics: Improving Distributed Systems Reliability usi...Cloud Operations and Analytics: Improving Distributed Systems Reliability usi...
Cloud Operations and Analytics: Improving Distributed Systems Reliability usi...Jorge Cardoso
1.2K views40 slides
We have the Bricks to Build Cloud-native Cathedrals - But do we have the mortar? by
We have the Bricks to Build Cloud-native Cathedrals - But do we have the mortar?We have the Bricks to Build Cloud-native Cathedrals - But do we have the mortar?
We have the Bricks to Build Cloud-native Cathedrals - But do we have the mortar?Nane Kratzke
424 views11 slides

Similar to About an Immune System Understanding for Cloud-native Applications - Biology Inspired Thoughts to Immunize the Cloud Forensic Trail(20)

There is no impenetrable system - So, why we are still waiting to get breached? by Nane Kratzke
There is no impenetrable system - So, why we are still waiting to get breached?There is no impenetrable system - So, why we are still waiting to get breached?
There is no impenetrable system - So, why we are still waiting to get breached?
Nane Kratzke330 views
ClouNS - A Cloud-native Application Reference Model for Enterprise Architects by Nane Kratzke
ClouNS - A Cloud-native Application Reference Model for Enterprise ArchitectsClouNS - A Cloud-native Application Reference Model for Enterprise Architects
ClouNS - A Cloud-native Application Reference Model for Enterprise Architects
Nane Kratzke2.2K views
What the cloud has to do with a burning house? by Nane Kratzke
What the cloud has to do with a burning house?What the cloud has to do with a burning house?
What the cloud has to do with a burning house?
Nane Kratzke776 views
About Microservices, Containers and their Underestimated Impact on Network Pe... by Nane Kratzke
About Microservices, Containers and their Underestimated Impact on Network Pe...About Microservices, Containers and their Underestimated Impact on Network Pe...
About Microservices, Containers and their Underestimated Impact on Network Pe...
Nane Kratzke9.9K views
Cloud Operations and Analytics: Improving Distributed Systems Reliability usi... by Jorge Cardoso
Cloud Operations and Analytics: Improving Distributed Systems Reliability usi...Cloud Operations and Analytics: Improving Distributed Systems Reliability usi...
Cloud Operations and Analytics: Improving Distributed Systems Reliability usi...
Jorge Cardoso1.2K views
We have the Bricks to Build Cloud-native Cathedrals - But do we have the mortar? by Nane Kratzke
We have the Bricks to Build Cloud-native Cathedrals - But do we have the mortar?We have the Bricks to Build Cloud-native Cathedrals - But do we have the mortar?
We have the Bricks to Build Cloud-native Cathedrals - But do we have the mortar?
Nane Kratzke424 views
Towards a Lightweight Multi-Cloud DSL for Elastic and Transferable Cloud-nati... by Nane Kratzke
Towards a Lightweight Multi-Cloud DSL for Elastic and Transferable Cloud-nati...Towards a Lightweight Multi-Cloud DSL for Elastic and Transferable Cloud-nati...
Towards a Lightweight Multi-Cloud DSL for Elastic and Transferable Cloud-nati...
Nane Kratzke458 views
Grid computing assiment by Huma Tariq
Grid computing assimentGrid computing assiment
Grid computing assiment
Huma Tariq180 views
Thoughts on Cybersecurity by Frank Wuerthwein
Thoughts on CybersecurityThoughts on Cybersecurity
Thoughts on Cybersecurity
Frank Wuerthwein64 views
2015 04 bio it world by Chris Dwan
2015 04 bio it world2015 04 bio it world
2015 04 bio it world
Chris Dwan2.9K views
Machine Learning by Mahdi Hosseini Moghaddam
Machine LearningMachine Learning
Machine Learning
Mahdi Hosseini Moghaddam407 views
Recapitulation Workshop Cloud Reliability Resilience 2016 by Jorge Cardoso
Recapitulation Workshop Cloud Reliability Resilience 2016Recapitulation Workshop Cloud Reliability Resilience 2016
Recapitulation Workshop Cloud Reliability Resilience 2016
Jorge Cardoso529 views
Cloud Roundtable at Microsoft Switzerland by mictc
Cloud Roundtable at Microsoft Switzerland Cloud Roundtable at Microsoft Switzerland
Cloud Roundtable at Microsoft Switzerland
mictc592 views
On Modeling and Testing When Unpredictability Becomes the Pattern (April 2nd,... by Benoit Combemale
On Modeling and Testing When Unpredictability Becomes the Pattern (April 2nd,...On Modeling and Testing When Unpredictability Becomes the Pattern (April 2nd,...
On Modeling and Testing When Unpredictability Becomes the Pattern (April 2nd,...
Benoit Combemale495 views
How Virtual Reality and Machine Learning Are Powering the New Age of Network ... by DataStax
How Virtual Reality and Machine Learning Are Powering the New Age of Network ...How Virtual Reality and Machine Learning Are Powering the New Age of Network ...
How Virtual Reality and Machine Learning Are Powering the New Age of Network ...
DataStax352 views
Handout1o by Shahbaz Sidhu
Handout1oHandout1o
Handout1o
Shahbaz Sidhu649 views
HPC Cluster Computing from 64 to 156,000 Cores  by inside-BigData.com
HPC Cluster Computing from 64 to 156,000 Cores HPC Cluster Computing from 64 to 156,000 Cores 
HPC Cluster Computing from 64 to 156,000 Cores 
inside-BigData.com2K views
How Can We Answer the Really BIG Questions? by Amazon Web Services
How Can We Answer the Really BIG Questions?How Can We Answer the Really BIG Questions?
How Can We Answer the Really BIG Questions?
Amazon Web Services325 views
Serguei Beloussov - Future of computing by Schaffhausen Institute of Technology
Serguei Beloussov - Future of computingSerguei Beloussov - Future of computing
Serguei Beloussov - Future of computing
Schaffhausen Institute of Technology203 views
Taming limits with approximate networking by Junaid Qadir
Taming limits with approximate networkingTaming limits with approximate networking
Taming limits with approximate networking
Junaid Qadir314 views

More from Nane Kratzke

Smart like a Fox: How clever students trick dumb programming assignment asses... by
Smart like a Fox: How clever students trick dumb programming assignment asses...Smart like a Fox: How clever students trick dumb programming assignment asses...
Smart like a Fox: How clever students trick dumb programming assignment asses...Nane Kratzke
1.2K views28 slides
#BTW17 on Twitter (Die Bundestagswahl 2017 auf Twitter - war der Ausgang abzu... by
#BTW17 on Twitter (Die Bundestagswahl 2017 auf Twitter - war der Ausgang abzu...#BTW17 on Twitter (Die Bundestagswahl 2017 auf Twitter - war der Ausgang abzu...
#BTW17 on Twitter (Die Bundestagswahl 2017 auf Twitter - war der Ausgang abzu...Nane Kratzke
465 views18 slides
Serverless Architectures - Where have all the servers gone? by
Serverless Architectures - Where have all the servers gone?Serverless Architectures - Where have all the servers gone?
Serverless Architectures - Where have all the servers gone?Nane Kratzke
1.2K views33 slides
Der Bundestagswahlkampf 2017 auf Twitter - War der Ausgang abzusehen? by
Der Bundestagswahlkampf 2017 auf Twitter - War der Ausgang abzusehen?Der Bundestagswahlkampf 2017 auf Twitter - War der Ausgang abzusehen?
Der Bundestagswahlkampf 2017 auf Twitter - War der Ausgang abzusehen?Nane Kratzke
1.2K views35 slides
Smuggling Multi-Cloud Support into Cloud-native Applications using Elastic Co... by
Smuggling Multi-Cloud Support into Cloud-native Applications using Elastic Co...Smuggling Multi-Cloud Support into Cloud-native Applications using Elastic Co...
Smuggling Multi-Cloud Support into Cloud-native Applications using Elastic Co...Nane Kratzke
1.7K views30 slides
Was die Cloud mit einem brennenden Haus zu tun hat by
Was die Cloud mit einem brennenden Haus zu tun hatWas die Cloud mit einem brennenden Haus zu tun hat
Was die Cloud mit einem brennenden Haus zu tun hatNane Kratzke
626 views40 slides

More from Nane Kratzke(15)

Smart like a Fox: How clever students trick dumb programming assignment asses... by Nane Kratzke
Smart like a Fox: How clever students trick dumb programming assignment asses...Smart like a Fox: How clever students trick dumb programming assignment asses...
Smart like a Fox: How clever students trick dumb programming assignment asses...
Nane Kratzke1.2K views
#BTW17 on Twitter (Die Bundestagswahl 2017 auf Twitter - war der Ausgang abzu... by Nane Kratzke
#BTW17 on Twitter (Die Bundestagswahl 2017 auf Twitter - war der Ausgang abzu...#BTW17 on Twitter (Die Bundestagswahl 2017 auf Twitter - war der Ausgang abzu...
#BTW17 on Twitter (Die Bundestagswahl 2017 auf Twitter - war der Ausgang abzu...
Nane Kratzke465 views
Serverless Architectures - Where have all the servers gone? by Nane Kratzke
Serverless Architectures - Where have all the servers gone?Serverless Architectures - Where have all the servers gone?
Serverless Architectures - Where have all the servers gone?
Nane Kratzke1.2K views
Der Bundestagswahlkampf 2017 auf Twitter - War der Ausgang abzusehen? by Nane Kratzke
Der Bundestagswahlkampf 2017 auf Twitter - War der Ausgang abzusehen?Der Bundestagswahlkampf 2017 auf Twitter - War der Ausgang abzusehen?
Der Bundestagswahlkampf 2017 auf Twitter - War der Ausgang abzusehen?
Nane Kratzke1.2K views
Smuggling Multi-Cloud Support into Cloud-native Applications using Elastic Co... by Nane Kratzke
Smuggling Multi-Cloud Support into Cloud-native Applications using Elastic Co...Smuggling Multi-Cloud Support into Cloud-native Applications using Elastic Co...
Smuggling Multi-Cloud Support into Cloud-native Applications using Elastic Co...
Nane Kratzke1.7K views
Was die Cloud mit einem brennenden Haus zu tun hat by Nane Kratzke
Was die Cloud mit einem brennenden Haus zu tun hatWas die Cloud mit einem brennenden Haus zu tun hat
Was die Cloud mit einem brennenden Haus zu tun hat
Nane Kratzke626 views
RESTful APIs mit Dart by Nane Kratzke
RESTful APIs mit DartRESTful APIs mit Dart
RESTful APIs mit Dart
Nane Kratzke1K views
ppbench - A Visualizing Network Benchmark for Microservices by Nane Kratzke
ppbench - A Visualizing Network Benchmark for Microservicesppbench - A Visualizing Network Benchmark for Microservices
ppbench - A Visualizing Network Benchmark for Microservices
Nane Kratzke1.8K views
Java Streams und Lambdas by Nane Kratzke
Java Streams und LambdasJava Streams und Lambdas
Java Streams und Lambdas
Nane Kratzke3.7K views
Dart (Teil II der Tour de Dart) by Nane Kratzke
Dart (Teil II der Tour de Dart)Dart (Teil II der Tour de Dart)
Dart (Teil II der Tour de Dart)
Nane Kratzke6.5K views
Dart (Teil I der Tour de Dart) by Nane Kratzke
Dart (Teil I der Tour de Dart)Dart (Teil I der Tour de Dart)
Dart (Teil I der Tour de Dart)
Nane Kratzke11.5K views
Cloud Economics in Training and Simulation by Nane Kratzke
Cloud Economics in Training and SimulationCloud Economics in Training and Simulation
Cloud Economics in Training and Simulation
Nane Kratzke607 views
Are cloud based virtual labs cost effective? (CSEDU 2012) by Nane Kratzke
Are cloud based virtual labs cost effective? (CSEDU 2012)Are cloud based virtual labs cost effective? (CSEDU 2012)
Are cloud based virtual labs cost effective? (CSEDU 2012)
Nane Kratzke895 views
What Cost Us Cloud Computing by Nane Kratzke
What Cost Us Cloud ComputingWhat Cost Us Cloud Computing
What Cost Us Cloud Computing
Nane Kratzke303 views
Overcoming Cost Intransparency of Cloud Computing by Nane Kratzke
Overcoming Cost Intransparency of Cloud ComputingOvercoming Cost Intransparency of Cloud Computing
Overcoming Cost Intransparency of Cloud Computing
Nane Kratzke595 views

Recently uploaded

DSD-INT 2023 3D hydrodynamic modelling of microplastic transport in lakes - J... by
DSD-INT 2023 3D hydrodynamic modelling of microplastic transport in lakes - J...DSD-INT 2023 3D hydrodynamic modelling of microplastic transport in lakes - J...
DSD-INT 2023 3D hydrodynamic modelling of microplastic transport in lakes - J...Deltares
9 views24 slides
Unmasking the Dark Art of Vectored Exception Handling: Bypassing XDR and EDR ... by
Unmasking the Dark Art of Vectored Exception Handling: Bypassing XDR and EDR ...Unmasking the Dark Art of Vectored Exception Handling: Bypassing XDR and EDR ...
Unmasking the Dark Art of Vectored Exception Handling: Bypassing XDR and EDR ...Donato Onofri
825 views34 slides
Generic or specific? Making sensible software design decisions by
Generic or specific? Making sensible software design decisionsGeneric or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisionsBert Jan Schrijver
6 views60 slides
Agile 101 by
Agile 101Agile 101
Agile 101John Valentino
7 views20 slides
DSD-INT 2023 Simulating a falling apron in Delft3D 4 - Engineering Practice -... by
DSD-INT 2023 Simulating a falling apron in Delft3D 4 - Engineering Practice -...DSD-INT 2023 Simulating a falling apron in Delft3D 4 - Engineering Practice -...
DSD-INT 2023 Simulating a falling apron in Delft3D 4 - Engineering Practice -...Deltares
6 views15 slides
FIMA 2023 Neo4j & FS - Entity Resolution.pptx by
FIMA 2023 Neo4j & FS - Entity Resolution.pptxFIMA 2023 Neo4j & FS - Entity Resolution.pptx
FIMA 2023 Neo4j & FS - Entity Resolution.pptxNeo4j
7 views26 slides

Recently uploaded(20)

DSD-INT 2023 3D hydrodynamic modelling of microplastic transport in lakes - J... by Deltares
DSD-INT 2023 3D hydrodynamic modelling of microplastic transport in lakes - J...DSD-INT 2023 3D hydrodynamic modelling of microplastic transport in lakes - J...
DSD-INT 2023 3D hydrodynamic modelling of microplastic transport in lakes - J...
Deltares9 views
Unmasking the Dark Art of Vectored Exception Handling: Bypassing XDR and EDR ... by Donato Onofri
Unmasking the Dark Art of Vectored Exception Handling: Bypassing XDR and EDR ...Unmasking the Dark Art of Vectored Exception Handling: Bypassing XDR and EDR ...
Unmasking the Dark Art of Vectored Exception Handling: Bypassing XDR and EDR ...
Donato Onofri825 views
Generic or specific? Making sensible software design decisions by Bert Jan Schrijver
Generic or specific? Making sensible software design decisionsGeneric or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisions
Bert Jan Schrijver6 views
Agile 101 by John Valentino
Agile 101Agile 101
Agile 101
John Valentino7 views
DSD-INT 2023 Simulating a falling apron in Delft3D 4 - Engineering Practice -... by Deltares
DSD-INT 2023 Simulating a falling apron in Delft3D 4 - Engineering Practice -...DSD-INT 2023 Simulating a falling apron in Delft3D 4 - Engineering Practice -...
DSD-INT 2023 Simulating a falling apron in Delft3D 4 - Engineering Practice -...
Deltares6 views
FIMA 2023 Neo4j & FS - Entity Resolution.pptx by Neo4j
FIMA 2023 Neo4j & FS - Entity Resolution.pptxFIMA 2023 Neo4j & FS - Entity Resolution.pptx
FIMA 2023 Neo4j & FS - Entity Resolution.pptx
Neo4j7 views
.NET Developer Conference 2023 - .NET Microservices mit Dapr – zu viel Abstra... by Marc Müller
.NET Developer Conference 2023 - .NET Microservices mit Dapr – zu viel Abstra....NET Developer Conference 2023 - .NET Microservices mit Dapr – zu viel Abstra...
.NET Developer Conference 2023 - .NET Microservices mit Dapr – zu viel Abstra...
Marc Müller38 views
Quality Engineer: A Day in the Life by John Valentino
Quality Engineer: A Day in the LifeQuality Engineer: A Day in the Life
Quality Engineer: A Day in the Life
John Valentino6 views
Navigating container technology for enhanced security by Niklas Saari by Metosin Oy
Navigating container technology for enhanced security by Niklas SaariNavigating container technology for enhanced security by Niklas Saari
Navigating container technology for enhanced security by Niklas Saari
Metosin Oy14 views
EV Charging App Case by iCoderz Solutions
EV Charging App Case EV Charging App Case
EV Charging App Case
iCoderz Solutions5 views
Dev-Cloud Conference 2023 - Continuous Deployment Showdown: Traditionelles CI... by Marc Müller
Dev-Cloud Conference 2023 - Continuous Deployment Showdown: Traditionelles CI...Dev-Cloud Conference 2023 - Continuous Deployment Showdown: Traditionelles CI...
Dev-Cloud Conference 2023 - Continuous Deployment Showdown: Traditionelles CI...
Marc Müller37 views
Keep by Geniusee
KeepKeep
Keep
Geniusee75 views
DSD-INT 2023 Thermobaricity in 3D DCSM-FM - taking pressure into account in t... by Deltares
DSD-INT 2023 Thermobaricity in 3D DCSM-FM - taking pressure into account in t...DSD-INT 2023 Thermobaricity in 3D DCSM-FM - taking pressure into account in t...
DSD-INT 2023 Thermobaricity in 3D DCSM-FM - taking pressure into account in t...
Deltares9 views
Gen Apps on Google Cloud PaLM2 and Codey APIs in Action by Márton Kodok
Gen Apps on Google Cloud PaLM2 and Codey APIs in ActionGen Apps on Google Cloud PaLM2 and Codey APIs in Action
Gen Apps on Google Cloud PaLM2 and Codey APIs in Action
Márton Kodok5 views
20231129 - Platform @ localhost 2023 - Application-driven infrastructure with... by sparkfabrik
20231129 - Platform @ localhost 2023 - Application-driven infrastructure with...20231129 - Platform @ localhost 2023 - Application-driven infrastructure with...
20231129 - Platform @ localhost 2023 - Application-driven infrastructure with...
sparkfabrik5 views
DSD-INT 2023 European Digital Twin Ocean and Delft3D FM - Dols by Deltares
DSD-INT 2023 European Digital Twin Ocean and Delft3D FM - DolsDSD-INT 2023 European Digital Twin Ocean and Delft3D FM - Dols
DSD-INT 2023 European Digital Twin Ocean and Delft3D FM - Dols
Deltares7 views
SAP FOR CONTRACT MANUFACTURING.pdf by Virendra Rai, PMP
SAP FOR CONTRACT MANUFACTURING.pdfSAP FOR CONTRACT MANUFACTURING.pdf
SAP FOR CONTRACT MANUFACTURING.pdf
Virendra Rai, PMP13 views
Airline Booking Software by SharmiMehta
Airline Booking SoftwareAirline Booking Software
Airline Booking Software
SharmiMehta6 views
Myths and Facts About Hospice Care: Busting Common Misconceptions by Care Coordinations
Myths and Facts About Hospice Care: Busting Common MisconceptionsMyths and Facts About Hospice Care: Busting Common Misconceptions
Myths and Facts About Hospice Care: Busting Common Misconceptions
Care Coordinations5 views
HarshithAkkapelli_Presentation.pdf by harshithakkapelli
HarshithAkkapelli_Presentation.pdfHarshithAkkapelli_Presentation.pdf
HarshithAkkapelli_Presentation.pdf
harshithakkapelli11 views

About an Immune System Understanding for Cloud-native Applications - Biology Inspired Thoughts to Immunize the Cloud Forensic Trail

  • 1. About an Immune System Understanding for Cloud-native Applications Biology Inspired Thoughts to Immunize the Cloud Forensic Trail Nane Kratzke 9th International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2018); Barcelona, Spain, 2018
  • 2. The next 20 minutes are about ... • Some scary considerations on zero-day exploits • Cyber attack life cycle model • What can be learned about cloud applications after more than 10 years of cloud computing • The idea to (permanently) jangle attackers nerves • Some evaluation results • Conclusions and open issues Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 2 Presentation URL Paper URL
  • 3. Some scary considerations for introduction • In principle attackers can establish footholds in our systems whenever they want (zero-day exploits) • Cloud application security engineering efforts focus to harden the fortress walls. • Cloud applications rely on their defensive walls but seldom attack intruders actively. Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 3
  • 4. We need a reactive component as well Biological systems are different. Defensive “walls” can be breached at several layers. An additional active defense system is needed to attack potential successful intruders - an immune system. Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 4
  • 5. Cyber Attack Life Cycle Model Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 5
  • 6. How long can presence be maintained? Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 6 Answer: Surprisingly long!
  • 7. One basic idea Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 7 Play god, break this loop at arbitrary times at your will!
  • 8. We need some guidance ... ClouNS – Cloud-native Application Reference Model Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 8 [KP2016] Kratzke, N., & Peinl, R. (2016). ClouNS - a Cloud-Native Application Reference Model for Enterprise Architects. In 2016 IEEE 20th International Enterprise Distributed Object Computing Workshop (EDOCW) (pp. 1–10). [QK2018a] Quint, P.-C., & Kratzke, N. (2018). Towards a Lightweight Multi-Cloud DSL for Elastic and Transferable Cloud-native Applications. In Proceedings of the 8th Int. Conf. on Cloud Computing and Services Science (CLOSER 2018, Madeira, Portugal).
  • 9. We use this very basic model ... Prof. Dr. rer. nat. Nane Kratzke Praktische Informatik und betriebliche Informationssysteme 9 Operate application on current provider. Scale cluster into prospective provider. Shutdown nodes on current provider. Cluster reschedules lost container. Migration finished. Quint, P.-C., & Kratzke, N. (2016). Overcome Vendor Lock-In by Integrating Already Available Container Technologies - Towards Transferability in Cloud Computing for SMEs. In Proceedings of CLOUD COMPUTING 2016 (7th. International Conference on Cloud Computing, GRIDS and Virtualization). … mainly, to avoid Vendor Lock-In: • Make use of elastic container platforms to operate elastic services being deployable to any IaaS cloud infrastructure. • Transfer of these services from one private or public cloud infrastructure to another at runtime. Kratzke, N. (2017). Smuggling Multi-Cloud Support into Cloud-native Applications using Elastic Container Platforms. In Proceedings of the 7th Int. Conf. on Cloud Computing and Services Science (CLOSER 2017) (pp. 29–42).
  • 10. A control loop tries permanently to reach an intended state Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 10 Operate application on current provider. Scale cluster into prospective provider. Shutdown nodes on current provider. Cluster reschedules lost container. Migration finished.
  • 11. Most systems rely on their defence walls and just wait to be attacked Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 11 Successfully breached node (lateral movement)
  • 12. Let us make the game more challenging for the attacker Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 12 We can create a race between a manual (time-intensive) breach and a fully automatic (and fast) regeneration. Regenerated node (randomly chosen at some point in time) Successfully breached node (lateral movement)
  • 13. Sadly, the approach is limited Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 13
  • 14. Regeneration evaluation: Runtime to regenerate one node Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 14 Request a node Adjust Security Groups Join Node Adjust Security Group Terminate Node
  • 15. Diving into IaaS infrastructure specifics Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 15
  • 16. Runtime to regenerate one node Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 16 Request a node Adjust Security Groups Join Node 0 100 200 300 400 500 600 700 AWS OpenStack GCE Azure Runtimes (median values in seconds) Creation Secgroup Joining Termination Adjust Security Group Terminate Node
  • 17. Open issues and limitations • Can we reduce regenerations? • Can we identify suspect nodes automatically? • Limited to applications on CAMM Level 2 and above … (state management) • How to handle data-as-code dependencies and code injection vulnerabilities? • What is about exploits/attacks that are adaptable to bio-inspired systems? • How to protect the regeneration mechanism against attackers? • Large scale evaluation needed Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 17
  • 18. Conclusion Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 18 • The presented approach means for attackers that their time being „undetected“ drops from months down to minutes. • However, biology inspired solutions come with downsides like • fever (too many nodes in regeneration at the same time, system runs hot) • auto-immune disease (healthy nodes are attacked too often) • Further research needed how to integrate • append-only logging systems • suspect node detection • avoidance of immune-system downsides like fever and auto- immune diseases • Several experts remarked independently that the basic idea is so „intruiging“, that it should be considered more consequently.
  • 19. Acknowledgement • Virus: Pixabay (CC0 Public Domain) • Fortress: Pixabay (CC0 Public Domain) • Bowman: Pixabay (CC0 Public Domain) • Definition: Pixabay (CC0 Public Domain, PDPics) • Railway: Pixabay (CC0 Public Domain, Fotoworkshop4You) • Air Transport: Pixabay (CC0 Public Domain, WikiImages) Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 19 Picture Reference This research is partly funded by German Federal Ministry of Education and Research (13FH021PX4). Presentation URL Paper URL
  • 20. About Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 20 Nane Kratzke CoSA: http://cosa.fh-luebeck.de/en/contact/people/n-kratzke Blog: http://www.nkode.io Twitter: @NaneKratzke GooglePlus: +NaneKratzke LinkedIn: https://de.linkedin.com/in/nanekratzke GitHub: https://github.com/nkratzke ResearchGate: https://www.researchgate.net/profile/Nane_Kratzke SlideShare: http://de.slideshare.net/i21aneka