About being the Tortoise or the Hare? Making Cloud Applications too Fast and Furious for Attackers

1. 8th International Conference on Cloud Computing and Services Science (CLOSER 2018); Funchal, Madeira, Portugal, 2018 About being the Tortoise or the Hare? A Position Paper on Making Cloud Applications too Fast and Furious for Attackers Nane Kratzke

2. The next 15 minutes are about ... • Some scary considerations on zero- day exploits • Moving target defense • The idea to (permanently) jangle attackers nerves • Some evaluation results • Conclusions and open issues Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 2 Paper URL Presentation URL Speaker Deck

3. How to defense against unknown vulnerabilities? Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 3 Reported in January 2018. Mainly x86 microprocessors with out-of-order execution and branch-prediction affected since 1995 (says Google). CVE-2017-5754 CVE-2017-5715 CVE-2017-5753 I started my computer science studies in 1996! My microprocessorprofessor told me,out-of-order execution and branch-prediction isone of the coolestthings on earth.

4. Moving Target Defense (MTD) ACM Moving Target Defense Workshops 2014 - 2017 Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 4 • The static nature of current computing systems has made them easy to attack and harder to defend. • The idea of moving-target defense (MTD) is to impose the same asymmetric disadvantage on attackers by making systems dynamic (harder to explore and predict). • Moving target defense reduces the need for threat detection.

5. We need a reactive component as well Biological systems are different. Defensive “walls” can be breached at several layers. An additional active defense system is needed to attack potential successful intruders - an immune system. Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 5

6. We build a transferability solution ... Prof. Dr. rer. nat. Nane Kratzke Praktische Informatik und betriebliche Informationssysteme 6 Operate application on current provider. Scale cluster into prospective provider. Shutdown nodes on current provider. Cluster reschedules lost container. Migration finished. Quint, P.-C., & Kratzke, N. (2016). Overcome Vendor Lock-In by Integrating Already Available Container Technologies - Towards Transferability in Cloud Computing for SMEs. In Proceedings of CLOUD COMPUTING 2016 (7th. International Conference on Cloud Computing, GRIDS and Virtualization). … mainly, to avoid Vendor Lock-In: • Make use of elastic container platforms to operate elastic services being deployable to any IaaS cloud infrastructure. • Transfer of these services from one private or public cloud infrastructure to another at runtime. Kratzke, N. (2017). Smuggling Multi-Cloud Support into Cloud-native Applications using Elastic Container Platforms. In Proceedings of the 7th Int. Conf. on Cloud Computing and Services Science (CLOSER 2017) (pp. 29–42).

7. Most systems rely on their defence walls and just wait to be attacked Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 7 Successfully breached node (lateral movement)

8. How long can presence be maintained? Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 8 Answer: Surprisingly long!

9. Let us make the game more challenging for the attacker Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 9 We can create a race between a manual (time-intensive) breach and a fully automatic (and fast) regeneration. Regenerated node (randomly chosen at some point in time) Successfully breached node (lateral movement)

10. Runtime to regenerate one node Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 10 Request a node Adjust Security Groups Join Node 0 100 200 300 400 500 600 700 AWS OpenStack GCE Azure Runtimes (median values in seconds) Creation Secgroup Joining Termination Adjust Security Group Terminate Node Remember: The median time being undetected in 2016 was 99 DAYS 1 minute 10 minutes

11. Conclusion, open issues and limitations • The presented approach means for attackers that their time being „undetected“ drops from months down to minutes . • Can we reduce regenerations without increasing own efforts? • What is about exploits/attacks that are adaptable to bio-inspired systems? • How to protect the regeneration mechanism against attackers? • Biology inspired solutions come with downsides like • fever (too many nodes in regeneration at the same time, system runs hot) • auto-immune disease (healthy nodes are attacked too often) Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 11

12. Acknowledgement • Rabbit, Tortoise: Pixabay (CC0 Public Domain) • Fortress: Pixabay (CC0 Public Domain) • Bowman: Pixabay (CC0 Public Domain) • Definition: Pixabay (CC0 Public Domain, PDPics) • Railway: Pixabay (CC0 Public Domain, Fotoworkshop4You) • Air Transport: Pixabay (CC0 Public Domain, WikiImages) Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 12 Picture Reference This research is partly funded by German Federal Ministry of Education and Research (13FH021PX4). Paper URL Presentation URL Speaker Deck

13. About Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 13 Nane Kratzke CoSA: http://cosa.fh-luebeck.de/en/contact/people/n-kratzke Blog: http://www.nkode.io Twitter: @NaneKratzke GooglePlus: +NaneKratzke LinkedIn: https://de.linkedin.com/in/nanekratzke GitHub: https://github.com/nkratzke ResearchGate: https://www.researchgate.net/profile/Nane_Kratzke SlideShare: http://de.slideshare.net/i21aneka