10 Keio513


Published on

Explaining Cloud security issues using "Security Wars" theory

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

10 Keio513

  1. 1. Cloud Security Wars Ikuo Takahashi 15
  2. 2. A long time ago in a network far ,far away The word “hacker”used to be a respectful word for the master of computer.However many hackers fell into the Dark World led by dark side of their power-anger, exhibitionism and temporary joy. Internet has been messed up by the unprecedented attacks from people who covet the Internet by lust, people who impose on others for economic interests, people who juggle with the bot. This "Saga" is about the epic of the battle with the society, Engineers who crossed the line of social activity, and ISP who stand up against the messed up Internet. ……………… .. ハッカーは、選ばれし者。 多数の者が、怒り、自己顕示欲、楽しみのために堕ちていった。 社会は、暗黒の技術者と永遠の初心者からネットワークを 守る決心をした。
  3. 3. Security Wars Theory <ul><li>Every Information Security issue can be explained by analogy of Star Wars </li></ul><ul><li>Balance of “Force”-Hacker power </li></ul><ul><li>Light side </li></ul><ul><ul><ul><li>Efficiency </li></ul></ul></ul><ul><ul><ul><li>Scalability </li></ul></ul></ul><ul><li>Dark side </li></ul><ul><ul><li>Security </li></ul></ul><ul><ul><li>Lack of responsibility </li></ul></ul> セキュリティウォーズ理論 Virtualization Remote Computing
  4. 4. Factor Analysis of Cloud Computing Virtualization Remote No standard No location of data Network Security Beyond Boundary  仮想化因子と遠隔因子の影響
  5. 5. Risk analysis for Compliant Cloud Computing possibility Loss of governance jurisdiction compliance Data protection subpoena E-discovery 1 2 Incident response 3 4 5 <ul><ul><li>Quoted form ENISA  “ Cloud Computing - Benefits, risks and recommendations for information security” </li></ul></ul>
  6. 6. Compliance/Governance Issues No standard Under Development Incident Response Subpoena/Accountability Loss of Governance Compliance Data Protection/ Data breach Jurisdiction  コンプライアンス問題の位置づけ Network Security Beyond Boundary
  7. 7. Behind Scenes Sovereign Privacy ??? Human Factor  問題の潜在因子 Network Network Security Beyond Boundary
  8. 8. Privacy and Security Network Network Security Beyond Boundary Compliance Concern “ Cyber Warfare” Privacy  プライバシの微妙な役割 Sovereign Human Factors Enforcement/ Judicial Jurisdiction Organised Crime Hacktivism Innocent Users
  9. 9. Spectrum of Cyber Attack Cyber crime Cyber terrorism Cyber Warfare nature organization armed attack Damage State Damage CI money Issues 1)private as State -State Responsibility 2)Political motive vs. Monetary greed 3) Jus in Bello vs. Serious Crime use of force  攻撃の分布と概念の限界
  10. 10. Analysis of “Cyber Warfare” “ Cyber Warfare” Sovereign Human Factors Bot Net Mass Society Technology Attribute Asymmetric Innocent users Definition Issue Privacy
  11. 11. Order 66 vs ”Bot net” Order <ul><li>Order 66 </li></ul><ul><ul><li>Holoscan appeared on the palm of his gauntlet ”It is time ” the holoscan said.” Execute Order Sixty-Six ” </li></ul></ul><ul><ul><li>Standing Order Number One was,apparently,Kill Everything That moves. </li></ul></ul><ul><ul><li>Combat droids were equipped with sophisticated self-motivators that kicked in automatically. </li></ul></ul><ul><ul><ul><li>Star Wars ep3 Chapter 18 </li></ul></ul></ul><ul><li>Bot net Order </li></ul><ul><ul><li>Bot net were equipped to attack the target by D-Dos or posting spam </li></ul></ul><ul><ul><li>They communicate each other with sophisticated self-motivators that kicked in automatically. They change their using port or protocol in order to hide themselves. </li></ul></ul> ボットオーダーとオーダー 66 の類似
  12. 12. Is this WAR? <ul><li>Presumably </li></ul><ul><ul><li>Start from actual fact. </li></ul></ul><ul><li>definition of “War” </li></ul><ul><ul><li>“ asymmetric war” </li></ul></ul><ul><ul><li>no nation, no blood </li></ul></ul><ul><li>Defend the mass user </li></ul><ul><ul><li>Refer; “Wire fraud recovery Act” </li></ul></ul><ul><li>“ Victory?” Yoda echoed with great skepticism. </li></ul><ul><li>” The shroud of the dark side has fallen. Begun,this clone War has!” </li></ul><ul><ul><li>Master Yoda after “War of Geonosis” </li></ul></ul>
  13. 13. Asymmetric Warfare <ul><li>Definition </li></ul><ul><ul><li>war between belligerents whose relative military power differs significantly, or whose strategy or tactics differ significantly. </li></ul></ul><ul><li>e.g. Guerilla War </li></ul><ul><ul><li>Guerrilla warfare is the irregular warfare and combat in which a small group of combatants use mobile military tactics in the form of ambushes and raids to combat a larger and less mobile formal army. </li></ul></ul> 非対称戦争としてのサイバー戦争
  14. 14. Lack of balance <ul><li>No standard to get the information outside the boundary(Criminal, Administrative) </li></ul><ul><li>Very difficult to discuss about privacy vs. security </li></ul><ul><ul><li>Defend Innocent users </li></ul></ul><ul><ul><li>Prevent innocent users to be troopers </li></ul></ul>Privacy  バランスの喪失 Sovereign Human Factors Enforcement/ Judicial Jurisdiction Organised Crime Hacktivism Innocent Users
  15. 15. Who will bring the balance of Light side and Dark side? <ul><li>“ Force” will resolve such problems. </li></ul><ul><ul><li>Reveal the “Two Faces of Privacy” </li></ul></ul><ul><ul><li>Framework and industrial standard to get the information outside the boundaries </li></ul></ul><ul><ul><li>Transparent Cloud Defense System </li></ul></ul> バランスをもたらすのは、ルークなのか。
  16. 16. Two Faces of Privacy <ul><li>When talking about privacy, people agree that privacy is essential to their life. </li></ul><ul><li>(Japan) MIC had been insisting that ISP’s security activity is infringing secrecy of communication. </li></ul><ul><li>Privacy is least importance between price, function and privacy in actual trade-offs. </li></ul><ul><li>Users reliable person’s security activity is preferable activity.(IPA research) </li></ul> プライバシのトウーフェイス
  17. 17. Framework and industrial standard <ul><li>Cloud Computing Convention Initiative (?) </li></ul><ul><ul><li>Information Security Standard all over the world </li></ul></ul><ul><ul><li>Applicable law of privacy </li></ul></ul><ul><ul><li>Industrial Standard for administrative investigation </li></ul></ul><ul><ul><li>Industrial Standard for Forensic research of cloud stored data </li></ul></ul><ul><ul><li>Define the domicile at Civil litigation </li></ul></ul><ul><ul><li>… . </li></ul></ul> 産業標準と枠組の必要性
  18. 18. Transparent Cloud Defense <ul><li>ISP activity </li></ul><ul><ul><li>security </li></ul></ul><ul><ul><li>phishing </li></ul></ul><ul><ul><li>inappropriate information </li></ul></ul><ul><ul><li>copyright </li></ul></ul><ul><li>Domain Registrar's take down procedure </li></ul> 透明性ある中間防御
  19. 19. ISP’s grief <ul><li>Vador didn’t intend to kill Padome. </li></ul><ul><ul><li>“ I’m very sorry, Lord Vador.(..) It seems in your anger, you killed her” </li></ul></ul><ul><li>“ No…no. it is not possible” (ep3) </li></ul><ul><ul><li>Darth Vader </li></ul></ul>ISPの悲しみ ・言論の自由の制限のつもりはない ・どのように・何を・コストは誰が Does not intend to regulate “Freedom of speech” concepts How to control? What control? Who control? Who pay for costs?
  20. 20. Why Han Solo fight for the peace? <ul><li>Han </li></ul><ul><ul><li>“ I’m not on this mission for your revolution. Economics interest me, not politics .There’s business to be done under any government.” </li></ul></ul><ul><ul><ul><li>Ep4 Page172 </li></ul></ul></ul><ul><li>Cloud security issues are external inefficiencies. </li></ul><ul><li>May the force be with you. </li></ul> フォースのご加護を