Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

600.412.Lecture02

788 views

Published on

CS 600.412 Security and Privacy in Cloud Computing

  • Be the first to comment

600.412.Lecture02

  1. 1. Security and Privacy in Cloud Computing<br />Ragib HasanJohns Hopkins Universityen.600.412 Spring 2010<br />Lecture 2<br />02/01/2010<br />
  2. 2. Threats, vulnerabilities, and enemies<br />2/1/2010<br />en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan<br />2<br />Goal<br />Learn the cloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud<br />Technique<br />Apply different threat modeling schemes<br />
  3. 3. Assignment for next class<br />Review: Thomas Ristenpart et al., Hey, You, Get Off of My Cloud! Exploring Information Leakage in Third-Party Compute Clouds, proc. ACM CCS 2009.<br />Format:<br />Summary: A brief overview of the paper, 1 paragraph (5 / 6 sentences)<br />Pros: 3 or more issues<br />Cons: 3 or more issues<br />Possible improvements: Any possible suggestions to improve the work<br />Due: 2.59 pm 2/8/2010<br />Submission: By email to rhasan7@jhu.edu (text only, no attachments please)<br />2/1/2010<br />en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan<br />3<br />
  4. 4. Threat Model<br />A threat model helps in analyzing a security problem, design mitigation strategies, and evaluate solutions<br />Steps:<br />Identify attackers, assets, threats and other components<br />Rank the threats<br />Choose mitigation strategies<br />Build solutions based on the strategies<br />2/1/2010<br />en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan<br />4<br />
  5. 5. Threat Model<br /> Basic components <br />Attacker modeling<br />Choose what attacker to consider<br />Attacker motivation and capabilities<br />Assets / Attacker Goals<br />Vulnerabilities / threats<br />2/1/2010<br />en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan<br />5<br />
  6. 6. Recall: Cloud Computing Stack<br />2/1/2010<br />en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan<br />6<br />
  7. 7. Recall: Cloud Architecture<br />2/1/2010<br />en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan<br />7<br />SaaS / PaaS Provider<br />Client<br />Cloud Provider<br />(IaaS)<br />
  8. 8. Attackers<br />2/1/2010<br />en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan<br />8<br />
  9. 9. Who is the attacker?<br />2/1/2010<br />en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan<br />9<br />Insider?<br /><ul><li>Malicious employees at client
  10. 10. Malicious employees at Cloud provider
  11. 11. Cloud provider itself</li></ul>Outsider?<br /><ul><li>Intruders
  12. 12. Network attackers?</li></li></ul><li>Attacker Capability: Malicious Insiders<br />At client<br />Learn passwords/authentication information<br />Gain control of the VMs<br />At cloud provider<br />Log client communication<br />2/1/2010<br />en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan<br />10<br />
  13. 13. Attacker Capability: Cloud Provider<br />What?<br />Can read unencrypted data<br />Can possibly peek into VMs, or make copies of VMs<br />Can monitor network communication, application patterns<br />2/1/2010<br />en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan<br />11<br />
  14. 14. Attacker motivation: Cloud Provider<br />Why?<br />Gain information about client data<br />Gain information on client behavior<br />Sell the information or use itself<br />Why not?<br />Cheaper to be honest?<br />Why? (again)<br />Third party clouds?<br />2/1/2010<br />en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan<br />12<br />
  15. 15. Attacker Capability: Outside attacker<br />What?<br />Listen to network traffic (passive)<br />Insert malicious traffic (active)<br />Probe cloud structure (active)<br />Launch DoS<br />2/1/2010<br />en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan<br />13<br />
  16. 16. Attacker goals: Outside attackers<br />Intrusion<br />Network analysis<br />Man in the middle<br />Cartography<br />2/1/2010<br />en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan<br />14<br />
  17. 17. Assets<br />2/1/2010<br />en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan<br />15<br />
  18. 18. Assets (Attacker goals)<br />Confidentiality:<br />Data stored in the cloud<br />Configuration of VMs running on the cloud<br />Identity of the cloud users<br />Location of the VMs running client code<br />2/1/2010<br />en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan<br />16<br />
  19. 19. Assets (Attacker goals)<br />Integrity<br />Data stored in the cloud<br />Computations performed on the cloud<br />2/1/2010<br />en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan<br />17<br />
  20. 20. Assets (Attacker goals)<br />Availability<br />Cloud infrastructure<br />SaaS / PaaS<br />2/1/2010<br />en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan<br />18<br />
  21. 21. Threats<br />2/1/2010<br />en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan<br />19<br />
  22. 22. Organizing the threats using STRIDE<br />Spoofing identity<br />Tampering with data<br />Repudiation<br />Information disclosure<br />Denial of service<br />Elevation of privilege<br />2/1/2010<br />en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan<br />20<br />
  23. 23. Typical threats<br />2/1/2010<br />en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan<br />21<br />[STRIDE]<br />
  24. 24. Typical threats (contd.)<br />2/1/2010<br />en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan<br />22<br />[STRIDE]<br />
  25. 25. Summary<br />A threat model helps in designing appropriate defenses against particular attackers<br />Your solution and security countermeasures will depend on the particular threat model you want to address<br />2/1/2010<br />en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan<br />23<br />
  26. 26. 2/1/2010<br />24<br />en.600.412 Spring 2010 Lecture 2 | JHU | Ragib Hasan<br />Further Reading<br />Frank Swiderski and Window Snyder , “Threat Modeling “, Microsoft Press, 2004<br />The STRIDE Threat Model<br />

×