This document discusses cloud security risks and provides an overview of cloud security. It outlines various security risks in cloud computing including insider and outsider attacks, privacy and trust issues, and vulnerabilities in operating systems, virtualization, and shared images. It also describes the Xoar system for improving security by reducing the trusted computing base and limiting privileges and interfaces of system components. Finally, it discusses the need for a trusted virtual machine monitor to prevent the cloud provider from accessing the system.

1. Cloud Security
Presented by: Rashmi Agale Guided by: D M Ujalambkar
Department of Computer Engineering
AISSMS COE,Pune-01
11/22/16Cloud security 1

2.  Cloud security risks
 Insider and outsider attack
 Privacy and Trust
 Operating system security
 Security of virtualization
 Security risks posed by shared images
 Security risks posed by a management OS
 Xoar and its components
 Trusted virtual machine monitor
Overview
11/22/16Cloud security 2

3.  Increasing usage of cloud services in non-traditional sectors
 Growing adoption of cloud services in government departments
 Rise in cloud service specific attacks
 Growing usage of cloud services for critical data storage
 Rise in employee mobility
 Standards, regulations, and laws governing the activities of cloud service
provider have yet to be adopted.
 Service Level Agreements (SLAs) do not provide adequate legal protection
for cloud users, often left to deal with events beyond their control.
 Many issues related to privacy, security, and trust in cloud computing are far
from being settled
Why cloud security is important ?
11/22/16Cloud security 3

4.  Secure data transfer : secure channel(https)
 Secure software interfaces : APIs and interfaces
 Secure stored data : encrypted
 User access control : level of access to data
 Data separation : attacks on shared technology inside cloud
Cloud security risks
11/22/16Cloud security 4

5.  At client
 Learn passwords/authentication information
 Gain control of the VMs
 At CSP
 Log client communication
 Can read unencrypted data
 Can possibly peek into VMs, or make copies of VMs
 Can monitor network communication, application patterns
 Why?
 Gain information about client data and
 Sell the information or use itself
Insider attack
11/22/165Cloud security

6.  What?
 Listen to network traffic
 Insert malicious traffic
 Launch Daniel of Service (Dos)
Outsider attack
11/22/166Cloud security

7.  Consumer’s loss of control
 Data, applications, resources are located with provider
 User identity management is handled by the cloud
 User access control rules, security policies and enforcement are managed by
the cloud provider
 Multi-tenancy
 Multiple independent users share the same physical infrastructure
 Thus an attacker can legitimately be in the same physical machine as the
target
 Will the sensitive data stored on a cloud remain confidential?
 Will cloud compromises leak confidential client data
 Will the cloud provider itself be honest and won’t peek into the data?
Privacy
11/22/167Cloud security

8.  Lack of trust
 Trusting a third party requires taking risks
 Trust and risk are opposite sides of the same coin
 Cloud now stores data from a lot of clients, and can run data mining
algorithms to get large amounts of information on clients
 Cloud provider employees can be phished
Trust
11/22/168Cloud security

9.  Malicious attacks: Unauthorized access to a privileged information,
tempering with executable code, and spoofing
 Elements of the mandatory OS security
 Access control : mechanisms to control the access to system objects
 Authentication usage : mechanisms to authenticate a principal.
 Cryptographic usage policies : mechanisms used to protect the data .
 Trusted applications only be allowed the lowest level of privileges required to
perform their functions.
 Existence of trusted paths mechanisms supporting user interaction with
trusted software.
Operating system security
11/22/169Cloud security

10.  Just as an OS attack is possible, a hacker can take control of a hypervisor.
 If hacker gets control of hypervisor, he gains control of everything.
 Firewalls in virtual environment is a little more complicated than in normal
network because some virtual servers are outside a firewall
 Manipulating the available resources into mounting a large-scale botnet
attack.
 Virtualization sprawling
 Use of backdoor VMs that leak sensitive information and can destroy data
privacy.
 Taking a snapshot or illegal copy of the whole system is easy.
 Infection of VMs may last indefinitely
Security of virtualization
11/22/1610Cloud security

11.  Image sharing is critical for the IaaS cloud delivery model. For example, a
user of AWS has the option to choose between
 Amazon Machine Images (AMIs) accessible through the Quick Start.
 Community AMI menus of the EC2 service.
 Many of the images analyzed by a recent report allowed a user to undelete
files, recover private keys, or other type of sensitive information with little
effort and using standard tools.
 A software vulnerability audit revealed that 98% of the Windows AMIs and
58% of Linux AMIs audited had critical vulnerabilities.
 Security risks:
 Backdoors and leftover credentials.
 Unsolicited connections.
Security risks posed by shared
images
11/22/1611Cloud security

12.  Hypervisor is considerably smaller than an operating system
e.g. the Xen VMM has 60,000 lines of code
 The Trusted Computer Base (TCB) of a cloud computing environment
includes not only the hypervisor but also the management OS.
 The management OS supports administrative tools, live migration, device
drivers, and device emulators.
 In Xen the management operating system runs in Dom0; it manages the
building of all user domains, a process consisting of several steps:
 Allocate memory in the Dom0 address space and load the kernel of the guest
operating system from the secondary storage.
 Allocate memory for the new VM
Security risks posed a management
OS
11/22/1612Cloud security

13.  Set up the initial page tables for the new VM.
 Release the foreign mapping on the new VM memory, set up the virtual CPU
registers and launch the new VM.
Security risks posed a management
OS (Cont..)
11/22/1613Cloud security

14.  Security risks at the time it creates a DomU:
 Refuse to carry out the steps necessary to start the new VM.
 Modify the kernel of the guest OS to allow a third party to monitor and
control the execution of applications running under the new VM.
 Undermine the integrity of the new VM by setting the wrong page tables
and/or setup wrong virtual CPU registers.
 Refuse to release the foreign mapping and access the memory while the new
VM is running.
Security risks posed a management
OS (Cont..)
11/22/1614Cloud security

15.  Xoar - breaking the monolithic design of TCB
 Xoar is a version of Xen designed to boost system security
 The design goals are:
 Maintain the functionality provided by Xen.
 Ensure transparency with existing management and VM interfaces.
 Tight control of privileges, each component should only have the privileges
required by its function.
 Minimize the interfaces of all components to reduce the possibility that a
component can be used by an attacker.
Xoar
11/22/1615Cloud security

16.  Eliminate sharing. Make sharing explicit whenever it cannot be eliminated to
allow meaningful logging and auditing.
 Reduce the opportunity of an attack targeting a system component by limiting
the time window when the component runs.
Xoar (Cont..)
11/22/1616Cloud security

17.  Permanent components
:XenStore-State
maintains all information
regarding the state of the
system.
 Components used to
boot the system: they
self-destruct before any
user VM is started. They
discover the hardware
configuration of the
server and then boot the
system:
Xoar system components (Cont..)
11/22/1617Cloud security

18.  Components restarted on each request:
 Toolstack - handles VM management requests, e.g., it requests the Builder to
create a new guest VM in response to a user request.
 Builder - initiates user VMs.
 Components restarted on a timer:
 Blk-Back - exports physical storage device drivers
 NetBack - exports the physical network driver.
Xoar system components (Cont..)
11/22/1618Cloud security

19.  Noval ideas:
 Do not allow the contents of the system to be either manipulated or inspected
by the cloud service provider
 An application should be allowed to build its software stack based on its
needs. Applications requiring a very high level of security should run under a
very thin OS supporting only the functionality required by the application and
the ability to boot.
 Provide trusted paths from a user to an application. Such a path allows a
human user to determine with certainty the identity of the VM it is interacting
with and allows the VM to verify the identity of the human user.
 Deny the cloud service provider the root access.
Trusted virtual machine monitor
11/22/1619Cloud security

20.  Dan C. Marinescu , “Cloud Computing: Theory and Practice ”
References
11/22/16Cloud security 20

21. THANK YOU
11/22/16Cloud security 21