IBM Cloud Academy Conference ICACON 2015

Transcription

1 by Eman Hossny, Sherif Khattab, Fatma Omara, Hesham Hassan Faculty of Computers and Information, Cairo University IBM Cloud Academy Conference ICACON 2015

2 Background Motivation Objective BTB Service EASI-CLOUDS project Conclusion and Future Work BTB Service, 22 may, Slide (2 of 21)

3 Bot A Malicious software helps an attacker to gain full control over a computer Zombie A computer that is infected by a bot Botnet A large number of bot-infected zombies. Under the control of an attacker (Bot master) Used to launch DDoS Send spam s Stole users' banking credentials Install additional malware BTB Service, Eman Hossny 22 may, Slide (3 of 21)

4 A study shows 40% of all computers connected to web are Infected bots and controlled by bot master. BTB Service, 22 may, Slide (4 of 21)

5 Date October, 2009 Cybercriminal Attackers used DDoS to hack the BitBucket.org site, deployed on Amazon EC2 April, 2011 January, 2014 Attackers rented a set of Amazon EC2 VMs and initiate a massive attack. Hacked more than 100 million personal accounts of Sony s customer Four of top malware sites are deployed on Amazon Web Services (AWS): e.g., Downloadinstantly.com and powerpackmm.com Therefore, Amazon is a hornet s nest of malware April, 2015 Law enforcement groups and private security companies have broken a huge botnet (Simda Botnet). Simda Botnet: 770,000 compromised computers in 190 countries. BTB Service, Eman Hossny 22 may, Slide (5 of 21)

6 BTB Service, 22 may, Slide (6 of 21)

7 BTB Bot TraceBack BTB Service, Eman Hossny 22 may, Slide (7 of 21)

8 Terminologies Use Cases BTB Architecture Detailed Operational Flow Running Scenarios BTB Service, 22 may, Slide (8 of 21)

9 Attacking VM: this is the Bot VM. Attacking IP address: this is the IP address of the bot VM. Attacked VM: this is the victim VM. Attacked IP address: this is the IP address of the victim VM.

10 BTB Service, Eman Hossny 22 may, Slide (9 of 21)

11 Help customers to send BTB reports to an IaaS Provider Report Attack Customer Portal Store historical data about all VMs Identify the Bot VM Report Bot VMs BTB Reporting Service Log Report Reports & VMs DB Pull Report Pull VMs info BTB Detection Service Security-aaS Log VMs Info Retrieve Security info Operation about all available Center (SOC) VMs for all users Monitoring BTB Service, 22 may, Slide (10 of 21)

12 Monitor Store and update VMs info Parse and Store report Parser Report Report Checker Search & Retrieve DB Run BTB To process a new report BTB Detection Service Search & Update Run the EASI-CLOUDS monitor API Every 5 min. To get the VMs logs Forward the report to a specific cloud provider` Send BTB Report EASI-CLOUDS BTB Service, Eman Hossny 22 may, Slide (11 of 21)

13 Send report REST API Send report Check report GUI Call Dumped on ClearDB online service REST API Check report REST API BTB Reporting Service Security-aaS Log Report Reports & VMs DB Pull Report Pull VMs info BTB Detection Service Security Operation Center (SOC) Both services are deployed on CloudFoundry Log VMs Info Monitoring Token API REST API Call Automatic Daemon Report checker Update monitoring info VMs information API Provided by an IaaS Cloud provider BTB Service, 22 may, Slide (12 of 21)

14 BTB Reporting Service (Request)

15 BTB Reporting Service (Response)

16 Check Report Service The sent report is not processed till now

17 Check Report Service Finished and Caught the infected VM

18 Check Report Service Wrong Report ID

19 Aims to advance cloud computing in Europe, Egypt, and Korea Provide a comprehensive cloud computing infrastructure Includes all layers (IaaS, PaaS, and SaaS) Satisfies reliability, elasticity, security and ease-ofuse characteristics. Wins ITEA Award of Excellence in the business category. BTB Service, Eman Hossny 22 may, Slide (19 of 21)

20 BTB Service, 22 may, Slide (20 of 21)

21 Bot Traceback (BTB) Service Objective: to identify a bot virtual machine inside an IaaS cloud provider Functionality: Reporting and Tracing back the presence of a bot inside an IaaS cloud provider in a federated environment. Implementation: implemented as a part of the security tools in the EASI-CLOUDS project. Future Work Performance evaluation of the proposed BTB service. Commercialization of the BTB service BTB Service, Eman Hossny 22 may, Slide (21 of 21)

22