Cloud-Security: Show-Stopper or Enabling Technology?

Transcription

1 Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics 2. Security Implications 3. Some Attacks (real World) 4. Specific Challenge: ID Management 5. Summary 2

2 1. Cloud-Computing Cloud: Pool of networked IT components Cloud Characteristics Resources will be provided on demand User don t have to maintain/operate an own infrastructure An unlimited amount of resources: capacities can be dynamically added: Scalability, flexibility, on demand usage, Access to outsourced data: at anytime, from anywhere Fast development of new web applications offered as Cloud Services Software as a Service 3 1. Cloud-Computing Economic forecast: Estimated Market Shares for Cloud Computing Services: Merrill Lynch (2008): $169 Mrd. until 2011 IDC (2009): $42 Mrd. until 2012 Gartner (2009): $150 Mrd. until 2013 BITKOM (2009): 564 Mio. for Germany until 2011 Applications Infratsrucure 4

3 1. Cloud-Computing Main aspects forming the Cloud Types Features Models/Modes Stakeholders Benefitss And: legislation! 5 1. Cloud-Computing: Typs IaaS Software layer Platform layer Infrastructure layer User / Customer PaaS Virtualization SaaS Infrastructure as a Service (IaaS) e.g.: Elastic Compute Cloud (Amazon): providing virtual Server Platform as a Service (PaaS) e.g.: Google App Engine: Framework for application development & upload Software as a Service (SaaS) (Mail, CRM, presentations, ) e.g.: Google Docs, GMail, gliffy 6

4 1. Cloud-Computing: Show-Stopper Security? 7 2. Security Implications User: e.g. Enterprises Change of paradigm from closed and supervised IT infrastructures to outsourced services and remotely operated IT infrastructures Providers: e.g. Who uses the offered services? Who is liable for abuse of resources? General security implications Loss of control over data, infrastructures, processes, etc. Difficult Identity and Access management in the Cloud Compliance with security guidelines and legal standards, privacy issues Trustworthiness of service providers 8

5 2. Security implications: Scenario Cloud-provider #1 social network collaboration service end user Backupservice Cloud-provider #2 -service enterprise Cloud-provider # Security Implications Cloud Characteristics and their effects on security Resources will be provided on demand: Confidentiality? Where is my data (in which country?), which crypto regulation rules apply, e.g. key escrow requirements? unlimited amount of resources: Privacy? compliant with privacy legislation? Development of new web applications as services Trustworthiness of Cloud Service? How does the Cloud platform handle access rights, key management, certificate management, etc.? Accesses to outsourced data: at anytime, from anywhere Availability? Which measures against DoS, risk of Data Lock in,. AND: Cloud Computing: Door opener for new kinds of attacks 10

6 2. Security Implication Top Threats in Cloud Computing: source: Abuse of Cloud Computing Resources Shared Technology Vulnerabilities Data Loss Leakage Insecure Application Programmer Interface Account, Service & Traffic Hijacking Malicious Insiders Unknown risk profile Some threats in more detail 2. Security Implication Abuse of Cloud Computing Resources Problem Statement: IaaS provider offer unlimited resource usages coupled with frictionless registration process, i.e. users might act relatively anonymously Spammers, Malicous Code authors other attackers take advantage of that Attacks like DDoS, Passwort Cracking, controlling botnets,. Remediations: e.g. Improved initial registration and validation processes Comprehensive introspection (if compliant with legislation) of customer network traffic

7 2. Security Implication Shared Technology Vulnerabilities Problem Statement: IaaS vendors often share underlying infrastructure: cashes, storage,.. Improper isolation concepts are used: vulnerable hypervisor levels, no isolation on network layer etc. Attacks: information leakage, unauthorized data access Remediations: e.g. Strong compartmentalization Strong authentication and access controls Monitoring of access, activities Vulnerability scanning, configuration audits 2. Security Implication Data Loss Leakage Problem Statement: Missing backup concepts: data loss due to alteration, deletion, improper access controls Loss of encryption keys: data is lost Missing audit controls Attacks: Deletion or alteration of data, circumvent improper access controls, identity theft (leaked credentials, hijacking sessions etc.) Remediations: e.g. Strong access control, proper redundancy, backup concepts Data encryption and proper key management

8 2. Security Implication Insecure Application Programmer Interface Problem Statement: Providers offer APIs for services provisioning, orchestration, monitoring etc. with improper or even missing security concepts: Authentication, Encryption, logging, access control are often missing Third parties offer value added services using these APIs: e.g. credentials are forwarded to third parties using (insecure?) APIs Attacks: exploiting weak authentication like clear text passwords, reusable tokens, improper authorization,.. Remediations: e.g. Security analysis of the providers API, model dependencies Use strong authentication, encryption, logging concepts on top 3. Attacks Quelle: 16

9 3. Attacks Example: Virtualization layer Vulnerable VMMonitor: access to all data Possible Attack Scenario Distribution of virtual machines via public market places Amazon Machine Image (AMI) market place for EC2: Amazon: AMIs are launched at the user's own risk. Amazon cannot vouch for the integrity or security of AMIs shared by other users. [ ] Ideally, you should get the AMI ID from a trusted source (a web site, another user, etc). If you do not know the source of an AMI, we recommended that you search the forums for comments on the AMI before launching it. Attack: Setup of Bot nets, information leakages, Attacks DDos attack on Bitbucket.org (Amazon) DDoS attack with UDP Flooding Service was unavailable for storing data in persistent storage Problem solution lasts 18 hours: No detection of DDoS through Amazon Support Isolation of Network traffic via QoS guideline failed Connection over external IP address instead of internal addresses Design flaws in architecture of Bitbucket no Load balancing no Redundancy over decentralized data centers, no dynamic allocation of resources 18

10 3. Attacks Cracking keys in the Cloud (10/2009) Costs for breaking a PGP key with utilization of EDPR on Amazon EC2 Resources source: Attacks Misuse of Google App Engine for controlling Bot Nets (11/2009) CPU time, storage, 500 MByte disc storage and up to 5 millions Page Views per month for free Command & Control Server of Bot net by using Google App Engine Contacting Bot computers with the server, for receiving new orders Google had to manually delete the application sources: google appengine used as a cnc 20

11 Risk Assessment Cloud Security Study from Fraunhofer SIT, See: Aim: Framework and guidelines for risk assessments Classification Infrastructure Application Administration Compliance and Platform Physical security Host Virtualization Network Data security Application security Platform security Security as a service Interoperability and Portability Testing Identity and access management Key management Data protection Risk management Legal framework Governance 4. Identity Management in the Cloud Lesson learned so far: There are still lots of Security Problems in Cloud Computing: show stopper! Enabling technology: Strong Authentication spanning domains! The IdM Cloud ecosystem: Identity Providers Governments (e.g. in Germany via npa), Enterprises Large Internet Destinations (e.g. Google, Facebook, ) Cloud Providers: May also be Identity Providers SaaS/PaaS/IaaS (e.g. Amazon, Salesforce, Google, SAP, HP, IBM,...) Users Consumers or Business Individuals may have many Identities

12 4. Identity Management in the Cloud Core IdM Challenges Identity provisioning and deprovisioning: secure and timely management of on boarding (provisioning) and off boarding (deprovisioning) of users in the cloud. Extend user management processes within an enterprise to cloud services. Authorization & user profile management Establishing trusted user profile and policy information to control access within the cloud service, and doing this in an auditable way. Delegation and Federation exchanging identity attributes surely and trustworthy, Establishing a identity lifecycle management 4. Identity Management in the Cloud Support for compliance Enable customers to pull together information about accounts, access grants and segregation of duty enforcement in order to satisfy an enterprise's audit and compliance reporting requirements. Authentication How to provide cross domain strong multi factor authentication? How to provide strict multi tenancy model: isolation on all levels? How to identify, manage fine grained components, like Applications? How to guarantee interoperability, How to support multi tenancy

13 4. Identity Management in the Cloud Authentication: Scenario SaaS Strong Authentication? One Time Pad Credentials Cloud-based Authentication Service e.g. FireID true/false Authenticatio n Service Provider Enterprise User A Request SaaS Strong Authentication? Cloud-based Service e.g. Mail-Servce Service Provider 6. Summary Cloud Computing: Great Opportunities for enterprises and providers Security, Privacy and Trust are still open issues: Show Stopper?! Top threats: e.g. Abuse, Data Loss, Shared Technologies, Hijacking, Privacy and Compliance are still unsolved problems Cloud Computing provides a valuable environment to launch attacks Spamming, Bot net setup, Password and Key cracking Solved Security Problems will be Cloud Enablers! Trustworthy Identity Management within Clouds is one main issue Core Challenges and open research issues : Identity provisioning and deprovisioning, Authentication, Delegation and Federation, Authorization & user profile management, compliance Standards and Reference Architectures, Best Practice Guides are required 26

14 Thank you for your kind attention Contact: Fraunhofer Institute for Secure Information Technology Tel: Internet: 27