Seminar: Security Metrics in Cloud Computing ( se)

Transcription

1 Technische Universität Darmstadt Dependable, Embedded Systems and Software Group (DEEDS) Hochschulstr Darmstadt Seminar: Security Metrics in Cloud Computing ( se) Topics Descriptions OVERVIEW Dealing with uncertainty in security metrics... 2 Economic-Driven Vulnerability Assessment... 2 Economy and information security risk models... 2 Enhancing security and trust in Cloud computing using secure virtualization technologies... 2 Learning from Meteorite Showers: Keeping the Cloud in the Sky... 3 Measuring Cloud's security based on the security of underlying technologies... 3 Privacy in Cloud Computing... 4 Quality of Service in Cloud Computing... 4 Reliable Cloud storage: a case study with Windows Azure... 4 Review on Comparing private cloud with public cloud in terms of privacy and security... 4 Security monitoring for Cloud computing... 5 Security Negotiation in the Cloud... 5 Specifying security parameters in Cloud s Service Level Agreements (SLA)... 5 Survey on Cloud Performance & Security Metrics... 6 Verification of cryptographic protocols... 6 Virtualization security... 6 Vulnerability Markets, a Novel Economic Perspective to approach Information Security /6

2 Dealing with uncertainty in security metrics For several years, security metrics were considered deterministic in the sense that a number/label were enough to quantify/qualify the security level of system. However, in the last few years this notion has changed dramatically because both researchers and practitioners have found that uncertainty plays a central role in security evaluations (e.g., due to the unavailability of security experts, the complexity of systems like the Cloud, etc.). The goal of this research topic is to survey techniques being proposed to deal with uncertainty in security metrics, in particular related with the use of fuzzy operators. Detection of Service Level Agreement Violations In cloud computing, service level agreements (SLAs) define the relationship between a cloud provider and its customer(s). SLAs include a description of the delivered services, and the manner in which they should be delivered, as well as the security properties of these services. Monitoring the provided service level, aids the user to verify the provider's compliance to the SLA, and is a challenging task. In this seminar work, the student shall survey and assess one or more mechanisms for SLA monitoring and detection of SLA violations. Economic-Driven Vulnerability Assessment The existing vulnerability databases such as the National Vulnerability Database (NVD) or the Open Source Vulnerability Database (OSVDB) try to assess the criticality of discovered vulnerabilities. A less explored filed is economic-driven vulnerability assessment. Within this seminar, we adopt an economic perspective to do such an assessment for selected vulnerabilities (from the Top 5 list). Economy and information security risk models Review of the most important existing credit risk models such as the Tschebyscheff-inequation, CreditRisk+, credit metrics, etc. An appropriate mapping to information security risks should be done. The objective of that exercise is to figure out how we can elaborate a preliminary information security risk model in analogy to the credit risk models. Enhancing security and trust in Cloud computing using secure virtualization technologies Cloud computing is a relatively new computing model that is characterized by providing on-demand services, rapid elasticity and multitenancy. Despite the indisputable advantages this paradigm brings to IT world, the wide adoption of the Cloud is impeded in part due to security concerns. As one of the underlying technologies that enable the cloud model is virtualization, the aim of this report is to consider different opportunities for enhancing security at the virtualization layer by the means of the underlying virtualization solution. The report should summarize the state-of-the-art considering different security mechanisms based on virtualization. 2/6

3 [1] Shakeel Butt, H. Andrés Lagar-Cavilla, Abhinav Srivastava, and Vinod Ganapathy Self-service cloud computing. In Proceedings of the 2012 ACM conference on Computer and communications security (CCS '12). ACM, New York, NY, USA, [2] McDermott, J.; Montrose, B.; Li, M.; Kirby, J.; Kang, M., "The Xenon separation VMM: Secure virtualization infrastructure for military clouds," MILITARY COMMUNICATIONS CONFERENCE, MILCOM 2012, vol., no., pp.1,6, Oct Nov [3] Fatemeh Azmandian, David R. Kaeli, Jennifer G. Dy, Javed A. Aslam, and Dana Schaa Securing cloud storage systems through a virtual machine monitor. In Proceedings of the First International Workshop on Secure and Resilient Architectures and Systems (SRAS '12). ACM, New York, NY, USA, Learning from Meteorite Showers: Keeping the Cloud in the Sky The essence of the peer-to-peer design philosophy is to design protocols for end hosts, or peers, to work in collaboration to achieve a certain design objective, such as the sharing of a large file. From a theoretical perspective, it has been recognized that the peer-to-peer design paradigm resembles gossip protocols, and with appropriate algorithmic design, it maximizes the network flow rates in multicast sessions. Over the past ten years, research on peer-to-peer computing and systems, a unique and intriguing category of distributed systems, has received a tremendous amount of research attention from academia and industry alike. Peer-to-peer computing eventually culminated in a number of successful commercial systems, showing the viability of their design philosophy in the Internet. The peer-to-peer design paradigm has pushed all design choices of innovative protocols to the edge of the Internet, and in most cases to end hosts themselves. It represents one of the best incarnation of the end-to-end argument, one of the frequently disputed design philosophies that guided the design of the Internet. Yet, research on peer-to-peer computing has recently receded from the spotlight, and suffered from a precipitous fall that was as dramatic as its meteoric rise to the culmination of its popularity. The article proposed for review in this seminar [1] presents a cursory glimpse of existing results over the past ten years in peer-to-peer computing, with a particular focus on understanding what has stimulated its rise in popularity, what has contributed to its commercial success, and eventually, what has led to its precipitous fall in research attention. The student should elaborate about how these insights may be beneficial when developing thoughts on the design paradigm of cloud computing. [1] Rise and fall of the peer-to-peer empire, Baochun Li, Tsinghua Science and Technology, Measuring Cloud's security based on the security of underlying technologies Cloud computing is a relatively new and complex computing model which combines concepts and technologies such as Service Oriented Architecture, Web 2.0, virtualization, etc. Cloud provide many benefits to the IT world, but the uncertainty regarding the security provisioning in the Cloud model impedes its wide adoption. Estimating the provided security level of the Cloud is a positive step towards enhancing the security. However, measuring Cloud's security should take into consideration the security provided by the underlying technologies. The aimof this report is to elaborate on the components that should 3/6

4 be taken into consideration when measuring security of the Cloud and focus on the underlying virtualization technology. [1] Mihai Christodorescu, Reiner Sailer, Douglas Lee Schales, Daniele Sgandurra, and Diego Zamboni Cloud security is not (just) virtualization security: a short paper. In Proceedings of the 2009 ACM workshop on Cloud computing security (CCSW '09). ACM, New York, NY, USA, [2] Jakub Szefer, Eric Keller, Ruby B. Lee, and Jennifer Rexford Eliminating the hypervisor attack surface for a more secure cloud. In Proceedings of the 18th ACM conference on Computer and communications security (CCS '11). ACM, New York, NY, USA, Privacy in Cloud Computing Information flow between cloud service providers raises concerns about the privacy of the user s data in the cloud. This seminar studies identity management and privacy assurance methods for cloud computing. [1] P. Angin, B. Bhargava, R. Ranchal, N. Singh, M. Linderman, L. B. Othmane, L. Lilien, "An Entity-Centric Approach for Privacy and Identity Management in Cloud Computing," Reliable Distributed Systems, Quality of Service in Cloud Computing In this seminar we investigate the methods for ranking Cloud components according to their performance history. This helps the Cloud application developers to have a better selection of components/services to achieve their desired performance. [1] Zibin Zheng, Yilei Zhang, M. R. Lyu, "CloudRank: A QoS-Driven Component Ranking Framework for Cloud Computing," Reliable Distributed Systems, Reliable Cloud storage: a case study with Windows Azure Windows Azure is Microsoft s cloud platform that promises limitless storage for an unlimited duration. We will study Windows Azure and the techniques it uses to assure the storage reliability by employing local and geographically located replications. [1] Brad Calder et al. Windows Azure Storage: a highly available cloud storage service with strong consistency. In Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles (SOSP '11). Review on Comparing private cloud with public cloud in terms of privacy and security Cloud computing is the product of the fusion of traditional computing technology and network technology like grid computing, distributed computing and parallel computing. The cloud providers own large data centers with massive computation and storage capacities. The service oriented, loose coupling, strong fault tolerant, business model and ease use are main characteristics of cloud computing. For Critical Infrastructure System (CIS),such as Smart Grid, having a special and rigorous demand on target, performance and safety, cloud computing platform for CIS should be different from other clouds like Amazon Elastic Compute Cloud. The report should compare between private cloud with public cloud in terms of CIS security requirements. 4/6

5 [1] Zheng, Ling, Yanxiang Hu, and Chaoran Yang. "Design and Research on Private Cloud Computing Architecture to Support Smart Grid." 2011 Third International Conference on Intelligent Human-Machine Systems and Cybernetics. IEEE, Security monitoring for Cloud computing Although Cloud computing brings a lot of advantages to the IT world due to its characteristics, such as on-demand services, rapid elasticity and pay-per-use model, its adoption is impeded because of security concerns. There exist various Cloud threat models related to the underlying virtualization technology and the multitenancy model. Recently different attacks on the Cloud have been demonstrated. As a consequence, much research has been devoted to provide security monitoring and prevention mechanisms for the Cloud. The report should summarize the state-of-the-art in this area and classify the proposed solutions in terms of different threat models and attackers. [1] Yinqian Zhang; Juels, A.; Oprea, A.; Reiter, M.K., "HomeAlone: Co-residency Detection in the Cloud via Side-Channel Analysis," Security and Privacy (SP), 2011 IEEE Symposium on, vol., no., pp.313,328, May 2011 [2] Shakeel Butt, H. Andrés Lagar-Cavilla, Abhinav Srivastava, and Vinod Ganapathy Self-service cloud computing. In Proceedings of the 2012 ACM conference on Computer and communications security (CCS '12). ACM, New York, NY, USA, Security Negotiation in the Cloud The recent efforts on specification of Cloud security statements in SLAs, also known as Security Level Agreements or SecLAs is a positive development in the field of Cloud security metrics. Cloud SecLAs are the foundation to establish a common semantic among users and CSPs in order to specify and negotiate security requirements, therefore enabling informed decisions on the matter. Despite the adoption of SecLAs by many well-known CSPs, its envisioned use in -automated- negotiation processes is still latent due in part to the lack of techniques to quantitatively reason about them. The goal of this research topic is to survey the current proposals aiming to use SecLAs in order to negotiate security in Cloud systems. Specifying security parameters in Cloud s Service Level Agreements (SLA) While the many economic and technological advantages of Cloud computing are apparent, the migration of key sector applications onto it has been limited, in part, due to the lack of security assurance on the Cloud Service Provider (CSP). However, the recent efforts on specification of security parameters in Service Level Agreements, also known as Security Level Agreements or SecLAs is a positive development. This research topic seeks to perform a comprehensive survey on the real-world adoption of SecLAs for the Cloud along with an analysis of both their advantages and disadvantages. 5/6

6 Survey on Cloud Performance & Security Metrics Various articles discuss Cloud metrics to assess the performance and security of Cloud services. The student should survey these metrics according to their suitability and classify whereever possible if these relate to infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS) contexts. Verification of cryptographic protocols Cryptographic protocols are of major importance for a secure communication between the user and the cloud. Model checking has been extensively used in the last two decades to verify existing cryptographic protocols and provide formal proof of their correctness. The tasks of this seminar consists of investigating different works done on the verification of cryptographic protocols and discuss to which extent it differs from conventional software model checking. [1] Jeffrey, Alan, and Ruy Ley-Wild. "Dynamic model checking of C cryptographic protocol implementations." FCS-ARSPA 06 (2006): 327. [2] Boneh, Dan, Richard A. DeMillo, and Richard J. Lipton. "On the importance of checking cryptographic protocols for faults." Advances in Cryptology EUROCRYPT 97. Springer Berlin Heidelberg, Virtualization security With the growing popularity of cloud computing, an increasing number of critical applications are based on virtualization, necessitating increased security considerations for these underlying technologies. Recent work in the area of virtualization security falls in three categories. One class of approaches attempts to improve on the isolation and protection of hypervisors from external entities, e.g. privileged management VMs. A second class of work proposes the recursive addition of additional virtualization layers, e.g. by running commodity hypervisors on top of special secure hypervisors. A third class proposes to live with the fact that hypervisors can be compromised by adversaries and therefore suggests that VM security should not depend on hypervisor security, but directly on hardware trusted platform modules (TPMs) instead. As each of these approaches relies on different mechanisms to achieve security, the assessment of their efficacy requires measurements at different locations in the hardware/software stack (hardware/tpm level, 1st/2nd hypervisor level, management/payload VMs). The goal of the seminar report is to closely investigate one or more of these approaches and to discuss their details along with requirements they impose on security assessments. Vulnerability Markets, a Novel Economic Perspective to approach Information Security Within this seminar, students are asked to review and compare the existing approaches regarding the economic perspective on information security. The focus is on the new concept of vulnerability markets. Advantages and drawbacks of different concepts for vulnerability markets, where security-related information can be traded, should be discussed. 6/6