Secure Cloud Computing

Transcription

1 Secure Cloud Computing Prof. Dr. Michael Waidner Technische Universität Darmstadt and Fraunhofer Institute for Secure Information Technology SIT, Darmstadt Darmstadt, 14 March 2015

2 Agenda Darmstadt Cloud Computing and Security Security Challenges Provider Perspective Subscriber Perspective Summary 2

3 CASED Center for Advanced Security Research Darmstadt Cybersecurity Research in Darmstadt More than 350 Researchers and Engineers Techn. University 28 Profs in 10 Departments Fraunhofer SIT 170 Employees in 9 Departments Univ. of Applied Sciences 6 Profs LOEWE CASED ( )... EC SPRIDE ( )... SFB CROSSING (2014-) + several government & industry contracts 3

4 CASED Center for Advanced Security Research Darmstadt Cybersecurity Research in Darmstadt More than 350 Researchers and Engineers Techn. University 28 Profs in 10 Departments Fraunhofer SIT 170 Employees in 9 Departments Univ. of Applied Sciences 6 Profs Partners: Airbus, BMW, Boeing, Bosch, Commerzbank, Deutsche Bahn, Deutsche Bank, Deutsche Post, DLR, Genua, GM, Google, e.on, IBM, Infineon, Intel, Microsoft, Opel, Oracle, Samsung, SAP, Siemens, Sirrix, Software AG, Trumpf, Volkswagen SMBs + State / Federal Government & EU, BSI,... 4

5 CASED Center for Advanced Security Research Darmstadt Cybersecurity Research in Darmstadt More than 350 Researchers and Engineers Security & Privacy by Design Cryptography and Secure Protocols Privacy, Identity and Trust Security and Cloud Computing Usability Security and Mobile & Cyberphysical Systems Internet und Infrastructure Security 5

6 Fraunhofer Institute for Secure Information Technology SIT Research and Technology Pipeline Largest and oldest institute for applied research in cybersecurity in Germany. Studies, Concepts, Prototypes Basic Research Contract Research & Development Consulting, Seminars, Tests & Certs, Forensics Licensing Funded by commercial clients Funded by Fraunhofer and research grants 170 employees, 2 TU Darmstadt, 9 research departments in Darmstadt & St. Augustin (Bonn), member of CASED and EC SPRIDE 7

7 Agenda Darmstadt Cloud Computing and Security Security Challenges Provider Perspective Subscriber Perspective Summary 8

8 Consumption and Delivery Model for IT Services»Cloud«represents the industrialization of delivery for IT supported services Hybrid Clouds Deployment Models On Premise Private Cloud Off Premise Community Cloud Public Cloud 3rd-Party Managed Service Models Business Process as a Service (BPaaS) Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS) Essential Charateristics On Demand Self-Service Broad Network Access Resource Pooling Rapid Elasticity Measured Service Service Mgmt Automation Common Charateristics Massive Scale Geographic Distribution Low Cost Software Resilient Computing Resource Virtualization Advanced Security Homogeneity Standardized Workloads Service Orientation Cloud Enables Economies of scale Sourcing Options Flexible Payment Models Adapted from: [Mell, Grance: The NIST Definition of Cloud Computing; NIST SPUB ] 9

9 Moving from Private to Public Real or perceived loss of control On Premise Private Cloud Off Premise Hybrid Clouds Community Cloud Public Cloud 3rd-Party Managed We Have Control It s located at X. We have backups. Our admins control access. Our uptime is sufficient. The auditors are happy. Our security team is engaged. Who Has Control? Where is it located? Who backs it up? Who has access? How resilient is it? How do auditors observe? How does our security team engage? 10

10 Service Model Implies Security Responsibilities Different splits of responsibilities between public cloud provider and subscriber Datacenter Infrastructure Middleware Application Process Business Process-as-a-Service Provider Subscriber Application-as-a-Service Provider Subscriber Platform-as-a-Service Provider Subscriber Infrastructure-as-a-Service Provider Subscriber Provider/Subscriber service agreement determines actual responsibilities. Source: IBM (2010) 11

11 Cloud Computing Status quo (Germany) 40% of German companies use cloud computing (29% are planning or discussing) 24% of IT budget is spent for private clouds (12% for public clouds) 25% of respondents favor a national cloud (even if it is more expensive) 74% of companies consider cyber attacks and intelligence services as real threats 61% of cloud users lost trust in cloud computing since NSA leakage 83% of private (and 67% of public) cloud users made good experience with cloud computing Source: KPMG Cloud-Monitor (2014) 12

12 Agenda Darmstadt Cloud Computing and Security Security Challenges Provider Perspective Subscriber Perspective Summary 14

13 What is Cloud Security? Confidentiality, integrity, availability of business-critical IT assets Stored or processed on a cloud platforms Cloud Computing Software as a Service Utility Computing Grid Computing Source: IBM (2010) There is nothing new under the sun but there are lots of old things we don't know. Ambrose Bierce, The Devil's Dictionary 15

14 Data are Central to the Analysis of Risks and Threats Transformation Privacy and Data Compliance Data Recovery Classical IT Security Shared IT 1. Vendor lock-in 2. Data security 3. Data protection, meeting privacy needs and expectations 4. General and industry-specific compliance 5. Uncertainty over data location 6. Inability to respond to law enforcement requests 7. Data recovery, resiliency 8. Account or service hijacking 9. Insecure interfaces and APIs 10. Management (incl. self-service) interface compromise 11. Insecure or incomplete data deletion 12. Process/VM isolation, data segregation, multi-tenancy 13. Malicious insiders (co-tenants, cloud provider) 14. Abuse of cloud services (extrusion) Source: CSA (2010), ENISA (2009), Gartner (2008), IBM X-Force (2010) 16

15 Cloud Security Must be Seen in Context Everything is connected in the Internet of Things, mobile access devices are the standard, malware and attacks are spreading across boundaries Data leaks Surveillance Espionage Malware Sabotage IoT, Mobile, Application Security Cloud Security 17

16 Security Challenges Two Perspectives... Multi-tenancy / Virt Cloud Management Cloud Data Center Provider perspective: How to provide a secure cloud service? Subscriber perspective: How to select a cloud? Who to use a cloud securely? 18

17 Agenda Darmstadt Cloud Computing and Security Security Challenges Provider Perspective Subscriber Perspective Summary 19

18 Components of a Cloud Security Solution Provider Perspective Isolation Identity Provider Perspective Compliance 20

19 Isolation Software, Server, Network Coloring/labeling resources, events, State of the art Key Issues Service and Application Can be done at all levels of the stack Server Hypervisor: z/vm, LPAR, phype, Xen, VMware ESX,... Network Security Zones, Trusted Virtual Domains VLAN (IEEE 802.1Q) Trusted / Secure Virtual Private Networks (VPN) Encryption of data in transit (SSL/TLS, SSH, IPSec) Standardized policies Verification of isolation Application security VM security Network security VN security Multi-tenancy support 21

20 Isolation Data, Storage, Backups Coloring/labeling resources, events, State of the art Key Issues Label-based Access Control (LBAC) Storage zoning (Virtual Storage Area Network, ) Enforcing location (per privacy laws) Cleanup of caches, files, disks, backups, Encryption of data at rest Data deduplication vs. encryption Provider vs. individual keys In-cloud vs. extra-cloud key management Fully homomorphic encryption Standardized policies Standardized data portability Meaningful key management Research in advanced crypto 22

21 Identity Main types of identities to consider in a cloud Standard identity management + access/usage control Major risk: reinventing the wheel Major challenge: correlation of identities and security events across multiple layers in the cloud stack Cloud subscriber administrators Initial enrollment and proofing of cloud subscriber Trust depends largely on proofing of identities Valid address Upfront payment Out-of-band signed service contract Cloud subscriber end user identities Subscriber's employees, customers, Efficient on-boarding / off-boarding Directory synchronization (bad idea) Federated identity (good idea, standard in SOA) Cloud provider administrators Major issue: Control over privileged identities 23

22 Compliance Meeting regulatory requirements Provider auditing Subscriber-level auditing Practically often very hard Privacy Data encryption and suitable key management Enforcing data location Prevent cross-border data flows Cloud Forensics Discover evidence related to a specific cloud subscriber Freezing and surrendering virtual resources Protect confidentiality of third parties resources 24

23 Agenda Darmstadt Cloud Computing and Security Security Challenges Provider Perspective Subscriber Perspective Summary 25

24 Components of a Cloud Security Solution Subscriber Perspective Isolation Identity Provider Perspective Compliance Trust in Cloud Provider Control Subscriber Perspective 26

25 Trust in Cloud Provider»Secure Virtualized Runtime«is the provider's responsibility No direct control, hence provider must be trustworthy Reputation Stated provider security policies, SLAs Audits: general (low-end, standardized) or client-specific (high-end, specialized) Very few technologies enable extension of control into the cloud OmniCloud Classical cryptography Trusted computing: TCG, Intel SGX,... Research: Secure multi-party computations, automated verification of infrastructure properties 27

26 Analysis of Cloud Storage Services Fraunhofer SIT Technical Report Borgmann, M., Hahn, T., Herfert, M., Kunz, T., Richter, M., Viebeg, U., Vowé, S.: On the Security of Cloud Storage Services, published in March 2012 Seven cloud storage providers analyzed Result: Providers are security aware However, there are some typical security issues No data encryption, or server side encryption only No filename obfuscation for public files Registration: weak passwords, no verification Shared files are indexed by search engines 28

27 OmniCloud Secure and Flexible Cloud Storage Main objectives Make software cloud-ready Make cloud storage secure Prevent cloud provider lock-in Market Security-aware SMEs without budget for private clouds Focus on backups, network drives, shared folders "Investment in your Future" Investments for this work were co-funded by the European Union with European regional development funds and by the state government of Hessen 29

28 Easy integration: OmniCloud Enterprise Gateway Standard communication protocols (e.g. FTP, WebDAV, S3) No client installation required 30

29 Easy integration: OmniCloud Enterprise Gateway Standard communication protocols (e.g. FTP, WebDAV, S3) No client installation required API Mapping 31

30 OmniCloud: Security Client-side file encryption Before leaving the company s intranet (Pseudo-)randomly generated keys for each file Keys under exclusive control of the company Role-based access control Filename and folder structure obfuscation 32

31 OmniCloud: Features Storage Strategies Specify how data is distributed over storages Consideration of storage specific properties Extensible approach (Inform. Dispersal, Reed Solomon) Mirroring Data Deduplication Recognition of duplicated files within a service Copied just once to the cloud Reduction of cloud storage costs Striping RAID 33

32 Contract Data Processing (acc. to Sec. 11 of the Federal Data Protection Act, BDSG) Legal obligation of controllers (cloud users) to continuously control the contract data processor (cloud provider) Problem: On-site inspections in the data centers of cloud providers not realistic Solution: Evaluation of cloud providers through auditors (trusted third parties) 35

33 Controlling Cloud Providers Mechanisms for controlling cloud providers Develop Metrics for quantifying the degree of compliance with evaluation criteria Evaluate Log Information of cloud providers Risk: Manipulation of log information by cloud providers (resp. administrators) Solution: Secure Logging Mechanism Automated Data Protection Certificates by auditors (trusted third party) 36

34 Controlling Cloud Providers Secure logging: principle Detect log manipulations: Log entry chaining provides forward integrity Log confidentiality: Trustee holds all encryption/decryption keys Auditor can only decrypt the log entries specific to a particular client Benefit of this approach: Trusted data without trusted computing 37

35 Log S 4 Log S 4 Log S 4 Log S 4 Log S 4 Log S 4 Fraunhofer-Gesellschaft 2014 Controlling Cloud Providers Secure logging: architecture VM Dienst-Instanz 1 Log-Adapter Cloud-Betreiber VM Dienst-Instanz 2 A 1 A 1 A 1 A 2A Log Log Log 3 Log A 2A 3 Log A 2A 3 Log Log-Adapter VM Dienst-Instanz 3 Log-Adapter VM Sicheres Logging L Log-Adapter Auth OAut 2.0 Treuhänder HSM / Auth Hypervisor Auditor Auth PP P Policies Hypercalls Log Log Log-Auswertung Hardware 1 Log Log Hardware 2 Log Log... Hardware n Log Log Log S 1 Log S 2 Log S 3 Log S 4 OAut 2.0 T Testat Ungesicherte Log-Dateien Gesicherte Log-Dateien Auth Kunde 38

36 Controlling Cloud Providers Data protection certificates Cloud Service Cloud Provider Evaluation Period Certificate Date Evaluation results, e.g. w.r.t. backup interval, encryption, redundancy, and physical storage location Auditor 39

37 Controlling Cloud Providers Compliance metrics, considering complete cloud lifecyle Verification of termination Specification of requirements, properties and metrics Selection of a cloud service Termination of a cloud service Usage of a cloud service Continuous evaluation of metrics during operation 40

38 Agenda Darmstadt Cloud Computing and Security Security Challenges Provider Perspective Subscriber Perspective Summary 41

39 Summary Cloud security is nothing fundamentally new Cloud security extends well-known concepts Even public clouds may offer superior security Major sources of risk New technologies IT professionals often unaware of cloud specifics Important trends Software security cloud service security Cloud and mobile / IoT computing are merging Gateways, brokers, marketplaces for cloud services Using crypto to extend trust into the cloud 42

40 Prof. Dr. Michael Waidner Fraunhofer Institute for Secure Information Technology SIT Director Technische Universität Darmstadt Computer Science, Professor CASED & EC SPRIDE, Director Rheinstrasse 75, Darmstadt (Office) (Cell) 43