Usage Control in Cloud Systems

Transcription

1 Usage Control in Cloud Systems Paolo Mori Istituto di Informatica e Telematica Consiglio Nazionale delle Ricerche Pisa Italy

2 Agenda Examples of usage of Cloud services Usage Control Model Policy Language Authorization system architecture Integration with OpenNebula and CONTRAIL Cloud Federation

3 Cloud Security Most of the well-known security issues of IT systems are still valid in the Cloud New security issues due to Cloud peculiarities Users Cloud services providers Reports on Cloud Security CSA NIST ENISA...

4 Examples of usage of IaaS Cloud A researcher creates a new Virtual Machine to manage the SVN of each new project he starts NESSoS project users create a new Virtual Machine on the NESSoS Cloud Execution Environment to develope their applications using NESSoS Eclipse development tools

5 Examples of usage of IaaS Cloud A researcher creates a new Virtual Machine to manage the SVN of each new project he starts 1 3 years NESSoS project users create a new Virtual Machine on the NESSoS Cloud Execution Environment to develope their applications using NESSoS Eclipse development tools 6 months g n i t s a es l g ss n lo cce a

6 Other examples of Cloud usage CONTRAIL project use cases: Distributed Provisioning of Geo-referentiated Data Multimedia Processing Service MarketPlace Real-Time Scientific Data Analysis Electronic Drug Discovery g n i t as es l g ss n lo cce a

7 IaaS Cloud Accesses IMG usage VM usage Time Start VM Create IMG Stop VM Delete IMG

8 Authorization of Long Lasting Accesses

9 Usage Control Model Defined by R. Sandhu et. al. The UCON Usage Control Model. ACM Trans. on Information and System Security, 7(1), 2004 Formal Model and Policy Specification of Usage Control. ACM Trans. on Information and System Security, 8(4), 2005 Towards a Usage-Based Security Framework for Collaborative Computing Systems. ACM Trans. on Information and System Security, 11(1), Main novelties New decision factors: Obligations and Conditions Mutability of Attributes Continuity of Policy Enforcement

10 Usage Control Model Defined by R. Sandhu et. al. The UCON Usage Control Model. ACM Trans. on Information and System Security, 7(1), 2004 Formal Model and Policy Specification of Usage Control. ACM Trans. on Information and System Security, 8(4), 2005 Towards a Usage-Based Security Framework for Collaborative Computing Systems. ACM Trans. on Information and System Security, 11(1), Main novelties New decision factors: Obligations and Conditions Mutability of Attributes Continuity of Policy Enforcement

11 Mutable Attributes Change their value frequently, as a consequence of the decision process Paired with users and resources Examples: Reputation of users: changes as a consequence of the accesses performed by the user Workload of systems: changes when new applications are started and when running applications are terminated

12 Continuity of Policy Enforcement The decisions process is done continuously (OnGoing decision) while the access right is exercised, and the access is interrupted when the right does not hold any more Examples: OnGoing Authorization: the right of accessing a resource is granted as long as the reputation of the user is GOOD. OnGoing Obligation: the right of accessing a resource is granted as long as the user keeps an advertisement window opened.

13 Access VS Usage Control Continuity of decision Decision Pre decision Access request Usage Ongoing decision end begin Before usage Usage After usage Mutability of attributes Attr. update Pre update Ongoing update Post update Time

14 Access VS Usage Control Traditional Access Control Continuity of decision Decision Pre decision Access request Usage Ongoing decision end begin Before usage Usage After usage Mutability of attributes Attr. update Pre update Ongoing update Post update Time

15 Access VS Usage Control Continuity of decision Decision Pre decision Access request Usage Ongoing decision revocation begin Before usage Usage After usage Mutability of attributes Attr. update Pre update Ongoing update Post update Time

16 Why Usage Control in Cloud? Accesses to some resources are long-lasting (hours, days,..) e.g., Virtual Machines in IaaS model The factors that granted the access when it was requested could change while the access is in progress User's reputation could decrease Workload of resources could change... The policy should be re-evaluated every time factors change An access that is in progress could be interrupted

17 Example of Usage Control Policies In natural language: Users with role RegisteredUser can run Virtual Machines as long as their reputation is equal or higher than GOOD Users with role Guest can run Virtual Machines as long as the overall workload is lower than HIGH and their reputation is equal to VERYGOOD

18 Security Policy Language

19 UCON XACML Security Policy Language XACML is a widely used standard for expressing security policies NIST recommends its use for authorization in Cloud We extended XACML to implement UCON features: Attributes update Continuous control Preliminary work: A proposal on enhancing XACML with continuous usage control features. CoreGrid ERCIM WG Workshop on Grids, P2P and Service Computing, 2009

20 Example of UCON-XACML policy

21 Usage Control System

22 XACML Reference Architecture Access Control System access req PEP PEP PEP permit/deny Context handler PDP PAP PIP

23 Usage Control System Extension of the XACML reference architecture to deal with continuous policy enforcement: PEPs intercept END of accesses (besides access requests) Session Manager (new component) keeps trace of accesses in progress PIP monitors mutable attributes Triggers the re-evaluation of the security policy PDP revokes ongoing accesses

24 Usage Control System Architecture Usage Control System Session Manager try access permit/deny PEP PEP PEP revoke access end access Context handler PDP PAP PIP

25 Prototypes 1)Extension of support authorization Resources: VMs 2)CONTRAIL project: integration with Cloud Federation manager Resources: applications (set of VMs running on distinct Cloud providers)

26 Integration with OpenNebula Usage Control System Authz Driver Session Manager PEP Core PEP Context handler Hook Manager PEP PDP PAP PIP

27 Design, implement, validate and promote an open source software stack for Cloud federations Develop a comprehensive Cloud platform integrating a full IaaS and PaaS offer Advanced SLA management Advanced security support Federated authentication Usage Control

28 Usage Control System Performance Ongoing accesses revocation resources per provider 5 resources per provider Time (ms) Number of providers

29 Papers A. Lazouski, G. Mancini F. Martinelli, P. Mori: Usage Control in Cloud Systems. In Procedings of The 3rd International workshop on Cloud Applications and Security (CAS 12), IEEE Computer Society (2012) A. Lazouski, F. Martinelli, P. Mori: A Prototype for Enforcing Usage Control Policies Based on XACML. In Proceedings of the 9th International Conference on Trust, Privacy and Security in Digital Business (TrustBus'12), LNCS 7449, Springer (2012) L. Krautsevich, A. Lazouski, F. Martinelli, P. Mori, A. Yautsiukhin: Integration of Quantitative Methods for Risk Evaluation within Usage Control Policies. In Procedings of International Conference on Computer Communications and Networks (ICCCN2013) (2013)

30 EU Projects Network of Excellence on Engineering Secure Future Internet Software Service and System Oct 2010 apr 2014 Open Computing Infrastructures for elastic Services Oct 2010 feb 2014 Confidential and Compliant Clouds Nov 2013 oct 2016

31 Thank you!! Istituto di Informatica e Telematica Consiglio Nazionale delle Ricerche Pisa Italy

32 UCON-XACML Policy Schema