IBM Cloud Academy Conference ICACON 2015

Similar documents
Cloud-Security: Show-Stopper or Enabling Technology?

Chapter 11 Cloud Application Development

Proactively Secure Your Cloud Computing Platform

Korea s experience of massive DDoS attacks from Botnet

Cloud Models and Platforms

Cloud and Security (Cloud hacked via Cloud) Lukas Grunwald

Cloud Computing Training

Cloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive

whitepaper Cloud Servers: New Risk Considerations

APIs The Next Hacker Target Or a Business and Security Opportunity?

ur skills.com

This presentation covers virtual application shared services supplied with IBM Workload Deployer version 3.1.

Network attack and defense

Cloud Computing Business, Technology & Security. Subra Kumaraswamy Director, Security Architecture, ebay

Subash Krishnaswamy Applications Software Technology Corporation

Threat Modeling Cloud Applications

Survey on Security Attacks and Solutions in Cloud Infrastructure

Lecture 02b Cloud Computing II

FACING SECURITY CHALLENGES

Digital Forensics for IaaS Cloud Computing

Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS

Security Business Review

Protect your network: planning for (DDoS), Distributed Denial of Service attacks

1 What is Cloud Computing? Cloud Infrastructures OpenStack Amazon EC CAMF Cloud Application Management

Security Landscape of Cloud Computing

Addressing Security for Hybrid Cloud

Using SUSE Studio to Build and Deploy Applications on Amazon EC2. Guide. Solution Guide Cloud Computing.

Cloud Computing. Adam Barker

What Is It? Business Architecture Research Challenges Bibliography. Cloud Computing. Research Challenges Overview. Carlos Eduardo Moreira dos Santos

Security. TO Evolving. Data Center Security. Virtualization and Cloud Computing

A Secure Strategy using Weighted Active Monitoring Load Balancing Algorithm for Maintaining Privacy in Multi-Cloud Environments

CSE543 Computer and Network Security Module: Cloud Computing

PASS4TEST 専 門 IT 認 証 試 験 問 題 集 提 供 者

Ch. 4 - Topics of Discussion

Cloud Computing. Chapter 1 Introducing Cloud Computing

APPLICATION PROGRAMMING INTERFACE

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

Logentries Insights: The State of Log Management & Analytics for AWS

DISTRIBUTED SYSTEMS [COMP9243] Lecture 9a: Cloud Computing WHAT IS CLOUD COMPUTING? 2

Towards a Standard PaaS Implementation API: A Generic Cloud Persistent-Storage API

Analyze & Classify Intrusions to Detect Selective Measures to Optimize Intrusions in Virtual Network

(In-)Security of Backend-as-a-Service

How to Secure Infrastructure Clouds with Trusted Computing Technologies

Top virtualization security risks and how to prevent them

How To Use Arcgis For Free On A Gdb (For A Gis Server) For A Small Business

IAAS REFERENCE ARCHITECTURES: FOR AWS

isheriff CLOUD SECURITY

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望

Evolution of Cyber Security and Cyber Threats with focus on Cloud Computing

Botnets: The dark side of cloud computing

Secure Attack Measure Selection and Intrusion Detection in Virtual Cloud Networks. Karnataka.

Technical Challenges of Forensic Investigations in Cloud Computing Environments

Security A to Z the most important terms

ConPaaS: an integrated runtime environment for elastic cloud applications

Visualizing Threats: Improved Cyber Security Through Network Visualization

Elastic Detector on Amazon Web Services (AWS) User Guide v5

Network Security Demonstration - Snort based IDS Integration -

Security Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM)

The Threat of Coexisting With an Unknown Tenant in a Public Cloud

OpenStack Introduction. November 4, 2015

IDSaaS: Intrusion Detection System as a Service in Public Clouds

Current counter-measures and responses by CERTs

OpenStack Cloud Migration : Migrating On-premise workloads to OpenStack Private Cloud

10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH Agenda. Security Cases What is Cloud? Road Map Security Concerns

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

Comparing Open Source Private Cloud (IaaS) Platforms

Opsview in the Cloud. Monitoring with Amazon Web Services. Opsview Technical Overview

How To Protect Your Cloud From Attack

Introduction to Cloud Computing

Security Model for VM in Cloud

Cloud Computing Trends

Unleash the IaaS Cloud About VMware vcloud Director and more VMUG.BE June 1 st 2012

Securing Cloud using Third Party Threaded IDS

Integrating cloud services with Polaris. Presented by: Wes Osborn

Challenges in Delivering Large-scale Services over Cloud Environments

Virtualization & Cloud Computing (2W-VnCC)

TLP WHITE. Denial of service attacks: what you need to know

The Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall.

Introduction to Cloud Computing

Cloud Computing. Cloud computing:

Unmasking Virtualization Security. Eric A. Hibbard, CISSP, CISA Hitachi Data Systems

Transcription:

by Eman Hossny, Sherif Khattab, Fatma Omara, Hesham Hassan Faculty of Computers and Information, Cairo University IBM Cloud Academy Conference ICACON 2015

Background Motivation Objective BTB Service EASI-CLOUDS project Conclusion and Future Work BTB Service, e.hossny@fci-cu.edu.eg 22 may, 2015. Slide (2 of 21)

Bot A Malicious software helps an attacker to gain full control over a computer Zombie A computer that is infected by a bot Botnet A large number of bot-infected zombies. Under the control of an attacker (Bot master) Used to launch DDoS Send spam emails Stole users' banking credentials Install additional malware BTB Service, Eman Hossny 22 may, 2015. Slide (3 of 21)

A study shows 40% of all computers connected to web are Infected bots and controlled by bot master. BTB Service, e.hossny@fci-cu.edu.eg 22 may, 2015. Slide (4 of 21)

Date October, 2009 Cybercriminal Attackers used DDoS to hack the BitBucket.org site, deployed on Amazon EC2 April, 2011 January, 2014 Attackers rented a set of Amazon EC2 VMs and initiate a massive attack. Hacked more than 100 million personal accounts of Sony s customer Four of top malware sites are deployed on Amazon Web Services (AWS): e.g., Downloadinstantly.com and powerpackmm.com Therefore, Amazon is a hornet s nest of malware April, 2015 Law enforcement groups and private security companies have broken a huge botnet (Simda Botnet). Simda Botnet: 770,000 compromised computers in 190 countries. BTB Service, Eman Hossny 22 may, 2015. Slide (5 of 21)

BTB Service, e.hossny@fci-cu.edu.eg 22 may, 2015. Slide (6 of 21)

BTB Bot TraceBack BTB Service, Eman Hossny 22 may, 2015. Slide (7 of 21)

Terminologies Use Cases BTB Architecture Detailed Operational Flow Running Scenarios BTB Service, e.hossny@fci-cu.edu.eg 22 may, 2015. Slide (8 of 21)

Attacking VM: this is the Bot VM. Attacking IP address: this is the IP address of the bot VM. Attacked VM: this is the victim VM. Attacked IP address: this is the IP address of the victim VM.

BTB Service, Eman Hossny 22 may, 2015. Slide (9 of 21)

Help customers to send BTB reports to an IaaS Provider Report Attack Customer Portal Store historical data about all VMs Identify the Bot VM Report Bot VMs BTB Reporting Service Log Report Reports & VMs DB Pull Report Pull VMs info BTB Detection Service Security-aaS Log VMs Info Retrieve Security info Operation about all available Center (SOC) VMs for all users Monitoring BTB Service, e.hossny@fci-cu.edu.eg 22 may, 2015. Slide (10 of 21)

Monitor Store and update VMs info Parse and Store report Parser Report Report Checker Search & Retrieve DB Run BTB To process a new report BTB Detection Service Search & Update Run the EASI-CLOUDS monitor API Every 5 min. To get the VMs logs Forward the report to a specific cloud provider` Send BTB Report EASI-CLOUDS BTB Service, Eman Hossny 22 may, 2015. Slide (11 of 21)

Send report REST API Send report Check report GUI Call Dumped on ClearDB online service REST API Check report REST API BTB Reporting Service Security-aaS Log Report Reports & VMs DB Pull Report Pull VMs info BTB Detection Service Security Operation Center (SOC) Both services are deployed on CloudFoundry Log VMs Info Monitoring Token API REST API Call Automatic Daemon Report checker Update monitoring info VMs information API Provided by an IaaS Cloud provider BTB Service, e.hossny@fci-cu.edu.eg 22 may, 2015. Slide (12 of 21)

BTB Reporting Service (Request)

BTB Reporting Service (Response)

Check Report Service The sent report is not processed till now

Check Report Service Finished and Caught the infected VM

Check Report Service Wrong Report ID

Aims to advance cloud computing in Europe, Egypt, and Korea Provide a comprehensive cloud computing infrastructure Includes all layers (IaaS, PaaS, and SaaS) Satisfies reliability, elasticity, security and ease-ofuse characteristics. Wins ITEA Award of Excellence in the business category. BTB Service, Eman Hossny 22 may, 2015. Slide (19 of 21)

BTB Service, e.hossny@fci-cu.edu.eg 22 may, 2015. Slide (20 of 21)

Bot Traceback (BTB) Service Objective: to identify a bot virtual machine inside an IaaS cloud provider Functionality: Reporting and Tracing back the presence of a bot inside an IaaS cloud provider in a federated environment. Implementation: implemented as a part of the security tools in the EASI-CLOUDS project. Future Work Performance evaluation of the proposed BTB service. Commercialization of the BTB service BTB Service, Eman Hossny 22 may, 2015. Slide (21 of 21)

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information