Module: Cloud Computing Security

Module: Cloud Computing Security Professor Trent Jaeger Penn State University 1

Cloud Computing Is Here Why not use it? Systems and Internet Infrastructure Security (SIIS) Laboratory 2

What s Happening in There? Systems and Internet Infrastructure Security (SIIS) Laboratory 3

Overview Cloud computing replaces physical infrastructure Is it safe to trust these services? 4

From Data Center to Cloud Systems and Internet Infrastructure Security (SIIS) Laboratory 5

Reasons to Doubt History has shown they are vulnerable to attack SLAs, audits, and armed guards offer few guarantees Insiders can subvert even hardened systems Data Loss Incidents Incident Attack Vector 986 903 770 695 641 678 06 07 08 09 10 11 External 54% Accidental 23% Insider 16% Unknown 7% Credit: The Open Security Foundation datalossdb.org 6

Cloudy Future New problem or new solution? New challenges brought on by the cloud (plus old ones) Utility could provide a foundation for solving such challenges Systems and Internet Infrastructure Security (SIIS) Laboratory 7

Cloudy Future Improve on data centers? On home computing? Seems like a low bar Systems and Internet Infrastructure Security (SIIS) Laboratory 8

What is Cloud Computing? Cloud vendor provides managed computing resources for rent by customers What do you want to rent? (Virtualized) Hosts (Infrastructure as a Service) Rent cycles: Amazon EC2, Rackspace Cloud Servers, OpenStack Environment (Platform as a Service) Rent instances: Microsoft Azure, Google App Engine Programs (Software as a Service) Rent services: Salesforce, Google Docs Other variations can be rented 9

What is Cloud Computing? 10

IaaS Platform: OpenStack Cloud Customer Client Cloud API Cloud Database Instances Message Queue Cloud Node Cloud Vendor Network Controller Scheduler Image Store Volume Store Systems and Internet Infrastructure Security (SIIS) Laboratory 11

PaaS Platform: Google App Platform for deploying language-specific apps Java, Python, PHP, etc. Vendor provides OS and middleware E.g., Web server, interpreters Customers deploy their customized apps You focus on custom code Clients use these apps Analogously to IaaS 12

How to Build an IaaS Cloud? Vendors obtain hardware resources for Various cloud services: API, Messages, Storage, Network,... Compute nodes for running customer workloads Install your hardware Need to choose software configurations specific for services and compute nodes Start your hosts Join the cloud - services and available compute nodes Now your cloud is running Have fun! Customers are ready to use your services and nodes 13

How to Use an IaaS Cloud? Customers choose an OS distribution These are published by the cloud vendor and others Obtain cloud storage necessary to store these and your data Configure your instance (VM) Prior to starting - enable you to login and others to access the instance s services Start your instance Boots the chosen OS distribution with the configurations Now your instance is running Have fun! Login via SSH or ready for your clients 14

Multiple Stakeholders Are my data protected? Client Data Clients Are my services running correctly? Service Providers Cloud Instance (VM) Is my platform secure? Cloud Administrators Cloud Node Systems and Internet Infrastructure Security (SIIS) Laboratory 15

Cloud Complexity Cloud environment challenges Opaque, Complex, Dynamic Insiders, Instances, Co-hosting Client VM VM VM Cloud Platform Cloud Service Node Cloud Node VM Cloud Node Cloud Node 16

What Could Go Wrong? What do customers depend on from the cloud? Trust Model Are those parties worthy of our trust? Who are potential adversaries in the cloud? Threat Model Are customers protected from their threats? What would be ideal from a security standpoint? Ideal Security Model How many trusted parties and how many threats? 17

our case, operates the IaaS cloud infrastructure, authenticates users and bills them for the resources they consumed. The Publisher creates and publicly o ers cloud apps, called Amazon Machine Images (AMIs). For this, he selects an existing AMI (AMI-1 in Fig. 1), instantiates it (Instance-1 AMI-1 ), logs into the running instance to configure it, and finally publishes a snapshot as a new AMI (AMI-2). The Consumer selects this AMI from a list of available AMIs, instantiates it (Instance-2 AMI-2 ), and uses it for her purposes. Optionally, a Publisher can declare an AMI as paid AMI to earn money from Consumers invoking it. Published Instances Consumers use published instances!"#$%&'()* +,-&".()* -.&/#012$+,& 8.&$5,& Systems and Internet Infrastructure Security (SIIS) Laboratory =05*60/,>3 '?=>3& 9.&($:"45;& =05*60/,>- '?=>-&!),/%0()* 3.&405*6076*,& <.&405*6076*,&!"#$%&'((& )*#+,& '?=>3 & '?=>- & Figure 1: Basic System Model of Cloud App Store Who do you trust? What are threats? code repositories, administ of credentials of various we The Cloud App Store poses security challenges for both, SSH Vulnerabilities in Consumers and Publishers (see also [48, 17]). several vulnerabilities in AM Security of Consumer. The Consumer must trust the rect usage and configuratio Publisher not to include any malware into the AMI. Such tested 1100 public AMIs in a malicious AMI could contain a Trojan horse that spies contain an SSH backdoor, i on or modifies the Consumer s data, or a backdoor for malicious remote login. Even though full protection against such and informs a ected custom in which a backdoor was fo In this paper we show tha dents are only the tip of the available AMIs have severe highly sensitive data. Our Contribution and Ou After summarizing relat ground information on the in 3 we present the followi Extraction of Sensitiv AMIs (cf. 4). Through a to extract highly sensitive i available EC2 AMIs. To m e ective we developed an a search strategies and explo the Amazon cloud. The co less than $20 while the inf AMIs would allow an attac several $10, 000 per day and tion of several companies th After testing overall 1225 allows remote login for the 18 ple instances that use the s

SSH Study [AmazonIA] Publisher left an SSH user authentication key in their AMI Fortunately, Amazon agreed that this is a violation Unfortunately, it was not an isolated problem 30% of 1100 AMIs checked contained such a key Also, pre-configured AMIs had SSH host keys Thus, all instances use the same host key pair Implications? 19

Security Configuration Zillions of security-relevant configurations for instances Do you have the right code and data installed? Are you running the expected code? Discretionary access control Firewalls Mandatory access control SELinux, AppArmor, TrustedBSD, Trusted Solaris, MIC Application policies (e.g., Database, Apache) Pluggable Authentication Modules (PAM) Application configuration files Plus new configuration tasks for the cloud - e.g., storage Systems and Internet Infrastructure Security (SIIS) Laboratory 20

Cloud Service Vulnerabilities Vulnerabilities have been found in cloud services E.g., OpenStack identity service, web interface, and API service Adversaries who compromise such services may launch a variety of attacks E.g., Key Injection Attack mised cloud services by compute the serker crafted responses service reponse (i.e. Step 1 nova keypair-add mykey API Service mykey : ssh-rsa ABC Database lify and analyze each Step 2 nova boot --key-name mykey API Service mykey : ssh-rsa ABC Compute Service btain sensitive data ugh taking a snapshot Systems and Internet Infrastructure Security (SIIS) Laboratory ssh-rsa ABC ssh-rsa DEF Fig. 3: Key Injection Attack 21

Insiders Although the vendor may have a good reputation, not every employee may Embracing the cloud Trust me with your code & data You have to trust us as well Client Cloud Provider Cloud operators Problem #1 Client code & data secrecy and integrity vulnerable to attack Systems and Internet Infrastructure Security (SIIS) Laboratory 22

Insider Threats May trust the cloud vendor company But, do you trust all its employees? Insiders can control platform Determine what software runs consumers code Insiders can monitor execution Log instance operation from remote Insiders may have physical access Can monitor hardware, access physical memory, and tamper secure co-processors 23

Co-Hosting Threats An instance co-hosted on the same physical platform could launch attacks against your instance Co-hosted instances share resources Computer CPU, Cache, Memory, Network, etc. Shared resources may be used as side channels to learn information about resource or impact its behavior 24

Resource Freeing Attacks Setup Victims One or more VMs with public interface Beneficiary VM whose performance we want to improve (contend over target resource) Helper Mounts attack using public interface Vic&m# VM# VM# Beneficiary# Helper& 25

Resource Freeing Attacks Resource contention over the CPU Schedule beneficiary more frequently Attack: shift resource usage via public interface Normally, victim is scheduled and pollutes the cache Approach lower scheduling priority Make victim appear CPU-bound RFA$intensi*es$ $*me$in$ms$per&second& 60%$ Performance$ Improvement$ 196%$slowdown$ 86%$slowdown$ 26

Preventing Vulnerabilities How would you prevent these threats? Misconfigured instances Untrusted cloud services Insiders Side channels (Attacks to cloud platform also) 27

Verifiable Computation Your services are black boxes - to the cloud! Send a program and encrypted data Program computes over encrypted data Scheme: KeyGen (for Program), Compute (Program), Verify Client Data Service Depends on heavy crypto - homomorphic encryption 28

Pinocchio [Oakland 2013] New cryptographic protocol for general-purpose public verifiable computation with support for zero-knowledge arguments Big advance: Performance History: PCP (2007) = 72 trillion years, GGP (2010) = 37 centuries, Pepper/Ginger (2012) = 6 oom improvement, Pinocchio = 7 oom improvement (often ~10ms) Encoding in quadratic programs ; signature depends only on security constant Idea behind quadratic arithmetic programs: each multiplication gate is a small expression. Construct polynomials that encode the equations, such that if the evaluation is correct, then D(z) / P(z). Then the protocol just checks divisibility randomly Beats local C execution (for verification) 29

Integrity Monitor Concept Integrity monitor similar to a reference monitor Mediate access to service based on integrity criteria Integrity Client Data Service Monitor Challenges Where do we measure integrity-relevant events? How do we verify ongoing integrity? How can we deploy this in a cloud environment? 30

Excalibur Policy-sealed data [USENIX Sec 2012b] Do not release my data to the cloud until that cloud satisfies my requirements Customer-chosen policy How to ensure that only nodes that satisfy customerchosen policy get data? Attribute-based encryption Encrypt data using ABE description of load-time configuration A verifiable monitor is trusted to delegate correct credentials to nodes (using hardware-based attestations - e.g., via TPM) Systems and Internet Infrastructure Security (SIIS) Laboratory 31

Excalibur Approach Excalibur Architecture!! Check node configurations! Monitor attests nodes in background! Scalable policy enforcement! CP-ABE operations at client-side lib Customer Monitor seal attest & send credential + Policy-Sealed Data unseal 13 Nuno Santos 4/19/13 Datacenter From Nuno Santos slides Systems and Internet Infrastructure Security (SIIS) Laboratory 32

Runtime Monitoring Excalibur does not address runtime issues with instance Customers may want to ensure that clients of their services only receive communications from satisfactory instances Customer may want to take remediative actions Systems and Internet Infrastructure Security (SIIS) Laboratory 33

Integrity Verification Proxy Clients specify criteria to be enforced by a channel mediator [TRUST 2012] Set of measurement modules verifies the criteria Loadtime modules measure VM components VM Introspection to examine runtime criteria E.g., Binaries/data loaded, enforcement disabled, policy changes, kernel data (binary handler), etc. Client (1) Register criteria (2) Verify Monitor / Node Integrity Verification Proxy (3) Verify VM Channel Mediator (5) Report Violation Modules Measure Framework Monitor VM VM (4) Connect Cloud Node 34

Cloud Verifier Overview Cloud Anchor [CCSW 2010, TrustCom 2012] +IVP in OpenStack [CSAW 2013] Client monitors CV and cloud criteria CV monitors cloud node IVP monitors cloud instance Client Client provides criteria Cloud Verifier Client criteria sent to IVP IVP Node Cloud Instance Client stops using Cloud Disable Cloud Node Block connection at the Cloud Node Systems and Internet Infrastructure Security (SIIS) Laboratory 35

Customer-Driven Monitoring CV/IVP Limitation IVP must be trusted by cloud vendor Part of management VM What if you need to perform monitoring that the cloud vendors will not support? Systems and Internet Infrastructure Security (SIIS) Laboratory 36

Self-Service Clouds Customizable cloud platform stack [CCS 2012] Why do these problems arise? Management$ VM$(dom0)$ Work" VM" Work" VM" Work" VM" Hypervisor Hardware Slides courtesy of Vinod Ganapathy 14" Systems and Internet Infrastructure Security (SIIS) Laboratory 37

Self-Service Clouds Customizable cloud Our platform solution stack [CCS 2012] SSC: Self-service cloud computing Management$ VM$ Client s$vms$ Hypervisor Hardware 19" Systems and Internet Infrastructure Security (SIIS) Laboratory 38

Self-Service Clouds Customizable cloud platform stack [CCS 2012] An SSC platform UDom0 boots customer-defined Service VMs SDom0$ UDom0$ Client s$metabdomain$ Service$ VM$ Work$ VM$ Work$ VM$ SSC Hypervisor Hardware Equipped$with$a$Trusted$Plaiorm$Module$(TPM)$chip$ Systems and Internet Infrastructure Security (SIIS) Laboratory 25" 39

Take Away Cloud computing is here to stay In some form May be a solution or a problem or both Introduces new types of vulnerabilities into systems we ran on data centers - which had vulnerabilities to begin with Ultimately, have to improve service providers jobs Make it easy to ensure that systems perform as expected Two possible methods Verifiable computation and instance monitoring 40