Conference PaperPDF Available

Defining the Cloud Battlefield - Supporting Security Assessments by Cloud Customers

Authors:
  • Ericsson Nikola Tesla, Split, Croatia

Abstract and Figures

Cloud computing is becoming more and more popular, but security concerns overshadow its technical and economic benefits. In particular, insider attacks and malicious insiders are considered as one of the major threats and risks in cloud computing. As physical boundaries disappear and a variety of parties are involved in cloud services, it is becoming harder to define a security perimeter that divides insiders from outsiders, therefore making security assessments by cloud customers more difficult. In this paper, we propose a model that combines a comprehensive system model of infrastructure clouds with a security model that captures security requirements of cloud customers as well as characteristics of attackers. This combination provides a powerful tool for systematically analyzing attacks in cloud environments, supporting cloud customers in their security assessment by providing a better understanding of existing attacks and threats. Furthermore, we use the model to construct "what-if" scenarios that could possible lead to new attacks and to raise concerns about unknown threats among cloud customers.
Content may be subject to copyright.
A preview of the PDF is not available
... 3.3.2 proposes a model for security assessments of cloud service providers [24] (cf. Sect. ...
... First, we will present an investigation how companies choose as CSP [155] and propose a method to support the selection of a secure provider [161]. Second, we propose a model to support the systematic analysis of attacks on cloud customers [24]. ...
... In this section, we introduce a high level approach to support cloud customers in their security assessments of the clouds [24]. The idea is to capture the security requirements of cloud customers as well as characteristics of attackers. ...
Thesis
Full-text available
In order to address security and privacy problems in practice, it is very important to have a solid elicitation of requirements, before trying to address the problem. In this thesis, specific challenges of the areas of social engineering, security management and privacy enhancing technologies are analyzed: Social Engineering: An overview of existing tools usable for social engineering is provided and defenses against social engineering are analyzed. Serious games are proposed as a more pleasant way to raise employees’ awareness and to train them. Security Management: Specific requirements for small and medium sized energy providers are analyzed and a set of tools to support them in assessing security risks and improving their security is proposed. Larger enterprises are supported by a method to collect security key performance indicators for different subsidiaries and with a risk assessment method for apps on mobile devices. Furthermore, a method to select a secure cloud provider – the currently most popular form of outsourcing – is provided. Privacy Enhancing Technologies: Relevant factors for the users’ adoption of privacy enhancing technologies are identified and economic incentives and hindrances for companies are discussed. Privacy by design is applied to integrate privacy into the use cases e-commerce and internet of things.
... However, the variety of parties involved in cloud service delivery makes it difficult for cloud stakeholders to assess their cloud risks. This new attack surface presents system administrators, cloud customers (CC), co-tenants, and external attackers with the opportunity to launch malicious or unintentional attacks [12]. As such, cloud risks require new risk assessment solutions. ...
... In response to the question seeking to find out the three most important criteria cloud providers consider when choosing partners, the top three answers were: i) security of the cloud service ii) reputation of the vendor; iii) functionality of the service, see Figure 3. Also on the subject of the transparency of supply chain and its impact on risk assessment, the providers corroborated the results of our earlier research, acknowledging many of the identified transparency features [4] as essential components of a comprehensive risk assessment. When participants were asked for the largest risk to their cloud services, they listed several risks including human error, the introduction of new cloud feature, zero-day 12 19.35% Application Service Provider (ASP) 6 9.68% attacks, data breaches, web application vulnerability, supplier change control, but the top on the list was the unavailability of the service. ...
Article
Full-text available
Cloud computing represents a significant paradigm shift in the delivery of information technology (IT) services. The rapid growth of the cloud and the increasing security concerns associated with the delivery of cloud services has led many researchers to study cloud risks and risk assessments. Some of these studies highlight the inability of current risk assessments to cope with the dynamic nature of the cloud, a gap we believe is as a result of the lack of consideration for the inherent risk of the supply chain. This paper, therefore, describes the cloud supply chain and investigates the effect of supply chain transparency in conducting a comprehensive risk assessment. We conducted an industry survey to gauge stakeholder awareness of supply chain risks, seeking to find out the risk assessment methods commonly used, factors that hindered a comprehensive evaluation and how the current state-of-the-art can be improved. The analysis of the survey dataset showed the lack of flexibility of the popular qualitative assessment methods in coping with the risks associated with the dynamic supply chain of cloud services, typically made up of an average of eight suppliers. To address these gaps, we propose a Cloud Supply Chain Cyber Risk Assessment (CSCCRA) model, a quantitative risk assessment model which is supported by decision support analysis and supply chain mapping in the identification, analysis and evaluation of cloud risks.
... However, their approach is used to compare different security measures and not different CSPs. Bleikertz et al. [22] support cloud customers with the security assessments. Their approach is focused on a systematic analysis of attacks and parties in cloud computing to provide a better understanding of attacks and find new ones. ...
Article
Full-text available
Security has become one of the primary factors that cloud customers consider when they select a cloud provider for migrating their data and applications into the Cloud. To this end, the Cloud Security Alliance (CSA) has provided the Consensus Assessment Questionnaire (CAIQ), which consists of a set of questions that providers should answer to document which security controls their cloud offerings support. In this paper, we adopted an empirical approach to investigate whether the CAIQ facilitates the comparison and ranking of the security offered by competitive cloud providers. We conducted an empirical study to investigate if comparing and ranking the security posture of a cloud provider based on CAIQ’s answers is feasible in practice. Since the study revealed that manually comparing and ranking cloud providers based on the CAIQ is too time-consuming, we designed an approach that semi-automates the selection of cloud providers based on CAIQ. The approach uses the providers’ answers to the CAIQ to assign a value to the different security capabilities of cloud providers. Tenants have to prioritize their security requirements. With that input, our approach uses an Analytical Hierarchy Process (AHP) to rank the providers’ security based on their capabilities and the tenants’ requirements. Our implementation shows that this approach is computationally feasible and once the providers’ answers to the CAIQ are assessed, they can be used for multiple CSP selections. To the best of our knowledge this is the first approach for cloud provider selection that provides a way to assess the security posture of a cloud provider in practice.
... Security concerns, which are seen as the inhibiting factor of cloud adoption, can be easily related to well researched issues. A bunch of issues is related to technical properties of cloud computing, i.e. the complex architecture [29], multi-tenancy in connection with isolation failures [24,29], and network vulnerabilities The list of risks also includes the threat of a malicious insider on the CP's side [9], who may abuse his privileges. However, this is a general outsourcing issues due to a loss of governance which can bear dangers for the cloud customers [24]. ...
Chapter
In the last ten years cloud computing has developed from a buzz word to the new computing paradigm on a global scale. Computing power or storage capacity can be bought and consumed flexibly and on-demand, which opens up new opportunities for cost-saving and data processing. However, it also goes with security concerns as it represents a form of IT outsourcing. We investigate how these concerns manifest as a decisive factor in cloud provider selection by interviews with eight practitioners from German companies. As only a moderate interest is discovered, it is further examined why this is the case. Additionally, we compared the results from a systematic literature survey on cloud security assurance to cloud customers’ verification of their providers’ security measures. This paper provides a qualitative in-depth examination of companies’ attitudes towards security in the cloud. The results of the analysed sample show that security is not necessarily decisive in cloud provider selection. Nevertheless, providers are required to guarantee security and comply. Traditional forms of assurance techniques play a role in assessing cloud providers and verifying their security measures. Moreover, compliance is identified as a strong driver to pursue security and assurance.
... Security concerns, which are seen as the inhibiting factor of cloud adoption, can be easily related to well researched issues. A bunch of issues is related to technical properties of cloud computing, i.e. the complex architecture [29], multi-tenancy in connection with isolation failures [24,29], and network vulnerabilities The list of risks also includes the threat of a malicious insider on the CP's side [9], who may abuse his privileges. However, this is a general outsourcing issues due to a loss of governance which can bear dangers for the cloud customers [24]. ...
Conference Paper
In the last ten years cloud computing has developed from a buzz word to the new computing paradigm on a global scale. Computing power or storage capacity can be bought and consumed flexibly and on-demand, which opens up new opportunities for cost-saving and data processing. However, it also goes with security concerns as it represents a form of IT outsourcing. We investigate how these concerns manifest as a decisive factor in cloud provider selection by interviews with eight practitioners from German companies. As only a moderate interest is discovered, it is further examined why this is the case. Additionally, we compared the results from a systematic literature survey on cloud security assurance to cloud customers' verification of their providers' security measures. This paper provides a qualitative in-depth examination of companies' attitudes towards security in the cloud. The results of the analysed sample show that security is not necessarily decisive in cloud provider selection. Nevertheless, providers are required to guarantee security and comply. Traditional forms of assurance techniques play a role in assessing cloud providers and verifying their security measures. Moreover, compliance is identified as a strong driver to pursue security and assurance.
... The use of the public cloud typically means that organisation's data and applications are managed outside their trust boundary and require a dynamic supply chain, which invariably introduces a new set of risks, changing the probability of success for a threat source and increasing the impact of an attack. The variety of parties involved in the delivery of a cloud service widens its attack surface [4]. While we argue that the cloud is often more secure, compared to many enterprise networks, the extent of this security is hard to verify, seeing that Cloud Service Providers (CSPs), who should be more aware of cloud risks, find it difficult to audit or assess risks due to limited visibility of security controls and lack of supplier transparency [5]. ...
Article
Full-text available
Security and privacy concerns represent a significant hindrance to the widespread adoption of cloud computing services. While cloud adoption mitigates some of the existing information technology (IT) risks, research shows that it introduces a new set of security risks linked to multi-tenancy, supply chain and system complexity. Assessing and managing cloud risks can be a challenge, even for cloud service providers (CSPs), due to the increased numbers of parties, devices and applications involved in cloud service delivery. The limited visibility of security controls down the supply chain, further exacerbates this risk assessment challenge. As such, we propose the Cloud Supply Chain Cyber Risk Assessment (CSCCRA) model, a quantitative risk assessment model which is supported by supplier security posture assessment and supply chain mapping. Using the CSCCRA model, we assess the risk of a SaaS application, mapping its supply chain, identifying weak links in the chain, evaluating its security risks and presenting the risk value in monetary terms (£), with this, promoting cost-effective risk mitigation and optimal risk prioritisation. We later apply the Core Unified Risk Framework (CURF) in comparing the CSCCRA model with already established methods, as part of evaluating its completeness.
... Cloud computing lowers the entrance barrier to service provision, especially for small and medium businesses (SMBs), who now have access to compute-intensive applications, hardware resources with no upfront cost, a platform for innovation and IT scalability [13]. The cloud supply chain is extremely complex and highly diverse; the variety of parties involved in the delivery of a cloud service widens its attack surface [14]. Studies into the supply chain of cloud services have shown that at least 80% of a typical SaaS application is made up of assembled parts, with each component representing a different level of risk [15]. ...
Conference Paper
Full-text available
Cloud computing is widely believed to be the future of computing. It has grown from being a promising idea to one of the fastest research and development paradigms of the computing industry. However, security and privacy concerns represent a significant hindrance to the widespread adoption of cloud computing services. Likewise, the attributes of the cloud such as multi-tenancy, dynamic supply chain, limited visibility of security controls and system complexity, have exacerbated the challenge of assessing cloud risks. In this paper, we conduct a real-world case study to validate the use of a supply chain-inclusive risk assessment model in assessing the risks of a multicloud SaaS application. Using the components of the Cloud Supply Chain Cyber Risk Assessment (CSCCRA) model, we show how the model enables cloud service providers (CSPs) to identify critical suppliers, map their supply chain, identify weak security spots within the chain, and analyse the risk of the SaaS application, while also presenting the value of the risk in monetary terms. A key novelty of the CSCCRA model is that it caters for the complexities involved in the delivery of SaaS applications and adapts to the dynamic nature of the cloud, enabling CSPs to conduct risk assessments at a higher frequency, in response to a change in the supply chain.
... Hence, we will restrict their security states to Trusted and Malicious only. Furthermore, the actors in the system can be further refined if we consider entities such as the manufacturer of the hardware used by the provider, the developers of the software run by the provider, and, in general, any third-party involved with the Cloud provider [3]. ...
Conference Paper
We propose a framework, called FATHoM (FormAlizing THreat Models), to define threat models for virtualized systems. For each component of a virtualized system, we specify a set of security properties that defines its control responsibility, its vulnerability and protection states. Relations are used to represent how assumptions made about a component’s security state restrict the assumptions that can be made on the other components. FATHoM includes a set of rules to compute the derived security states from the assumptions and the components’ relations. A further set of relations and rules is used to define how to protect the derived vulnerable components. The resulting system is then analysed, among others, for consistency of the threat model. We have developed a tool that implements FATHoM, and have validated it with use-cases adapted from the literature.
Book
Full-text available
Os principais problemas associados à implementação e uso da gerência de redes e serviços ocorrem devido à grande quantidade de proposições, padrões e de diferentes produtos oferecidos no mercado, dificultando consideravelmente a tomada de decisão no que se refere a utilização da abordagem de gerência de redes e serviços mais adequada. Além disso, novas tendências na área de gerência de redes e serviços vêm sendo pesquisadas, entre estas destacam-se atualmente: gerência de redes sem fio, de sensores, óticas, futura internet, internet das coisas, internet espacial...; áreas funcionais de segurança, configuração, desempenho, contabilidade...; gerência de serviços de multimídia, data centers, grid, cloud, fog, edge virtualização...; e gerência centralizada, autonômica, distribuída, auto-gerência, baseada em políticas... Estas novas tendências vêm sendo pesquisadas no Laboratório de Redes e Gerência (LRG) da UFSC e a partir deste projeto as mesmas poderão ser aperfeiçoadas através das seguintes atividades deste projeto: A - Aperfeiçoamentos na Gerência Autonômica para Fog e IoT; B - Aperfeiçoamentos na Qualidade de Serviço para Aplicações de Tempo Real em IoT e Fog; C Aperfeiçoamentos na Segurança para Fog e IoT; D - Aperfeiçoamentos no Sistema de Resposta de Intrusão Autonômica em Cloud e IoT; E - Aperfeiçoamentos na Privacidade em Gerência de Identidade para Federações Dinâmicas em Cloud e IoT; e F - Aperfeiçoamentos no Controle de Acesso Dinâmico Baseado em Risco para uma Federação de Nuvem e IoT..
Chapter
Full-text available
In the age of cloud computing, IT infrastructure becomes virtualised and takes the form of services. This virtualisation results in an increasing de-perimeterisation, where the location of data and computation is irrelevant from a user’s point of view. This irrelevance means that private and institutional users no longer have a concept of where their data is stored, and whether they can trust in cloud providers to protect their data. In this chapter, we investigate methods for increasing customers’ trust into cloud providers, and suggest a public penetration-testing agency as an essential component in a trustworthy cloud infrastructure.
Article
This paper reports a detailed analysis and categorization of various security threats in a cloud computing environment along with a brief taxonomy of intrusion detection system. The security attacks are launched on a private cloud and the detection and prevention are carriedout by using SNORT IDS. A portscan and TCP Flood attack are used for the analysis purpose.
Conference Paper
We present our preliminary work in using argumentation logics to reason about security administration tasks. Decisionsabout network security are increasingly complex, involvingtradeoffs between keeping systems secure, maintaining system operation, escalating costs, and compromising functionality. In this paper we suggest the use of argumentation to provide automated support for security decisions. Argumentation is a formal approach to decision making that has proved to be effective in a number of domains. In contrast to traditional first order logic, argumentation logic provides the basis for presenting arguments to a user for or against a position, along with well-founded methods for assessing the outcome of interactions among the arguments. We demonstrate the use of argumentation in a reconfiguration problem, to diagnose the root cause of cyber-attack, and to set policies.
Conference Paper
In recent years, Cloud Computing has gained remarkable popularity due to the economic and technical benefits provided by this new way of delivering computing resources. Businesses can offload their IT infrastructure into the cloud and benefit from rapid provisioning, scalability, and cost advantages. While cloud computing can be implemented on different abstraction levels, we focus on Infrastructure Clouds such as Amazon EC2 [1] that provide virtual machines, storage, and networks.