PresentationPDF Available

Clouds and Security: A Scrutinized Marriage

Authors:

Abstract and Figures

T2. Clouds and Security: A Scrutinized Marriage Presenters: Prof. Dr. Carlos Becker Westphall, Federal University of Santa Catarina, Brazil Prof. Dr. Carla Merkle Westphall, Federal University of Santa Catarina, Brazil Introduction Motivation Cloud security challenges and problems Basic concepts Cloud computing Security Cloud Security Concerns Identity and access management Privacy Trust management and federations Related work and Technologies Research questions Research proposals Current Technologies Conclusion
No caption available
… 
No caption available
… 
No caption available
… 
No caption available
… 
No caption available
… 
Content may be subject to copyright.
Carla Merkle Westphall, Carlos Becker Westphall,
Jorge Werner, Rafael Weingärtner, Paulo Fernando Silva,
Daniel Ricardo dos Santos, Kleber Magno Maciel Vieira
Tutorial at NexComm 2016
February 21, 2016 - Lisbon, Portugal
Clouds and Security:
A Scrutinized Marriage
Summary
2
1. Introduction
1.1 Motivation
1.2 Cloud security challenges and problems
2. Basic concepts
2.1 Cloud computing
2.2 Security
3. Cloud Security Concerns
3.1 Identity and access management
3.2 Privacy
3.3 Trust management and federations
Summary
3
4. Related work and Technologies
4.1 Research questions
4.2 Research proposals
4.3 Current Technologies
5. Conclusions
1. Introduction
4
Security in cloud computing really is a
“Scrutinized Marriage: challenging, needs a
careful understanding and involves many areas
Cloud computing provides convenient, on-
demand access to a shared pool of resources:
networks, servers, storage, applications, and
services
It is necessary security in many layers of
software and hardware!
Applications and web
Virtualization
Cryptography
5
1. Introduction
6
identities
rely on
Business
online
SECURITY
Digital identity: electronic
representation of sensitive information
Users want privacy!
1.1 Motivation
Deployment of security in large-scale scenarios is
cheaper (filters, patch management, virtual
machine protection)
Large cloud providers can hire experts
Updates are faster in homogeneous environments to
respond to incidents
Standard images of VMs and software can be
updated with security configurations and patches
“Same value of security investments buy better
protection"
7
1.1 Motivation
Defenses of cloud environments can be
more robust, scalable and have a better
cost-effective, but ...
.... the large concentration of resources
and data is a more attractive target for
attackers
8
1.2 Cloud security
challenges and problems
9
A great number of threats: data breaches, data loss,
abuse of cloud services, …
Enterprises are increasing cloud use and need
security
Identities are spread all over cloud computing
Privacy issues have to be improved and satisfied
Trust should be well defined
2. Basic Concepts
10
2.1 Cloud Computing
2.2 Security
2.1 Cloud Computing
NIST SP-800-145 - The NIST Definition:
“A model for enabling ubiquitous, convenient, on-
demand network access to a shared pool of configurable
computing resources (e.g., networks, servers, storage,
applications, and services) that can be rapidly provisioned
and released with minimal management effort or service
provider interaction. This cloud model promotes
availability and is composed of five essential
characteristics, three service models, and four
deployment models.”
11
Source: Stallings, 2014
Cloud Computing Elements
12 12
Source: Stallings, 2014
Cloud Computing Context
Source: Stallings, 2014 13
Popular services
IaaS: Amazon EC2, Windows Azure,
Rackspace (backup)
PaaS: Google App Engine, Cloud Foundry,
force.com
SaaS: Office 365, Dropbox, salesforce.com,
Google Apps
Cloud management: CloudStack, OpenStack
14
http://cloudtaxonomy.opencrowd.com/
http://talkincloud.com/
NIST Cloud Computing
Reference Architecture (NIST SP 500-292 )
“The NIST cloud computing reference architecture focuses
on the requirements of “what” cloud services provide, not
a “how to” design solution and implementation. The
reference architecture is intended to facilitate the
understanding of the operational intricacies in cloud
computing. It does not represent the system architecture
of a specific cloud computing system; instead it is a tool
for describing, discussing, and developing a system-
specific architecture using a common framework of
reference.”
15
Source: Stallings, 2014
NIST Reference Architecture
16
Source: Stallings, 2014
Roles and Responsibilities
Cloud carrier
connectivity and transport of cloud
services between consumers and CPs
Cloud broker
Useful when cloud services are too complex for a cloud
consumer to easily manage
Service intermediation
Value-added services such as identity management,
performance reporting, and enhanced security
Service aggregation
The broker combines multiple services to meet consumer
needs not specifically addressed by a single CP, or to optimize
performance or minimize cost
Service arbitrage
flexibility to choose services from multiple agencies
Cloud auditor
An independent entity that can
assure that the CP conforms to a
set of standards
17
Source:
Stallings,
2014
18
Source: https://wiki.lrg.ufsc.br/mediaWiki/index.php/Cloud.
2.2 Security
19
only authorized users have access to
information
Confidentiality
prevent/detect modification/corruption
of information
Integrity
ensure that legitimate users will have
properly allowed access
Availability
guarantee the validity of data and
identity information
Authenticity
2.2 Security
20
Threats conditions or events that provide a
potential security violation
Vulnerability failure or improper feature
that can be exploited
Attack set of actions made by unauthorized
entity seeking security breaches
2.2 Security
OWASP Top Ten
A1 Injection flaws, such as SQL, OS, and LDAP injection
occur when untrusted data is sent to an interpreter as
part of a command or query. The attacker’s hostile data
can trick the interpreter into executing unintended
commands or accessing data without proper
authorization.
A3 - Cross-Site Scripting (XSS) occur whenever an
application takes untrusted data and sends it to a web
browser without proper validation or escaping. XSS allows
attackers to execute scripts in the victim’s browser which
can hijack user sessions, deface web sites, or redirect the
user to malicious sites.
21
SQL Injection Illustrated
Firewall
Hardened OS
Web Server
App Server
Firewall
Databases
Legacy Systems
Web Services
Directories
Human Resrcs
Billing
Custom Code
APPLICATION
ATTACK
Network Layer Application Layer
Accounts
Finance
Administration
Transactions
Communication
Knowledge Mgmt
E-Commerce
Bus. Functions
HTTP
request
SQL
query
DB Table
HTTP
response
"SELECT * FROM
accounts WHERE
acct=‘’ OR 1=1--
’"
1. Application presents a form
to the attacker
2. Attacker sends an attack in
the form data
3. Application forwards attack
to the database in a SQL
query
Account Summary
Acct:5424-6066-2134-4334
Acct:4128-7574-3921-0192
Acct:5424-9383-2039-4029
Acct:4128-0004-1234-0293
4. Database runs query
containing attack and sends
encrypted results back to
application
5. Application decrypts data
as normal and sends results
to the user
Account:
SKU:
Account:
SKU:
Source: OWASP Top Ten Site
23
Cross-Site Scripting Illustrated
Application with
stored XSS
vulnerability
3
2
Attacker sets the trap update my profile
Attacker enters a
malicious script into a
web page that stores
the data on the server
1
Victim views page sees attacker profile
Script silently sends attacker Victim’s session cookie
Script runs inside
victim’s browser with
full access to the DOM
and cookies
Custom Code
Accounts
Finance
Administration
Transactions
Communication
Knowledge
Mgmt
E-Commerce
Bus. Functions
Source: OWASP Top Ten Site
25
3. Cloud Security Concerns
26
3.1 Identity and access management
3.2 Privacy
3.3 Trust management and federations
Cloud Security Alliance Top Threats
Bugiel et al. 2011 run their tool on
publicly Amazon EC2 images-SSH
user keys were leaked.
1. Data Breaches
Mat Honan: attackers broke into
Mat’s Apple, Gmail and Twitter
accounts. All of his personal data in
those accounts were erased.
2. Data Loss
XSS in cloud service providers can be
exploited by attackers to steal end-
user credentials (Amazon 2010- Zeus
botnet, Salesforce 2015).
3. Account Hijacking
27
CSA 2013: top threats
Cloud Security Alliance Top Threats
Customers use APIs and interfaces to
manage cloud services. Problems:
anonymous access or reusable
passwords, authentication and
unencrypted data transmission,
improper authorization, monitoring and
limited logging.
4. Insecure
APIs
To force the victim to consume
inordinate amounts of processor power,
memory, disk space or network
bandwidth. DDoS attacks can cause an
intolerable system slowdown. XML-
based (X-DoS), HTTP-based (H-DoS).
5. Denial of
Service
28
CSA 2013: top threats
29
Cloud Security Alliance Top Threats
The malicious insider has increasing levels
of access to critical systems/data.
6. Malicious
Insiders
Unlimited computing power, network and
storage used by a registered user who can be
spammer or distribute malicious code.
7. Abuse of
Cloud Services
Without a complete understanding of the
CSP, organizations are taking on unknown
levels of risk they may not comprehend.
8. Insufficient
Due Diligence
Lack of strong isolation properties for a
multi-tenant architecture (IaaS), re-
deployable platforms (PaaS), or multi-
customer applications (SaaS).
9. Shared
Technology
Issues
30
CSA 2013: top threats
Cloud Security Countermeasures
Data
breaches
and data
loss
implement strong API access control;
encrypt and protect integrity of data in
transit; analyze data protection at both
design and run time; implement strong
key generation, storage and management,
and destruction practices
Account
hijacking prohibit the sharing of account credentials
between users and services; leverage
strong two-factor authentication where
possible; employ proactive monitoring to
detect unauthorized activity; understand
CP security policies and SLAs
31
Cloud Security Countermeasures
Insecure
APIs analyzing the security model of CP
interfaces; ensuring that strong
authentication and access controls are
implemented in concert with encryption
machines; understanding the dependency
chain associated with the API
Malicious
insiders specify human resource requirements as
part of legal contract; require
transparency into overall information
security and management practices;
determine security breach notification
processes
32
Cloud Security Countermeasures
Abuse of
Cloud
Services
stricter initial registration and validation
processes; enhanced credit card fraud
monitoring; comprehensive introspection
of customer network traffic; monitoring
public blacklists
Shared
Technology
Issues
security for installation/configuration;
monitor environment for unauthorized
changes/activity; strong authentication
and access control; enforce SLAs; conduct
vulnerability scanning and configuration
audits
33
Guidelines on Security and Privacy in Public Cloud
Computing
Governance
Compliance
Trust
Architecture
Identity and Access Management
Software isolation
Data protection
Availability
Incident response
NIST SP 800-144
34
35
Cloud Security Alliance
Governance domains
Operational domains
1. Traditional Security, Business Continuity, and
Disaster Recovery
2. Datacenter operations
3. Incident Response
4. Application Security
5. Encryption and Key Management
6. Identity, Entitlement, and Access Management
7. Virtualization
8. Security as a Service
36
Cloud Security as a Service (SecaaS)
CSA - Cloud Security Alliance, 2013
Source: Stallings, 2014
37
Challenges - Multi-tenancy
Different needs: security, SLA, governance,
policies...
38
Challenges Applications and IAM
Application security (IaaS, PaaS, SaaS)
Identity and Access Management (IAM)
Proliferation of identities
Single Sign On
Identity Federation
Privacy
Access control
39
3.1 Identity and Access Management
40
“The process of creation, management
and use of identities and the
infrastructure that provides support
for this set of processes.”
Multiple identities:
Work
Shopping
Hospital
41
3.1 Identity and Access Management
Components (ISO/IEC 24760-1):
Entity: an item inside a system - a person, a
device, an organization, a SIM card, a passport
Identity: set of attributes related do an entity
Identifier: unique identity; distinguishes one
entity from another in a domain
Credential: representation of an identity
(facilitates data authentication of identity info)
username/password, PIN, smartcard, passport
42
3.1 Identity and Access Management
Identity Provider (IdP): provides identity
information; usually authenticates an entity
Service Provider (SP)/Relying Party (RP):
provides services and usually receives
credentials from a trusted IdP to perform
authorization tasks
43
3.1 Identity and Access Management
Federation:
agreement between two or more domains
specifying how identity information will be
exchanged and managed for cross-domain
identification purposes
agreement on the use of common protocols
and procedures (privacy control, data
protection, standardized data formats and
cryptographic techniques)
enables Single Sign-On (SSO)
3.1 Identity and Access Management
44
45
Without
Federation
Source: https://www.incommon.org/images/with_without_lg.jpg
46
Source: https://www.incommon.org/images/with_without_lg.jpg
With
Federation
47
Open source technologies
Shibboleth (https://shibboleth.net/)
Internet 2
SAML (Security Assertion Markup Language)
Academy (some commercial members)
OpenID Connect (http://openid.net/connect/)
Defined protocol
OpenID Foundation
JSON (JavaScript Object Notation) + OAuth 2
Academy and industry
Demo site: https://aai-demo.switch.ch
48
Shibboleth flow
49
Shibboleth flow
50
Federations
Shibboleth
InCommon, United States
SWITCHaai, Switzerland
HAKA, Finland
CRU, France
RCTSaai, Portugal
CAFe, Brazil
RADIUS Federation
eduroam (education roaming)
51
OpenID Connect (OIDC) flow
52
SAML x OIDC
SAML
OIDC
Service
Provider
SP
RP (Relying Party)
Identity
Provider
IdP
OP (OpenID Connect
Provider)
Attributes
Attributes
Scopes (groups
of
attributes)
Language
XML
JSON+REST
Encryption
TLS
JOSE (JSON Object Signing
and Encryption)
SSO
Web SSO only
Yes
Mobile Apps
Web browser only
Mobile
app & Web browser
Source: http://apicrazy.com/2014/08/18/why-the-future-of-identity-is-openid-connect-and-not-saml/
53
IAM Systems in Cloud
Source: Bertino and Takahashi, 2010.
IAM in Cloud CSA Guide
54
Domain 12 - Identity, Entitlement, & Access
Management
Identity Provisioning
Authentication
Federation
Access Control and User profile management
IDaaS Cloud Identity as a Service
55
IAM services
Vendors
Centrify
OneLogin
Ping Identity
Covisint
SailPoint Technologies
CA Technologies
Okta
ForgeRock (OpenAM)
3.2 Privacy
56
“Privacy refers to the ability of the
individuals to protect information about
themselves.” (Goldberg, Wagner and Brewer, 1997)
“Protection of personally identifiable
information (PII) within information and
communication technology (ICT)
systems.” (ISO/IEC 29100, 2011)
3.2 Privacy
57
Characteristics (Birrell and Schneider, 2013)
undetectability - concealing user actions
unlinkability - concealing correlations
between combinations of actions and
identities (for example, untraceability)
selective disclosure/confidentiality -
enabling users’ control over dissemination
of their attributes
58
PII
Source: ISO/IEC 29100, 2011
3.2 Privacy
59
Privacy Protection in IDM (ISO/IEC 29100):
Selective disclosure: gives a person a
measure of control over the identity info
Minimal disclosure: minimum information
strictly required
Pseudonym identifier: contains the minimal
identity information to allow a verifier to
establish it as a link to a known identity
Anonymity: an entity can be recognized as
distinct, without sufficient info to establish a
link to a known identity
3.2 Privacy
60
3.2 Privacy - Legislation
61
Europe: Directive 95/46/ec protection of
personal data
Brazil: Law n. 12965 from April 23rd, 2014 -
establishes principles, guarantees, rights and
duties for the use of the Internet (privacy
protection)
USA: HIPAA (Health Insurance Portability and
Accountability Act of 1996) - privacy of
individually identifiable health information
Canada: Personal Information Protection and
Electronic Documents Act
62
Source: Corella and Lewison, 2013
3.2 Trust management and federations
63
“When Alice trusts Bob, A is willing to assume
an open and vulnerable position and expects
Bob to refrain from opportunistic behavior even
if there is the possibility to show this behavior.”
“Technically, entity A trusts entity B if B
can break the security or privacy policy of A
without As cooperation or knowledge.
(Adapted from Alpar, Hoepman and Siljee, 2011)
3.2 Trust management and federations
64
An identity federation is a trust relationship!
Identity provider: correct behavior to
authenticate the user and to provide user
attributes
Service provider: correct behavior in
providing the service
Both have to follow federation agreements,
security and privacy policies
3.2 Trust management and federations
65
Trust techniques in cloud (Noor et. al., 2013):
Policy: one of the most popular; specifies a
minimum trust threshold in order to
authorize access (metrics of SLA, credibility)
3.2 Trust management and federations
66
…Trust techniques in cloud (Noor et. al., 2013):
Recommendation
Reputation
Prediction
4. Related work and Technologies
67
4.1 Research questions
4.2 Research proposals
4.3 Current Technologies
4.1 Research questions
68
IAM Privacy problems
Leak of identification attributes
User identity discovery
Unnecessary release attributes to SP
Users are not aware of which attributes are
disseminated
Improper handling of attributes
Unauthorized access to resources
Discovery of sensitive information
4.1 Research questions
69
Lack of control over user's PII
Lack of PII release policies (lack support
and transparency to disseminate PII)
Lack of privacy control in interactions
4.1 Research questions
70
Levels of trust in cloud federations
Privacy in cloud federations
Cloud authorization
Confidence in security of cloud
environments and cloud services
Intrusion detection in cloud
4.2 Research proposals
71
Sanchez et. al., 2012: The work uses a
reputation metric for trust and dynamic
federation establishment in cloud. Privacy
preferences are defined by the user.
72
Source: Sanchez et. al., 2012
4.2 Research proposals
73
Celesti et. al., 2010: proposes InterCloud
identity management infrastructure in order
to enable cloud federations using
authentication of home clouds in IdPs of
foreign clouds.
74
Source: Celesti et. al., 2010
4.2 Research proposals
75
Betge-Brezetz et. al., 2012: It was proposed an
architecture able to tackle multilevel privacy
policies (the application level actions and the
cloud infrastructure level actions). This
architecture is based on a paradigm of
sticking the policies to data.
76
Source: Betge-Brezetz et. al., 2012
77
Source: Betge-Brezetz et. al., 2012
4.2 Research proposals
78
dos Santos et. al., 2014: A dynamic risk-based access
control architecture for cloud computing
Weingärtner and Westphall, 2014: Enhancing Privacy on
Identity Providers
Werner et. al., 2015: An Approach to IdM with Privacy in
the Cloud
Bodnar et. al., 2016: Towards Privacy in Identity
Management Dynamic Federations
Silva et. al., 2015: Model for Cloud Computing Risk
Analysis
Vieira et. al., 2015: Providing Response to Security
Incidents in the Cloud Computing with Autonomic
Systems and Big Data
79
Source: dos Santos et. al., 2014
80
Source: Weingärtner and Westphall, 2014
81
Source: Werner et. al., 2015
82
83
Source: Bodnar et. al., 2016
4.2 Research proposals
84
The following paper is detailed in the next slides:
Silva et. al., 2015: Model for Cloud Computing Risk
Analysis
Introduction
Related Works
The RACLOUD Model
Results
Conclusions
Future Works
Summary
Source: Silva et. al., 2015 85
Introduction
Risk analysis has been a strategy used to address
the information security challenges posed by
cloud computing.
Recent approaches on cloud risk analysis did not
aim at providing a particular architecture
model for cloud environments.
Source: Silva et. al., 2015 86
Current models have the following deficiencies:
Deficiency in the adherence of Cloud
Consumer (information assets).
Deficiency in the scope (security
requirements).
Deficiency in the independence of results.
Source: Silva et. al., 2015
Introduction
87
This work proposes a model for performing risk
analyzes in cloud environments:
Considers the participation of the CC (Cloud
Consumer).
Enabling the development of a risk analysis
scope that is impartial to the interests of the
CSP (Cloud Service Provider).
Does not have the centralized performance of
risk analysis for the CSP.
Source: Silva et. al., 2015
Introduction
88
Related Work
Ristov (2012): Risk analysis based on ISO 27001;
Ristov (2013): Risk Analysis for OpenStack,
Eucalyptus, OpenNebula and CloudStack
environment;
Mirkovié (2013): ISO 27001 controls the cloud;
Rot (2013): Study of threats in the cloud;
Liu (2013): Risk assessment in virtual machines;
Source: Silva et. al., 2015 89
Hale (2012): SecAgreement for monitoring
security metrics;
Zech (2012): Risk analysis of external interfaces;
Wang (2012): Analysis of risk based CVE
(Common Vulnerabilities Exposures);
Khosravani (2013): A case study of the
requirements of CC;
Lenkala (2013): Metrics for risk analysis in the
cloud.
Source: Silva et. al., 2015
Related Work
90
The RACLOUD Model
Risk Definition Language
Architectural Components
Risk Modeling
Risk Specification Phase
Risk Evaluation Phase
Source: Silva et. al., 2015 91
Risk Definition Language
Source: Silva et. al., 2015 92
Architectural Components
Source: Silva et. al., 2015 93
Source: Silva et. al., 2015
Risk Modeling
94
Risk Modeling
Source: Silva et. al., 2015 95
Risk Specification Phase
Source: Silva et. al., 2015 96
Risk Evaluation Phase
Source: Silva et. al., 2015 97
Source: Silva et. al., 2015
Results and Discussion
98
Results and Discussion
Source: Silva et. al., 2015 99
Conclusions
The proposed model changes the generally
current paradigm (CC and ISL).
To reduce excess CSP responsibility for risk
analysis.
CC itself can perform risk analysis on its
current or future CSP.
Source: Silva et. al., 2015 100
4.2 Research proposals
101
The following paper is detailed in the next slides:
Vieira et. al., 2015: Providing Response to Security
Incidents in the Cloud Computing with Autonomic
Systems and Big Data
Background
The quickly expansion in the volume of data
generated in the private cloud infrastructure has
created a very valuable content for hackers,
crackers and other cyber-criminals.
Source: Vieira et. al., 2015 102
Background
90% of all data in the world were created in
the last two years.
It is expected to grow 300 times by 2020
about 5 terabytes for each person on the
planet.
Or 40.000 exabytes.
Or 40 Zettabyte.
Source: Vieira et. al., 2015 103
Background
In this context we need:
a highly effective and quickly reactive
security system gains importance;
an IDS with fast response system;
in a BigData.
Source: Vieira et. al., 2015 104
Autonomic Computing
Is inspired by the autonomic nervous system of the
human body which can manage multiple key functions
through involuntary control.
The autonomic computing system is the adjustment of
software and hardware resources to manage its
operation, driven by changes in the internal and
external demands.
It has four key features, including:
self-configuration,
self-healing,
self-optimization and
self-protection.
Source: Vieira et. al., 2015 105
self-configuration: the system must dynamically adjust its resources
based on its status and the state of the execution environment
self-healing: the system must have the ability to identify potential
problems and to reconfigure itself in order to continue operating
normally
self-optimization: the system is able to detect performance degradations
and functions to perform self-optimization
self-protection: the system is able to detect and protect its resources from
external and internal attackers, maintaining its overall security and
integrity
Source: Vieira et. al., 2015
Autonomic Computing
106
Structure of an autonomic system:
Monitor,
Analysis,
Planning,
Executor and
Knowledge
(MAPE-K) cycle
Source: Vieira et. al., 2015
Autonomic Computing
107
Source: Vieira et. al., 2015 108
IRAS
Intrusion
Responsive
Autonomic
System
Source: Vieira et. al., 2015 109
Monitoring
The first phase of the MAPE-K autonomic
cycle corresponds to monitoring.
In this step, sensors are used in order o
obtain data, reflecting changes in behavior
of the managed element, or information
from the execution environment that is
relevant to the self-management process.
Collects data from IDS logs in the Hypervisor
and VMs, network traffic in the entire
infrastructure, system logs, and data
communication.
Source: Vieira et. al., 2015 110
Analysis
The analysis phase queries the
monitoring data looking for events
that can characterize attacks.
Zikopoulos [21] defines the three data
characteristics of Big Data sets:
volume,
variety,
velocity.
Source: Vieira et. al., 2015 111
Analysis
volume: large volume of data
from network;
variety: Log, network, system
data;
velocity: grow fast (GB/s).
Source: Vieira et. al., 2015 112
Analysis
We made a map reduced over the
collected data to identify
signatures of known attacks;
Reduce to:
Source IP
Destination IP
Port
Attack Source: Vieira et. al., 2015 113
Planning
The Planning Phase receives events
from the analysis phase and must
choose one action to offer the
autonomic system properties:
self-configuration,
self-healing,
self-optimization, and self-protection.
To carry out the planning, the
Expected Utility technique was chosen. Source: Vieira et. al., 2015 114
Utility Function
Here we consider the use of utility to find the
best response to the attacks.
The utility function comes from economy
studies.
Source: Vieira et. al., 2015 115
Utility Function
The higher the U, the better. The utility function is expressed as
follows:
An example of the application of utility:
Let us say that in a meal the utility of coffee is 1, orange juice,
2, bread, 3 and a cookie, 4.
Thus, we can express the utility of breakfast by: U (drink,
solid) = u.
The option with the highest utility should be chosen,
which in this case would be U (orange, cookie) = 6.
Source: Vieira et. al., 2015 116
Expected Utility
Incrementing our utility function with the
uncertainty that the response may block an
attack and bring self-healing to the
environment, we use the probability of the
event .
Source: Vieira et. al., 2015 117
Expected Utility
For example, given a scan attack, one possible
response is to block the source IP.
The probability of this event succeeding is 50%.
If the value of the block IP action has a utility
value of 5, we can express this as follows:
Source: Vieira et. al., 2015 118
Executor
After calculating
the response with
the highest
expected utility, it
is possible to
forward the
response to an
executing agent in
the Cloud.
Source: Vieira et. al., 2015 119
Execution
It uses Cloudera, Xen Cloud and Cloud
Stack
We use JnetPCap to capture network
traffic and the parse data.
Afterwards we used MapReduce to
organize the data by source IP,
transport layer and application layer
We prepared two types of simulation
data to perform the tests data
representing legitimate actions
Data representing knowledge
attacks.
Source: Vieira et. al., 2015 120
Execution
This module was the critical
processing point. To perform
the MapReduce, 1841 seconds
were needed to process 10 GB.
The results are shown in
Figure
Source: Vieira et. al., 2015 121
Conclusion
We propose an autonomic computation system to
respond attacks in cloud environment.
The solution was distributed into four main
modules: Monitoring, Analysis, Planning and
Execution.
A prototype was presented.
For the Planning module, in order to make the best
attack response decisions the expected utility
function was used.
This solution makes it possible for the Cloud
environment to have a self-healing capability
against attacks.
Source: Vieira et. al., 2015 122
Conclusion
For future research, we suggest focusing on the
need to improve the performance of the
Analysis module in order to have a greater
efficiency of resource use, in relation to the
large amount of data.
It is also possible to use a resource limit
criterion for the utility function, to get the
best response, which uses fewer cloud
computing resources.
Source: Vieira et. al., 2015 123
Amazon AWS http://aws.amazon.com/security/
IAM (http://aws.amazon.com/iam/)
Users, groups, roles, permissions
Multiple users, individual credentials and
permissions
Federation services (AD, SAML, OIDC)
Other security controls
Encryption utilities, use of TLS (https)
Network security (firewalls, DoS)
124
4.3 Current Technologies
4.3 Current Technologies
125
Shibboleth (https://shibboleth.net/)
uApprove
Demo site: https://aai-demo.switch.ch/secure-uApprove/
uApproveJP Gakunin Federation
Privacy policies for the entire federation
OpenID Connect (http://openid.net/connect/)
User consent
The default is the complete scope (all
attributes)
126
uApprove
127
uApproveJP
128
129
FINEP/RENASIC Project: Privacy+IAM+Cloud
Extension of MITREid (OpenID Connect)
CloudStack VMs
4.3 Current Technologies
130
OIDC
131
OIDC
132
133
Source: Bodnar et. al., 2016
5. Conclusions
Security in cloud computing is really a “Scrutinized
Marriage”?
Privacy issues in IAM
PII control of users
Models to assist users in data dissemination during
the interaction
User preferences guarantees on the SP side
Encryption of PII
Security policies in IdP and SP
Agreement on privacy issues in federations
134
5. Conclusions
Identity Management used in cloud computing
Help to increase cloud security
Federations enable SSO and improve security
There are many challenges that still require
research and practical developments!
135
References
Peter Mell, Timothy Grance. NIST Definition of Cloud Computing - SP-800-145. 2011.
Available: http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
William Stallings. Cryptography and Network Security: Principles and Practice.
Chapter 16. Pearson Education. 2014. 6ed.
Rafael Weingärtner and Carla M. Westphall. Enhancing Privacy on Identity Providers.
SECURWARE 2014 - The Eighth International Conference on Emerging Security
Information, Systems and Technologies. IARIA. pp. 82-88.
Jorge Werner, Carla Merkle Westphall, Rafael Weingartner, Artur G. Geronimo, Carlos
Becker Westphall. An Approach to IdM with Privacy in the Cloud. In Computer and
Information Technology; Ubiquitous Computing and Communications; Dependable,
Autonomic and Secure Computing; Pervasive Intelligence and Computing
(CIT/IUCC/DASC/PICOM), 2015 IEEE International Conference on , pp. 168-175, 26-28
Oct. 2015. doi: 10.1109/CIT/IUCC/DASC/PICOM.2015.26
Top Threats Working Group. "The notorious nine: cloud computing top threats in
2013." Cloud Security Alliance (2013).
B. Grobauer, T. Walloschek, E. Stocker, E. Understanding Cloud Computing
Vulnerabilities. IEEE Security & Privacy, vol.9, no.2, pp.50-57, March-April 2011.
136
References
Cloud Taxonomy. http://cloudtaxonomy.opencrowd.com/
Talking Cloud. http://talkincloud.com/
SANS Institute InfoSec Reading Room. Introduction to the OWASP Mutillidae II Web
Pen-Test Training Environment. 2013. Available: http://www.sans.org/reading-
room/whitepapers/application/introduction-owasp-mutillidae-ii-web-pen-test-
training-environment-34380
OWASP. OWASP Top Ten. Available:
http://owasptop10.googlecode.com/files/OWASP_Top-10_2013%20-
%20Presentation.pptx
Davey Winder. Cross-site scripting vulnerability uncovered in Salesforce cloud.
August, 2015. Available: http://www.scmagazineuk.com/cross-site-scripting-
vulnerability-uncovered-in-salesforce-cloud/article/432478/
E. Bertino and K. Takahashi, Identity Management: Concepts, Technologies, and
Systems. Norwood, MA, USA: Artech House, Inc., 2010.
ISO. ISO/IEC 29100 - Information technology - Security techniques - Privacy
framework. 2011. Available:
standards.iso.org/ittf/PubliclyAvailableStandards/index.html
137
References
Ian Goldberg; David Wagner; Eric Brewer. Privacy-enhancing technologies for the
Internet. In Compcon '97. Proceedings, IEEE , pp.103-109, 23-26 Feb. 1997
doi: 10.1109/CMPCON.1997.584680
A. Michota; S. Katsikas. Compliance of the Facebook Data Use Policy with the
Principles of ISO 29100:2011. In New Technologies, Mobility and Security (NTMS), 2014
6th International Conference on , pp. 1-5, March 30 2014-April 2 2014
doi: 10.1109/NTMS.2014.6814012
Eleanor Birrell; Fred B. Schneider. Federated Identity Management Systems: A
Privacy-Based Characterization. In Security & Privacy, IEEE , vol.11, no.5, pp. 36-48,
Sept.-Oct. 2013. doi: 10.1109/MSP.2013.114
European Parliament and the Council of the European Union, “Directive 95/46/ec of
the european parliament and of the council,” [retrieved: January, 2016]. [Online].
Available: http://eur-lex.europa.eu/legal-content/es/TXT/?uri=CELEX:31995L0046
G. Alpar, J. henk Hoepman, and J. Siljee, “The identity crisis security, privacy and
usability issues in identity management,” 2011. Available: http://arxiv.org/abs/1101.0427
Talal H. Noor, Quan Z. Sheng, Sherali Zeadally, and Jian Yu. 2013. Trust management
of services in cloud environments: Obstacles and solutions. ACM Comput. Surv. 46, 1,
Article 12 (July 2013), 30 pages. DOI=http://dx.doi.org/10.1145/2522968.2522980 138
References
F. Corella and K. Lewison. Privacy postures of authentication technologies. In The
Internet Identity Workshop, ser. IIW 2013, Mountain View, CA, 2013. Available:
https://pomcor.com/techreports/PrivacyPostures.pdf
Daniel Ricardo dos Santos, Carla Merkle Westphall, Carlos Becker Westphall. A
dynamic risk-based access control architecture for cloud computing. In Network
Operations and Management Symposium (NOMS), 2014 IEEE , pp. 1-9, 5-9 May 2014
doi: 10.1109/NOMS.2014.6838319Aa
Lucas Marcus Bodnar, Carla Merkle Westphall, Jorge Werner and Carlos Becker
Westphall. Towards Privacy in Identity Management Dynamic Federations. ICN 2016 -
The Fifteenth International Conference on Networks. IARIA. pp. 40-45. ISBN: 978-1-
61208-450-3.
Paulo Fernando Silva, Carlos Becker Westphall, Carla Merkle Westphall, Mauro
Marcelo Mattos. Model for Cloud Computing Risk Analysis. In ICN 2015 - The
Fourteenth International Conference on Networks. IARIA. pp. 140-146. 2015. Available:
https://www.thinkmind.org/index.php?view=article&articleid=icn_2015_6_20_30125
Stephane Betge-Brezetz, Guy-Bertrand Kamga, Mahmoud Ghorbel, Marie-Pascale
Dupont. Privacy control in the cloud based on multilevel policy enforcement. In
Cloud Networking (CLOUDNET), 2012 IEEE 1st International Conference on , pp. 167-
169, 28-30 Nov. 2012. doi: 10.1109/CloudNet.2012.6483677 139
References
A. Celesti, F. Tusa, M. Villari, A. Puliafito. Security and Cloud Computing: InterCloud
Identity Management Infrastructure. In Enabling Technologies: Infrastructures for
Collaborative Enterprises (WETICE), 2010 19th IEEE International Workshop on , pp.
263-265, 28-30 June 2010. doi: 10.1109/WETICE.2010.49
R. Sanchez, F. Almenares, P. Arias, D. Diaz-Sanchez, A. Marin. Enhancing privacy and
dynamic federation in IdM for consumer cloud computing. In Consumer Electronics,
IEEE Transactions on , vol.58, no.1, pp. 95-103, February 2012.
doi:10.1109/TCE.2012.6170060
Kleber M. M. Vieira, Daniel S. M. Pascal Filho, Carlos B. Westphall, Joao Bosco M.
Sobral, Jorge Werner. Providing Response to Security Incidents in the Cloud
Computing with Autonomic Systems and Big Data. The Eleventh Advanced
International Conference on Telecommunications - AICT 2015. IARIA. pp. 138-143.
Available:
http://www.thinkmind.org/index.php?view=article&articleid=aict_2015_7_30_10137
ISO. ISO/IEC 24760-1 - Information technology -- Security techniques -- A framework
for identity management -- Part 1: Terminology and concepts. 2011. Available:
standards.iso.org/ittf/PubliclyAvailableStandards/index.html
140
Acknowledgments
Brazilian Funding Authority for Studies and Projects
(FINEP)
Brazilian National Research Network in Security and
Cryptography project (RENASIC)
141
Contacts
Carla Merkle Westphall
(carla.merkle.westphall@ufsc.br)
Carlos Becker Westphall
(carlos.westphall@ufsc.br)
Thank you!
142
ResearchGate has not been able to resolve any citations for this publication.
Conference Paper
Full-text available
Cloud computing allows the use of resources and systems in thousands of providers. This paradigm can use federated identity management to control user's identification data, but it is essential to preserve privacy, while performing authentication and access control. This article discusses necessary characteristics to improve privacy in the dissemination of sensitive data of users in federated cloud computing paradigm. We plan to identify and use privacy techniques in identity management systems used in cloud. Users' attributes should have associated policies to minimize release of data exchanged in the process. It is also necessary to deal with privacy in interactions between authentication and authorization processes. This paper presents an approach to address the issues involving privacy around the personally identifiable information. The proposed model allows control of users' PII, provides some choices to assist users in data dissemination during the interaction and provides guarantees using user preferences on the SP side.
Conference Paper
Full-text available
This article provides a real-time intrusion response system in order to reduce the consequences of the attacks in the Cloud Computing. Our work proposes an autonomic intrusion response technique that uses a utility function to determine the best response to the attack providing self-healing properties to the environment. To achieve this goal, we propose the Intrusion Response Autonomic System (IRAS), which is an autonomic intrusion response system, using Big Data techniques for data analysis. I. INTRODUCTION As a complement to the work presented in [1], the object of this article is to present the results and details of its implementation. Because of their distributed nature, cloud computing environments are a great target for intruders interested in exploring possible vulnerabilities in their services and consequently using the abundant resources maliciously. The growing number of attacks and vulnerability exploitation techniques requires preventative measures by system administrators. In this context, the need for a highly effective and rapid reactive security system gains importance. These measures are getting more complex with the growth of data heterogeneity and the increasing complexity of the attacks. In addition, slow reaction time from human agents and the huge amount of data and information generated, makes the decision making process an arduous task. In response to this, there is an increase in the usage of Intrusion Detection Systems (IDS) [2], as a way to identify attack patterns, malicious actions and unauthorized access to an environment [3]. The need for IDS is growing due to limitations in Intrusion Preventing Systems (IPS)-which focus on alerting administrators when a vulnerability is detected, connectivity and threat evolution, as well as the financial appeal of cybercrime [4]. Despite their growing importance, currently available IDS solutions have limited response mechanisms. While the research focus is on better intrusion detection techniques, response and effective threat reaction are still mostly manual and rely on human agents to take effect [5]. Recently, some intrusion detection tools have begun providing limited sets of automated responses, but with the growing complexity of intrusions, the need for more effective response system strategies has increased. Due to implementation limitations , research on intrusion detection techniques advance faster than intrusion response systems [3].
Conference Paper
Full-text available
Several risk analysis solutions have been proposed for cloud computing environments. But these solutions are usually centered on the Cloud Service Provider, have limited scope and do not consider the business requirements of the Cloud Consumer. These features reduce the confiability of the results of a cloud computing risk analysis. This paper proposes a model for cloud computing risk analysis in which responsibilities are not centered in the Cloud Service Provider. The proposed model makes the Cloud Consumer an active entity in risk analysis and includes the Information Security Laboratory entity. A prototype developed from the proposed model demonstrates performing a risk analysis in the cloud with shared responsibilities between the Cloud Service Provider, Cloud Consumer and Information Security Laboratory entities.
Conference Paper
Cloud computing is widely used to provide on demand services as a consequence of its benefits such as reduced costs, structure flexibility and agility on resource provisioning. However, there are still people that are not comfortable with the idea of sending their sensitive data to the cloud such as the personally identifiable information (PII) that could be used to identify someone in the real world. Moreover, there have been cases of data leaks, which resulted in huge losses both for companies and its clients. Therefore, this article addresses the security and privacy aspects of identity management. We present a model that tackles privacy issues within the PII that is stored on identity providers (IdPs). Thus, our proposal supports users and improves theirs awareness when disseminating PIIs.
Conference Paper
Concerns over the privacy offered by online social networks are routinely being voiced in the media. Many pro-posals have been made for addressing these concerns in future social networks. However, little attention has been paid to pro-posing solutions that could perhaps make existing social net-works more privacy respectful. In this paper, we focus on exam-ining the compliance of the Facebook data use policies to the privacy principles specified in the ISO 29100:2011 standard. The results of this examination indicate serious mismatches and can be used as the first step towards proposing concrete steps that might make Facebook more privacy respectful.
Article
Trust management is one of the most challenging issues in the emerging cloud computing area. Over the past few years, many studies have proposed different techniques to address trust management issues. However, despite these past efforts, several trust management issues such as identification, privacy, personalization, integration, security, and scalability have been mostly neglected and need to be addressed before cloud computing can be fully embraced. In this article, we present an overview of the cloud service models and we survey the main techniques and research prototypes that efficiently support trust management of services in cloud environments. We present a generic analytical framework that assesses existing trust management research prototypes in cloud computing and relevant areas using a set of assessment criteria. Open research issues for trust management in cloud environments are also discussed.
Conference Paper
The cloud computing paradigm is revolutionizing the delivery of information services as it offers several advantages in terms of cost reduction, time-to-market and flexibility. However, such flexibility raises many concerns related to security and privacy which are strong obstacles for the large adoption of the cloud by users who have to delegate too much control to the cloud provider. In this paper, we propose a new privacy control approach notably based on multilevel privacy policies bound to user data and enforced in the cloud at different levels (application and infrastructure). This approach allows the cloud users to control their data stored, processed and moved in the cloud.
Article
Identity management systems store attributes associated with users and employ these attributes to facilitate authorization. The authors analyze existing systems and describe a privacy-driven taxonomy of design choices, which can help technical experts consulting on public policy relating to identity management. The US National Strategy for Trusted Identities in Cyberspace initiative is discussed to illustrate how this taxonomy helps analyze public policy options.