cloud 8
Summary - Categories of Virtualized / Cloud Specific Threats
1Hyper-jacking: - Thisinvolvessubvertingthehypervisororinsertingaroguehypervisor. - Sincehypervisorsrunatthemostprivilegedringlevelonaprocessor,itwould be hard or even impossible for any OS running on the hypervisor to detect. - Intheory,ahackerwithcontrolofthehypervisorcouldcontrolanyvirtual machine running on the physical server. 2VM Escape: - As the name suggests, an exploit that enables VM Escape allows a hacker who compromises a specific virtual server to escalate the attack from the virtual server to take control of the underlying hypervisor. 3VM Hopping: - SimilartoVMEscape,VMHoppingallowsanattacktomovefromonevirtual server to compromise other virtual server on the same physical hardware 4VM Theft: - Thisistheabilitytostealavirtualmachinefileelectronically,whichcanthenbe mounted and run elsewhere. - Itisanattackthatistheequivalentofstealingacompletephysicalserver without having to enter a secure data center
Virtual Network Protection
For example: the network within a host - Software based switches and network configuration as part of the virtual environment for intra-host VM communication - Private subnet is created for intra-host communications - Duplication (overlay) of physical network protection capabilities is required on the virtual network
Different control of responsibility for all cloud matters - including security - between Providers and Subscribers
Security is not a single block or layer, i.e., understand what and who is responsible for security at each layer
Compliance
- Data Location: Enterprise IT, multi-site Provider, multi-Provider relationships (portfolio view of IT delivery / consumption) - Trans-Border: Country and Regional regulations for certain data leaving international borders (e.g., individual private data, seismic data). Three aspects: - Whether laws in the jurisdiction were the data was collected permit the flow - Whether those laws continue to apply to the data post-transfer (in transit and at destination) - Whether the laws at the destination present additional risks or benefits - Legal concept of "chain of custody" - Law & Regulation: Some pertaining to US - Clinger-Cohen Act of 1996, Office of Management and Budget (OMB Circular A-130), Privacy Act of 1974, Federal Information Security Management Act (FISMA) of 2002, National Archives & Records Administration (NARA) statutes, Federal Records Act - HIPPA, PCI DSS - technical and physical safeguards
O-ISM3 - Open Information Security Management Maturity Model (The Open Group)
1.ISM3 is a framework for managing information security in the context of business objectives. - TheISM3practitioneranalyzestheimpactofinformationsecurityonachieving business objectives and makes this analysis visible to management through the development of security objectives and targets. - ThisanalysisformsthebasisfordocumentingSecurityPolicyforthe organization - Recognizesthatthereisatrade-offbetweeninformationsecurityandother business interests, and requires business and security management to work together. 2.ISM3 provides an objective and measurable framework for managing information security. - All objectives and security targets are expressed in tangible, specific, and measurable terms from which management is able unambiguously to conclude whether the security management system is succeeding or failing.
Areas of security upside from cloud
1Platform Strength - Manycloudprovidersmeetstandardsforoperationalcomplianceand certification - Examples:Healthcare(HIPAA),Finance(PCIDSS-PaymentCardIndustry Data Security Standard), Audit (SAS 70 - Statement on Auditing Standards No. 70; replaced by SSAE 16) 2Backup & Recovery - Tools,policies,andproceduresareoftensuperiorwithProviders.Likelymore predictable, tied to service levels. - Datacouldbecomemoreavailable. 3Mobile Endpoint Security - Cloudclientscanbebrowser-basedorapplication-based.Eitherwayclients are generally lightweight computationally. - Securityappliesbothatendpointsandback-endofcloud 4Data Concentration - Betterthandatadispersedonportabledevicesandremovablestoragemedia - Lesspronetotheftandloss
Architecture Matters of Security, Privacy, and Regulation
Attack Surface / Hypervisor Virtual Network Protection Ancillary Data
Software Isolation2
Attack Vectors - Multi-tenancy and sharing of resources at all levels gives rise to new sources of threat. - E.g. malicious code from one VM can effect another VM or can effect the VMM - Live migration can perpetuate threats to other hosts and VMs on them
What is the security problem (security downside in cloud)
Complexity - Cloud more complex "under the hood" than traditional IT: virtual, dynamic, multi-system, multi-site, multi-party Shared and Multi-tenant - Both public and private can be shared and multi-tenant in different ways - Even within a company/subscriber, one business unit may have different security level than another Internet based services - Administrative interfaces / portals for self-service and application/other API's are accessible over the public internet - Most self-service portals are accessible through three interfaces: UI Portal, CLI - Command Line Interface, and Programmatic API's
Key Issues & Concepts in Security, Privacy, and Regulatory realms for Cloud Computing
Governance - Control and oversight over polices, standards, design, implementation, testing, and operations. - Processes for acquisition of computation change. - Easy to bypass traditional controls and governance.
Software Isolation1
Hypervisor Complexity - Modern VMM can be larger and complex, comparable to an OS. - Xen (open source VM) incorporates a modified Linux kernel to implement privileged partitioning for I/O operations. - KVM (also open source VM) transforms Linux kernel into a VMM - Just as an OS has responsibility to isolate processes, a VMM has responsibility to isolating guest VMs. - So understanding which hypervisor to use or which one a provider uses is a key element of security.
Attack Surface / Hypervisor
Hypervisor or Virtual Machine Monitor (VMM) is a new layer and exposure - VMM provides: (a) virtual machines, and (b) API's for their management - Increased surface area for attack - Life cycle of VM's can subvert protection - Hypervisor itself can be compromised - Example: a wide used hypervisor had a vulnerability allowed FTP requests to corrupt a heap buffer in the hypervisor, permitted execution of arbitrary code at the host.
Trust
Insider Access: Threats from insider that have legitimate access - Data Ownership: Organization's rights over the data established in service contract. - Composite Services: Cloud services can be composed through nesting - For example: PaaS Provider can have nested under it another party as IaaS Provider - Usually, trust is not transitive. Third party disclosure made in advance of arrangements. - Visibility: Control is relinquished to Provider but what is the appropriate level of visibility to Subscriber
Ancillary Data
Not just applications data, but BSS data. E.g.: user accounts, payment information - Virtual machine images, i.e, the software stack and configured apps - The challenge is exacerbated hand in hand with need for portability of images
Risk Management
Risk relates to control. Risk has more quantified and scientific expression and input to decision making.
Security Paradox
While the biggest obstacle facing public cloud computing is security, the cloud computing paradigm provides opportunities for innovation in provisioning security services that hold the prospect of improving the overall security of some organizations.
container organization
c groups, name spaces :separate isolation
data subject:I own any personal identity information.
data custodian: chase
每个physical server 有几个vm?
depends on 1capacity/supply. 2 demand /load. 3security/ isolation . 4 workload preferences
data processor:master card
hypervisor are different and distinction from each other.
PEP
policy employment points. allow/block one access to each other(across devices)
network is part of VM
the network is dedicated
不需要三个box,只需要一个box里装3个vm?
错! no network,no access. the router和swicher没了,怎么办?--在hyoerviser里