Security Audits of Multi-tier
Virtual Infrastructures in Public
Infrastructure Clouds
S. Bleikertz, M. Schunter, C. W. Probst,
D. Pendarakis, & K. Eriksson
Presented by Fernando Gutierrez
Background
●
Multi-tier Infrastructure
–
●
●
Web, App, DB
Amazon’s Elastic Compute Cloud (EC2)
–
Service infrastructure cloud
–
Machine template AMI
Amazon Security Groups
–
Firewall rules
Reachability Audit of Amazon
Security Groups
●
Reachability
–
●
Information flow allowed by the
configuration
Graph
–
Vertices: sources and security groups
–
Edges:information flow specified in the
rules
Reachability Audit of Amazon
Security Groups
●
Visualizing the Reachability
Reachability Audit of Amazon
Security Groups
●
●
Specifying Reachability
–
Language for Reachability Queries
–
Policy Language
Analysis
–
Reachability Analysis
–
Policy Verification
●
Policies leverages
Assessing the Vulnerability of
an EC2 Configuration
●
Representing the Vulnerability of EC2
Configurations
–
Attack Graph: model network risks
●
●
●
nodes: possible attack state
edges: a way of changing states
Attack Graph of EC2 Configurations
–
Vertices: IP ranges and AMIs
–
Edge: information flow given by the rules
Assessing the Vulnerability of
an EC2 Configuration
●
Constructing an Attack Graph
Assessing the Vulnerability of
an EC2 Configuration
●
●
Specifying acceptable Risk
–
Query Language
–
Policy Language
Vulnerability Audit
–
High < Medium < Low
–
Dijkstra’s algorithm: shortest path with the
lowest weight
Implementation and Evaluation
●
Prototype
–
Straight forward
–
Python
–
boto
–
NetworkX
–
OpenVAS vulnerability scanner
Implementation and Evaluation
●
Performance Measurements
–
Reachability Graph Analysis
–
Attack Graph Analysis
Implementation and Evaluation
●
Effectiveness of Attack-graph-based
Security Audits
Open Questions
●
Reducing Vulnerabilities
–
●
Security Audits for Private Clouds
–
●
Split AMIs
Transferred to private clouds
AMI Security & Multi-tenancy
–
Check for cloud security best practices