Rohit Kugaonkar CMSC 601 Spring 2011 May 9th 2011 http://res.sys-con.com/story/dec09/1225058/Cloud%20security%20226.jpg “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction”. - The NIST Definition of Cloud Computing http://csrc.nist.gov/publications/drafts/800-145/Draft-SP-800-145_cloud-definition.pdf On-Demand service Pay only for actual usage Shared resources Rapid elasticity Virtualization Advanced Security "Cloud Security and Privacy'',O'Reilly Insecure programming interfaces or APIs Threat from inside employees Data Protection Identity and access management Shared Technology issues Hypervisor security Cross-side channel attacks between VMs http://vzxen.com/images/xen-hypervisor.png Virtual machines share the physical memory, CPU cycles, network buffers, DRAM of the physical machine Attack on Amazon EC2 web services: Researchers from MIT and University of California explained in their paper “Hey,You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds” Attacks takes place in two steps: Placement of attacker virtual machine on the same physical machine. 2. Exploiting the shared resources. 1. CPU cache leakage attack Measure load of the other virtual web server Extract AES and RSA keys. Keystrokes timing analysis Extract user passwords from SSH terminal. D. A. Osvik, A. Shamir, and E. Tromer, “Cache attacks and countermeasures: the case of AES”. D. Page, “Theoretical use of cache memory as a cryptanalytic side-channel”. D. Page, “Defending against cache-based sidechannel attacks”. D. Page, “Partitioned cache architecture as a side-channel defense mechanism”. E. Tromer, D. A. Osvik, and A. Shamir, "Efficient cache attacks on AES, and countermeasures Dawn Xiaodong Song, David Wagner, Xuqing Tian, ``Timing Analysis of Keystrokes and Timing Attacks on SSH'‘. Cloud service providers: “Securing Microsoft's Cloud Infrastructure", Microsoft Global Foundation Services. “Amazon Web Services: Overview of Security Processes" Dividing the security mechanism in 2 components. Customized operating system image. A light weight process running on each of the virtual machines. Collect security logs or any malicious behavior from each of the virtual machines and send it for analysis to dedicated machine. Analysis part will be performed at dedicated machine/s. Analysis of the security logs in real time. Looking for the same cache memory access pattern! Routing all the web server traffic through these dedicated machines. Real time fixing of any tampering on VMs. Wiping out cache only when attack pattern is detected by the dedicated machine. Hypervisor security. Security mechanism to protect against keystroke based timing attacks. http://blog.llnw.com/wp-content/uploads/2010/04/cloud-question.png Thomas Ristenpart , Eran Tromer , Hovav Shacham and Stefan Savage ``Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds’’. Tim Mather, Subra Kumaraswamy, Shahed Latif, ``Cloud Security and Privacy'',O'Reilly publication. D. A. Osvik, A. Shamir, and E. Tromer, “Cache attacks and countermeasures: the case of AES”, D. Page, “Theoretical use of cache memory as a cryptanalytic side-channel”, D. Page, “Defending against cache-based side-channel attacks. D. Page, “Partitioned cache architecture as a side-channel defense mechanism”. E. Tromer, D. A. Osvik, and A. Shamir, "Efficient cache attacks on AES, and countermeasures“. Dawn Xiaodong Song, David Wagner, Xuqing Tian, ``Timing Analysis of Keystrokes and Timing Attacks on SSH”.