Module-5

Fundamental Cloud Security

 Agenda
• Basic Terms and Concepts
• Threat Agents
• Cloud Security Threats
 Basic Terms and Concepts
• Information security is a complex ensemble of techniques,
technologies, regulations, and behaviors that
collaboratively protect the integrity of and access to
computer systems and data.
• IT security measures aim to defend against threats and
interference that arise from both malicious intent and
unintentional user error.
• The upcoming sections define fundamental security terms
relevant to cloud computing and describe associated
concepts.
1.Confidentiality
• Confidentiality is the characteristic of something being
made accessible only to authorized parties. (Figure 6.1).
Within cloud environments, confidentiality primarily
pertains to restricting access to data in transit and storage.
2.Integrity
• Integrity is the characteristic of not having been altered by
an unauthorized party (Figure 6.2).
• An important issue that concerns data integrity in the cloud
is whether a cloud consumer can be guaranteed that the
data it transmits to a cloud service matches the data
received by that cloud service.
• Integrity can extend to how data is stored, processed, and
retrieved by cloud services and cloud-based IT resources.
3.Authenticity
• Authenticity is the characteristic of something having been
provided by an authorized source.
• This concept encompasses non-repudiation, which is the
inability of a party to deny or challenge the authentication
of an interaction.
• Authentication in non-repudiable interactions provides
proof that these interactions are uniquely linked to an
authorized source.
• For example, a user may not be able to access a non-
repudiable file after its receipt without also generating a
record of this access.
4.Availability
• Availability is the characteristic of being accessible and
usable during a specified time period.
• In typical cloud environments, the availability of cloud
services can be a responsibility that is shared by the cloud
provider and the cloud carrier.
• The availability of a cloud-based solution that extends to
cloud service consumers is further shared by the cloud
consumer.
5.Threat
• A threat is a potential security violation that can challenge defenses
in an attempt to breach privacy and/or cause harm.
• Both manually and automatically instigated threats are designed to
exploit known weaknesses, also referred to as vulnerabilities.
• A threat that is carried out results in an attack.
6.Vulnerability
• A vulnerability is a weakness that can be exploited either
because it is protected by insufficient security controls, or
because existing security controls are overcome by an attack.
• IT resource vulnerabilities can have a range of causes, including
configuration deficiencies, security policy weaknesses, user
errors, hardware or firmware flaws, software bugs, and poor
security architecture.
7.Risk
• Risk is the possibility of loss or harm arising from performing an
activity.
• Risk is typically measured according to its threat level and the
number of possible or known vulnerabilities. Two metrics that
can be used to determine risk for an IT resource are:
 the probability of a threat occurring to exploit vulnerabilities in
the IT resource
 the expectation of loss upon the IT resource being compromised
8.Security Controls
• Security controls are counter measures used to prevent or respond to
security threats and to reduce or avoid risk. (OR)
• Security controls are counter measures used to prevent to security
threats and to avoid risk.
• Details on how to use security countermeasures are typically
outlined in the security policy, which contains a set of rules and
practices specifying how to implement a system, service, or security
plan for maximum protection of sensitive and critical IT resources.
9.Security Mechanisms
• Counter Measures are typically described in terms of security
mechanisms, which are components comprising a defensive
framework that protects IT resources, information, and services.
10.Security Policies
• A security policy establishes a set of security rules and regulations.
Often, security policies will further define how these rules and
regulations are implemented and enforced. For example, the
positioning and usage of security controls and mechanisms can be
determined by security policies.
 Threat Agents
• A threat agent is an entity that poses a threat because it is
capable of carrying out an attack. Cloud security threats
can originate either internally or externally, from humans
or software programs.
• Figure 6.3 illustrates the role a threat agent assumes in
relation to vulnerabilities, threats, and risks, and the
safeguards established by security policies and security
mechanisms.
2.Anonymous Attacker
• An anonymous attacker is a non-trusted cloud service
consumer without permissions in the cloud (Figure 6.4).
• It typically exists as an external software program that
launches network-level attacks through public networks.
• When anonymous attackers have limited information on
security policies and defenses, it can inhibit their ability to
formulate effective attacks.
• Therefore, anonymous attackers often resort to committing
acts like by passing user accounts or stealing user
credentials, while using methods that either ensure
anonymity or require substantial resources for prosecution.
3.Malicious Service Agent
• A malicious service agent is able to intercept and forward
the network traffic that flows within a cloud (Figure 6.5).
• It typically exists as a service agent (or a program
pretending to be a service agent) with compromised or
malicious logic. It may also exist as an external program
able to remotely intercept and potentially corrupt message
contents.
4. Trusted Attacker
• A trusted attacker shares IT resources in the same cloud
environment as the cloud consumer and attempts to
exploit legitimate credentials to target cloud providers and
the cloud tenants with whom they share IT resources
(Figure 6.6). Unlike anonymous attackers (which are non-
trusted), trusted attackers usually launch their attacks from
within a cloud’s trust boundaries by abusing legitimate
credentials or via the appropriation of sensitive and
confidential information.
5.Malicious Insider
• Malicious insiders are human threat agents acting on
behalf of or in relation to the cloud provider.
• They are typically current or former employees or third
parties with access to the cloud provider’s premises. This
type of threat agent carries tremendous damage potential,
as the malicious insider may have administrative privileges
for accessing cloud consumer IT resources.
Note: A notation used to represent a general form of human-
driven attack is the workstation combined with a lightning
bolt (Figure 6.7). This generic symbol does not imply a
specific threat agent, only that an attack was initiated via a
workstation.
 Cloud Security Threats
• This section introduces several common threats and
vulnerabilities in cloud-based environments and describes
the roles of the aforementioned threat agents.
1.Traffic Eavesdropping
• Traffic eavesdropping occurs when data being transferred
to or within a cloud (usually from the cloud consumer to
the cloud provider) is passively intercepted by a malicious
service agent for illegitimate information gathering
purposes (Figure 6.8). The aim of this attack is to directly
compromise the confidentiality of the data and, possibly,
the confidentiality of the relationship between the cloud
consumer and cloud provider. Because of the passive
nature of the attack, it can more easily go undetected for
extended periods of time.
2.Malicious Intermediary
• The malicious intermediary threat arises when messages
are intercepted and altered by a malicious service agent,
thereby potentially compromising the message’s
confidentiality and/or integrity. It may also insert harmful
data into the message before forwarding it to its
destination. Figure 6.9 illustrates a common example of the
malicious intermediary attack.
3.Denial of Service
• The objective of the denial of service (DoS) attack is to
overload IT resources to the point where they cannot
function properly. This form of attack is commonly
launched in one of the following ways:
The workload on cloud services is artificially increased with
imitation messages or repeated communication requests.
The network is overloaded with traffic to reduce its
responsiveness and cripple its performance.
Multiple cloud service requests are sent, each of which is
designed to consume excessive memory and processing
resources. Successful DoS attacks produce server
degradation and/or failure, as illustrated in Figure 6.10.
4.Insufficient Authorization
• The insufficient authorization attack occurs when access is
granted to an attacker erroneously or too broadly,
resulting in the attacker getting access to IT resources that
are normally protected. This is often a result of the
attacker gaining direct access to IT resources that were
implemented under the assumption that they would only
be accessed by trusted consumer programs (Figure 6.11).
• A variation of this attack, known as weak authentication,
can result when weak passwords or shared accounts are
used to protect IT resources. Within cloud environments,
these types of attacks can lead to significant impacts
depending on the range of IT resources and the range of
access to those IT resources the attacker gains (Figure
6.12).
5.Virtualization Attack
• Virtualization provides multiple cloud consumers with
access to IT resources that share underlying hardware but
are logically isolated from each other. Because cloud
providers grant cloud consumers administrative access to
virtualized IT resources (such as virtual servers), there is an
inherent risk that cloud consumers could abuse this access
to attack the underlying physical IT resources.
• A virtualization attack exploits vulnerabilities in the
virtualization platform to jeopardize its confidentiality,
integrity, and/or availability. This threat is illustrated in
Figure 6.13, where a trusted attacker successfully accesses
a virtual server to compromise its underlying physical
server. With public clouds, where a single physical IT
resource may be providing virtualized IT resources to
multiple cloud consumers, such an attack can have
significant repercussions.
6.Overlapping Trust Boundaries
• If physical IT resources within a cloud are shared by
different cloud service consumers, these cloud service
consumers have overlapping trust boundaries.
• Malicious cloud service consumers can target shared IT
resources with the intention of compromising cloud
consumers or other IT resources that share the same trust
boundary. The consequence is that some or all of the other
cloud service consumers could be impacted by the attack
and/or the attacker could use virtual IT resources against
others that happen to also share the same trust boundary.
• Figure 6.14 illustrates an example in which two cloud
service consumers share virtual servers hosted by the same
physical server and, resultantly, their respective trust
boundaries overlap.
7.Container Attack
• The use of containerization introduces a lack of isolation
from the host operating system level. Since containers
deployed on the same machine share the same host
operating system, security threats can increase because
access to the entire system can be gained. If the
underlying host is compromised, all containers running on
the host may be impacted.
• Containers can be created from within an operating
system running on a virtual server. This can help ensure
that if a security breach occurs that impacts the operating
system a container is running on, the attacker can only gain
access to and alter the virtual server’s operating system or
the containers running on a single virtual server, while
other virtual servers (or physical servers) remain intact.
• Another option is a one-service per physical server
deployment model where all container images deployed on
the same host are the same. This can reduce risk without
the need to virtualize the IT resources. In this case, a
security breach to one cloud service instance would only
allow access to other instances, and the residual risk could
be considered as acceptable. However, this approach may
not be optimal for deploying many different cloud services
because it can significantly increase the total number of
physical IT resources that need to be deployed and
managed while further increasing cost and operational
complexity.