This is a paper presentation held at the 5th International Conference on Cloud Computing and Services Science (CLOSER 2015) in Lisbon, Portugal. The authors outline significant security challenges presented when migrating to a cloud environment and described a novel holistic framework that aspires to alleviate these challenges, corresponding to the high level description of the vision of the PaaSword project.
Breaking the Kubernetes Kill Chain: Host Path Mount
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud Services
1. PaaSword: A Holistic Data Privacy and Security
by Design Framework for Cloud Services
Yiannis Verginadis, Antonis Michalas, Panagiotis Gouvas,
Gunther Schiefer, Gerald Hubsch, Iraklis Paraskakis
CLOSER 2015, Lisbon, May 21, 2015
2. Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Agenda
Introduction
Data Security Challenges in the Cloud
PaaSword Framework
Conclusions
3. Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Introduction
Many users have started relying on cloud services without realizing it
Many companies have remained cautious due to security concerns
Applications and storage volumes often reside next to potentially hostile
virtual environments, leaving sensitive information at risk to theft,
unauthorized exposure or malicious manipulation
Governmental regulation presents an additional concern of significant
legal and financial consequences if data confidentiality is breached
Focused interest Experimentation Near ubiquitous use
CloudAdoption
4. Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Related Work
Commonly used access control models (Ferrari 2010) are:
Mandatory Access Control (MAC)
Discretionary Access Control (DAC)
Role-Based Access Control (RBAC)
Extending these models:
location-aware access control (LAAC) - there is a clear lack of
supporting additional pertinent contextual information (Cleeff et
al.,2010)
context-aware access control (CAAC) – with shortcomings like:
lack of support for dynamically generated context (Covington et al., 2001)
lack of fine-grained data access control (Kayes et al., 2013)
5. Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Related Work (contd.)
Regarding the policy management there is lack of proper separation
of concerns (Kourtesis and Paraskakis, 2012)
The policy definition and policy enforcement are entangled in the
implementation of a single software component, leading to the lack of
portability
explicit representation of policy relationships
Regarding the data distribution and encryption algorithms...
Gentry (2009), introduced the first fully homomorphic encryption
scheme that enables semantically secure outsourcing to the cloud
but presents severe performance issues
In CryptDB (Popa et al., 2011), the concept of onions was used
with the main drawback the lack of security guarantees to the client
6. Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Agenda
Introduction
Data Security Challenges in the Cloud
PaaSword Framework
Conclusions
7. Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Security Challenges in the Cloud
Top four threats identified (CSA, 2013) are:
data leakage
data loss
account hijacking
insecure APIs
The most critical part of a modern cloud application is the data
persistency layer and the database itself
The OWASP foundation has categorized the database-related
attacks as the most critical ones
SQL injections represents 17% of all security breaches examined
These attacks were responsible for 83% of the total records stolen,
from 2005 to 2011
8. Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Security Challenges in the Cloud (contd.)
Most of the security fences that are configured in a corporate
environment target the fortification of the so-called network
perimeter
e.g. routers, hosts and virtual machines
IDS and IPS try to cope with database-takeover security aspects,
but the risk of database compromise is greater than ever, as:
automated exploitation tools (e.g. SQLMap) are widely spread
IPS and IDS evasion techniques have become extremely sophisticated
Internal adversaries or even unknown vulnerabilities of software
platforms widely adopted in the cloud may provide malicious access
to sensitive data
e.g. Heartbleed flaw - constituted a serious fault in the OpenSSL
cryptography library, which remained unnoticed for more than two years
and affected over 60% of Web servers worldwide
9. Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Security Challenges in the Cloud (contd.)
Regarding the post-exploitation phase things are even worse in the
case where a symmetric encryption algorithm has been employed
cracking toolkits that utilize GPU processing power (e.g. oclHashcat) are able to
crack ciphers using brute-force techniques with an attack rate of 162 billion
attempts per second
The application developer is the one responsible for both
sanitizing all HTTP-input parameters
reassuring that compromised data will be useless
Nevertheless, the mere utilization of an IaaS or PaaS provider, may
by itself spawn a multitude of inherent vulnerabilities
that cannot be tackled effectively as they typically exceed the
responsibilities of an application developer
10. Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Agenda
Introduction
Data Security Challenges in the Cloud
PaaSword Framework
Conclusions
11. Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Threat Model
We assume a semi-honest adversarial model for the cloud provider
(Paladi et al., 2014; Santos et al., 2009)
a malicious cloud provider correctly follows the protocol specification
but can intercept all messages and may attempt to use them in order to
learn information that otherwise should remain private
For the rest of the participants we consider the threat model (Santos
et al., 2009) that assumes that privileged access rights can be used
by a remote adversary, ADV, to leak confidential information
e.g. a corrupted system administrator, can obtain remote access to any
host maintained by the provider.
the adversary cannot access the volatile memory of any guest virtual
machine (VM) residing on the compute hosts of the provider
12. Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Context-aware Access Model
We envision a XACML-based context-aware access model,
which is needed by the developers in order to annotate the Data Access
Objects of their applications
13. Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Facets of the Context-Aware Access Model
Facets
IP
Address
(Local)
Time
Location Device
Type
Data
Connection
Type
etc…
Patterns
Frequency Usual
Duration
Usual
Dates
Usual
Hours
Previously
Accessed
Data
Sensitive / Non Sensitive Data
Role
14. Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Policies Access, Governance and Enforcement
A middleware that will provide:
a transparent key usage for efficient authentication purposes,
annotation capabilities in the form of a tool (IDE plugin) for allowing
developers to declaratively create the minimum amount of rule-set that
is needed for security enforcement purposes
dynamically interpret the DAO annotations into policy enforcement
rules
the governance and quality control of the annotations and their
respective policy rules
the formulation and implementation of the overall policy enforcement
business logic
15. Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Devise an appropriate
vocabulary of concepts and
decide how they are
interrelated
Populate the framework with
appropriate instances to give
rise to DAOs
Formalise these concepts and
their interrelations – gives rise
to the ontology framework
Ontology for Access Policies
16. Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Secure Storage
We propose a design for a cryptographic cloud storage that will be
based on a symmetric searchable encryption (SSE) scheme similar
to (Kamara and Lauter, 2010)
We plan to extend the previous work Cumulus4j (Huber et al., 2013)
and MimoSecco (Gabel and Hubsch, 2014)) that hides relations
between different data values of a data row
19. Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Agenda
Introduction
Data Security Challenges in the Cloud
PaaSword Framework
Conclusions
20. Information Management Unit / ICCS of NTUA www.imu.iccs.gr
Conclusions & Next Steps
Future work involves the implementation of the proposed framework
This solution will be validated through 5 pilots:
Encrypted persistency as a service in a PaaS provider
Intergovernmental secure document and personal data exchange
Secure sensors data fusion and analytics
Protection of personal data in a multi-tenant CRM
Protection of sensible enterprise information in multi-tenant ERP
21. Thank you for listening!
Acknowledgements:
This work is related to the PaaSword project and
has received funding from the European
Union’s Horizon 2020 research and
innovation programme under grant