Presentation for 9th International Conference on Cloud Computing, GRIDS, and Virtualization (CLOUD COMPUTING 2018) in Barcelona, Spain, 2018.
There is no such thing as an impenetrable system, although the penetration of systems does get harder from year to year. The median days that intruders remained undetected on victim systems dropped from 416 days in 2010 down to 99 in 2016. Perhaps because of that, a new trend in security breaches is to compromise the forensic trail to allow the intruder to remain undetected for longer in victim systems and to retain valuable footholds for as long as possible. This paper proposes an immune system inspired solution which uses a more frequent regeneration of cloud application nodes to ensure that undetected compromised nodes can be purged. This makes it much harder for intruders to maintain a presence on victim systems. Basically the biological concept of cell-regeneration is combined with the information systems concept of append-only logs. Evaluation experiments performed on popular cloud service infrastructures (Amazon Web Services, Google Compute Engine, Azure and OpenStack) have shown that between 6 and 40 nodes of elastic container platforms can be regenerated per hour. Even a large cluster of 400 nodes could be regenerated in somewhere between 9 and 66 hours. So, regeneration shows the potential to reduce the foothold of undetected intruders from months to just hours.
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
About an Immune System Understanding for Cloud-native Applications - Biology Inspired Thoughts to Immunize the Cloud Forensic Trail
1. About an Immune System Understanding for
Cloud-native Applications
Biology Inspired Thoughts to Immunize the Cloud Forensic
Trail
Nane Kratzke
9th International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2018); Barcelona, Spain, 2018
2. The next 20 minutes are about ...
• Some scary considerations on zero-day
exploits
• Cyber attack life cycle model
• What can be learned about cloud applications
after more than 10 years of cloud computing
• The idea to (permanently) jangle attackers
nerves
• Some evaluation results
• Conclusions and open issues
Prof. Dr. rer. nat. Nane Kratzke
Computer Science and Business Information Systems
2
Presentation URL
Paper URL
3. Some scary considerations for introduction
• In principle attackers can establish footholds in our
systems whenever they want (zero-day exploits)
• Cloud application security engineering efforts focus to
harden the fortress walls.
• Cloud applications rely on their defensive walls but
seldom attack intruders actively.
Prof. Dr. rer. nat. Nane Kratzke
Computer Science and Business Information Systems
3
4. We need a reactive component as well
Biological systems are
different.
Defensive “walls” can be
breached at several layers.
An additional active defense
system is needed to attack
potential successful
intruders - an immune
system.
Prof. Dr. rer. nat. Nane Kratzke
Computer Science and Business Information Systems
4
5. Cyber Attack Life Cycle Model
Prof. Dr. rer. nat. Nane Kratzke
Computer Science and Business Information Systems
5
6. How long can presence be maintained?
Prof. Dr. rer. nat. Nane Kratzke
Computer Science and Business Information Systems
6
Answer: Surprisingly long!
7. One basic idea
Prof. Dr. rer. nat. Nane Kratzke
Computer Science and Business Information Systems
7
Play god, break this
loop at arbitrary times
at your will!
8. We need some guidance ...
ClouNS – Cloud-native Application Reference Model
Prof. Dr. rer. nat. Nane Kratzke
Computer Science and Business Information Systems
8
[KP2016] Kratzke, N., & Peinl, R. (2016). ClouNS - a Cloud-Native Application Reference Model for Enterprise Architects. In 2016
IEEE 20th International Enterprise Distributed Object Computing Workshop (EDOCW) (pp. 1–10).
[QK2018a] Quint, P.-C., & Kratzke, N. (2018). Towards a Lightweight Multi-Cloud DSL for Elastic and Transferable Cloud-native
Applications. In Proceedings of the 8th Int. Conf. on Cloud Computing and Services Science (CLOSER 2018, Madeira, Portugal).
9. We use this very basic model ...
Prof. Dr. rer. nat. Nane Kratzke
Praktische Informatik und betriebliche Informationssysteme
9
Operate application on current provider.
Scale cluster into prospective provider.
Shutdown nodes on current provider.
Cluster reschedules lost container.
Migration finished.
Quint, P.-C., & Kratzke, N. (2016). Overcome Vendor Lock-In by
Integrating Already Available Container Technologies - Towards
Transferability in Cloud Computing for SMEs. In Proceedings of CLOUD
COMPUTING 2016 (7th. International Conference on Cloud Computing,
GRIDS and Virtualization).
… mainly, to avoid Vendor Lock-In:
• Make use of elastic container
platforms to operate elastic
services being deployable to any
IaaS cloud infrastructure.
• Transfer of these services from one
private or public cloud infrastructure
to another at runtime.
Kratzke, N. (2017). Smuggling Multi-Cloud Support into Cloud-native
Applications using Elastic Container Platforms. In Proceedings of the 7th
Int. Conf. on Cloud Computing and Services Science (CLOSER
2017) (pp. 29–42).
10. A control loop tries permanently to reach
an intended state
Prof. Dr. rer. nat. Nane Kratzke
Computer Science and Business Information Systems
10
Operate application on current provider.
Scale cluster into prospective provider.
Shutdown nodes on current provider.
Cluster reschedules lost container.
Migration finished.
11. Most systems rely on their defence walls
and just wait to be attacked
Prof. Dr. rer. nat. Nane Kratzke
Computer Science and Business Information Systems
11
Successfully breached node (lateral movement)
12. Let us make the game more challenging
for the attacker
Prof. Dr. rer. nat. Nane Kratzke
Computer Science and Business Information Systems
12
We can create a race between
a manual (time-intensive)
breach and a fully automatic
(and fast) regeneration.
Regenerated node (randomly chosen at some point in time)
Successfully breached node (lateral movement)
13. Sadly, the approach is limited
Prof. Dr. rer. nat. Nane Kratzke
Computer Science and Business Information Systems
13
14. Regeneration evaluation:
Runtime to regenerate one node
Prof. Dr. rer. nat. Nane Kratzke
Computer Science and Business Information Systems
14
Request a
node
Adjust
Security
Groups
Join
Node
Adjust
Security
Group
Terminate
Node
15. Diving into IaaS infrastructure specifics
Prof. Dr. rer. nat. Nane Kratzke
Computer Science and Business Information Systems
15
16. Runtime to regenerate one node
Prof. Dr. rer. nat. Nane Kratzke
Computer Science and Business Information Systems
16
Request a
node
Adjust
Security
Groups
Join
Node
0
100
200
300
400
500
600
700
AWS OpenStack GCE Azure
Runtimes (median values in seconds)
Creation Secgroup Joining Termination
Adjust
Security
Group
Terminate
Node
17. Open issues and limitations
• Can we reduce regenerations?
• Can we identify suspect nodes
automatically?
• Limited to applications on CAMM Level
2 and above … (state management)
• How to handle data-as-code
dependencies and code injection
vulnerabilities?
• What is about exploits/attacks that are
adaptable to bio-inspired systems?
• How to protect the regeneration
mechanism against attackers?
• Large scale evaluation needed
Prof. Dr. rer. nat. Nane Kratzke
Computer Science and Business Information Systems
17
18. Conclusion
Prof. Dr. rer. nat. Nane Kratzke
Computer Science and Business Information Systems
18
• The presented approach means for attackers that their time being
„undetected“ drops from months down to minutes.
• However, biology inspired solutions come with downsides like
• fever (too many nodes in regeneration at the same time, system
runs hot)
• auto-immune disease (healthy nodes are attacked too often)
• Further research needed how to integrate
• append-only logging systems
• suspect node detection
• avoidance of immune-system downsides like fever and auto-
immune diseases
• Several experts remarked independently that the basic idea is so
„intruiging“, that it should be considered more consequently.
19. Acknowledgement
• Virus: Pixabay (CC0 Public Domain)
• Fortress: Pixabay (CC0 Public Domain)
• Bowman: Pixabay (CC0 Public Domain)
• Definition: Pixabay (CC0 Public Domain, PDPics)
• Railway: Pixabay (CC0 Public Domain, Fotoworkshop4You)
• Air Transport: Pixabay (CC0 Public Domain, WikiImages)
Prof. Dr. rer. nat. Nane Kratzke
Computer Science and Business Information Systems
19
Picture Reference
This research is partly funded by German Federal Ministry of
Education and Research (13FH021PX4).
Presentation URL
Paper URL
20. About
Prof. Dr. rer. nat. Nane Kratzke
Computer Science and Business Information Systems
20
Nane Kratzke
CoSA: http://cosa.fh-luebeck.de/en/contact/people/n-kratzke
Blog: http://www.nkode.io
Twitter: @NaneKratzke
GooglePlus: +NaneKratzke
LinkedIn: https://de.linkedin.com/in/nanekratzke
GitHub: https://github.com/nkratzke
ResearchGate: https://www.researchgate.net/profile/Nane_Kratzke
SlideShare: http://de.slideshare.net/i21aneka