• No results found

Security Challenges in the Cloud

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Security Challenges in the Cloud"

Copied!
19
0
0

Loading.... (view fulltext now)

Download now ( 19 Page )

Full text

(1)

C. Eckert, AISEC

Security Challenges in the Cloud

Claudia Eckert

Fraunhofer Research Institution for Applied and Integrated Security (AISEC) Chair for IT Security, TU München

(2)

©C. Eckert, AISEC,

Outline

1. Cloud Security Issues

2. Cloud Security Solutions

Mitigate Risks & Take Opportunities

3. Take Home Message

(3)

©C. Eckert, AISEC,

Outline

1. Cloud Security Issues

2. Cloud Security Solutions

Mitigate Risks & Take Opportunities

3. Take Home Message

(4)

©C. Eckert, AISEC,

1 Cloud Security Issues

Well-known Hot Topics: CSA 2010, ENISA 2009, IBM X-Force 2010, CSOs

 Loss of Control, Compliance & Data Leakages

 Where is my data?

 Who accesses my data?

 Strong isolation for multiple tenants?

 How is data backup handled?

(5)

©C. Eckert, AISEC,

1. Cloud Security Issues

Well-known Hot Topics (cont.)

 Bring your Own Device: Smart Phones etc.

 Insecure personal devices:

Patch-level? Anti-virus checks? Theft protection?

 Backup of sensitive data on device

 Access to Cloud-data via stolen, misused mobile devices

(6)

©C. Eckert, AISEC,

1. Cloud Security Issues

Well-known Hot Topics (cont.)

 Identity & Access Management

 Federated Clouds: Single-Sign-in? SAML and RBAC supported?

Strong Authentication, e.g. nPA?

 Trustworthiness of used Clouds? Certification? Trust-Labels?

(7)

©C. Eckert, AISEC,

1. Cloud Security Issues

Security Challenge in the Cloud

Challenge: Turn fear and doubt into trust and added-value! Turn Cloud Computing into a Security Enhancing Technology!

 Provide Security Monitoring Tools to enhance trust in Cloud platforms.

 Provide Cloud-based Security as a Service Solutions to support mobile cloud access.

 Provide usable, secure Cloud Services to enhance security in daily business scenarios

(8)

©C. Eckert, AISEC,

Outline

1. Cloud Security Issues

2. Cloud Security Solutions

Lots of Paper Work, Guidelines already available: • Cloud Security Alliance, NIST, BSI, ENISA, etc.

Security technologies are evolving

• Mitigate Risks: Cloud Monitoring

(9)

©C. Eckert, AISEC,

2. Cloud Security Solutions

Mitigate Risks: AISEC Cloud Leitstand

Leitstand: Security Monitoring Framework

Aim: Empower users/providers to control & manage clouds

 Enforcement of policies

e.g. access control, authorization

 Monitoring of platform metrics:

e.g. time-to-patch, network traffic, …

 Dashboard displays role-specific information

 Plug in existing monitoring tools: e.g. Zabbix, Ganglia, RSA Archer

(10)

©C. Eckert, AISEC,

2. Cloud Security Solutions

Mitigate Risks: AISEC Cloud Leitstand

Data on different layers

 SOAP calls

 Method calls In Java-VM

 System calls in guest OS/Hypervisor

Dashboard

 Role-specific views

 Services to analyze incidents

 Backend

(11)

©C. Eckert, AISEC,

2. Cloud Security Solutions

Mitigate Risks: Sealed Cloud

Sealed Cloud: Provider-secure Cloud, BMWi funded project

Aim: leverage the Trust Level of Cloud Infrastructure provider

 Integrate data protection mechanismes to provide a secure and technically verifiable infrastructure

 Integrating Hardware Security Modules & end-to-end – encryption

 Integrating attestation techniques & software integrity monitoring

 Providing strong Authentication: Gateway for Identity tokens (nPA, OpenID…), SAML, eCard-Server-Interface

(12)

©C. Eckert, AISEC,

2. Cloud Security Solutions

Mitigate Risks: Sealed Cloud

(13)

©C. Eckert, AISEC,

2. Cloud Security Solutions

Take Opportunities: Security as a Service

Problem:

Bring your own (insecure!) device Solution: Cloud-based Security aaS

Anti-virus scanning

OS integrity checks

Malicious App Prevention

Secure Storage

(14)

©C. Eckert, AISEC,

2. Cloud Security Solutions

Take Opportunities: Security as a Service

Services: Analyze replicated Smartphone Image

Aim: synchronize in near real-time, save battery consumption, CPU, network bandwidth etc.

Set-up

 Amazon Web Services on Linux OS

 Run Emulation of a Smartphone in VM

 Adapted Emulator to dump Smartphone Images

Security as a Services:

 AVG anti-virus : takes 7 sec in Cloud versus 50 sec on device

 Use Private Cloud to enforce Security Policies on mobile Phones

Security Services

(15)

©C. Eckert, AISEC,

2. Cloud Security Solutions

Take Opportunities: Tap ‘n‘ Drop

Problem:

 Ad-hoc sharing of documents during e.g. meetings: secure, comfortable, synchronized, …

Possible Solutions:

Pass around an USB stick

 Are you sure there is no virus on it?

Send an encrypted email to everybody

 Is everybody using S/MIME? Or PGP? Use an online storage like DropBox

 Everybody needs an account

(16)

©C. Eckert, AISEC,

Tap ‚n‘ Drop: Secure ad-hoc sharing of files using CC

 NFC enabled smartphone or laptop: just touch tag

Ad hoc creation of a Cloud storage

 On-the-fly generation & distribution of encryption keys

Instant access to shared online folder

It‘ s secure and it‘s easy:

Client-site encryption, no trusted backend

No-click-interaction: Just touch the tag

No set up or configuration required

2. Cloud Security Solutions

(17)

©C. Eckert, AISEC,

Outline

1. Cloud Security Issues

2. Cloud Security Solutions

Mitigating Risks & Take Opportunities

(18)

©C. Eckert, AISEC,

3. Take Home Message

Challenge: Turn fear and doubt into trust and added value!

Turn Cloud Computing into a Security EnhancingTechnology!

 Enhance trust in cloud offerings by providing means to

control what is going on (Lenin: Vertraue, aber prüfe nach) e.g. Cloud Leitstand (Monitoring Framework)

 Enhance Security by offering Security as a Service using cloud technology

(19)

©C. Eckert, AISEC,

Thank you for your Attention

Claudia Eckert

Fraunhofer AISEC (Applied & Integrated Security) TU München, Chair for IT Security

E-Mail: [email protected] Internet: http://www.aisec.fraunhofer.de

Visit us: e.g.

CeBIT Hannover

References

Download now ( PDF - 19 Page - 840.45 KB )

Related documents

Cloud Access Security Broker (CASB): A pattern for secure access to cloud services

Cloud Access Security Brokers (CASBs) are security enforcement points between consumers and service providers that apply security controls to access cloud services, usually

ALERT LOGIC LOG MANAGER & LOGREVIEW

Alert Logic, the leader in security and compliance solutions for the cloud, provides Security-as-a-Service for on-premises, cloud, and hybrid infrastructures, delivering deep

ALERT LOGIC FOR HIPAA COMPLIANCE

Alert Logic, the leader in security and compliance solutions for the cloud, provides Security-as-a-Service for on-premises, cloud, and hybrid infrastructures, delivering deep

Entry into motherhood: The effect of wages

Therefore, we estimated a potential wage for each woman in the sample, independently of her labour market status, and used this potential wage to study the effect of female wages on

Mark O Loughlin IT Alliance

Cloud Service Manager Cloud Security Manager Cloud Solutions Architect Cloud Administrator Cloud Developer CCC Professional CCC – Cloud Technology Associate CompTIA –

India Hotel Approved Projects List Nov 2016

44 MAHARASHTRA Mumbai Star Category Hotel 3 Star Timestar Developers Pvt.. S.No State

Discourses of widening participation and social inclusion

Adopting a Foucauldian genealogical approach I explore the ways in which a specific widening participation initiative, that of Adult Learners’ Week (ALW), has been used by

Feasibility of recycling CDW as raw material in gypsum composites

Because of this circumstances, the Spanish government has created several rules focused on minimizing the environmental impact caused by the construction industry and, in