• No results found

[NORMAL] Large-scale coordinated attacks: Impact on the cloud security

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Large-scale coordinated attacks: Impact on the cloud security"

Copied!
33
0
0

Loading.... (view fulltext now)

Download now ( 33 Page )

Full text

(1)

How Cloud Computing can be secured Distributed portscan Experimental protocol Results Conclusion

Large-scale coordinated attacks:

Impact on the cloud security

Damien Riquet

Gilles Grimaud

M. Hauspie

Team 2xS

Université Lille 1, France

MCNCS, Palermo, 2012

(2)

How Cloud Computing can be secured Distributed portscan Experimental protocol Results Conclusion

Study on the impact of distributed attacks on Cloud Computing

Cloud Computing: a popular model to process large data set

Several layers according to the needs of customers

Store confidential data

Growing concern about its security

Attacks on the cloud

Distributed attacks to evade security solutions

Weaknesses of cloud structure

(3)

How Cloud Computing can be secured Distributed portscan Experimental protocol Results Conclusion

(4)

How Cloud Computing can be secured Distributed portscan Experimental protocol Results Conclusion

(5)

How Cloud Computing can be secured Distributed portscan Experimental protocol Results Conclusion

(6)

How Cloud Computing can be secured Distributed portscan Experimental protocol Results Conclusion

(7)

How Cloud Computing can be secured Distributed portscan Experimental protocol Results Conclusion

Goals of this paper

Study security solutions used by Cloud Computing

Show that distributed attacks could be very efficient

1-path architecture

(8)

How Cloud Computing can be secured Distributed portscan Experimental protocol Results Conclusion

Outline

1

How Cloud Computing can be secured

2

Distributed portscan

3

Experimental protocol

(9)

How Cloud Computing can be secured Distributed portscan Experimental protocol Results Conclusion

Security solutions commonly used Detection methods

Outline

1

How Cloud Computing can be secured

Security solutions commonly used

Detection methods

2

Distributed portscan

3

Experimental protocol

(10)

How Cloud Computing can be secured Distributed portscan Experimental protocol Results Conclusion

Security solutions commonly used

Detection methods

Cloud security - Security solutions commonly used

Firewalls [BC94]

At the border of the network

Analyze traffic between two networks

Security policies

Intrusion Detection System (IDS) [Ped05]

Network or Host based

Passive device: raise alarms

Pattern-matching, analyze traffic

(11)

How Cloud Computing can be secured Distributed portscan Experimental protocol Results Conclusion

Security solutions commonly used

Detection methods

Detection methods

Misuse detection

Look for known patterns of misuse

Pattern-matching

Need constant update of the database

Anomaly detection

Knowledge of standard

Raise an alarm when an anomaly is detected

Detect unknown attacks

(12)

How Cloud Computing can be secured Distributed portscan Experimental protocol Results Conclusion Definition Distribution methods

Outline

1

How Cloud Computing can be secured

2

Distributed portscan

Definition

Distribution methods

3

Experimental protocol

(13)

How Cloud Computing can be secured Distributed portscan Experimental protocol Results Conclusion Definition Distribution methods

Distributed portscan: a use case

[Shi00] A portscan is ...

«an attack that sends client requests to a range of server port

addresses on a host, with the goal of finding an active port and

exploiting a known vulnerability of that service.»

Usage and goals

Reconnaissance phase

Discover weaknesses of a network

Used by worms, malicious hackers

(14)

How Cloud Computing can be secured Distributed portscan Experimental protocol Results Conclusion Definition Distribution methods

How to distribute a portscan

Naive distribution [KCS07]

Sequential utilization of scanners

Use a scanner until it is detected then select another one

Parallel distribution

Distribute ports among scanners

Execute portscan on scanners

Process results afterwards

(15)

How Cloud Computing can be secured Distributed portscan Experimental protocol Results Conclusion Security solutions Network architecture Benchmark configurations

Outline

1

How Cloud Computing can be secured

2

Distributed portscan

3

Experimental protocol

Security solutions

Network architecture

Benchmark configurations

4

Results

(16)

How Cloud Computing can be secured Distributed portscan Experimental protocol Results Conclusion Security solutions Network architecture Benchmark configurations

Tested security solutions

Snort

Popular open source IDS

Detection methods

Signature-based (written by the community)

Threshold-based (sfPortscan module)

Commercial firewall

United Threat Management (network firewall and an IDS)

Detection methods

Anomaly-based (TCP Automaton)

Threshold-based

(17)

How Cloud Computing can be secured Distributed portscan Experimental protocol Results Conclusion Security solutions Network architecture Benchmark configurations

Network architecture

Cloud host

Cloud Computing

Firewall / IDS

Internet host

(18)

How Cloud Computing can be secured Distributed portscan Experimental protocol Results Conclusion Security solutions Network architecture Benchmark configurations

Benchmark configurations

Network architecture

Number of scanners: 2

n

, with 1

n

6

Number of targets (Snort): 2

n

, with 1

n

6

Number of targets (Commercial): 4

Security solution configuration: default

Portscan

Portscan timing:

insane

aggressive

normal

polite

5 ms

10 ms

0.4 s

0.4 s

Number of ports: 100 per target (most used ports)

Distribution methods: Naive and Parallel

(19)

How Cloud Computing can be secured Distributed portscan Experimental protocol Results Conclusion Evaluation Connect scanning Null scanning Results wrap up

Outline

1

How Cloud Computing can be secured

2

Distributed portscan

3

Experimental protocol

4

Results

Evaluation

Connect scanning

Null scanning

Results wrap up

(20)

How Cloud Computing can be secured Distributed portscan Experimental protocol Results Conclusion Evaluation Connect scanning Null scanning Results wrap up

Evaluation

Attacker Success Rate

n

=

Number of ports successfully scanned before detection

T

=

Total number of ports to scan

ASR

=

n

T

The lower is the ASR, the better is the security solution

Successful portscan :

undetected

correct port state

(21)

How Cloud Computing can be secured Distributed portscan Experimental protocol Results Conclusion Evaluation Connect scanning Null scanning Results wrap up

Connect scanning - 4 targets

0 20 40 60 80 100 1 2 4 8 16 32 64 A S R Naive Parallel

insane aggressive normal polite insane aggressive normal polite

Snort

0 20 40 60 80 100 1 2 4 8 16 32 64 A S R Naive Parallel

(22)

How Cloud Computing can be secured Distributed portscan Experimental protocol Results Conclusion Evaluation Connect scanning Null scanning Results wrap up

Connect scanning - 4 targets

0 20 40 60 80 100 1 2 4 8 16 32 64 A S R Naive Parallel

insane aggressive normal polite insane aggressive normal polite

Snort

20 40 60 80 100 1 2 4 8 16 32 64 A S R Naive Parallel

(23)

How Cloud Computing can be secured Distributed portscan Experimental protocol Results Conclusion Evaluation Connect scanning Null scanning Results wrap up

Connect scanning - 4 targets

0 20 40 60 80 100 1 2 4 8 16 32 64 A S R Naive Parallel

insane aggressive normal polite insane aggressive normal polite

Snort

0 20 40 60 80 100 1 2 4 8 16 32 64 A S R Naive Parallel

(24)

How Cloud Computing can be secured Distributed portscan Experimental protocol Results Conclusion Evaluation Connect scanning Null scanning Results wrap up

Connect scanning - Snort

0 20 40 60 80 100 1 2 4 8 16 32 64 A S R Naive Parallel

insane aggressive normal polite insane aggressive normal polite

Snort - 8 targets

20 40 60 80 100 1 2 4 8 16 32 64 A S R Naive Parallel

(25)

How Cloud Computing can be secured Distributed portscan Experimental protocol Results Conclusion Evaluation Connect scanning Null scanning Results wrap up

Connect scanning - Snort

0 20 40 60 80 100 1 2 4 8 16 32 64 A S R Naive Parallel

insane aggressive normal polite insane aggressive normal polite

Snort - 8 targets

0 20 40 60 80 100 1 2 4 8 16 32 64 A S R Naive Parallel

(26)

How Cloud Computing can be secured Distributed portscan Experimental protocol Results Conclusion Evaluation Connect scanning Null scanning Results wrap up

Null scanning - 4 targets

0 20 40 60 80 100 1 2 4 8 16 32 64 A S R Naive Parallel

insane aggressive normal polite insane aggressive normal polite

Snort

20 40 60 80 100 1 2 4 8 16 32 64 A S R Naive Parallel

(27)

How Cloud Computing can be secured Distributed portscan Experimental protocol Results Conclusion Evaluation Connect scanning Null scanning Results wrap up

Null scanning - 4 targets

0 20 40 60 80 100 1 2 4 8 16 32 64 A S R Naive Parallel

insane aggressive normal polite insane aggressive normal polite

Snort

0 20 40 60 80 100 1 2 4 8 16 32 64 A S R Naive Parallel

(28)

How Cloud Computing can be secured Distributed portscan Experimental protocol Results Conclusion Evaluation Connect scanning Null scanning Results wrap up

Results wrap up

Distributed attacks could be very efficient:

32/64 scanners are enough to remain undetected

Weaknesses of security solution (timing, outdated database)

Parallel distribution succeeds in obfuscating the attack

Commercial firewall has better results

(29)

How Cloud Computing can be secured Distributed portscan Experimental protocol Results Conclusion

Conclusion

Study of security solutions commonly used

Impact of distributed attacks on Cloud Computing

32 scanners are enough to remain undetected

No network noise

Future work

Multipath attacks

(30)

How Cloud Computing can be secured Distributed portscan Experimental protocol Results Conclusion

Questions

Large-scale coordinated attacks: Impact on the cloud security

Damien Riquet -

[email protected]

Gilles Grimaud -

[email protected]

Michaël Hauspie -

[email protected]

(31)

How Cloud Computing can be secured Distributed portscan Experimental protocol Results Conclusion

References I

S. M Bellovin and W. R Cheswick,

Network firewalls, IEEE

Communications Magazine

32

(1994), no. 9, 50–57.

Min Gyung Kang, Juan Caballero, and Dawn Song,

Distributed

evasive scan techniques and countermeasures, Proceedings of

the 4th international conference on Detection of Intrusions and

Malware, and Vulnerability Assessment (Berlin, Heidelberg),

DIMVA ’07, Springer-Verlag, 2007, p. 157–174.

Naga Raju Peddisetty,

State-of-the-art intrusion detection:

Technology, challenges, and evaluation, 2005.

(32)

Multipath attacks

Attackers

Attackers

Targets

(33)

Collaborative security system

Virtual probe

Host Hypervisor Virtual probe Guest OS Guest OS

Physical probe

DSL

FPGA

References

Download now ( PDF - 33 Page - 2.00 MB )

Related documents

The relation of structural integrity and task-related functional connectivity in the aging brain

We hypothesized that, in contrast to young adults, (i) older adults would show stronger FC to the frontal regions under low load, as ageing has been associated with

EFFECTS OF CULTURE SHOCK AND CROSS-CULTURAL ADAPTATION ON LEARNING SATISFACTION OF MAINLAND CHINA STUDENTS STUDYING IN TAIWAN

Based on the above research for adult members, the Learning Satisfaction Scale, with the dimensions of Curriculum, Teacher Instruction, Administrative Support, Learning

Prevalence and correlates of high body mass index in rural Appalachian children aged 6-11 years

The major findings from this study are: (i) the prevalence of childhood overweight and at risk for overweight in our rural Appalachian sample is significantly higher

FANAWAY FRASER CEILING FAN

Conecte el cable de salida del receptor (azul, PARA LA LUZ) al cable de entrada vivo de la luz del ventilador (azul, PARA LA LUZ).. Después de conectar los cables, sepárelos

DTG Viper2 Direct to Garment Printer

Utilizing the latest high performance piezoelectric print head technology, the DTG Viper2 is the most efficient direct to garment printer in its class.. The DTG exclusive

Linguistic Analysis of Research Drafts of Undergraduate Students Samuel González López Aurelio López-López

We propose an assessment at four levels; where the first focuses on the lexicon used by the student in his/her draft, the second level seeks to identify and assess

Comparative Analysis of Insurance Use Among Dental and Trauma Patients Presenting for Care in Grady Memorial Hospital’s Emergency Department

The purpose of this study is to determine if adults seeking care in Grady Memorial Hospital’s emergency department for dental reasons are different than those seeking care for

Assessing the State of Comprehensive Medication Management in a Sample of Primary Care Clinics

Per the expectations set by the funder via the original request for proposal announcement, sites included in the study were required to have well-established CMM services delivered