430 likes | 602 Views
Center for Computing and Engineering Software Systems Swinburne University of Technology. Adaptive Model-based Cloud Computing Security Management. 25 May 2012. Mohamed Almorsy Supervisors Prof. John Grundy Prof. Jun Han. Agenda. Cloud Computing Security. Research Gaps.
E N D
Center for Computing and Engineering Software Systems Swinburne University of Technology Adaptive Model-based Cloud Computing Security Management 25May2012 Mohamed Almorsy SupervisorsProf. John Grundy Prof. Jun Han
Agenda Cloud Computing Security Research Gaps Adaptive Cloud Security Management
Motivating Scenario SWIN SOFT • GREEN CLOUD Get Currency-Now Build Workflow • BLUE CLOUD Batch processing <<include>> <<include>> <<include>> SWIN SOFT Galactic CPs : GREEN CLOUD – BLUE CLOUD SPs : SWINSOFT - GREEN CLOUD – BLUE CLOUD CCs : Swinburne University- Auckland University
Why Security is different inCloud Computing ? Resources Virtualization - Multi-tenancy - Elasticity Cloud Characteristics Long Dependency Stack Cloud Computing Model Different Stakeholders Hypervisor - VMs - Platforms - Apps CPs - SPs - CCs Different Possible Deployments Service Delivery Models Public - Private - Hybrid IaaS - PaaS - SaaS
http://blogs.technet.com/b/yungchou/archive/2010/11/15/cloud-computing-primer-for-it-pros.aspxhttp://blogs.technet.com/b/yungchou/archive/2010/11/15/cloud-computing-primer-for-it-pros.aspx
New Cloud Security Problems Security Isolation Loss-of-Control Lack-of-Trust Security Federation ..... Why • Tenants have no control on outsourced assets. • CPs do not know the hosted service business value. • Services are developed with built-in security functions. • Services are developed with security from the service provider perspective.
NIST - http://www.kurzweilai.net/nist-issues-government-cloud-computing-roadmap-and-architecture
Research Problem • Cloud computing model lacks a strong security management frameworkthat can handle: • Loss-of-control and lack-of-trust. • Multi-tenancy. • Different stakeholders. • Constantly changing security. • Huge number of services and security solutions. CCs involved in securing their assets tenant-oriented security collaboration-based adaptive security standard security interface
Current Trends NIST CSA
Current Trends NIST CSA FedRAMP Limitations • Security customization is limited. • Security adaptation is not possible. • Cloud provider is the service provider. • Limits the ROI of the cloud platforms. • A cloud provider claims supported security level. • A certifying authority audits the claimed level. • A cloud consumer specifies expected security level. • The certifying authority matches consumers requirements and providers capabilities and assures it.
Current Trends NIST CSA Security Registry Limitations • Assessment and awareness do not mean real security. • Loss-of-Control nor Lack-of-Trust are mitigated. • CSA Focus on assessing a cloud provider security level. • List security controls to be provided by a cloud provider. • Checklist to guide consumers assess a cloud platform security.
Research Objective • To extend the cloud model with an abstract, dynamic, and multi-tenant security management framework. CC Security Management Process CC Security Management Process
ISMSs (including NIST-FISMA and ISO27000) provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving the protection of information assets. Information Security Management Systems
Rethinking in Security Management under Cloud Computing Model CCs involved in securing their assets tenant-oriented security collaboration-based adaptive security standard security interface
General Approach Service Provider Stakeholder Security Engineers Cloud Provider Security Model Service Model Cloud Platform Model Secure System model Feedback Enforcement Security Mgmt plan Security Controls Cloud Services Cloud Platform Model-based Security Management for the Cloud Computing Model
General Framework Management Component Tenant Security Modeller Service & Platform Modeller Analysis Component Enforcement Component Service-security Integrator Threat and Vulnerability Analyzer Sn Security Interface S1 S2 Measurements Analyzer Security Services Monitoring Component Measurements Collector Security Probes Generator
Rethinking in Security Management under Cloud Computing Model
Collaboration-based Cloud Computing Security Management Framework CCs All All • Aligning FISMA Security Management standard with the cloud model. • Improving the collaboration among cloud stakeholders. CPE CVE/CWE CCE All CCs CCs & CPs Adopted security standards Responsible stakeholder(s)
Collaboration-based Cloud Computing Security Management Framework Management Layer Security Metrics Manager Security Categorization Multi-Tenant Security Plan Risk Assessment Security Controls Manager Multi-Tenant Status Report Security Status Security Management Repository Security Reqs. Feedback Layer Enforcement Layer Planning Implementation Monitoring Analysis Measurements Cloud Platform Configurations Controls Logs Security Controls
Prototype Snapshots A snapshot of the security controls base satisfaction status A cloud consumer registering for one of the GREEN CLOUD registered services Two different service security categorizations for two different customers A snapshot of a security control registration A sample of Swinburne security status report A snapshot of a given service threats retrieved from the NVD A snapshot of the security SLA between GREENCLOUD, SWINSOFT and Swinburne
Limitations • Security monitoring depends on security controls’ log files “lagging metrics”. • Service-oriented security. • Integrating security controls within target services is done manually.
Security Management Security Engineering Security Objectives Security Requirements Security Threats/Risks Security Architecture Security Controls Security Design Security Monitoring Security Enforcement • Tenants come and go at runtime. • Tenants’ security change at runtime. • Services shouldn’t go down for customization or maintenance. • Discovered vulnerabilities cannot wait too long for patches.
Adaptive (Multi-tenant) Model-driven Security (Re)Engineering at Runtime Component Multi-tenant Security Engineering @ runtime TOSSMA Security Reengineering SMART MDSE@R Security Engineering @ runtime
SecDSVLMetamodel Security control
Live system interceptors [1], security specification [2] documents
TOSSMA: Tenant-Oriented SaaS Security Management Architecture
Adaptive (Multi-tenant) Model-driven Security (Re)Engineering at runtime Component
Adaptive (Multi-tenant) Model-driven Security (Re)Engineering at Runtime Component Multi-tenant Security Engineering @ runtime TOSSMA Security Reengineering SMART MDSE@R Security Engineering @ runtime
boolupdateCustomerBalance(string custID, decimal nBalance) { if(!AuthenitcateUser( username, password)) return false; if(!AuthorzUser(username, "updateCustBalance")) return false; LogTrx(username, dateTime.Now, "updateCustomerBalance"); Customer customer = Customers.getCustomerByID(custID); customer.Balance= nBalance; Customers.SaveChanges(); LogTrx(username, dateTime.Now, "updateCustBalance done"); } To be removed if( Request.Cookies["Loggedin"] != true ) { if( !AuthenticateUser(Request.Params["username"], Request.Params["password"] ) ) throw new Exception("Invalid user"); } DoAdministration(); To be modified if( !AuthenticateUser( Request.Params["username"], Request.Params["password"] ) ) throw new Exception("Invalid user"); if( !AuthorizeUser( Thread.CurrentPrincipal, (new StakeFrame()).GetMethod().Name, (new StakeFrame()).GetMethod().GetParameters() ) ) throw new Exception("User is not auhorized"); updateCustomerBalance(Request.QueryString["cID"], nBalance); To be injected Examples of code snippets that need to be Re-engineerd
Mo Mohamed Almorsy malmorsy@swin.edu.au http://www.ict.swin.edu.au/ictstaff/malmorsy