Upgrade to Pro — share decks privately, control downloads, hide ads and more …

About an Immune System Understanding for Cloud-...

Nane Kratzke
February 19, 2018
Technology
0
210

About an Immune System Understanding for Cloud-native Applications . Biology Inspired Thoughts to Immunize the Cloud Forensic Trail

Presentation for 9th International Conference on Cloud Computing, GRIDS, and Virtualization (CLOUD COMPUTING 2018) in Barcelona, Spain, 2018.

There is no such thing as an impenetrable system, although the penetration of systems does get harder from year to year. The median days that intruders remained undetected on victim systems dropped from 416 days in 2010 down to 99 in 2016. Perhaps because of that, a new trend in security breaches is to compromise the forensic trail to allow the intruder to remain undetected for longer in victim systems and to retain valuable footholds for as long as possible. This paper proposes an immune system inspired solution which uses a more frequent regeneration of cloud application nodes to ensure that undetected compromised nodes can be purged. This makes it much harder for intruders to maintain a presence on victim systems. Basically the biological concept of cell-regeneration is combined with the information systems concept of append-only logs. Evaluation experiments performed on popular cloud service infrastructures (Amazon Web Services, Google Compute Engine, Azure and OpenStack) have shown that between 6 and 40 nodes of elastic container platforms can be regenerated per hour. Even a large cluster of 400 nodes could be regenerated in somewhere between 9 and 66 hours. So, regeneration shows the potential to reduce the foothold of undetected intruders from months to just hours.

Nane Kratzke

February 19, 2018
Tweet

More Decks by Nane Kratzke

See All by Nane Kratzke
KI aus der Cloud - Denkanstöße für Life-Sciences?
nkratzke
0
76
KI aus der Cloud
nkratzke
1
85
Pizza-as-a-Service
nkratzke
0
390
Smart Like A Fox: How clever students trick dumb automated programming assignment assessment systems
nkratzke
1
420
What is a SERVICE MESH and what it is good for?
nkratzke
2
910
About being the Tortoise or the Hare? Making Cloud Applications too Fast and Furious for Attackers
nkratzke
0
69
Towards a Lightweight Multi-Cloud DSL for Elastic and Transferable Cloud-native Applications
nkratzke
0
78
We have the Bricks to Build Cloud-native Cathedrals - But do we have the mortar?
nkratzke
0
56
There is no impenetrable system - So, why we are just waiting to get breached?
nkratzke
0
240

Other Decks in Technology

See All in Technology
強いチームと開発生産性
onk
PRO
34
11k
AGIについてChatGPTに聞いてみた
blueb
0
130
RubyのWebアプリケーションを50倍速くする方法 / How to Make a Ruby Web Application 50 Times Faster
hogelog
3
940
OCI Security サービス 概要
oracle4engineer
PRO
0
6.5k
【令和最新版】AWS Direct Connectと愉快なGWたちのおさらい
minorun365
PRO
5
750
AWS Media Services 最新サービスアップデート 2024
eijikominami
0
200
Amplify Gen2 Deep Dive / バックエンドの型をいかにしてフロントエンドへ伝えるか #TSKaigi #TSKaigiKansai #AWSAmplifyJP
tacck
PRO
0
380
OCI Network Firewall 概要
oracle4engineer
PRO
0
4.1k
Taming you application's environments
salaboy
0
180
Why does continuous profiling matter to developers? #appdevelopercon
salaboy
0
190
Shopifyアプリ開発における Shopifyの機能活用
sonatard
4
250
The Rise of LLMOps
asei
7
1.4k

Featured

See All Featured
Into the Great Unknown - MozCon
thekraken
32
1.5k
Six Lessons from altMBA
skipperchong
27
3.5k
Building Flexible Design Systems
yeseniaperezcruz
327
38k
How STYLIGHT went responsive
nonsquared
95
5.2k
Code Review Best Practice
trishagee
64
17k
Why Our Code Smells
bkeepers
PRO
334
57k
YesSQL, Process and Tooling at Scale
rocio
169
14k
GraphQLの誤解/rethinking-graphql
sonatard
67
10k
Agile that works and the tools we love
rasmusluckow
327
21k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.1k
Teambox: Starting and Learning
jrom
133
8.8k

Transcript

  1. About an Immune System Understanding for Cloud-native Applications Biology Inspired

    Thoughts to Immunize the Cloud Forensic Trail Nane Kratzke 9th International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2018); Barcelona, Spain, 2018 Some observations from a cloud user (a non- security-expert)

  2. The next 20 minutes are about ... • Some scary

    considerations on zero-day exploits • Cyber attack life cycle model • What can be learned about cloud applications after more than 10 years of cloud computing • The idea to (permanently) jangle attackers nerves • Some evaluation results • Conclusions and open issues Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 2 Paper URL Presentation URL Speaker Deck

  3. Some scary considerations for introduction • In principle attackers can

    establish footholds in our systems whenever they want (zero-day exploits) • Cloud application security engineering efforts focus to harden the fortress walls. • Cloud applications rely on their defensive walls but seldom attack intruders actively. Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 3

  4. We need a reactive component as well Biological systems are

    different. Defensive “walls” can be breached at several layers. An additional active defense system is needed to attack potential successful intruders - an immune system. Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 4

  5. How long can presence be maintained? Prof. Dr. rer. nat.

    Nane Kratzke Computer Science and Business Information Systems 5 Answer: Surprisingly long!

  6. One basic idea Prof. Dr. rer. nat. Nane Kratzke Computer

    Science and Business Information Systems 6 Play god, break this loop at arbitrary times at your will!

  7. We need some guidance ... ClouNS – Cloud-native Application Reference

    Stack Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 7 [KP2016] Kratzke, N., & Peinl, R. (2016). ClouNS - a Cloud-Native Application Reference Model for Enterprise Architects. In 2016 IEEE 20th International Enterprise Distributed Object Computing Workshop (EDOCW) (pp. 1–10). [QK2018a] Quint, P.-C., & Kratzke, N. (2018). Towards a Lightweight Multi-Cloud DSL for Elastic and Transferable Cloud-native Applications. In Proceedings of the 8th Int. Conf. on Cloud Computing and Services Science (CLOSER 2018, Madeira, Portugal).

  8. We use this very basic model ... Prof. Dr. rer.

    nat. Nane Kratzke Praktische Informatik und betriebliche Informationssysteme 8 Operate application on current provider. Scale cluster into prospective provider. Shutdown nodes on current provider. Cluster reschedules lost container. Migration finished. Quint, P.-C., & Kratzke, N. (2016). Overcome Vendor Lock-In by Integrating Already Available Container Technologies - Towards Transferability in Cloud Computing for SMEs. In Proceedings of CLOUD COMPUTING 2016 (7th. International Conference on Cloud Computing, GRIDS and Virtualization). … mainly, to avoid Vendor Lock-In: • Make use of elastic container platforms to operate elastic services being deployable to any IaaS cloud infrastructure. • Transfer of these services from one private or public cloud infrastructure to another at runtime. Kratzke, N. (2017). Smuggling Multi-Cloud Support into Cloud-native Applications using Elastic Container Platforms. In Proceedings of the 7th Int. Conf. on Cloud Computing and Services Science (CLOSER 2017) (pp. 29–42).

  9. Most systems rely on their defence walls and just wait

    to be attacked Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 9 Successfully breached node (lateral movement)

  10. Let us make the game more challenging for the attacker

    Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 10 We can create a race between a manual (time-intensive) breach and a fully automatic (and fast) regeneration. Regenerated node (randomly chosen at some point in time) Successfully breached node (lateral movement)

  11. Sadly, the approach is limited Prof. Dr. rer. nat. Nane

    Kratzke Computer Science and Business Information Systems 11

  12. Regeneration evaluation: Runtime to regenerate one node Prof. Dr. rer.

    nat. Nane Kratzke Computer Science and Business Information Systems 12 Request a replace node Adjust Security Groups Join Replace Node Adjust Security Group Terminate Old Node

  13. Runtime to regenerate one node Prof. Dr. rer. nat. Nane

    Kratzke Computer Science and Business Information Systems 13 Request a node Adjust Security Groups Join Node 0 100 200 300 400 500 600 700 AWS OpenStack GCE Azure Runtimes (median values in seconds) Creation Secgroup Joining Termination Adjust Security Group Terminate Node Remember: The median time being undetected in 2016 was 99 DAYS 1 minute 10 minutes

  14. Open issues and limitations • Can we reduce regenerations? •

    Can we identify suspect nodes automatically? • Limited to applications on CAMM Level 2 and above … (state management) • How to handle data-as-code dependencies and code injection vulnerabilities? • What is about exploits/attacks that are adaptable to bio-inspired systems? • How to protect the regeneration mechanism against attackers? • Large scale evaluation needed Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 14

  15. Conclusion Prof. Dr. rer. nat. Nane Kratzke Computer Science and

    Business Information Systems 15 • The presented approach means for attackers that their time being „undetected“ drops from months down to minutes. • However, biology inspired solutions come with downsides like • fever (too many nodes in regeneration at the same time, system runs hot) • auto-immune disease (healthy nodes are attacked too often) • Further research needed how to integrate • append-only logging systems • suspect node detection • avoidance of immune-system downsides like fever and auto- immune diseases • Several experts remarked independently that the basic idea is so „intruiging“, that it should be considered more consequently.

  16. Acknowledgement • Virus: Pixabay (CC0 Public Domain) • Fortress: Pixabay

    (CC0 Public Domain) • Bowman: Pixabay (CC0 Public Domain) • Definition: Pixabay (CC0 Public Domain, PDPics) • Railway: Pixabay (CC0 Public Domain, Fotoworkshop4You) • Air Transport: Pixabay (CC0 Public Domain, WikiImages) Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 16 Picture Reference This research is partly funded by German Federal Ministry of Education and Research (13FH021PX4). Paper URL Presentation URL Speaker Deck

  17. About Prof. Dr. rer. nat. Nane Kratzke Computer Science and

    Business Information Systems 17 Nane Kratzke CoSA: http://cosa.fh-luebeck.de/en/contact/people/n-kratzke Blog: http://www.nkode.io Twitter: @NaneKratzke GooglePlus: +NaneKratzke LinkedIn: https://de.linkedin.com/in/nanekratzke GitHub: https://github.com/nkratzke ResearchGate: https://www.researchgate.net/profile/Nane_Kratzke SlideShare: http://de.slideshare.net/i21aneka