Upgrade to Pro — share decks privately, control downloads, hide ads and more …

About being the Tortoise or the Hare? Making Cloud Applications too Fast and Furious for Attackers

Nane Kratzke
March 19, 2018
Programming
0
66

About being the Tortoise or the Hare? Making Cloud Applications too Fast and Furious for Attackers

Cloud applications expose - beside service endpoints - also potential or actual vulnerabilities. And attackers have several advantages on their side. They can select the weapons, the point of time and the point of attack.
Very often cloud application security engineering efforts focus to harden the fortress walls but seldom assume that attacks may be successful. So, cloud applications rely on their defensive walls but seldom attack intruders actively. Biological systems are different. They accept that defensive "walls" can be breached at several layers and therefore make use of an active and adaptive defense system to attack potential intruders - an immune system. This position paper proposes such an immune system inspired approach to ensure that even undetected intruders can be purged out of cloud applications. This makes it much harder for intruders to maintain a presence on victim systems. Evaluation experiments with popular cloud service infrastructures (Amazon Web Services, Google Compute Engine, Azure and OpenStack) showed that this could minimize the undetected acting period of intruders down to minutes.

Nane Kratzke

March 19, 2018
Tweet

More Decks by Nane Kratzke

See All by Nane Kratzke
KI aus der Cloud - Denkanstöße für Life-Sciences?
nkratzke
0
65
KI aus der Cloud
nkratzke
1
78
Pizza-as-a-Service
nkratzke
0
300
Smart Like A Fox: How clever students trick dumb automated programming assignment assessment systems
nkratzke
1
320
What is a SERVICE MESH and what it is good for?
nkratzke
2
870
Towards a Lightweight Multi-Cloud DSL for Elastic and Transferable Cloud-native Applications
nkratzke
0
71
We have the Bricks to Build Cloud-native Cathedrals - But do we have the mortar?
nkratzke
0
55
There is no impenetrable system - So, why we are just waiting to get breached?
nkratzke
0
190
About an Immune System Understanding for Cloud-native Applications . Biology Inspired Thoughts to Immunize the Cloud Forensic Trail
nkratzke
0
170

Other Decks in Programming

See All in Programming
try! Swift Tokyo 2024 参加報告 / try! Swift Tokyo 2024 Report
hironytic
0
140
スクラムチームと認知負荷 - ニフティのスクラムトーク Vol2. / NIFTY Tech Talk #18
niftycorp
PRO
1
110
TYPO3 v13 – The road to LTS: What's new and new APIs
luisasofie_xoxo
0
160
データアナリストが行うDatabricksを活用したETLの自動化事例
shinoa
0
240
1인 개발자로 행복하게 살기 - GDG 송도 헬로월드 2024
benjaminkim
1
5.5k
0→1と1→10の狭間で Javaという技術選定を振り返る/Reflecting on the Decision to Choose Java Between Scaling from 0 to 1 and 1 to 10
jaguar_imo
2
350
今の SmartHR にエンジニアで入社するとどうなるの?
daisukeshinoku
5
4.6k
puregoの活用例
aethiopicuschan
0
220
Open Source Swift Workshop - Foundation and first party libraries
ikesyo
0
1.1k
HUIT新歓2024「競技プログラミング、やってみませんか?」
slephy2784
1
250
スクラムガイドのスプリントレトロスペクティブを改めて読みかえしてみた / Re-reading the Sprint Retrospective Section in the Scrum Guide
mackey0225
3
280
単体テストを書かない技術 #phpcon_odawara
o0h
PRO
24
7.2k

Featured

See All Featured
GitHub's CSS Performance
jonrohan
1023
450k
The MySQL Ecosystem @ GitHub 2015
samlambert
242
12k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
24
2.3k
Building Flexible Design Systems
yeseniaperezcruz
318
37k
Being A Developer After 40
akosma
56
580k
Navigating Team Friction
lara
177
13k
Building Better People: How to give real-time feedback that sticks.
wjessup
352
18k
What's new in Ruby 2.0
geeforr
336
31k
Become a Pro
speakerdeck
PRO
9
4.5k
Designing Experiences People Love
moore
135
23k
Visualization
eitanlees
135
14k
Rebuilding a faster, lazier Slack
samanthasiow
72
8.2k

Transcript

  1. 8th International Conference on Cloud Computing and Services Science (CLOSER

    2018); Funchal, Madeira, Portugal, 2018 About being the Tortoise or the Hare? A Position Paper on Making Cloud Applications too Fast and Furious for Attackers Nane Kratzke

  2. The next 15 minutes are about ... • Some scary

    considerations on zero- day exploits • Moving target defense • The idea to (permanently) jangle attackers nerves • Some evaluation results • Conclusions and open issues Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 2 Paper URL Presentation URL Speaker Deck

  3. How to defense against unknown vulnerabilities? Prof. Dr. rer. nat.

    Nane Kratzke Computer Science and Business Information Systems 3 Reported in January 2018. Mainly x86 microprocessors with out-of-order execution and branch-prediction affected since 1995 (says Google). CVE-2017-5754 CVE-2017-5715 CVE-2017-5753

  4. Moving Target Defense (MTD) ACM Moving Target Defense Workshops 2014

    - 2017 Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 4 • The static nature of current computing systems has made them easy to attack and harder to defend. • The idea of moving-target defense (MTD) is to impose the same asymmetric disadvantage on attackers by making systems dynamic (harder to explore and predict). • Moving target defense reduces the need for threat detection.

  5. We need a reactive component as well Biological systems are

    different. Defensive “walls” can be breached at several layers. An additional active defense system is needed to attack potential successful intruders - an immune system. Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 5

  6. We build a transferability solution ... Prof. Dr. rer. nat.

    Nane Kratzke Praktische Informatik und betriebliche Informationssysteme 6 Operate application on current provider. Scale cluster into prospective provider. Shutdown nodes on current provider. Cluster reschedules lost container. Migration finished. Quint, P.-C., & Kratzke, N. (2016). Overcome Vendor Lock-In by Integrating Already Available Container Technologies - Towards Transferability in Cloud Computing for SMEs. In Proceedings of CLOUD COMPUTING 2016 (7th. International Conference on Cloud Computing, GRIDS and Virtualization). … mainly, to avoid Vendor Lock-In: • Make use of elastic container platforms to operate elastic services being deployable to any IaaS cloud infrastructure. • Transfer of these services from one private or public cloud infrastructure to another at runtime. Kratzke, N. (2017). Smuggling Multi-Cloud Support into Cloud-native Applications using Elastic Container Platforms. In Proceedings of the 7th Int. Conf. on Cloud Computing and Services Science (CLOSER 2017) (pp. 29–42).

  7. Most systems rely on their defence walls and just wait

    to be attacked Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 7 Successfully breached node (lateral movement)

  8. How long can presence be maintained? Prof. Dr. rer. nat.

    Nane Kratzke Computer Science and Business Information Systems 8 Answer: Surprisingly long!

  9. Let us make the game more challenging for the attacker

    Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 9 We can create a race between a manual (time-intensive) breach and a fully automatic (and fast) regeneration. Regenerated node (randomly chosen at some point in time) Successfully breached node (lateral movement)

  10. Runtime to regenerate one node Prof. Dr. rer. nat. Nane

    Kratzke Computer Science and Business Information Systems 10 Request a node Adjust Security Groups Join Node 0 100 200 300 400 500 600 700 AWS OpenStack GCE Azure Runtimes (median values in seconds) Creation Secgroup Joining Termination Adjust Security Group Terminate Node

  11. Conclusion, open issues and limitations • The presented approach means

    for attackers that their time being „undetected“ drops from months down to minutes . • Can we reduce regenerations without increasing own efforts? • What is about exploits/attacks that are adaptable to bio-inspired systems? • How to protect the regeneration mechanism against attackers? • Biology inspired solutions come with downsides like • fever (too many nodes in regeneration at the same time, system runs hot) • auto-immune disease (healthy nodes are attacked too often) Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 11

  12. Acknowledgement • Rabbit, Tortoise: Pixabay (CC0 Public Domain) • Fortress:

    Pixabay (CC0 Public Domain) • Bowman: Pixabay (CC0 Public Domain) • Definition: Pixabay (CC0 Public Domain, PDPics) • Railway: Pixabay (CC0 Public Domain, Fotoworkshop4You) • Air Transport: Pixabay (CC0 Public Domain, WikiImages) Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 12 Picture Reference This research is partly funded by German Federal Ministry of Education and Research (13FH021PX4). Paper URL Presentation URL Speaker Deck

  13. About Prof. Dr. rer. nat. Nane Kratzke Computer Science and

    Business Information Systems 13 Nane Kratzke CoSA: http://cosa.fh-luebeck.de/en/contact/people/n-kratzke Blog: http://www.nkode.io Twitter: @NaneKratzke GooglePlus: +NaneKratzke LinkedIn: https://de.linkedin.com/in/nanekratzke GitHub: https://github.com/nkratzke ResearchGate: https://www.researchgate.net/profile/Nane_Kratzke SlideShare: http://de.slideshare.net/i21aneka