Upgrade to Pro — share decks privately, control downloads, hide ads and more …

About being the Tortoise or the Hare? Making Cloud Applications too Fast and Furious for Attackers

About being the Tortoise or the Hare? Making Cloud Applications too Fast and Furious for Attackers

Cloud applications expose - beside service endpoints - also potential or actual vulnerabilities. And attackers have several advantages on their side. They can select the weapons, the point of time and the point of attack.
Very often cloud application security engineering efforts focus to harden the fortress walls but seldom assume that attacks may be successful. So, cloud applications rely on their defensive walls but seldom attack intruders actively. Biological systems are different. They accept that defensive "walls" can be breached at several layers and therefore make use of an active and adaptive defense system to attack potential intruders - an immune system. This position paper proposes such an immune system inspired approach to ensure that even undetected intruders can be purged out of cloud applications. This makes it much harder for intruders to maintain a presence on victim systems. Evaluation experiments with popular cloud service infrastructures (Amazon Web Services, Google Compute Engine, Azure and OpenStack) showed that this could minimize the undetected acting period of intruders down to minutes.

Nane Kratzke

March 19, 2018
Tweet

More Decks by Nane Kratzke

Other Decks in Programming

Transcript

  1. 8th International Conference on Cloud Computing and Services Science (CLOSER 2018); Funchal, Madeira, Portugal, 2018
    About being the Tortoise or
    the Hare?
    A Position Paper on Making Cloud
    Applications too Fast and Furious for Attackers
    Nane Kratzke

    View Slide

  2. The next 15 minutes are about ...
    • Some scary considerations on zero-
    day exploits
    • Moving target defense
    • The idea to (permanently) jangle
    attackers nerves
    • Some evaluation results
    • Conclusions and open issues
    Prof. Dr. rer. nat. Nane Kratzke
    Computer Science and Business Information Systems
    2
    Paper URL
    Presentation URL
    Speaker Deck

    View Slide

  3. How to defense against unknown
    vulnerabilities?
    Prof. Dr. rer. nat. Nane Kratzke
    Computer Science and Business Information Systems
    3
    Reported in January 2018. Mainly x86 microprocessors with out-of-order
    execution and branch-prediction affected since
    1995 (says Google).
    CVE-2017-5754
    CVE-2017-5715
    CVE-2017-5753

    View Slide

  4. Moving Target Defense (MTD)
    ACM Moving Target Defense Workshops 2014 - 2017
    Prof. Dr. rer. nat. Nane Kratzke
    Computer Science and Business Information Systems
    4
    • The static nature of current computing systems has made them easy to
    attack and harder to defend.
    • The idea of moving-target defense (MTD) is to impose the same
    asymmetric disadvantage on attackers by making systems dynamic
    (harder to explore and predict).
    • Moving target defense reduces the need for threat detection.

    View Slide

  5. We need a reactive component as well
    Biological systems are different.
    Defensive “walls” can be
    breached at several layers.
    An additional active defense
    system is needed to attack
    potential successful intruders - an
    immune system.
    Prof. Dr. rer. nat. Nane Kratzke
    Computer Science and Business Information Systems
    5

    View Slide

  6. We build a transferability solution ...
    Prof. Dr. rer. nat. Nane Kratzke
    Praktische Informatik und betriebliche Informationssysteme
    6
    Operate application on current provider.
    Scale cluster into prospective provider.
    Shutdown nodes on current provider.
    Cluster reschedules lost container.
    Migration finished.
    Quint, P.-C., & Kratzke, N. (2016). Overcome Vendor Lock-In by
    Integrating Already Available Container Technologies - Towards
    Transferability in Cloud Computing for SMEs. In Proceedings of CLOUD
    COMPUTING 2016 (7th. International Conference on Cloud Computing,
    GRIDS and Virtualization).
    … mainly, to avoid Vendor Lock-In:
    • Make use of elastic container
    platforms to operate elastic
    services being deployable to any
    IaaS cloud infrastructure.
    • Transfer of these services from one
    private or public cloud infrastructure
    to another at runtime.
    Kratzke, N. (2017). Smuggling Multi-Cloud Support into Cloud-native
    Applications using Elastic Container Platforms. In Proceedings of the 7th
    Int. Conf. on Cloud Computing and Services Science (CLOSER
    2017) (pp. 29–42).

    View Slide

  7. Most systems rely on their defence walls
    and just wait to be attacked
    Prof. Dr. rer. nat. Nane Kratzke
    Computer Science and Business Information Systems
    7
    Successfully breached node (lateral movement)

    View Slide

  8. How long can presence be maintained?
    Prof. Dr. rer. nat. Nane Kratzke
    Computer Science and Business Information Systems
    8
    Answer:
    Surprisingly long!

    View Slide

  9. Let us make the game more challenging
    for the attacker
    Prof. Dr. rer. nat. Nane Kratzke
    Computer Science and Business Information Systems
    9
    We can create a race between
    a manual (time-intensive)
    breach and a fully automatic
    (and fast) regeneration.
    Regenerated node (randomly chosen at some point in time)
    Successfully breached node (lateral movement)

    View Slide

  10. Runtime to regenerate one node
    Prof. Dr. rer. nat. Nane Kratzke
    Computer Science and Business Information Systems
    10
    Request a
    node
    Adjust
    Security
    Groups
    Join
    Node
    0
    100
    200
    300
    400
    500
    600
    700
    AWS OpenStack GCE Azure
    Runtimes (median values in seconds)
    Creation Secgroup Joining Termination
    Adjust
    Security
    Group
    Terminate
    Node

    View Slide

  11. Conclusion, open issues and limitations
    • The presented approach means for attackers
    that their time being „undetected“ drops from
    months down to minutes .
    • Can we reduce regenerations without
    increasing own efforts?
    • What is about exploits/attacks that are
    adaptable to bio-inspired systems?
    • How to protect the regeneration mechanism
    against attackers?
    • Biology inspired solutions come with
    downsides like
    • fever (too many nodes in regeneration at the same
    time, system runs hot)
    • auto-immune disease (healthy nodes are attacked
    too often)
    Prof. Dr. rer. nat. Nane Kratzke
    Computer Science and Business Information Systems
    11

    View Slide

  12. Acknowledgement
    • Rabbit, Tortoise: Pixabay (CC0 Public Domain)
    • Fortress: Pixabay (CC0 Public Domain)
    • Bowman: Pixabay (CC0 Public Domain)
    • Definition: Pixabay (CC0 Public Domain, PDPics)
    • Railway: Pixabay (CC0 Public Domain, Fotoworkshop4You)
    • Air Transport: Pixabay (CC0 Public Domain, WikiImages)
    Prof. Dr. rer. nat. Nane Kratzke
    Computer Science and Business Information Systems
    12
    Picture Reference
    This research is partly funded by German Federal Ministry of
    Education and Research (13FH021PX4).
    Paper URL
    Presentation URL
    Speaker Deck

    View Slide

  13. About
    Prof. Dr. rer. nat. Nane Kratzke
    Computer Science and Business Information Systems
    13
    Nane Kratzke
    CoSA: http://cosa.fh-luebeck.de/en/contact/people/n-kratzke
    Blog: http://www.nkode.io
    Twitter: @NaneKratzke
    GooglePlus: +NaneKratzke
    LinkedIn: https://de.linkedin.com/in/nanekratzke
    GitHub: https://github.com/nkratzke
    ResearchGate: https://www.researchgate.net/profile/Nane_Kratzke
    SlideShare: http://de.slideshare.net/i21aneka

    View Slide