Upgrade to Pro — share decks privately, control downloads, hide ads and more …

There is no impenetrable system - So, why we ar...

Nane Kratzke
February 20, 2018
Programming
0
240

There is no impenetrable system - So, why we are just waiting to get breached?

Although it might be hard to accept. By principle, attackers can establish footholds in our systems whenever they want (zero-day exploits). This presentation is some input for a panel discussion about "Security and Safety in Cloud-based Systems and Services" (9th International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2018) in Barcelona, Spain in February 2018).

Cloud application security engineering efforts focus to harden the "fortress walls". Therefore, cloud applications rely on these defensive walls but seldom attack intruders actively. There is the somehow the need for a more reactive component. A component that could be inspired by biological systems. Biological systems consider by design that defensive "walls" can be breached at several layers. So, biological systems provide an additional active defense system to attack potential successful intruders - an immune system. Although several experts find this approach "intriguing", there are follow-up questions arising. What is about exploits that adapt to bio-inspired systems? How to protect the immune system against direct attacks? Are cloud immune systems prone to phenomenons like fever (running hot) or auto-immune diseases (self-attacking)?

Nane Kratzke

February 20, 2018
Tweet

More Decks by Nane Kratzke

See All by Nane Kratzke
KI aus der Cloud - Denkanstöße für Life-Sciences?
nkratzke
0
76
KI aus der Cloud
nkratzke
1
85
Pizza-as-a-Service
nkratzke
0
390
Smart Like A Fox: How clever students trick dumb automated programming assignment assessment systems
nkratzke
1
420
What is a SERVICE MESH and what it is good for?
nkratzke
2
910
About being the Tortoise or the Hare? Making Cloud Applications too Fast and Furious for Attackers
nkratzke
0
69
Towards a Lightweight Multi-Cloud DSL for Elastic and Transferable Cloud-native Applications
nkratzke
0
78
We have the Bricks to Build Cloud-native Cathedrals - But do we have the mortar?
nkratzke
0
56
About an Immune System Understanding for Cloud-native Applications . Biology Inspired Thoughts to Immunize the Cloud Forensic Trail
nkratzke
0
210

Other Decks in Programming

See All in Programming
ピラミッド、アイスクリームコーン、SMURF: 自動テストの最適バランスを求めて / Pyramid Ice-Cream-Cone and SMURF
twada
PRO
10
1.3k
TypeScriptでライブラリとの依存を限定的にする方法
tutinoko
2
670
Contemporary Test Cases
maaretp
0
140
Generative AI Use Cases JP (略称:GenU)奮闘記
hideg
1
290
Click-free releases & the making of a CLI app
oheyadam
2
110
受け取る人から提供する人になるということ
little_rubyist
0
230
C++でシェーダを書く
fadis
6
4.1k
광고 소재 심사 과정에 AI를 도입하여 광고 서비스 생산성 향상시키기
kakao
PRO
0
170
TypeScript Graph でコードレビューの心理的障壁を乗り越える
ysk8hori
2
1.1k
Tauriでネイティブアプリを作りたい
tsucchinoko
0
370
GitHub Actionsのキャッシュと手を挙げることの大切さとそれに必要なこと
satoshi256kbyte
5
430
みんなでプロポーザルを書いてみた
yuriko1211
0
260

Featured

See All Featured
Designing on Purpose - Digital PM Summit 2013
jponch
115
7k
Done Done
chrislema
181
16k
How To Stay Up To Date on Web Technology
chriscoyier
788
250k
Optimizing for Happiness
mojombo
376
70k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
16
2.1k
Making the Leap to Tech Lead
cromwellryan
133
8.9k
Building Your Own Lightsaber
phodgson
103
6.1k
Large-scale JavaScript Application Architecture
addyosmani
510
110k
4 Signs Your Business is Dying
shpigford
180
21k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
48k
The World Runs on Bad Software
bkeepers
PRO
65
11k
Agile that works and the tools we love
rasmusluckow
327
21k

Transcript

  1. There is no impenetrable system So, why we are just

    waiting to get breached? Nane Kratzke Panel Discussion: “Security and Safety in Cloud-based Systems and Services“ 9th International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2018); Barcelona, Spain, 2018

  2. The Fortress Walls of Cloud Applications Prof. Dr. rer. nat.

    Nane Kratzke Computer Science and Business Information Systems 2 • Security Groups • Firewalls • VPNs • Intrusion Detection Systems • Unattended Security Updates • Symmetric and asymmetric encryption • Password (checks) • SSH Keys • Authentication • Authorization • Two (Multi) Factor Authentication • …

  3. How to defense against unknown vulnerabilities? Prof. Dr. rer. nat.

    Nane Kratzke Computer Science and Business Information Systems 3 Reported in January 2018. Mainly x86 microprocessors with out-of-order execution and branch-prediction affected since 1995 (says Google). CVE-2017-5754 CVE-2017-5715 CVE-2017-5753 I started my computer science studies in 1996! My microprocessor professor told me, out-of-order execution and branch-prediction is one of the coolest things on earth.

  4. How long can presence be maintained? Prof. Dr. rer. nat.

    Nane Kratzke Computer Science and Business Information Systems 4 Answer: Surprisingly long!

  5. Some scary considerations • In principle attackers can establish footholds

    in our systems whenever they want (zero-day exploits) • Cloud application security engineering efforts focus to harden the fortress walls. • Cloud applications rely on their defensive walls but seldom attack intruders actively. Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 5

  6. We need a reactive component as well Biological systems are

    different. Defensive “walls” can be breached at several layers. An additional active defense system is needed to attack potential successful intruders - an immune system. Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 6

  7. Let us make the game more challenging for the attacker

    (act, do not react) Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 7 We can create a race between a manual (time-intensive) breach and a fully automatic (and fast) regeneration. Regenerated node (randomly chosen at some point in time) Successfully breached node (lateral movement)

  8. It is all about Pets versus Cattle Prof. Dr. rer.

    nat. Nane Kratzke Computer Science and Business Information Systems 8 • Assume you are a rancher • Assume one of your cattle is deadly infectious • Be professional, shoot – and replace it • Yes, life is not fair (maybe for the cute kitty) • However, we should remember that for security (and that zero-day attacks are not fair as well)

  9. Immune systems for cloud applications? Yes, there are questions worth

    to be discussed … • Can we reduce regenerations? • Can we identify suspect nodes automatically? • Limited to what kind of applications? • What is about exploits/attacks that are adaptable to bio- inspired systems? • How to protect the regeneration mechanism against attackers? • Are cloud immune systems prone to phenomenons like fever (running hot) or auto-immune diseases (self- attacking)? Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 9

  10. Acknowledgement Picture Reference • Ninja: Pixabay (CC0 Public Domain) •

    Fortress: Pixabay (CC0 Public Domain) • Bowman: Pixabay (CC0 Public Domain) • Cattle: Pixabay (CC0 Public Domain) • Cell: Pixabay (CC0 Public Domain) • Air Transport: Pixabay (CC0 Public Domain) Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 10 This contribution resulted as a side-effect from research that is funded by German Federal Ministry of Education and Research (Project Cloud TRANSIT, 13FH021PX4). Presentation URL

  11. About Prof. Dr. rer. nat. Nane Kratzke Computer Science and

    Business Information Systems 11 Nane Kratzke CoSA: http://cosa.fh-luebeck.de/en/contact/people/n-kratzke Blog: http://www.nkode.io Twitter: @NaneKratzke GooglePlus: +NaneKratzke LinkedIn: https://de.linkedin.com/in/nanekratzke GitHub: https://github.com/nkratzke ResearchGate: https://www.researchgate.net/profile/Nane_Kratzke Speaker Deck: https://speakerdeck.com/nkratzke