Upgrade to Pro — share decks privately, control downloads, hide ads and more …

There is no impenetrable system - So, why we ar...

Avatar for Nane Kratzke Nane Kratzke
February 20, 2018
Programming
0
300

There is no impenetrable system - So, why we are just waiting to get breached?

Although it might be hard to accept. By principle, attackers can establish footholds in our systems whenever they want (zero-day exploits). This presentation is some input for a panel discussion about "Security and Safety in Cloud-based Systems and Services" (9th International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2018) in Barcelona, Spain in February 2018).

Cloud application security engineering efforts focus to harden the "fortress walls". Therefore, cloud applications rely on these defensive walls but seldom attack intruders actively. There is the somehow the need for a more reactive component. A component that could be inspired by biological systems. Biological systems consider by design that defensive "walls" can be breached at several layers. So, biological systems provide an additional active defense system to attack potential successful intruders - an immune system. Although several experts find this approach "intriguing", there are follow-up questions arising. What is about exploits that adapt to bio-inspired systems? How to protect the immune system against direct attacks? Are cloud immune systems prone to phenomenons like fever (running hot) or auto-immune diseases (self-attacking)?
Avatar for Nane Kratzke

Nane Kratzke

February 20, 2018
Tweet

More Decks by Nane Kratzke

See All by Nane Kratzke
KI aus der Cloud - Denkanstöße für Life-Sciences?
Avatar for Nane Kratzke nkratzke
0
110
KI aus der Cloud
Avatar for Nane Kratzke nkratzke
1
120
Pizza-as-a-Service
Avatar for Nane Kratzke nkratzke
0
450
Smart Like A Fox: How clever students trick dumb automated programming assignment assessment systems
Avatar for Nane Kratzke nkratzke
1
470
What is a SERVICE MESH and what it is good for?
Avatar for Nane Kratzke nkratzke
2
960
About being the Tortoise or the Hare? Making Cloud Applications too Fast and Furious for Attackers
Avatar for Nane Kratzke nkratzke
0
75
Towards a Lightweight Multi-Cloud DSL for Elastic and Transferable Cloud-native Applications
Avatar for Nane Kratzke nkratzke
0
94
We have the Bricks to Build Cloud-native Cathedrals - But do we have the mortar?
Avatar for Nane Kratzke nkratzke
0
61
About an Immune System Understanding for Cloud-native Applications . Biology Inspired Thoughts to Immunize the Cloud Forensic Trail
Avatar for Nane Kratzke nkratzke
0
230

Other Decks in Programming

See All in Programming
파급효과: From AI to Android Development
Avatar for HyunWoo Lee l2hyunwoo
0
160
Jakarta EE Meets AI
Avatar for ivargrimstad ivargrimstad
0
880
The Missing Link in Angular’s Signal Story: Resource API and httpResource
Avatar for Manfred Steyer manfredsteyer
PRO
0
140
監視 やばい
Avatar for syossan27 syossan27
12
10k
今話題のMCPサーバーをFastAPIでサッと作ってみた
Avatar for Yuuki Shimizu yuukis
0
130
Cloudflare Workersで進めるリモートMCP活用
Avatar for syumai syumai
4
320
Instrumentsを使用した アプリのパフォーマンス向上方法
Avatar for hinakko hinakko
0
250
Serving TUIs over SSH with Go
Avatar for Carlos Alexandro Becker caarlos0
0
650
エンジニア向けCursor勉強会 @ SmartHR
Avatar for Yuki Horikoshi yukisnow1823
3
12k
2025年のz-index設計を考える
Avatar for TAK tak_dcxi
11
4k
AIコーディングエージェントを 「使いこなす」ための実践知と現在地 in ログラス / How to Use AI Coding Agent in Loglass
Avatar for r-kagaya rkaga
4
1.3k
カオスに立ち向かう小規模チームの装備の選択〜フルスタックTSという装備の強み _ 弱み〜/Choosing equipment for a small team facing chaos ~ Strengths and weaknesses of full-stack TS~
Avatar for 株式会社ビットキー / Bitkey Inc. bitkey
1
140

Featured

See All Featured
Designing for humans not robots
Avatar for Tammie Lister tammielis
253
25k
Sharpening the Axe: The Primacy of Toolmaking
Avatar for Bryan Cantrill bcantrill
41
2.3k
Why You Should Never Use an ORM
Avatar for John Nunemaker jnunemaker
PRO
56
9.4k
Product Roadmaps are Hard
Avatar for C. Todd Lombardo iamctodd
PRO
53
11k
Building Adaptive Systems
Avatar for Chris Keathley keathley
41
2.5k
Side Projects
Avatar for Sacha Greif sachag
453
42k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
Avatar for Sam Stephenson sstephenson
160
15k
BBQ
Avatar for Matthew Crist matthewcrist
88
9.6k
The Web Performance Landscape in 2024 [PerfNow 2024]
Avatar for Tammy Everts tammyeverts
5
570
Scaling GitHub
Avatar for Zach Holman holman
459
140k
Principles of Awesome APIs and How to Build Them.
Avatar for Keavy McMinn keavy
126
17k
Into the Great Unknown - MozCon
Avatar for Noah Learner thekraken
38
1.8k

Transcript

  1. There is no impenetrable system So, why we are just

    waiting to get breached? Nane Kratzke Panel Discussion: “Security and Safety in Cloud-based Systems and Services“ 9th International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2018); Barcelona, Spain, 2018

  2. The Fortress Walls of Cloud Applications Prof. Dr. rer. nat.

    Nane Kratzke Computer Science and Business Information Systems 2 • Security Groups • Firewalls • VPNs • Intrusion Detection Systems • Unattended Security Updates • Symmetric and asymmetric encryption • Password (checks) • SSH Keys • Authentication • Authorization • Two (Multi) Factor Authentication • …

  3. How to defense against unknown vulnerabilities? Prof. Dr. rer. nat.

    Nane Kratzke Computer Science and Business Information Systems 3 Reported in January 2018. Mainly x86 microprocessors with out-of-order execution and branch-prediction affected since 1995 (says Google). CVE-2017-5754 CVE-2017-5715 CVE-2017-5753 I started my computer science studies in 1996! My microprocessor professor told me, out-of-order execution and branch-prediction is one of the coolest things on earth.

  4. How long can presence be maintained? Prof. Dr. rer. nat.

    Nane Kratzke Computer Science and Business Information Systems 4 Answer: Surprisingly long!

  5. Some scary considerations • In principle attackers can establish footholds

    in our systems whenever they want (zero-day exploits) • Cloud application security engineering efforts focus to harden the fortress walls. • Cloud applications rely on their defensive walls but seldom attack intruders actively. Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 5

  6. We need a reactive component as well Biological systems are

    different. Defensive “walls” can be breached at several layers. An additional active defense system is needed to attack potential successful intruders - an immune system. Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 6

  7. Let us make the game more challenging for the attacker

    (act, do not react) Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 7 We can create a race between a manual (time-intensive) breach and a fully automatic (and fast) regeneration. Regenerated node (randomly chosen at some point in time) Successfully breached node (lateral movement)

  8. It is all about Pets versus Cattle Prof. Dr. rer.

    nat. Nane Kratzke Computer Science and Business Information Systems 8 • Assume you are a rancher • Assume one of your cattle is deadly infectious • Be professional, shoot – and replace it • Yes, life is not fair (maybe for the cute kitty) • However, we should remember that for security (and that zero-day attacks are not fair as well)

  9. Immune systems for cloud applications? Yes, there are questions worth

    to be discussed … • Can we reduce regenerations? • Can we identify suspect nodes automatically? • Limited to what kind of applications? • What is about exploits/attacks that are adaptable to bio- inspired systems? • How to protect the regeneration mechanism against attackers? • Are cloud immune systems prone to phenomenons like fever (running hot) or auto-immune diseases (self- attacking)? Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 9

  10. Acknowledgement Picture Reference • Ninja: Pixabay (CC0 Public Domain) •

    Fortress: Pixabay (CC0 Public Domain) • Bowman: Pixabay (CC0 Public Domain) • Cattle: Pixabay (CC0 Public Domain) • Cell: Pixabay (CC0 Public Domain) • Air Transport: Pixabay (CC0 Public Domain) Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 10 This contribution resulted as a side-effect from research that is funded by German Federal Ministry of Education and Research (Project Cloud TRANSIT, 13FH021PX4). Presentation URL

  11. About Prof. Dr. rer. nat. Nane Kratzke Computer Science and

    Business Information Systems 11 Nane Kratzke CoSA: http://cosa.fh-luebeck.de/en/contact/people/n-kratzke Blog: http://www.nkode.io Twitter: @NaneKratzke GooglePlus: +NaneKratzke LinkedIn: https://de.linkedin.com/in/nanekratzke GitHub: https://github.com/nkratzke ResearchGate: https://www.researchgate.net/profile/Nane_Kratzke Speaker Deck: https://speakerdeck.com/nkratzke