Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.
-
Upload
erika-austin -
Category
Documents
-
view
215 -
download
2
Transcript of Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.
![Page 1: Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.](https://reader030.fdocuments.us/reader030/viewer/2022032600/56649dcf5503460f94ac446a/html5/thumbnails/1.jpg)
Threat Modeling for Cloud Computing
(some slides are borrowed from Dr. Ragib Hasan)
Keke Chen
1
![Page 2: Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.](https://reader030.fdocuments.us/reader030/viewer/2022032600/56649dcf5503460f94ac446a/html5/thumbnails/2.jpg)
Threats, vulnerabilities, and enemies
2
Goal
Learn the cloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud
Technique
Apply different threat modeling schemes
![Page 3: Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.](https://reader030.fdocuments.us/reader030/viewer/2022032600/56649dcf5503460f94ac446a/html5/thumbnails/3.jpg)
Threat Model
A threat model helps in analyzing a security problem, design mitigation strategies, and evaluate solutions
Steps: Identify attackers, assets, threats and other
components Rank the threats Choose mitigation strategies Build solutions based on the strategies
3
![Page 4: Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.](https://reader030.fdocuments.us/reader030/viewer/2022032600/56649dcf5503460f94ac446a/html5/thumbnails/4.jpg)
Threat Model
Basic components
Assets / potentially attacked targets
Attacker modeling Choose what attacker to consider Attacker motivation and capabilities
Vulnerabilities / threats
4
![Page 5: Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.](https://reader030.fdocuments.us/reader030/viewer/2022032600/56649dcf5503460f94ac446a/html5/thumbnails/5.jpg)
Recall: Cloud Computing Stack
5
![Page 6: Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.](https://reader030.fdocuments.us/reader030/viewer/2022032600/56649dcf5503460f94ac446a/html5/thumbnails/6.jpg)
Recall: Cloud Architecture
6
ClientSaaS / PaaS
Provider
Cloud Provider(IaaS)
![Page 7: Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.](https://reader030.fdocuments.us/reader030/viewer/2022032600/56649dcf5503460f94ac446a/html5/thumbnails/7.jpg)
Assets – targets under attack
7
![Page 8: Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.](https://reader030.fdocuments.us/reader030/viewer/2022032600/56649dcf5503460f94ac446a/html5/thumbnails/8.jpg)
Assets Confidentiality:
Data stored in the cloud Configuration of VMs running on the
cloud Identity of the cloud users Location of the VMs running client code
8
![Page 9: Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.](https://reader030.fdocuments.us/reader030/viewer/2022032600/56649dcf5503460f94ac446a/html5/thumbnails/9.jpg)
Assets Integrity
Data stored in the cloud Computations performed on the cloud
9
![Page 10: Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.](https://reader030.fdocuments.us/reader030/viewer/2022032600/56649dcf5503460f94ac446a/html5/thumbnails/10.jpg)
Assets Availability
Cloud infrastructure SaaS / PaaS
10
![Page 11: Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.](https://reader030.fdocuments.us/reader030/viewer/2022032600/56649dcf5503460f94ac446a/html5/thumbnails/11.jpg)
Attackers
11
![Page 12: Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.](https://reader030.fdocuments.us/reader030/viewer/2022032600/56649dcf5503460f94ac446a/html5/thumbnails/12.jpg)
Who is the attacker?
12
Insider?•Malicious employees at client•Malicious employees at Cloud
provider•Cloud provider itself
Outsider?•Intruders•Network attackers?
![Page 13: Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.](https://reader030.fdocuments.us/reader030/viewer/2022032600/56649dcf5503460f94ac446a/html5/thumbnails/13.jpg)
Attacker Capability: Malicious Insiders
At client Learn passwords/authentication
information Gain control of the VMs
At cloud provider Log client communication
13
![Page 14: Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.](https://reader030.fdocuments.us/reader030/viewer/2022032600/56649dcf5503460f94ac446a/html5/thumbnails/14.jpg)
Attacker Capability: Cloud Provider
What can the attacker do? Can read unencrypted data Can possibly peek into VMs, or make
copies of VMs Can monitor network communication,
application patterns
14
![Page 15: Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.](https://reader030.fdocuments.us/reader030/viewer/2022032600/56649dcf5503460f94ac446a/html5/thumbnails/15.jpg)
Attacker motivation: Cloud Provider
Why? Gain information about client data Gain information on client behavior Use the information to improve services Sell the information to gain financial
benefits
15
![Page 16: Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.](https://reader030.fdocuments.us/reader030/viewer/2022032600/56649dcf5503460f94ac446a/html5/thumbnails/16.jpg)
Attacker Capability: Outside attacker
What can the attacker do? Listen to network traffic (passive) Insert malicious traffic (active) Probe cloud structure (active) Launch DoS
16
![Page 17: Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.](https://reader030.fdocuments.us/reader030/viewer/2022032600/56649dcf5503460f94ac446a/html5/thumbnails/17.jpg)
Attacker goals: Outside attackers Intrusion Network analysis (network security) Man in the middle: public key example
Cartography: making map (original meaning), inference based on linked events/objects
17
A M B
Req. pk_B Req. pk_B
Ret. Pk_BRet. Pk_B’
A M B
Pk_B’(m) Pk_B(m’)
Pk_A’(r)Pk_A(r’)
Pk_A: public key by APk_B: public key by BPk_A’,Pk_B’: false public keys by M
![Page 18: Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.](https://reader030.fdocuments.us/reader030/viewer/2022032600/56649dcf5503460f94ac446a/html5/thumbnails/18.jpg)
Threats – methods doing attacks
18
![Page 19: Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.](https://reader030.fdocuments.us/reader030/viewer/2022032600/56649dcf5503460f94ac446a/html5/thumbnails/19.jpg)
Organizing the threats using STRIDE
Spoofing identity Tampering with data Repudiation (refuse to do with,
dispute) Information disclosure Denial of service Escalation of privilege
19
![Page 20: Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.](https://reader030.fdocuments.us/reader030/viewer/2022032600/56649dcf5503460f94ac446a/html5/thumbnails/20.jpg)
Spoofing identity illegally obtaining access and use of
another person’s authentication information
Man in the middle URL phishing Email address spoofing (email spam)
20
![Page 21: Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.](https://reader030.fdocuments.us/reader030/viewer/2022032600/56649dcf5503460f94ac446a/html5/thumbnails/21.jpg)
Tampering with data Malicious modification of the data Often hard and costly to detect
you might not find the modified data until some time has passed;
once you find one tampered item, you’ll have to thoroughly check all the other data on your systems
21
![Page 22: Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.](https://reader030.fdocuments.us/reader030/viewer/2022032600/56649dcf5503460f94ac446a/html5/thumbnails/22.jpg)
Repudiation a legitimate transaction will be
disowned by one of the participants You sign a document first; and refused to
confirm the signature Need a trusted third party to mitigate
22
![Page 23: Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.](https://reader030.fdocuments.us/reader030/viewer/2022032600/56649dcf5503460f94ac446a/html5/thumbnails/23.jpg)
Information/data disclosure an attacker can gain access, without
permission, to data that the owner doesn’t want him or her to have.
23
![Page 24: Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.](https://reader030.fdocuments.us/reader030/viewer/2022032600/56649dcf5503460f94ac446a/html5/thumbnails/24.jpg)
Denial of service an explicit attempt to prevent
legitimate users from using a service or system. It involves the overuse of legitimate resources.
You can stop all such attacks by removing the resource used by the attacker, but then real users can’t use the resource either.
24
![Page 25: Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.](https://reader030.fdocuments.us/reader030/viewer/2022032600/56649dcf5503460f94ac446a/html5/thumbnails/25.jpg)
Escalation of privilege an unprivileged user gains privileged
access. E.g. unprivileged user who contrives a
way to be added to the Administrators group
25
![Page 26: Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.](https://reader030.fdocuments.us/reader030/viewer/2022032600/56649dcf5503460f94ac446a/html5/thumbnails/26.jpg)
Mitigation techniques
26
![Page 27: Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.](https://reader030.fdocuments.us/reader030/viewer/2022032600/56649dcf5503460f94ac446a/html5/thumbnails/27.jpg)
Typical threats (contd.)
27
![Page 28: Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.](https://reader030.fdocuments.us/reader030/viewer/2022032600/56649dcf5503460f94ac446a/html5/thumbnails/28.jpg)
Threat tree: a thread analysis and modeling method
28