Security and Privacy in Cloud Computing

  • Published on
    23-Feb-2016

  • View
    29

  • Download
    0

DESCRIPTION

Security and Privacy in Cloud Computing. Ragib Hasan Johns Hopkins University en.600.412 Spring 2011. Lecture 11 04/25/2011. Attacking Availability. Goal: To see how availability of a cloud can be affected by DoS attacks launched from inside the cloud. Review Assignment #10: - PowerPoint PPT Presentation

Transcript

Security and Privacy in Cloud ComputingRagib HasanJohns Hopkins Universityen.600.412 Spring 2011Lecture 1104/25/2011Security and Privacy in Cloud ComputingAttacking AvailabilityGoal: To see how availability of a cloud can be affected by DoS attacks launched from inside the cloud.Review Assignment #10: Han Liu, A New Form of DOS Attack in a Cloud and Its Avoidance Mechanism, ACM Cloud Computing Security Workshop 20104/25/2011en.600.412 Spring 2011 Lecture 11 | JHU | Ragib HasanAnnouncementNext week (5/2), well have our final class, where we will discuss A wrap-up of things we learnedA high level view of cloud security problem spaceNo new papers will be discussed next week (but you do have to turn in Review Assignment #10 by 5/2)4/25/2011en.600.412 Spring 2011 Lecture 11 | JHU | Ragib HasanRecap: Anti-virus as a serviceProsConsIdeas4/25/2011en.600.412 Spring 2011 Lecture 11 | JHU | Ragib HasanDoS attack on cloudNetwork provisioning in data centers:Many servers share the same link/router, so bandwidth is shared.4/25/2011en.600.412 Spring 2011 Lecture 11 | JHU | Ragib HasanData center networks are typically grossly under-provisionedTypical ratios are 2.5:1 to 8:18:1 means servers get at most 1/8 of the bandwidth of their interfaceBandwidth is limited by the hierarchical nature of network, routers, and switches Multiplexing in routers reduce the amount of bandwidth each server ultimately gets4/25/2011en.600.412 Spring 2011 Lecture 11 | JHU | Ragib HasanTypical data center networkCommunication between H1-H4 and H5-H8 are routed through R5 and R6.4/25/2011en.600.412 Spring 2011 Lecture 11 | JHU | Ragib HasanUnder provisioning is not a problem in traditional networksNetwork admins can co-locate related servers in the same subnetNetwork admins can redesign network topologies to fine tune for worst case performance 4/25/2011en.600.412 Spring 2011 Lecture 11 | JHU | Ragib HasanUnder provisioning IS a problem in cloudsThere are many more servers in a cloud, so provisioning ratios are much higher (e.g. 45:1)Many clients use the same network, and malicious clients can launch DoSApplication owner/designer has no control over network topology4/25/2011en.600.412 Spring 2011 Lecture 11 | JHU | Ragib HasanDoS attacks on cloudsDoS attacks on traditional systems (from the outside) can be prevented via clever tricks such as moving to a cloud based virtualized modelDoS attacks on clouds launched from *inside* the cloud are much harder to prevent 4/25/2011en.600.412 Spring 2011 Lecture 11 | JHU | Ragib HasanDoS attack on cloudsAdversary launches attack from inside the cloud data center networkAfter probing the network and reverse-engineering the topology, the adversary can identify bottlenecksThen the adversary can send DoS traffic to the bottleneck link to saturate it4/25/2011en.600.412 Spring 2011 Lecture 11 | JHU | Ragib HasanExampleTo attack Link B, adversary sends packets from R1s subnet to another subnet4/25/2011en.600.412 Spring 2011 Lecture 11 | JHU | Ragib HasanTypes of attacksUntargeted attack: No particular link or host is targetedTargeted attack: Adversary gains critical mass in a network to target a specific victim4/25/2011en.600.412 Spring 2011 Lecture 11 | JHU | Ragib HasanTopology identificationKnowledge of topology is important for the adversary4/25/2011en.600.412 Spring 2011 Lecture 11 | JHU | Ragib HasanHow to identify topologyTechnique #1: TracerouteRun traceroute between all pairs of hostsDue to ip provisioning schemes, running traceroute for a few pairs of hosts is enoughDisadvantages:Cant identify switches (layer 2)Can be disabled at router level4/25/2011en.600.412 Spring 2011 Lecture 11 | JHU | Ragib HasanHow to identify topologyTechnique #2: Network probingIdea: Use observed traffic rates to infer number of router between two hosts4/25/2011en.600.412 Spring 2011 Lecture 11 | JHU | Ragib HasanHow many malicious hosts is enough?Untargeted attack:Easy to get many hosts if VM assignment algorithm can be reverse engineered (as in Hey You! paperEven brute force attack succeeds in getting many hosts in the same subnet (Note: this is different fro co-location attack, where the goal was to co-locate of physical hardware rather than network)4/25/2011en.600.412 Spring 2011 Lecture 11 | JHU | Ragib HasanHow many malicious hosts is enough?Targeted attack:Pick victim, launch brute force attacksTests show it is easy to get VMs in same subnet as target4/25/2011en.600.412 Spring 2011 Lecture 11 | JHU | Ragib HasanLaunching the attackProcess:Send a flood of packets through the linkUDP used. (Why?)For adaptive applications, do not saturate link completely, rather almost saturate it (Why?)4/25/2011en.600.412 Spring 2011 Lecture 11 | JHU | Ragib HasanMitigation strategyUse a user side monitoring agent to monitor link saturationWhen a link degrades, or server detects bottleneck and sends help packet, the monitor initiates app migration4/25/2011en.600.412 Spring 2011 Lecture 11 | JHU | Ragib HasanCommentsExperiments / attacks were run on a real cloud (without knowledge of data center admin)4/25/2011en.600.412 Spring 2011 Lecture 11 | JHU | Ragib Hasan

Recommended

View more >