Publication: Secure Cloud Maintenance – Protecting workloads against insider attacks

2012/03/02 by Leave a Comment Print This Post Print This Post

Our research on reducing insider threats for clouds has been accepted at AsiaCCS 2012:

Secure Cloud Maintenance – Protecting workloads against insider attacks
Sören Bleikertz, Anil Kurmus, Zoltan A. Nagy, and Matthias Schunter
ASIACCS 2012: ACM Symposium on Information, Computer and Communications Security

The submission version can be found here.

Abstract

Malicious insiders are a substantial risk for today’s cloud computing infrastructures. A single malicious cloud administrator can eavesdrop or damage business-critical or personally identifiable information and computations of thousands of cloud customers. To protect cloud users against such insiders, we propose a novel approach that enables a security team to protect privacy and integrity of cloud users’ workloads against attacks by system administrators during operation and maintenance. We achieve this by managing the privileges of administrators during operation and maintenance while re-establishing the security of a compute node once administration is completed. By default, administrators’ access to cloud servers is disabled since cloud operation is automated. For manual maintenance operations, we propose five fine-grained privilege levels that balance the security objectives of cloud users with the operational requirements of cloud administrators. We demonstrate how existing cloud architectures need to be extended to incorporate our approach.We prototyped our management approach using the OpenStack cloud platform. Policy enforcement has been prototyped by leveraging SELinux type enforcement in the KVM compute nodes, in order to demonstrate the practical feasibility of our approach.

Filed under Publications Tagged with , ,

Publication: Article on “Clouds you can trust” in IEEE Spektrum

2011/11/30 by Leave a Comment Print This Post Print This Post

Christian Cachin and I published an overview on trusted clouds at IEEE Spektrum:

Christian Cachin, Matthias Schunter: A Cloud You Can Trust -
How to ensure that cloud computing’s problems—data breaches, leaks, service outages—don’t obscure its virtues, IEEE Spektrum, December 2011, pp 28-51.

Read it online at
http://spectrum.ieee.org/computing/networks/a-cloud-you-can-trust/0

Filed under Publications Tagged with ,

Paper at ESORICS 2011: Automated Information Flow Analysis of Virtualized Infrastructures

2011/05/22 by Leave a Comment Print This Post Print This Post

Today, we received an acceptance note for our submission to ESORICS 2011:

Sören Bleikertz, Thomas Gross, Matthias Schunter, Konrad Eriksson: Automated Information Flow Analysis of Virtualized Infrastructures, European Symposium on Research in Computer Security (ESORICS 2011)

You can download the paper (PDF)

Abstract
The use of server virtualization has been growing steadily, but many enterprises are still reluctant to migrate critical workloads to such infrastructures. One key inhibitor is the complexity of correctly configuring virtualized cloud infrastructures, and in particular, of isolating workloads or subscribers across all potentially shared physical and virtual resources. Imagine analyzing systems with half a dozen virtualization platforms, thousands of virtual machines and hundreds of thousands of inter-resource connections by hand: large topologies demand tool support.
We study the automated information flow analysis of heterogeneous virtualized infrastructures. We propose an analysis system that performs a static information
flow analysis based on graph traversal. The system discovers the actual configurations of diverse virtualization environments and unifies them in a graph representation. It computes the transitive closure of information flow and isolation rules over the graph and diagnoses isolation breaches from that. The system effectively reduces the analysis complexity for humans from checking the entire infrastructure, to checking a few well-designed trust rules on components’ information flow.

Graph for Mid-size Cloud

Case Study: Graph-based Model for mid-size Cloud

Read more of this post

Filed under Publications Tagged with , , ,

Journal: TClouds und Sicherheit der Cloud (in German)

2011/03/29 by Leave a Comment Print This Post Print This Post

We’ve submitted an article (in German) to the Datenschutz Datensicherheit journal:

Ninja Marnau, Norbert Schirmer, Eva Schlehahn, Matthias Schunter: TClouds – Herausforderungen und erste Schritte zur sicheren und datenschutzkonformen Cloud. To Appear in Datenschutz und Datensicherheit 2011.

Abstract Das von der Europäischen Kommission geförderte Projekt TClouds hat die Entwicklung einer sicheren und datenschutzkonformen Cloud-Infrastruktur zum Ziel. Dieser Beitrag beschreibt die Herausforderungen und die ersten Lösungsideen.

Download the PDF

Read more of this post

Filed under Publications Tagged with , , ,

Book Chapter: Trustworthy Clouds underpinning the Future Internet

2011/03/27 by Leave a Comment Print This Post Print This Post

Some members of the TClouds team were invited to write the following book chapter that will be published in May:

Glott, Rüdiger, E.Husmann, A. Sadeghi, and Matthias Schunter (2011): Trustworthy Clouds underpinning the Future Internet, to appear in J. Domingue et al. (Eds.): Future Internet Assembly, LNCS 6656, Springer-Verlag, pp. 209–221, 2011.

Abstract:
Cloud computing is a new service delivery paradigm that aims to provide standardized services with self-service, pay-per-use, and seemingly unlimited scalability. This paradigm can be implemented on multiple service levels (infrastructures, run-time platform, or actual Software as a Service). They are are expected to be an important component
in the future Internet.
This article introduces upcoming security challenges for cloud services such as multi-tenancy, transparency and establishing trust into correct operation, and security interoperability. For each of these challenges, we introduce existing concepts to mitigate these risks and survey related research in these areas.t:

Submission version (PDF) Open Access Version of the complete book at Springer-Verlag

Read more of this post

Filed under Publications Tagged with , , ,

Paper: Storyboard: Optimistic Deterministic Multithreading at HotDep 2010

2010/10/10 by Leave a Comment Print This Post Print This Post

Storyboard: Optimistic Deterministic Multithreading
Rüdiger Kapitza, Matthias Schunter, and Christian Cachin, IBM Research—Zurich; Klaus Stengel and Tobias Distler, Friedrich-Alexander University Erlangen-Nuremberg, 6th USENIX Workshop on Hot Topics in System Dependability (HotDep ’10), Vancouver BC, CAN, October 4–6, 2010.

Abstract: State-machine replication is a general approach to address the increasing importance of network-based services by improving their availability and reliability via replicated execution. If a service is deterministic, multiple replicas will produce the same results, and faults can be tolerated by means of agreement protocols. Unfortunately, real-life services are often not deterministic. One major source of non-determinism is multi-threaded execution with shared data access in which the thread execution order is determined by the run-time system and the outcome may depend on which thread accesses data first. We present Storyboard, an approach that ensures deterministic execution of multi-threaded programs. Storyboard achieves this by utilizing application-specific knowledge to minimize costly inter-replica coordination and to exploit concurrency in a similar way as non-deterministic execution. This is accomplished by making a forecast for a likely execution path, provided as an ordered sequence of locks that protect critical sections. If this forecast is correct, a request is executed in parallel to other running requests without further actions. Only in case of an incorrect forecast will an alternative execution path be resolved by inter-replica coordination.

Paper (PDF)

Read more of this post

Filed under Publications Tagged with ,

CCSW 2010: Paper on Auditing Cloud Infrastructures published at ACM CCSW

2010/07/11 by Leave a Comment Print This Post Print This Post

Sören Bleikertz, Matthias Schunter, Christian W. Probst, Dimitrios Pendarakis, Konrad Eriksson: Security Audits of Multi-tier Virtual Infrastructures in Public Infrastructure Clouds, The ACM Cloud Computing Security Workshop (CCSW 2010); in conjunction with the 17th ACM Conference on Computer and Communications Security (CCS), Hyatt Regency Chicago, Chicago, IL, October 2010.

Download (PDF)

Abstract
Cloud computing has gained remarkable popularity in the recent years by a wide spectrum of consumers, ranging from small start-ups to governments. However, its benefits in terms of flexibility, scalability, and low upfront investments, are shadowed by security challenges which inhibit its adoption. Managed through a web-services interface, users can configure highly flexible but complex cloud computing environments. Furthermore, users misconfiguring such cloud services poses a severe security risk that can lead to security incidents, \eg, erroneous exposure of services due to faulty network security configurations.

In this article we present a novel approach in the security assessment of the end-user configuration of multi-tier architectures deployed on infrastructure clouds such as Amazon EC2. In order to perform this assessment for the currently deployed configuration, we automated the process of extracting the configuration using the Amazon API. In the assessment we focused on the reachability and vulnerability of services in the virtual infrastructure, and presented a way for the visualization and automated analysis based on reachability and attack graphs. We proposed a query and policy language for the analysis which can be used to obtain insights into the configuration and to specify desired and undesired configurations. We have implemented the security assessment in a prototype and evaluated it for practical scenarios. Our approach effectively allows to remediate today’s security concerns through validation of configurations of complex cloud infrastructures.

Read more of this post

Filed under Publications Tagged with , ,

A Blast from the Past: Two Papers on Cloud Networking and Multi-Tenancy

2010/06/29 by Leave a Comment Print This Post Print This Post

Peer researchers have asked me to put two papers describing our multi-tenancy research online. Here there are:

Serdar Cabuk, Chris I. Dalton, Konrad Eriksson, Dirk Kuhlmann, HariGovind V. Ramasamy, Gianluca Ramunno, Ahmad-Reza Sadeghi, Matthias Schunter,
Christian Stuble: Towards automated security policy enforcement in multitenant
virtual data centers. Journal of Computer Security 18(1): 89-121 (2010).PDF

Serdar Cabuk, Chris I. Dalton, HariGovind V. Ramasamy, Matthias Schunter:
Towards automated provisioning of secure virtualized networks. ACM Conference
on Computer and Communications Security (CCS), ACM Press, 2007:
235-245.[PDF

Filed under Publications

Archived Publications

2009/01/01 by Leave a Comment Print This Post Print This Post

A (somewhat outdated) list of publications can be found here:
http://www.schunter.org/bibliography/schunter-cv.html

Filed under Publications