Collaboration-based Cloud Computing Security Management Framework
Agenda > Why security is different in cloud compu6ng ? > Mo6va6ng scenario. > key challenges and requirements of cloud compu6ng security management. > Our approach. > Aligning NIST security standard to the cloud compu6ng model. > Our framework architecture. > Adopted security standards. > Prototype snapshots. > Discussion. > Summary. > Future work.
Why Security is different in Cloud Compu6ng ? Virtualiza6on of Resources -‐ Mul6-‐tenancy -‐ Elas6city Cloud Characteris6cs Cloud Dependency Stack Hypervisor -‐ VMs -‐ PlOrms -‐ Apps
Different Stakeholders CPs -‐ SPs -‐ CCs
Cloud Computing Model
Service Delivery Models IaaS -‐ PaaS -‐ SaaS
Different Possible Architectures Public -‐ Private -‐ Hybrid -‐ Community
Cloud Consumers and Cloud Services Security Management > CCs consider security as the top open issue in adop6ng the cloud compu6ng model: – Loss of control over cloud hosted assets – Lack of security guarantees in the SLAs between the CPs and CCs, – Sharing of resources with compe6tors or malicious users. > No maTer how strongly the cloud plaOorm is secured, CCs con6nue suffering from the loss of control and lack of trust problems.
Cloud Providers and Cloud PlaOorms Security Management > Complexi6es incurred wit the cloud compu6ng model. > Large number of heterogeneous security controls that must be consistently managed. > CPs are not always the service providers. Not aware of services’ contents or the security level required.
Mo6va6ng Scenario SWIN SOFT
Get Currency-‐Now
GREEN CLOUD
clud e>>
Execute Batch processing
No individual stakeholder has the full informa6on to maintain security of the cloud services. > Maintaining different security profiles for each tenant (Mul6-‐tenancy). > No Security SLAs available that guarantee the security of the CCs outsourced assets. > Exis6ng security standards, ISO27000 and FISMA, consider the SMP from the plaOorm/asset owner not from a Service Provider perspec6ve.
Key Requirements In A Cloud Security Management Approach > Enable CCs to specify their security requirements on their cloud hosted assets. > Enable CCs to monitor their assets security status. > Support for mul6-‐tenancy so that different tenants can maintain their SMP with strong isola6on of their data. > Adopt on of the exis6ng security management standards.
Our Approach to tackle the loss of control problem: Collabora6on-‐based Cloud Security Management Model Collaboration based Security management framework D
D D
I
E
I
CC – Security management process
I
E
E
CC – Security management process
Block the holes (Loss of Control and Lack of Trust) raised in the Security Management Processes of the Cloud Providers and Service Providers
D : Defining security requirements
E : Enforcing security requirements
I : Improving security
Collabora6on-‐based Cloud Security Management Model Aligning NIST to the Cloud Model Phase
Task
CP
SP
CC
Security categorization
Categorize security impact (SC)
Informed
Informed
Responsible
Business objectives
Security Impact Level
Security controls selection
Register security controls
Responsible
Responsible
Responsible
Control Datasheet
Security controls registry
Service SC + Controls registry
Controls baseline + matching status
Responsible (planned to be automated)
Service + platform arch. + CVE + CWE
Service Vulns + Threats + Risks
Responsible (planned to be automated)
Baseline + Risk Security mgmt assessment plan (SLA)
Responsible (planned to be automated)
Security mgmt plan
Generate security controls baseline Assess service risks Tailor security baseline
controls Implement security implementation controls
Responsible (Automated by the framework)
Input
Output
Updated Security plan
SC (Ti) = {(C , M) , (I , M), (A , M)}, SC (S j) = {(C , Max (Ti (M)), (I, Max (Ti (M)), (A , Max (Ti (M))}
C : Confiden6ality I : Integrity A : Availability M : Impact Sj : Service J Ti : Tenant I
Collabora6on-‐based Cloud Security Management Model Aligning NIST to the Cloud Model Phase Security Assessment
Task Define security metrics
Assess security status
Service Authorization
Authorize service
Security Monitoring
Monitor security status
CP
SP
CC
Responsible
Informed
Responsible
Responsible (Automated by the framework)
Informed
Informed
Responsible
Responsible (Automated by the framework)
Input
Output
Security objective
Security assessment plan
Security assessment plan
assessment report
Security plan + assessment report
Service authorization document
Security assessment plan
Security status report
Framework Architecture Management Layer
Collaboration Risk Assessment
Multi-Tenant Status Report
Security Controls Manager
Status
Security Management Repository
Feedback Layer Monitoring
Measurements
Controls Logs
Reqs.
Security Metrics Manager
Security
Multi-Tenant Security Plan
Security
Security Categorization
Enforcement Layer Planning
Analysis
Cloud Platform
Implementation
Security Controls
Configurations
Adopted Security Standards Standard CPE CVE CWE CAPEC CCE
Description
Format
Example
A structured naming schema for IT systems including hardware, operating systems and applications. A dictionary of the common vulnerabilities with a reference to the set of the vulnerable products. A catalogue of the community recognized software weaknesses. A catalogue of the common attack patterns. A structured naming to systems’ configuration statements.
cpe:/ {part} : {vendor} : {product} : {version} : {update} : {edition} : {language} CVE-Year-SerialNumber
cpe:/a:SWINSOFT: Galactic:1.0: update1:pro:en-us CVE-2010-0249
CWE-SerialNumber
CWE-441
CAPEC-SerialNumber
CAPEC-113
CCE-softwareID-SerialNumber
CCE-17743-6
Prototype Snapshots
A cloud consumer registering for one of the GREEN CLOUD registered services Two different service security categoriza6ons for two different customers
Prototype Snapshots
A snapshot of a security control registra6on A snapshot of a given service threats retrieved from the NVD
Prototype Snapshots
A snapshot of the security controls base sa6sfac6on status
A snapshot of the security SLA between GREEN Cloud and Swinburne
Prototype Snapshots
A snapshot of the security measurements defini6on
A snapshot of Swinburne selected measurements and their frequencies
A sample of a security status report
Discussion > The SMP of a cloud service has two possible scenarios:
– Tenant-‐based Security Management Process: • Func6onal-‐oriented mul6-‐tenancy. • Lack of mul6-‐tenancy in underlying cloud plaOorm infrastructure.
– Service-‐based Security Management Process: • CPs maintain services’ security based on: – Max. security risk assigned to the service, – Offer different service deployments with different security levels.
Summary > We introduced an analysis of the cloud compu6ng security problem.
> We introduced an alignment of the NIST standard to the cloud compu6ng model.
> We introduced a cloud compu6ng security management framework based on improving collabora6on between Cloud stakeholders. > Improved the security management process using security standards. > Our framework can be used by the CPs, CCs, and Security-‐as-‐a-‐service.
Future Work > Security engineering of cloud-‐based applica6ons. > Automa6on of the security controls configura6on to facilitate the heterogenous security controls management. > Adap6ve security management.
Questions? Mohamed Almorsy
[email protected] www.ict.swin.edu.au/ictstaff/malmorsy
References >
Almorsy, M., Grundy, J.C. and Imbrahim, A. Collabora6on-‐Based Cloud Compu6ng Security Management Framework, In Proceedings of 2011 IEEE Interna6onal Conference on Cloud Compu6ng (CLOUD 2011), Washington DC, USA on 4 July – 9 July, 2011, IEEE.
>
Almorsy, M. and Grundy, J.C. TOSSMA: A Tenant-‐Oriented SaaS Security Management Architecture, 5th IEEE Conference on Cloud Compu6ng (CLOUD 2012), IEEE CS Press, Waikiki, Hawai, USA, June 24-‐29 2012.
>
Almorsy, M., Grundy, J.C. and Ibrahim, A., MDSE@R: Model-‐Driven Security Engineering at Run6me, 4th Interna6onal Symposium on Cyberspace Safety and Security (CSS 2012), Melbourne, Australia, Dec 12-‐13 2012, Springer.
>
Almorsy, M., Grundy, J.C., Ibrahim, A., SMURF: Suppor6ng Mul6-‐tenancy Using Re-‐Aspects Framework, 17th IEEE Interna6onal Conference on Engineering of Complex Computer Systems (ICECCS 2012), Paris, France, July 2012, IEEE CS Press.
>
Imbrahim, A., Hamlyn-‐Harris J., Grundy, J.C. and Almorsy, M., CloudSec: A Security Monitoring Appliance for Virtual Machines in the IaaS Cloud Model, In Proceedings of the 5th Interna6onal Conference on Network and System Security (NSS 2011), Milan, Italy, September 5-‐7 2011, IEEE Press.
>
Almorsy, M., Grundy, J.C., and Mueller, I., An analysis of the cloud compu6ng security problem, In Proceedings of the 2010 Asia Pacific Cloud Workshop 2010 (co-‐located with APSEC2010), Sydney, Nov 30 2010.
>
Ibrahim, A., Hamlyn-‐Harris, J. and Grundy, J.C., Emerging Security Challenges of Cloud Virtual Infrastructure, In Proceedings of the 2010 Asia Pacific Cloud Workshop 2010 (co-‐located with APSEC2010), Sydney, Nov 30 2010.
