Cloud Security

Module 5
Chapter 9 - 8 Oct, 2024
Cloud security risks
Trust In General
● Trust means “assured reliance on the character, ability, strength, or truth of someone or something.”
● Conditions where trust prevails
○ Risk
○ Interdependence
● Three phases of Trust
○ Building phase
○ Stability phase
○ Dissolution phase
● Reasons and forms of trust
○ Deterrence based - Penalties, Opportunistic
○ Calculus based - Mutual Benefit
○ Persistent trust - Long-term behavior
○ Dynamic trust - Contextual
Cloud security risks
Trust In Business
● Trust is fundamental in business for fostering long-term relationships, enhancing collaboration, and ensuring
smooth operations.
● The Client Retention Story - IT Support
● The Startup Investment Story - Airbnb founders Brian Chesky and Joe Gebbia, Paul Graham of Y Combinator
● Employee Loyalty and Trust - Netflix
● Supplier and Vendor Relationships - Toyota
Cloud security risks
Trust In The Internet
● “Obscures or lacks entirely the dimensions of character and personality, nature of relationship, and
institutional character”
● Missing
○ Identity
○ Personal Characteristics
○ Role Definitions
○ Accountability
Cloud security risks
Build Trust In The Internet
● Access Control
○ intruders and mischievous agents
● Transparency of Identity
○ biometric identification
● Surveillance
○ intrusion detection or on logging and auditing
● Credentials
○ Digital Certificates
● Policies and reputation - Activities Based
● Persistent Social-based trust - References
Cloud security risks
OS Security
● An operating system (OS) allows multiple applications to share the hardware resources of a physical system,
subject to a set of policies.
● Critical functions
○ unauthorized access
○ Tempering with Executable Code
○ Spoofing
● Data brought in from
○ Malicious code
○ Browser from a malicious Web site
Cloud security risks
OS Security
● Mandatory security of an OS
○ Access control
○ Authentication usage
○ Cryptographic
○ Subsystems tasked with performing security-related functions
Cloud security risks
Security risks posed by shared images
● IaaS
● Amazon Machine Images (AMIs)
● Bundling
● A Linux system can be accessed using ssh at port 22, whereas the Remote Desktop at port 3389 is used for
Windows.
● undelete files and recover credentials, private keys, or other types of sensitive information
● The audit covered software vulnerabilities and security and privacy risks
● The software vulnerability audit revealed that 98% of the Windows AMIs (249 out of 253) and 58% of Linux AMIs
(2,005 out of 3,432)
Cloud security risks
Security risks posed by shared images
● Three types of security risks were analyzed:
○ Backdoors and leftover credentials
○ Unsolicited connections
○ Malware
● Unsolicited connections
● AMIs contained at least one shell history file
● Syslog
● Trojan-Agent
● recover ssh keys stored in files named id_dsa and id_rsa
● IP addresses of other systems
● Recovery of deleted files

● To be safe, the creator of the image effort should use utilities such as shred,scrub,zerofree, or wipe
Cloud security risks
Virtual machine security
● Cloud uses mostly Traditional / Bare Metal VMM
● Trusted Computing Base (TCB)
● VMM & VM based Threats
Cloud security risks
Virtual machine security
● Trusted Computing Base (TCB)
○ Enforcing Access Controls
○ Managing Security Policies
○ Maintaining System Integrity
○ Audit and Monitoring

○ Compromised TCB: If the hypervisor (part of the TCB) is compromised, an attacker could bypass VM isolation, read or modify the memory
of other VMs, and even affect the underlying host system.

○ Minimizing the TCB: Many modern VMMs aim to minimize the size and complexity of the TCB, reducing the potential attack surface. For
example, lightweight hypervisors focus on only the essential components necessary for virtualization, ensuring that they are secure and can be
audited effectively.
Cloud security risks
VMM is better a security ? - The Pros
● VMMs are less complex and better structured than traditional operating systems
● Minimalistic architecture compared to traditional operating systems (OSs)
● Managing hardware resources and virtualizing them for use by multiple virtual machines (VMs). It isolates VMs
from one another, manages resource allocation (like CPU, memory, storage)
● Less complexity means fewer points of potential vulnerability, which translates into better security
● Guest OS on Simulated Hardware
● VMM Access to the State of All Virtual Machines
● State Management Capabilities
● Replication for Reliability, Cloning
Cloud security risks
VMM is better a security ? - Not Really
● VMM operates at a low level
○ Security services, like antivirus software or file integrity monitoring, often operate at a higher logical level, understanding
the file system, processes, user privileges, etc. These services need access to information like filenames, file permissions,
and process ownership, which is not directly visible to the VMM.
● Security services typically operate at a higher logical level
○ Security services such as intrusion detection systems (IDS), antivirus programs, or integrity checkers typically work by
analyzing logical objects like files, processes, and network traffic. They understand the structure of the file system, the
relationships between processes, and the permissions that users or programs have.
Cloud security risks
VMM is better a security ? - Not Really
● Fingerprinting refers to the process of collecting information about a system to identify its characteristics and
configurations. In the context of VMs, attackers can gather specific details about the virtual environment
● Avoiding VM Honeypots - Honeypots are decoy systems set up to attract attackers
● VMs generate logging files that track system activities, operations, and events. These logs can contain
sensitive information
Cloud security risks
VMM is better a security ? - Way forward
● Implement IDS and IPS based on
○ Isolation: This capability allows each guest VM to operate independently of others. If one VM is compromised, the isolation
provided by the hypervisor (or Virtual Machine Monitor - VMM) ensures that the compromise does not affect other VMs running on
the same physical hardware. This isolation helps in limiting the spread of an attack and protects sensitive data and resources in
other VMs.
○ Inspection: Inspection means that the VMM can review the state of guest VMs, analyzing their memory, file systems, and network
activities. This capability allows the IDS to detect abnormal behavior, unauthorized access attempts, or known attack signatures. By
monitoring the state of guest VMs, the VMM can provide insights into potential intrusions and aid in forensic investigations if an
attack occurs.
○ Interposition: Interposition refers to the VMM's ability to trap and emulate privileged instructions issued by guest VMs. This
means that the VMM can intercept certain operations, such as system calls, that a guest OS makes to interact with the hardware. By
doing so, the VMM can enforce security policies, prevent malicious actions, and ensure that potentially harmful operations are
handled safely.
Cloud security risks
VMM is better a security ? - Way forward
● VM-Based Intrusion Prevention Systems / Virtualization-aware security software can combine low-level
monitoring of VM activity (e.g., CPU usage, memory access) with high-level analysis of what’s happening inside
the guest OS.
○ SVFS, NetTop, Terra and IntroVirt
Cloud security risks
Virtual machine security
● VMM Based Threats
○ Starvation of resources and denial of service
○ VM side-channel attacks
■ lack of proper isolation of inter-VM traffic due to misconfiguration of the virtual network residing in the VMM
■ limitation of packet inspection devices to handle high-speed traffic
■ presence of VM instances built from insecure VM images
○ Buffer overflow attacks
Cloud security risks
Virtual machine security
● VM Based Threats
○ Deployment of rogue or insecure VM
○ Presence of insecure and tampered VM images in the VM image repository
■ lack of access control to the VM image repository
■ lack of mechanisms to verify the integrity of the images
Cloud security risks
Security risks posed by a management OS
● TBC more often comes with The management OS
● Supports administrative tools, live migration, device drivers, and device emulators
● “An analysis of Xen vulnerabilities reports that 21 of the 23 attacks were against service components of the control
VM [90]; 11 attacks were attributed to problems in the guest OS caused by buffer overflow 16 and 8 were
denial-of-service attacks.”
●
Cloud security risks
Security risks posed by a management OS - Ways to Protect
● The privacy and integrity of the virtual CPU of a VM. When Dom0 wants to save the state of the VM, the
hypercall should be intercepted and the contents of the virtual CPU registers should be encrypted. When a
DomU is restored, the virtual CPU context should be decrypted and then an integrity check should be carried
out.

● The privacy and integrity of the VM virtual memory. The page table update hypercall should be intercepted and
the page should be encrypted so that Dom0 handles only encrypted pages of the VM. To guarantee integrity,
the hypervisor should calculate a hash of all the memory pages before they are saved by Dom0. Because a
restored DomU may be allocated a different memory region, an address translation is necessary (see [215]).

● The freshness of the virtual CPU and the memory of the VM. The solution is to add to the hash a version
number.