Scribd
Upload
95 views28 pages

Threat Modeling For Cloud Computing: Keke Chen

Learn the cloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud. A threat model helps in analyzing a security problem, design mitigation strategies, and evaluate solutions. Attackers are motivated to gain information about client data gain information on client behavior Use the information to improve services Sell the information to gain financial benefits.

Uploaded by

Rakesh Gupta
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
95 views28 pages

Threat Modeling For Cloud Computing: Keke Chen

Learn the cloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud. A threat model helps in analyzing a security problem, design mitigation strategies, and evaluate solutions. Attackers are motivated to gain information about client data gain information on client behavior Use the information to improve services Sell the information to gain financial benefits.

Uploaded by

Rakesh Gupta
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 28

Threat Modeling for Cloud Computing

Lecture 15
Keke Chen

Threats, vulnerabilities, and enemies


Goal
Learn the cloud computing threat model by examining the assets, vulnerabilities, entry points, and actors in a cloud Technique Apply different threat modeling schemes

Threat Model
A threat model helps in analyzing a security problem, design mitigation strategies, and evaluate solutions

Steps:
Identify attackers, assets, threats and other components Rank the threats Choose mitigation strategies Build solutions based on the strategies
3

Threat Model
Basic components
Attacker modeling
Choose what attacker to consider Attacker motivation and capabilities

Assets / potentially attacked targets

Vulnerabilities / threats

Recall: Cloud Computing Stack

Recall: Cloud Architecture

Client

SaaS / PaaS Provider


Cloud Provider (IaaS)

Attackers

Who is the attacker?


Insider?
Malicious employees at client Malicious employees at Cloud provider Cloud provider itself

Outsider?

Intruders Network attackers?


8

Attacker Capability: Malicious Insiders


At client
Learn passwords/authentication information Gain control of the VMs

At cloud provider
Log client communication

Attacker Capability: Cloud Provider


What can the attacker do?
Can read unencrypted data Can possibly peek into VMs, or make copies of VMs Can monitor network communication, application patterns

10

Attacker motivation: Cloud Provider


Why?
Gain information about client data Gain information on client behavior Use the information to improve services Sell the information to gain financial benefits

11

Attacker Capability: Outside attacker


What can the attacker do?
Listen to network traffic (passive) Insert malicious traffic (active) Probe cloud structure (active) Launch DoS

12

Attacker goals: Outside attackers


Intrusion Network analysis (network security) Man in the middle: public key example
Req. pk_B A Ret. Pk_B M Req. pk_B Ret. Pk_B B
Pk_A: public key by A Pk_B: public key by B Pk_A,Pk_B: false public keys by M

Pk_B(m)
A Pk_A(r) M

Pk_B(m)
Pk_A(r) B

Cartography: making map (original meaning), inference based on linked events/objects

13

Assets targets under attack

14

Assets
Confidentiality:
Data stored in the cloud Configuration of VMs running on the cloud Identity of the cloud users Location of the VMs running client code

15

Assets
Integrity
Data stored in the cloud Computations performed on the cloud

16

Assets
Availability
Cloud infrastructure SaaS / PaaS

17

Threats methods doing attacks

18

Organizing the threats using STRIDE


Spoofing identity Tampering with data Repudiation (refuse to do with, dispute) Information disclosure Denial of service Escalation of privilege

19

Spoofing identity
illegally obtaining access and use of another persons authentication information
Man in the middle URL phishing Email address spoofing (email spam)

20

Tampering with data


Malicious modification of the data Often hard and costly to detect
you might not find the modified data until some time has passed; once you find one tampered item, youll have to thoroughly check all the other data on your systems

21

Repudiation
a legitimate transaction will be disowned by one of the participants
You sign a document first; and refused to confirm the signature Need a trusted third party to mitigate

22

Information/data disclosure
an attacker can gain access, without permission, to data that the owner doesnt want him or her to have.

23

Denial of service
an explicit attempt to prevent legitimate users from using a service or system. It involves the overuse of legitimate resources. You can stop all such attacks by removing the resource used by the attacker, but then real users cant use the resource either.

24

Escalation of privilege
an unprivileged user gains privileged access.
E.g. unprivileged user who contrives a way to be added to the Administrators group

25

Typical threats
Threat type Spoofing identity Tampering with data
Repudiation

Mitigation technique
Authentication Protect secrets Do not store secrets Authorization Hashes Message authentication codes Digital signatures Tamper-resistant protocols Digital signatures Audit trails
[STRIDE]
26

Typical threats (contd.)


Threat type
Information disclosure Denial of service Escalation of privilege Mitigation technique
Authorization Privacy-enhanced protocols Encryption Protect secrets Do not store secrets Authentication Authorization Filtering Throttling Quality of service Run with least privilege [STRIDE]
27

Threat tree: a thread modeling method

28

You might also like