A talk I gave at the 2011 NSF Cloud PI meeting at the National Science Foundation.

1. Security and Privacy inCloud Computing: A High-level View Ragib HasanNSF/CRA Computing Innovation Fellow Johns Hopkins University www.ragibhasan.com NSF Cloud PI Meeting, March 17, 2011

2. If cloud computing is so great, whyisn’t everyone using it? 2 Clouds are still subject to traditional data confidentiality, integrity, availability, and privacy issues, plus some additional attacks 3/17/11 Ragib Hasan | NSF Cloud PI Meeting 2011 | Cloud Security Panel

3. What the “experts” are saying? 3 [Cloud Computing] is a security nightmare and it can't be handled in traditional ways. John Chambers CISCO CEO It’s stupidity. It’s worse than stupidity Richard Stallman GNU 3/17/11 Ragib Hasan | NSF Cloud PI Meeting 2011 | Cloud Security Panel

4. Businesses don’t trust clouds (yet) Almost 75% of business CFOs are still afraid to use clouds for sensitive data due to lack of security 3/17/11 4 Ragib Hasan | NSF Cloud PI Meeting 2011 | Cloud Security Panel

5. Traditional systems security vsCloud Computing Security Securing a cloud Securing a traditional system 3/17/11 5 Ragib Hasan | NSF Cloud PI Meeting 2011 | Cloud Security Panel

6. Traditional systems security vsCloud Computing Security Analogy Securing a motel Securing a house Owner and user are often the same entity Owner and users are almost invariably distinct entities 3/17/11 6 Ragib Hasan | NSF Cloud PI Meeting 2011 | Cloud Security Panel

7. Traditional systems security vsCloud Computing Security Securing a motel Securing a house Biggest user concerns Securing perimeter Checking for intruders Securing assets Biggest user concern Securing room against (the bad guy in next room | hotel owner) 3/17/11 7 Ragib Hasan | NSF Cloud PI Meeting 2011 | Cloud Security Panel

8. Research on Cloud Computing Security: A High Level View Novel attacks Trustworthy cloud architectures Data integrity and availability Computation integrity Data and computation privacy Data forensics Misbehavior detection Malicious use of clouds 3/17/11 8 Ragib Hasan | NSF Cloud PI Meeting 2011 | Cloud Security Panel

9. Co-tenancy in clouds creates new attack vectors A cloud is shared by multiple users Malicious users can now legally be in the same infrastructure Misusing co-tenancy, attackers can launch side channel attacks on victims Research question: How to prevent attackers from exploiting co-tenancy in attacking the infrastructure and/or other clients? Example: the Topology attack on Amazon EC2 (“Hey You! Get off of my Cloud …” CCS 2009) 3/17/11 9 Ragib Hasan | NSF Cloud PI Meeting 2011 | Cloud Security Panel

10. Today’s cloud architectures act like big black boxes 3/17/11 Ragib Hasan | NSF Cloud PI Meeting 2011 | Cloud Security Panel 10 Clients have no idea of or control over what is happening inside the cloud Clients are forced to trust cloud providers completely Research Question: How do we design cloud computing architectures that are semi-transparent and provide clients with control over security? Existing Approaches: TCCP (uses TPM), CloudProof

11. Today’s clouds provide no guarantee about outsourced data Amazon’s Terms of services 3/17/11 11 Ragib Hasan | NSF Cloud PI Meeting 2011 | Cloud Security Panel

12. Today’s clouds provide no guarantee about outsourced data Problem: Dishonest cloud providers can throw data away or lose data. Malicious intruders can delete or tamper with data. Clients need reassurance that the outsourced data is available, has not been tampered with, and remains confidential. Research Question: How can clients get assurance/proofs that the cloud provider is actually storing data, is not tampering with data, and can make the data available on-demand? 3/17/11 12 Ragib Hasan | NSF Cloud PI Meeting 2011 | Cloud Security Panel Example Approaches: Provable Data Possession (PDP), Proof of Retrievability (PoR), HAIL

13. Ensuring confidentiality of data in outsourced computation is difficult 3/17/11 Ragib Hasan | NSF Cloud PI Meeting 2011 | Cloud Security Panel 13 Most type of computations require decrypting data before any computations If the cloud provider is not trusted, this may result in breach of confidentiality Research Question: How can we ensure confidentiality of data and computations in a cloud? Existing Approaches: Homomorphic encryption, TCCP

14. Clients have no way of verifying computations outsourced toa Cloud 14 Scenario User sends her data processing job to the cloud. Clouds provide dataflow operation as a service (e.g., MapReduce, Hadoop etc.) Problem: Users have no way of evaluating the correctness of results Research question: How can we verify the accuracy of outsourced computation? 3/17/11 Ragib Hasan | NSF Cloud PI Meeting 2011 | Cloud Security Panel Existing Approaches: Runtime Attestation, Majority voting, Redundant operations

15. Data Forensics in Clouds is difficult Certain Government regulations mandate the ability to audit and run forensic analysis on critical business or healthcare data Clouds complicate forensic analysis, since the same storage infrastructure is shared by many clients Cloud providers are not willing to open up their entire storage for forensic investigations. Research question: How can we augment cloud infrastructures to allow forensic investigations? 3/17/11 15 Ragib Hasan | NSF Cloud PI Meeting 2011 | Cloud Security Panel

16. Clouds can be used for malicious purposes Adversaries can rent clouds temporarily to create a large scale botnet very quickly Clouds can be used for spamming, Denial of service, brute force password breaking, and other attacks Example:WPACracker.com – Claims to break WPA passwords for $17 in under 20 minutes, using a cloud Research question: How can we rapidly detect misbehavior of clients in a cloud? 3/17/11 16 Ragib Hasan | NSF Cloud PI Meeting 2011 | Cloud Security Panel

17. (Largely) Unexplored Areas Legal/policy issues and regulatory compliance: How does cloud computing fit in with data security laws and regulations such as SOX, HIPAA? For example, If I store my data in Amazon, can the Govt. subpoena Amazon to access my data without violating 4th amendment? Will a cloud based storage system comply with SOX? 3/17/11 Ragib Hasan | NSF Cloud PI Meeting 2011 | Cloud Security Panel 17

18. My Research Agenda 3/17/11 Ragib Hasan | NSF Cloud PI Meeting 2011 | Cloud Security Panel 18 Question: How can we make clouds more accountable? Approach: By maintaining secure and verifiable provenance chains for all data and computations outsourced to a cloud, clients can get more accountability. Provenance of data What happened to the data object while it was inside the cloud? (i.e., entire history of the data object) Provenance of computations How was a particular result computed inside a cloud? Challenges: How to ensure correct collection of provenance inside a cloud, even when the cloud provider may not be trustworthy?

19. Observations: What’s wrong with today’s cloud security research Failure to look at reality Many security schemes impose unrealistic overheads (e.g., >35%!!) – no one will use them in real life clouds Failure to consider economy Security schemes would cause significant changes to existing cloud infrastructures Many attacks simply don’t make any economic sense Lack of realistic threat models Many papers present unrealistic threat models, (“Solutions in search of a problem”) 3/17/11 19 Ragib Hasan | NSF Cloud PI Meeting 2011 | Cloud Security Panel

20. Summary 3/17/11 Ragib Hasan | NSF Cloud PI Meeting 2011 | Cloud Security Panel 20 The nature of clouds introduce new security challenges Today’s clouds are not secure, accountable, or trustworthy Many open problems need to be resolved before major users will adopt clouds for sensitive data and computations

21. Thank You Check outmy Cloud Computing Security and Privacy course at Johns Hopkins University http://bit.ly/jhucloudsec Questions? Comments? Email: rhasan7@jhu.edu Web: http://www.ragibhasan.com