Wednesday, 28 January 2015

Attacks on Cloud Services

Wrapping Attack:
A SOAP (Simple Object Access Protocol) message is generated when a user makes a request from his Virtual Machine to the browser. The request is directed to the web server. A wrapping attack is done by duplication of the user account and password in the log-in phase so that the SOAP messages that are exchanged during the setup phase between the Web browser and server are affected by the attackers.

Malware-Injection Attack:
The attacker creates a normal operation, like deleteUser, and embeds in it another command, such as setAdminRight. When the user request is passed to the server, it discloses a user account to the attacker rather executing the command to delete an user account.

Flooding Attack: 
Attacker generates bogus or malicious data, which could be resource requests or some type of code to be run in the application of a legitimate user, engaging the server’s CPU, memory and all other devices to compute the malware requests. The servers finally end up reaching their maximum capacity, and thereby offload to another server, which results in flooding.

Browser Attack:
It is committed by sabotaging the signature and encryption during the translation of SOAP messages in between the web browser and web server, causing the browser to consider an adversary as a legitimate user and process all requests communicating with web server.

Insecure Interfaces and APIs:
Cloud computing service providers expose a set of software interfaces or APIs that customers use to manage and interact with cloud services. Reliance on a weak set of interfaces can expose an organization to a variety of security issues related to confidentiality, availability, and password integrity.

Malicious administrators:
Cloud computing as a process is governed, managed, and maintained by site administrators. By default, they hold the key to managing all the data, files, and privileged company resources. As a revenge, or for other reasons, administrators may end up spreading, or allowing privileged information to leak.

Data Stealing: 
System administrators stealing any volume of data without leaving a trace is one of the biggest overlooked security holes in virtualized data centers. Three simple steps are login as an administrator on the hypervisor, create a replica of a virtual machine and mount the disk image onto the hypervisor and lastly delete the original copy.

Data Leakage:
Data leakage is the movement of data from one customer to another. The data leakage problem comes when a customer deletes their drive and then a new customer creates a new drive. The areas on the physical disks used for the old and new drives can overlap. Its therefore possible for the new customer to try and image off previously written data from other customers.

References:
1. J. Archer, A. Boehme, D. Cullinane, P. Kurtz, N. Puhlmann, and J. Reavis, "Top Threats to Cloud Computing V1. 0," Cloud Security Alliance, 2010.
2. K. Zunnurhain and S. Vrbsky, "Security Attacks and Solutions in Clouds," in Second IEEE International Conference on Cloud Computing Technology and Sciences (IEEE CloudCom 2011), 2011.
3. W. Bailey, (2012), "Insider Threats To Cloud Computing," [Online]. Available: http://www.cloudtweaks.com/2012/10/insider-threats-tocloud-computing/.
4. J. Mutch, (2010), "How to Steal Data from the Cloud," [Online]. Available: http://www.cloudbook.net/resources/stories/how-tosteal-data-from-the-cloud.
5. Patrick, (2010), "Security in a Public IaaS Cloud Part 3: Data
Storage ", [Online]. Available: http://www.cloudsigma.com/blog/15-security-in-the-cloud-datastorage

Tuesday, 11 March 2014

RESEARCH GAPS IN CLOUD FORENSICS


Paper Link: Cloud Forensics: State-of-the-Art and Research Challenges


A. Collecting Evidences: In different cloud deployment models, various approaches are followed to collect the evidences. IaaS provides an export of the virtual hard disk and memory provided to the user. A binary export of the data stored on the hosted software environment is collected in SaaS [1].

 B. Evidence Segregation of random log formats: Evidence segregation is a challenge for cloud service providers without breaching the confidentiality of other tenants that share the infrastructure. As the data is collected from different sources is in different file format [1].

C. Service Level Agreements: Due to the lack of customer awareness, there is limited rules and regulations regarding forensic investigations. Most cloud customers are unknown of these issues that may arise in a cloud computing.

D. Transparent behavior: Transparency is needed for trust. Cloud customers want transparency which is not provided in current real world cloud environments. This is needed as a lot of cases sensible data is computed on services running in the cloud. This situation leads to the fact that customers have the legitimate fear of the threat of the unknown. The issue of unknown data location is further enhanced by the technical obfuscation of the underlying infrastructure. The CSP provides almost no information about the system environment in which customer data is stored or processed [2] .

E. Loss of collected digital evidence: Cloud environments theoretically provide a huge amount of potential evidence data that could be used for an investigation, the CSP mostly decides which amount of evidence data can be accessed by the customer. Loss of data leads to further problems during the investigation phases. At the time of investigation in cloud computing environment cloud offers a huge amount of potential forensic data [2].

F. SLA Verification: An SLA represents the understanding between the cloud consumer and cloud provider about the expected level of service to be delivered and, in the event that the provider fails to deliver the service at the level specified, the compensation available to the cloud consumer [3].
Considering the distribution of control between CSP and customer, it becomes apparent that it remains almost impossible for the customer to verify the actual performance of these agreements [2].

 There is some challenges associated with cloud based log analysis and forensics decentralization of logs: volatility of logs, archival and retention, accessibility of logs, non existence of logs, absence of critical information in logs, and random log formats [4].

1. K. Ruan, J. Carthy, T. Kechadi, and M. Crosbie, "Cloud Forensics," Advances in Digital Forensics VII, vol. 361, no. IFIP Advances in Information and Communication Technology pp. 35-46, 2011.

2. D. Birk and C. Wegener, "Technical Issues of Forensic Investigations in Cloud Computing Environments," in IEEE Sixth International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE), 2011 Bochum, Germany 2011, pp. 1-10.

3. W. Jansen and T. Grance, "Guidelines on security and privacy in public cloud computing," NIST Special Publication, pp. 800-144.