Security Flaws and Design Issues in Cloud Infrastructure

Security Flaws and Design Issues in Cloud Infrastructure

DOI: 10.4018/978-1-5225-7924-3.ch004

Abstract

Information security plays a vital role in cloud computing. Sensitive information should be kept in secure mode for providing integrity and confidentiality from insiders and outsiders. An insider is an employee who has legitimate access to cloud resources which are hosted at cloud data center. They can perform malicious activities on consumer sensitive data with or without malicious intent. This security beach is obvious and the provider needs to protect from such attacks. In this chapter, insider attacks are demonstrated with empirical approach to breach consumer-sensitive data. In this chapter, the authors present the threat models where an insider can manipulate user VMs in the node controller of cloud platform. Here, they assume that cloud service provider is malicious and cloud consumer does not have any security constraints to access their cloud assets. The model described two locations in the cloud infrastructure.
Chapter Preview
Top

Scope Of Insider Attacks

Attacks in the Local Machine

We assume that the legacy OS with malicious insider at cloud platform. Such that, it clearly states that kernel and user mode is not modified. Such that, an insider can compromise VM’s, those are running on controller of target cluster. For example, an insider can modify target VM kernel and they can launch VM with malicious intention without any permissions from VM owner (user). It leads to sensitive data breach of cloud storage of other VM and target VM. With reference of this attack pattern, VM’s those are running on NC are in great threat from insiders.

Attacks in the Cloud Administrator

The cloud service provider contains ring 0 privileges to access any content of cloud users and physical resources hosted at cloud data center (Berger, S., et al, 2008). To launch insider attack on resources, insider obtains a memory dump of target VM. Initially malicious insider has no idea about credentials stored in dump of VM kernel image. To obtain a password from kernel, an attacker or insider simply devises a method on obtained kernel of VM. The kernel image filtered using strings command, it thoroughly checks dump and returns available strings with name of password. Once insider obtains credentials from kernel of VM, the following are expected issues:

  • A cloud service provider can access guest OS contents by using their privileges.

With effect of this cloud client might lose their data confidentiality and integrity. As said earlier, cloud service provider can save, restore, reboot, and shutdown any guest operating system.

  • In (Bethencourt,J., Sahai,A., and Waters,B. 2007) and (Rocha, F. and Correia, M. 2011) demonstrated various attack scenarios and those pose great threats in cloud computing virtual environment.

  • A malicious insider or malicious cloud service provider can change or breach data upon agreed with competitors of the client company. Attackers (insiders) inside the company have great risk to information resources because they are sophisticated about internal structure.

  • Malicious insider cannot access the hypervisor but they can access secondary storage and network I/O. With this maliciousness cloud service provider, can perform any task without any permission from owner of Domain or Virtual Machine.

Top

Security Design Flaw In Current Virtual Machine Monitors

This chapter provides a proof of the research problem that we addressed in this research work. We studied and analyzed the insider attacks in cloud infrastructure. This chapter provides a complete detail of addressed problem in cloud environment and various design flaws in virtual machine monitors that leverages and violates the integrity and confidentiality rules of client virtual machines.

The addressed research problem is a hypervisor or virtual machine monitor without least privileges. The failure to defend the privileged user or cloud administrator (malicious) access to the sensitive data which is not accessible that holds cryptographic keys resident in memory space of virtual machine monitor (Rocha, F. and Correia, M. 2011).

The proof of concept presented in this chapter consists of attacks performed in the virtual machine monitor from three major providers of Virtual software i.e., Amazon Web Services (AWS), Microsoft azure, etc. We chose to demonstrate the problem with the most commercial solutions such as VMware ESXi and major open source hypervisor Xen and Linux KVM (Fraser, K. et.al, 2004). This section demonstrates problem in multiple hypervisor vendors that argues in favor of a design issues instead of an implementation of fault tolerance in hypervisor or virtual machine monitor.

Complete Chapter List

Search this Book:
Reset