Jakub Szefer
ABSTRACT
In cloud computing, most of the computations and data in the data center do not belong to the cloud provider. This leaves owners of applications and data concerned about cyber and physical attacks which may compromise the confidentiality, integrity or availability of their applications or data. While much work has looked at protection from software (cyber) threats, very few have looked at physical attacks and physical security in data centers. In this work, we present a novel set of cyber defense strategies for physical attacks in data centers. We capitalize on the fact that physical attackers are constrained by the physical layout and other features of a data center which provide a time delay before an attacker can reach a server to launch a physical attack, even by an insider. We describe how a number of cyber defense strategies can be activated when an attack is detected, some of which can even take effect before the actual attack occurs. The defense strategies provide improved security and are more cost-effective than always-on protections in the light of the fact that on average physical attacks will not happen often -- but can be very damaging when they do occur.
- Amazon EC2 Instance Types. http://aws.amazon.com/ec2/instance-types/.Google Scholar
- The Apache HTTP Server Project. http://httpd.apache.org/.Google Scholar
- D. Champagne and R. B. Lee. Scalable architectural support for trusted software. In Proceedings of the International Symposium on High Performance Computer Architecture, HPCA, pages 1 --12, January 2010.Google ScholarCross Ref
- W. Dawoud, I. Takouna, and C. Meinel. Infrastructure as a Service Security: Challenges and Solutions. In Proceedings of the International Conference on Informatics and Systems, INFOS, March 2010.Google Scholar
- Dbench filesystem benchmark. http://dbench.samba.org/.Google Scholar
- J. S. Dwoskin and R. B. Lee. Hardware-rooted trust for secure key management and transient trust. In Proceedings of the ACM Conference on Computer and Communications Security, CCS, pages 389--400, October 2007. Google ScholarDigital Library
- Faban Harness and Benchmark Framework. http://java.net/projects/faban/.Google Scholar
- L. J. Fennelly. Effective Physical Security. Butterworth-Heinemann, 3rd edition, 2003.Google Scholar
- GlassFish - Open Source Application Server. http://glassfish.java.net/.Google Scholar
- J. A. Halderman, S. D. Schoen, N. Heninger, W. Clarkson, W. Paul, J. A. Calandrino, A. J. Feldman, J. Appelbaum, and E. W. Felten. Lest we remember: cold-boot attacks on encryption keys. Communications of ACM, 52(5):91--98, May 2009. Google ScholarDigital Library
- S. Heare. Data Center Physical Security Checklist. Technical report, SANS Institute, December 2001. http://www.sans.org/.Google Scholar
- K. J. Higgins. The 10 Most Overlooked Aspects of Security, November 2006. http://www.darkreading.com/security/application-security/208808177/the-10-most-overlooked-aspects-of-security.html.Google Scholar
- D. Huang, D. Ye, Q. He, J. Chen, and K. Ye. Virt-lm: a benchmark for live migration of virtual machine. In Proceedings of the International Conference on Performance Engineering, ICPE, pages 307--316, March 2011. Google ScholarDigital Library
- S. Jajodia, A. K. Ghosh, V. Swarup, C. Wang, and X. S. Wang, editors. Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats. Springer, 2011. Google ScholarDigital Library
- R. B. Lee, P. Kwan, J. P. McGregor, J. Dwoskin, and Z. Wang. Architecture for protecting critical secrets in microprocessors. In Proceedings of the International Symposium on Computer Architecture, ISCA, pages 2--13, June 2005. Google ScholarDigital Library
- mstone multi-protocol testing system. http://sourceforge.net/projects/mstone/.Google Scholar
- OpenStack. OpenStack Compute: An Overview.Google Scholar
- D. Perez-Botero. Pwnetizer: Improving Availability in Cloud Computing Through Fast Cloning and I/O Randomization. Master's Thesis, Princeton University, Princeton, NJ, 2013.Google Scholar
- S. D. Scalet. 19 Ways to Build Physical Security into a Data Center. http://www.csoonline.com/.Google Scholar
- J. S. Schultz. Should you trust mint.com? From New York Times http://bucks.blogs.nytimes.com/2010/07/06/should-you-trust-mint-com/?_r=0.Google Scholar
- smtp-sink(1) - Linux man page. http://linux.die.net/man/1/smtp-sink.Google Scholar
- G. E. Suh, D. Clarke, B. Gassend, M. van Dijk, and S. Devadas. Aegis: architecture for tamper-evident and tamper-resistant processing. In Proceedings of the Annual International Conference on Supercomputing, ICS, pages 160--171, June 2003. Google ScholarDigital Library
- SysBench: a system performance benchmark. http://sysbench.sourceforge.net/.Google Scholar
- J. Szefer, P. Jamkhedkar, Y.-Y. Chen, and R. B. Lee. Physical Attack Protection with Human-Secure Virtualization in Data Centers. In Workshop on Open Resilient human-aware Cyber-physical Systems, WORCS, June 2012.Google Scholar
- TrueCrypt - Free Open-Source On-The-Fly Disk Encryption Software. http://www.truecrypt.org/.Google Scholar
- VLC media player. http://www.videolan.org.Google Scholar
- M. E. Whitman and H. J. Mattord. Principles of Information Security. Cengage Learning, 2011. Google ScholarDigital Library
- Wireshark: the world's foremost network protocol analyzer. http://www.wireshark.org/.Google Scholar
Index Terms
- Cyber defenses for physical attacks and insider threats in cloud computing
Recommendations
Insider Threats: It's the HUMAN, Stupid!
NCS '19: Proceedings of the Northwest Cybersecurity SymposiumInsider threats refer to threats posed by individuals who intentionally or unintentionally destroy, exfiltrate, or leak sensitive information, or expose their organization to outside attacks. Surveys of organizations in government and industry ...
Insider Attacks in Cloud Computing
TRUSTCOM '12: Proceedings of the 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and CommunicationsThe computer-security industry is familiar with the concept of a Malicious Insider. However, a malicious insider in the cloud might have access to an unprecedented amount of information and on a much greater scale. Given the level of threat posed by ...
Detecting Insider Theft of Trade Secrets
Trusted insiders who misuse their privileges to gather and steal sensitive information represent a potent threat to businesses. Applying access controls to protect sensitive information can reduce the threat but has significant limitations. Even if ...
Comments