research-article

Inevitable Failure: The Flawed Trust Assumption in the Cloud

Authors:

Giuseppe Petracca,

Trent JaegerAuthors Info & Claims

CCSW '14: Proceedings of the 6th edition of the ACM Workshop on Cloud Computing Security

Pages 141 - 150

https://doi.org/10.1145/2664168.2664180

Published: 07 November 2014 Publication History

Abstract

IaaS clouds offer customers on-demand computing resources such as virtual machine, network and storage. To provision and manage these resources, cloud users must rely on a variety of cloud services. However, a wide range of vulnerabilities have been identified in these cloud services that may enable an adversary to compromise customers' computations or even the cloud platform itself. Using the motivation for adding mandatory access to commercial operating systems, we argue for the development of a secure cloud operating system (SCOS) to enforce mandatory access control (MAC) over cloud services and customer instances. To better understand the concrete challenges of building a SCOS, we examine the OpenStack cloud platform from two perspectives: (1) how attacks propagate across cloud services and (2) how adversaries leverage vulnerabilities in cloud services to attack hosts. Using this information, we review the application of three MAC approaches employed by "secure" commercial systems to evaluate their practical effectiveness for controlling cloud services. While MAC enforcement can improve security for cloud services, several threats remain unchecked. We outline a set of additional security policy goals that a SCOS must enforce to control threats from potentially compromised cloud services comprehensively. While we do not actually construct a SCOS in this paper, we hope that this study will initiate discussions that may lead to practical designs.

References

[1]

ANDERSON, J. P. Computer security technology planning study. Tech. Rep. ESD-TR-73--51, The Mitre Corporation, Air Force Electronic Systems Division, Hanscom AFB, Badford, MA, 1972.

[2]

Apache CloudStack. http://cloudstack.apache.org/.

[3]

Security starts with your operating system. http://www.argus-systems.com/home3.shtml, 2008.

[4]

Selinux/audit2allow. http://fedoraproject.org/wiki/SELinux/audit2allow.

[5]

BADGER, L., STERNE, D. F., SHERMAN, D. L., WALKER, K. M., AND HAGHIGHAT, S. A. A domain and type enforcement UNIX prototype. In Proceedings of the 5th USENIX Security Symposium (1995).

Digital Library

[6]

XTS-400 Trusted Computer System, from BEA Systems, 2008. http: //www.baesystems.com/ProductsServices/bae_prod_csit_xts400.html.

[7]

BELL, D. E., AND LAPADULA, L. J. Secure computer system: Unified exposition and Multics interpretation. Tech. Rep. ESD-TR-75--306, Deputy for Command and Management Systems, HQ Electronic Systems Division (AFSC), L. G. Hanscom Field, Bedford, MA, March 1976. Also, MITRE Technical Report MTR-2997.

[8]

BIBA, K. J. Integrity considerations for secure computer systems. Tech. Rep. MTR-3153, MITRE, April 1977.

[9]

BOEBERT, W. E., AND KAIN, R. Y. A practical alternative to hierarchical integrity policies. In Proceedings of the 8th National Computer Security Conference (1985).

[10]

BUGIEL, S., NÜRNBERGER, S., PÖPPELMANN, T., SADEGHI, A., AND SCHNEIDER, T. AmazonIA: When elasticity snaps back. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS) (2011), pp. 389--400.

Digital Library

[11]

BUTT, S., LAGAR-CAVILLA, H. A., SRIVASTAVA, A., AND GANAPATHY, V. Self-service cloud computing. In Proceedings of the 2012 ACM conference on Computer and communications security (New York, NY, USA, 2012), CCS '12, ACM, pp. 253--264.

Digital Library

[12]

CVE-2012--3542. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012--3542.

[13]

CVE-2012--4456. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012--4456.

[14]

CVE-2014-0167. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0167.

[15]

CHEN, H., LI, N., AND MAO, Z. Analyzing and comparing the protection quality of security enhanced operating systems. In NDSS (2009).

[16]

Cloudlinux. http://www.cloudlinux.com/.

[17]

Oracle solaris 11. http://www.oracle.com/us/products/servers-storage/solaris/solaris11/overview/index.html/.

[18]

CORBATÓ, F. J., AND VYSSOTSKY, V. A. Introduction and overview of the multics system. In Proceedings of the November 30--December 1, 1965, Fall Joint Computer Conference, Part I (New York, NY, USA, 1965), AFIPS '65 (Fall, part I), ACM, pp. 185--196.

Digital Library

[19]

DENNING, D. A Lattice Model of Secure Information Flow. Communications of the ACM 19, 5 (1976).

Digital Library

[20]

CVE-2012--3360. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012--3360.

[21]

CVE-2012--3361. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012--3361.

[22]

CVE-2012--3447. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012--3447.

[23]

CVE-2013-0247. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0247.

[24]

CVE-2013-0270. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0270.

[25]

CVE-2014--2828. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014--2828.

[26]

Eucalyptus. https://www.eucalyptus.com/.

[27]

GIFFIN, J. T., JHA, S., AND MILLER, B. P. Detecting manipulated remote call streams. In Proceedings of the 11th USENIX Security Symposium (Berkeley, CA, USA, 2002), USENIX Association, pp. 61--79.

Digital Library

[28]

CVE-2014-0162. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0162.

[29]

HALLYN, S. E., AND KEARNS, P. Domain and type enforcement for Linux. In Proceedings of the 4th Annual Linux Showcase and Conference (Oct. 2000). At http://www.sagecertification.org/publications/library/proceedings/als00/2000papers/papers/full_papers/hallyn/hallyn_html/index.html.

Digital Library

[30]

HARDY, N. The confused deputy. Operating Systems Review 22, 4 (Oct. 1988), 36--38.

Digital Library

[31]

CVE-2011--4596. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011--4596.

[32]

CVE-2013-0208. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0208.

[33]

CVE-2014-0187. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0187.

[34]

LIDS Secure Linux System. http://www.lids.org/, 2008.

[35]

LOSCOCCO, P. A., SMALLEY, S. D., MUCKELBAUER, P. A., TAYLOR, R. C., TURNER, S. J., AND FARRELL, J. F. The Inevitability of Failure: The flawed assumption of security in modern computing environments. In Proceedings of the 21st National Information Systems Security Conference (October 1998), pp. 303--314.

[36]

MAYER, F., MACMILLAN, K., AND CAPLAN, D. SELinux by Example: Using Security-Enhanced Linux. Addison-Wesley, 2006.

Digital Library

[37]

MCILROY, M. D., AND REEDS, J. A. Multilevel security in the UNIX tradition. Software-Practice and Experience 22 (1992), 673--694.

Digital Library

[38]

NARAINE, R. Russinovich: Malware will thrive, even with Vista's UAC, April 2007. http://blogs.zdnet.com/security/?p=175.

[39]

AppArmor Linux application security. http://www. novell.com/linux/security/apparmor/, 2008.

[40]

Security-enhanced linux. http://www.nsa.gov/selinux.

[41]

OpenNebula. http://opennebula.org/.

[42]

OpenStack Open Source Cloud Computing Software. http://www.openstack.org//, 2008.

[43]

Openstack api quick start. http://docs.openstack. org/api/quick-start/content/.

[44]

OTT, A. Rsbac: Extending Linux security beyond the limits. http://www.rsbac.org/, 2008.

[45]

PROVOS, N. Improving host security with system call policies. In Proceedings of the 2003 USENIX Security Symposium (August 2003).

Digital Library

[46]

PROVOS, N., FRIEDL, M., AND HONEYMAN, P. Preventing privilege escalation. In Proceedings of the USENIX Security Symposium (Aug. 2003).

Digital Library

[47]

RISTENPART, T., TROMER, E., SHACHAM, H., AND SAVAGE, S. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM conference on Computer and communications security (2009).

Digital Library

[48]

SALTZER, J. H., AND SCHROEDER, M. D. The protection of information in computer systems. Proceedings of the IEEE 63, 9 (September 1975).

[49]

SCHELL, R., TAO, T., AND HECKMAN, M. Designing the GEMSOS security kernel for security and performance. In Proceedings of the National Computer Security Conference (1985).

[50]

SCHELLHORN, G., REIF, W., SCHAIRER, A., KARGER, P. A., AUSTEL, V., AND TOLL, D. Verification of a formal security model for multiapplicative smart cards. In Proceedings of the European Symposium on Research in Computer Security (2000), pp. 17--36.

Digital Library

[51]

Selinux/mls. http://fedoraproject.org/wiki/SELinux/MLS.

[52]

SUN MICROSYSTEMS. Trusted Solaris 8 Operating System. http://www.sun.com/software/solaris/trustedsolaris/, Feb. 2006.

[53]

CVE-2012--4406. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012--4406.

[54]

Reference Policy. http://oss.tresys.com/projects/refpolicy, 2008.

[55]

VARADARAJAN, V., KOOBURAT, T., FARLEY, B., RISTENPART, T., AND SWIFT, M. M. Resource-freeing attacks: improve your cloud performance (at your neighbor's expense). In ACM Conference on Computer and Communications Security (2012), pp. 281--292.

Digital Library

[56]

VIJAYAKUMAR, H., GE, X., PAYER, M., AND JAEGER, T. JIGSAW: Protecting resource access by inferring programmer expectations. In Proceedings of the 23rd USENIX Security Symposium (Aug. 2014), pp. 973--988.

Digital Library

[57]

VIJAYAKUMAR, H., SCHIFFMAN, J., AND JAEGER, T. Process Firewalls: Protecting processes during resource access. In Proceedings of the Eighth ACM European Conference on Computer Systems (EuroSys) (2013), pp. 57--70.

Digital Library

[58]

WAGNER, D., AND DEAN, D. Intrusion detection via static analysis. In Proceedings of the 2001 IEEE Symposium on Security and Privacy (Washington, DC, USA, 2001), SP '01, IEEE Computer Society, pp. 156--.

Digital Library

[59]

WAGNER, D., AND SOTO, P. Mimicry attacks on host-based intrusion detection systems. In Proceedings of the 9th ACM Conference on Computer and Communications Security (New York, NY, USA, 2002), CCS '02, ACM, pp. 255--264.

Digital Library

[60]

WATSON, R. N. M. TrustedBSD: Adding trusted operating system features to FreeBSD. In Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference (2001), pp. 15--28.

Digital Library

[61]

WRIGHT, C., COWAN, C., SMALLEY, S., MORRIS, J., AND KROAH-HARTMAN, G. Linux Security Modules: General security support for the Linux kernel. In Proceedings of the 11th USENIX Security Symposium (August 2002), pp. 17--31.

Digital Library

[62]

ZHANG, F., CHEN, J., CHEN, H., AND ZANG, B. Cloudvisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. In Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles (New York, NY, USA, 2011), SOSP '11, ACM, pp. 203--216.

Digital Library

[63]

ZHANG, Y., AND REITER, M. K. Düppel: retrofitting commodity operating systems to mitigate cache side channels in the cloud. In ACM Conference on Computer and Communications Security (2013).

Digital Library

Cited By

Gu JHua ZLi MChen H(2022)Innovations and applications of operating system security with a hardware-software co-designChinese Science Bulletin10.1360/TB-2022-055767:32(3862-3871)Online publication date: 30-Jun-2022
https://doi.org/10.1360/TB-2022-0557
Hogan KMaleki HRahaeimehr RCanetti Rvan Dijk MHennessey JVaria MZhang H(2019)On the Universally Composable Security of OpenStack2019 IEEE Cybersecurity Development (SecDev)10.1109/SecDev.2019.00015(20-33)Online publication date: Sep-2019
https://doi.org/10.1109/SecDev.2019.00015
Zhang TLee R(2018)Design, Implementation and Verification of Cloud Architecture for Monitoring a Virtual Machine's Security HealthIEEE Transactions on Computers10.1109/TC.2017.278082367:6(799-815)Online publication date: 1-Jun-2018
https://doi.org/10.1109/TC.2017.2780823
Show More Cited By

Index Terms

Inevitable Failure: The Flawed Trust Assumption in the Cloud
1. Security and privacy
  1. Security services
    1. Access control
  2. Systems security
    1. Operating systems security

Recommendations

Securing elastic applications on mobile devices for cloud computing
CCSW '09: Proceedings of the 2009 ACM workshop on Cloud computing security

Cloud computing provides elastic computing infrastructure and resources which enable resource-on-demand and pay-as-you-go utility computing models. We believe that new applications can leverage these models to achieve new features that are not available ...
A Pattern for Fog Computing
VikingPLoP '16: Proceedings of the 10th Travelling Conference on Pattern Languages of Programs

Fog Computing is a new variety of the cloud computing paradigm that brings virtualized cloud services to the edge of the network to control the devices in the IoT. We present a pattern for fog computing which describes its architecture, including its ...
Enhanced-Adaptive Pattern Attack Recognition Technique E-APART Against EDoS Attacks in Cloud Computing

Cloud Computing is most widely used in current technology. It provides a higher availability of resources to greater number of end users. In the cloud era, security has develop a reformed source of worries. Distributed Denial of Service DDoS and ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCSW '14: Proceedings of the 6th edition of the ACM Workshop on Cloud Computing Security

November 2014

160 pages

ISBN:9781450332392

DOI:10.1145/2664168

General Chair:
Gail-Joon Ahn
Arizona State University, USA
,
Program Chairs:
Alina Oprea
RSA Laboratories, USA
,
Reihaneh Safavi-Naini
University of Calgary, Canada

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 November 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'14

Sponsor:

SIGSAC

CCS'14: 2014 ACM SIGSAC Conference on Computer and Communications Security

November 7, 2014

Arizona, Scottsdale, USA

Acceptance Rates

CCSW '14 Paper Acceptance Rate 12 of 36 submissions, 33%;

Overall Acceptance Rate 37 of 108 submissions, 34%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
548
Total Downloads

Downloads (Last 12 months)21
Downloads (Last 6 weeks)12

Reflects downloads up to 28 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Gu JHua ZLi MChen H(2022)Innovations and applications of operating system security with a hardware-software co-designChinese Science Bulletin10.1360/TB-2022-055767:32(3862-3871)Online publication date: 30-Jun-2022
https://doi.org/10.1360/TB-2022-0557
Hogan KMaleki HRahaeimehr RCanetti Rvan Dijk MHennessey JVaria MZhang H(2019)On the Universally Composable Security of OpenStack2019 IEEE Cybersecurity Development (SecDev)10.1109/SecDev.2019.00015(20-33)Online publication date: Sep-2019
https://doi.org/10.1109/SecDev.2019.00015
Zhang TLee R(2018)Design, Implementation and Verification of Cloud Architecture for Monitoring a Virtual Machine's Security HealthIEEE Transactions on Computers10.1109/TC.2017.278082367:6(799-815)Online publication date: 1-Jun-2018
https://doi.org/10.1109/TC.2017.2780823
Sulaiyam Al Amri S(2018)IaaS-cloud security enhancement: An intelligent attribute-based access control framework2018 Majan International Conference (MIC)10.1109/MINTC.2018.8363159(1-9)Online publication date: Mar-2018
https://doi.org/10.1109/MINTC.2018.8363159
Sun YPetracca GGe XJaeger TSchwab SRobertson WBalzarotti D(2016)PileusProceedings of the 32nd Annual Conference on Computer Security Applications10.1145/2991079.2991109(52-64)Online publication date: 5-Dec-2016
https://dl.acm.org/doi/10.1145/2991079.2991109
Sze WSrivastava ASekar RChen XWang XHuang X(2016)Hardening OpenStack Cloud Platforms against Compute Node CompromisesProceedings of the 11th ACM on Asia Conference on Computer and Communications Security10.1145/2897845.2897851(341-352)Online publication date: 30-May-2016
https://dl.acm.org/doi/10.1145/2897845.2897851
Sun YPetracca GJaeger TVijayakumar HSchiffman J(2015)Cloud ArmorProceedings of the 2015 IEEE 8th International Conference on Cloud Computing10.1109/CLOUD.2015.42(253-260)Online publication date: 27-Jun-2015
https://dl.acm.org/doi/10.1109/CLOUD.2015.42

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten