Inevitable failure: The flawed trust assumption in the cloud

Proceedings of the ACM Conference on Computer and Communications Security

Volumn 2014-November, Issue November, 2014, Pages 141-150

  Sun, Yuqiong ^a   Petracca, Giuseppe ^a   Jaeger, Trent ^a  

^a PENNSYLVANIA STATE UNIVERSITY   (United States)

Author keywords

Cloud computing; Mandatory access control; Security

Indexed keywords

ACCESS CONTROL; CLOUD COMPUTING; SALES; WEB SERVICES;

CLOUD PLATFORMS; COMMERCIAL OPERATING SYSTEMS; COMMERCIAL SYSTEMS; MANDATORY ACCESS CONTROL; ON-DEMAND COMPUTING; SECURITY; SECURITY POLICY; TRUST ASSUMPTIONS;

TRUSTED COMPUTING;

EID: 84937691245     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2664168.2664180     Document Type: Conference Paper

References (63)

1. ANDERSON, J. P. Computer security technology planning study. Tech. Rep. ESD-TR-73-51, The Mitre Corporation, Air Force Electronic Systems Division, Hanscom AFB, Badford, MA, 1972.
2. Apache CloudStack. http://cloudstack.apache.org/.
3. Security starts with your operating system. http://www.argus-systems.com/home3.shtml, 2008.
4. Selinux/audit2allow. http://fedoraproject.org/wiki/SELinux/audit2allow.
5. BADGER, L., STERNE, D. F., SHERMAN, D. L., WALKER, K. M., AND HAGHIGHAT, S. A. A domain and type enforcement UNIX prototype. In Proceedings of the 5th USENIX Security Symposium (1995).
6. XTS-400 Trusted Computer System, from BEA Systems, 2008. http://www.baesystems.com/ProductsServices/bae-prod-csit-xts400.html.
7. BELL, D. E., AND LAPADULA, L. J. Secure computer system: Unified exposition and Multics interpretation. Tech. Rep. ESD-TR-75-306, Deputy for Command and Management Systems, HQ Electronic Systems Division (AFSC), L. G. Hanscom Field, Bedford, MA, March 1976. Also, MITRE Technical Report MTR-2997.
8. BIBA, K. J. Integrity considerations for secure computer systems. Tech. Rep. MTR-3153, MITRE, April 1977.
9. BOEBERT, W. E., AND KAIN, R. Y. A practical alternative to hierarchical integrity policies. In Proceedings of the 8th National Computer Security Conference (1985).
10. BUGIEL, S., NÜRNBERGER, S., PÖPPELMANN, T., SADEGHI, A., AND SCHNEIDER, T. AmazonIA: When elasticity snaps back. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS) (2011), pp. 389-400.
11. BUTT, S., LAGAR-CAVILLA, H. A., SRIVASTAVA, A., AND GANAPATHY, V. Self-service cloud computing. In Proceedings of the 2012 ACM conference on Computer and communications security (New York, NY, USA, 2012), CCS '12, ACM, pp. 253-264.
12. CVE-2012-3542. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3542.
13. CVE-2012-4456. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4456.
14. CVE-2014-0167. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0167.
15. CHEN, H., LI, N., AND MAO, Z. Analyzing and comparing the protection quality of security enhanced operating systems. In NDSS (2009).
16. Cloudlinux. http://www.cloudlinux.com/.
17. Oracle solaris 11. http://www.oracle.com/us/products/servers-storage/solaris/solaris11/overview/index.html/.
18. CORBATÓ, F. J., AND VYSSOTSKY, V. A. Introduction and overview of the multics system. In Proceedings of the November 30-December 1, 1965, Fall Joint Computer Conference, Part I (New York, NY, USA, 1965), AFIPS '65 (Fall, part I), ACM, pp. 185-196.
19. DENNING, D. A Lattice Model of Secure Information Flow. Communications of the ACM 19, 5 (1976).
20. CVE-2012-3360. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3360.
21. CVE-2012-3361. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3361.
22. CVE-2012-3447. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3447.
23. CVE-2013-0247. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0247.
24. CVE-2013-0270. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0270.
25. CVE-2014-2828. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2828.
26. Eucalyptus. https://www.eucalyptus.com/.
27. GIFFIN, J. T., JHA, S., AND MILLER, B. P. Detecting manipulated remote call streams. In Proceedings of the 11th USENIX Security Symposium (Berkeley, CA, USA, 2002), USENIX Association, pp. 61-79.
28. CVE-2014-0162. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0162.
29. HALLYN, S. E., AND KEARNS, P. Domain and type enforcement for Linux. In Proceedings of the 4th Annual Linux Showcase and Conference (Oct. 2000). At http://www.sagecertification.org/publications/library/proceedings/als00/2000papers/papers/full-papers/hallyn/hallyn-html/index.html.
30. HARDY, N. The confused deputy. Operating Systems Review 22, 4 (Oct. 1988), 36-38.
31. CVE-2011-4596. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4596.
32. CVE-2013-0208. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0208.
33. CVE-2014-0187. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0187.
34. LIDS Secure Linux System. http://www.lids.org/2008.
35. LOSCOCCO, P. A., SMALLEY, S. D., MUCKELBAUER, P. A., TAYLOR, R. C., TURNER, S. J., AND FARRELL, J. F. The Inevitability of Failure: The flawed assumption of security in modern computing environments. In Proceedings of the 21st National Information Systems Security Conference (October 1998), pp. 303-314.
36. MAYER, F., MACMILLAN, K., AND CAPLAN, D. SELinux by Example: Using Security-Enhanced Linux. Addison-Wesley, 2006.
37. MCILROY, M. D., AND REEDS, J. A. Multilevel security in the UNIX tradition. Software-Practice and Experience 22 (1992), 673-694.
38. NARAINE, R. Russinovich: Malware will thrive, even with Vista's UAC, April 2007. http://blogs.zdnet.com/security/?p=175.
39. AppArmor Linux application security. http://www.novell.com/linux/security/apparmor/2008.
40. Security-enhanced linux. http://www.nsa.gov/selinux.
41. OpenNebula. http://opennebula.org/.
42. OpenStack Open Source Cloud Computing Software. http://www.openstack.org//2008.
43. Openstack api quick start. http://docs.openstack.org/api/quick-start/content/.
44. OTT, A. Rsbac: Extending Linux security beyond the limits. http://www.rsbac.org/2008.
45. PROVOS, N. Improving host security with system call policies. In Proceedings of the 2003 USENIX Security Symposium (August 2003).
46. PROVOS, N., FRIEDL, M., AND HONEYMAN, P. Preventing privilege escalation. In Proceedings of the USENIX Security Symposium (Aug. 2003).
47. RISTENPART, T., TROMER, E., SHACHAM, H., AND SAVAGE, S. Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM conference on Computer and communications security (2009).
48. SALTZER, J. H., AND SCHROEDER, M. D. The protection of information in computer systems. Proceedings of the IEEE 63, 9 (September 1975).
49. SCHELL, R., TAO, T., AND HECKMAN, M. Designing the GEMSOS security kernel for security and performance. In Proceedings of the National Computer Security Conference (1985).
50. SCHELLHORN, G., REIF, W., SCHAIRER, A., KARGER, P. A., AUSTEL, V., AND TOLL, D. Verification of a formal security model for multiapplicative smart cards. In Proceedings of the European Symposium on Research in Computer Security (2000), pp. 17-36.
51. Selinux/mls. http://fedoraproject.org/wiki/SELinux/MLS.
52. SUN MICROSYSTEMS. Trusted Solaris 8 Operating System. http://www.sun.com/software/solaris/trustedsolaris/, Feb. 2006.
53. CVE-2012-4406. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4406.
54. Reference Policy. http://oss.tresys.com/projects/refpolicy 2008.
55. VARADARAJAN, V., KOOBURAT, T., FARLEY, B., RISTENPART, T., AND SWIFT, M. M. Resource-freeing attacks: Improve your cloud performance (at your neighbor's expense). In ACM Conference on Computer and Communications Security (2012), pp. 281-292.
56. VIJAYAKUMAR, H., GE, X., PAYER, M., AND JAEGER, T. JIGSAW: Protecting resource access by inferring programmer expectations. In Proceedings of the 23rd USENIX Security Symposium (Aug. 2014), pp. 973-988.
57. VIJAYAKUMAR, H., SCHIFFMAN, J., AND JAEGER, T. Process Firewalls: Protecting processes during resource access. In Proceedings of the Eighth ACM European Conference on Computer Systems (EuroSys) (2013), pp. 57-70.
58. WAGNER, D., AND DEAN, D. Intrusion detection via static analysis. In Proceedings of the 2001 IEEE Symposium on Security and Privacy (Washington, DC, USA, 2001), SP '01, IEEE Computer Society, pp. 156.
59. WAGNER, D., AND SOTO, P. Mimicry attacks on host-based intrusion detection systems. In Proceedings of the 9th ACM Conference on Computer and Communications Security (New York, NY, USA, 2002), CCS '02, ACM, pp. 255-264.
60. WATSON, R. N. M. TrustedBSD: Adding trusted operating system features to FreeBSD. In Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference (2001), pp. 15-28.
61. WRIGHT, C., COWAN, C., SMALLEY, S., MORRIS, J., AND KROAH-HARTMAN, G. Linux Security Modules: General security support for the Linux kernel. In Proceedings of the 11th USENIX Security Symposium (August 2002), pp. 17-31.
62. ZHANG, F., CHEN, J., CHEN, H., AND ZANG, B. Cloudvisor: Retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. In Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles (New York, NY, USA, 2011), SOSP '11, ACM, pp. 203-216.
63. ZHANG, Y., AND REITER, M. K. Düppel: Retrofitting commodity operating systems to mitigate cache side channels in the cloud. In ACM Conference on Computer and Communications Security (2013).