31
1 Cloud Computing Security in the Tactical Environment the Difference a Year Makes “This document does not contain technical data as defined by the International Traffic in Arms Regulations, 22 CFR 120.10(a), or technology as defined by the Department of Commerce Export Administration Regulations, and is therefore authorized for publication.” Copyright © Raytheon Company. All rights reserved. Panel Coordinator / Moderator: Noel Ellis (Eli) Johnson 260-429-5457 Email: [email protected]

Cloud Computing Security in the Tactical Environment the Difference a · PDF file · 2015-11-10Cloud Computing Security in the Tactical Environment – the Difference a Year Makes

  • Upload
    vancong

  • View
    222

  • Download
    2

Embed Size (px)

Citation preview

Page 1: Cloud Computing Security in the Tactical Environment the Difference a · PDF file · 2015-11-10Cloud Computing Security in the Tactical Environment – the Difference a Year Makes

1

Cloud Computing Security in the Tactical

Environment – the Difference a Year Makes

“This document does not contain technical data as defined by the International Traffic in Arms Regulations, 22 CFR 120.10(a), or technology as defined by the Department of Commerce Export Administration Regulations, and is therefore authorized for publication.”

Copyright © Raytheon Company. All rights reserved.

Panel Coordinator / Moderator: Noel Ellis (Eli) Johnson 260-429-5457 Email: [email protected]

Page 2: Cloud Computing Security in the Tactical Environment the Difference a · PDF file · 2015-11-10Cloud Computing Security in the Tactical Environment – the Difference a Year Makes

2 2

Panel Topic & Members…

Panel Topic: Cloud Computing Security in the Tactical Environment, the Difference a Year Makes

Panel Coordinator / Moderator, Noel Ellis (Eli) Johnson – Raytheon Sr. Principal Systems Engineer, CISSP-ISSEP, CSSLP, Tactical Communications Solutions,

multiple program supports as a Cybersecurity Subject Matter Expert,

Dr. Jeff Boleng, Carnegie Mellon University, Software Solutions Division, Software Engineering Institute,

Principal Research Scientist

Professor; Elisa Bertino , Purdue University, Professor CS, Research Director of CERIAS, Director of Cyber Center,

Mr. Randall Brooks, Raytheon, Raytheon Engineering Fellow,

Member of the Technical Staff

Mr. David A. Smith, Raytheon Certified Architect, Chair Cloud TIG C4I Business Area Technical Lead

UNCLASSIFIED UNCLASSIFIED

UNCLASSIFIED

Page 3: Cloud Computing Security in the Tactical Environment the Difference a · PDF file · 2015-11-10Cloud Computing Security in the Tactical Environment – the Difference a Year Makes

3 3

Panel Format…

Panel Topic: Cloud Computing Security in the Tactical Environment

Each panel member will have 3-5 minutes to provide an initial position statement, Discussion based on initial position statements & moderator questions, Half hour will be reserved for questions from the audience, Each panel member will be provided 5 minutes final remarks,

Noel Ellis (Eli) Johnson – Raytheon

Provide the context of challenges and opportunities of Cloud Computing Security in the Tactical Environment

Opening position statements.

Dr. Jeff Boleng, Carnegie Mellon University, Software Solutions Division, Software Engineering Institute,

Professor; Elisa Bertino , Purdue University, Mr. Randall Brooks, Raytheon, Raytheon Engineering Fellow, Mr. David A. Smith, Raytheon Certified Architect, Chair Cloud TIG

UNCLASSIFIED UNCLASSIFIED

UNCLASSIFIED

Page 4: Cloud Computing Security in the Tactical Environment the Difference a · PDF file · 2015-11-10Cloud Computing Security in the Tactical Environment – the Difference a Year Makes

4 4

What is Cloud Computing ?

NIST SP 800-145, Mell and Grance, 2011 Cloud computing is a model for enabling ubiquitous, convenient, on-demand network

access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models.

Essential Characteristics, Rapid Elasticity Resource Pooling Measured Service Broad network access On-demand self-service

Service Models Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS)

Deployment Models Public Cloud, Hybrid Cloud, Private Cloud, Community Cloud,

Page 5: Cloud Computing Security in the Tactical Environment the Difference a · PDF file · 2015-11-10Cloud Computing Security in the Tactical Environment – the Difference a Year Makes

5 5

Cloud Computing Security in the Tactical Environments,

Not all Tactical Environments are the Same !

• Types of Cloud Computing Services • Software as a Service (SaaS)

• Platform as a Service (PaaS)

• Infrastructure as a Service (IaaS),

• Core Advantages • Flexibility,

• Highly automated,

• Shared Resources,

• Increased storage,

• Pay for what your use,

• Back up and restoration,

• Easy installation and maintenance,

• Core Disadvantages • Cost,

• Limited flexibility,

• Data security and privacy,

• Knowledge and integration,

• Dependence on outside agencies,

• Network connectivity and bandwidth,

• Long term stability of service provider,

• Service unavailability due to a variety of reasons,

UNCLASSIFIED

UNCLASSIFIED

Page 6: Cloud Computing Security in the Tactical Environment the Difference a · PDF file · 2015-11-10Cloud Computing Security in the Tactical Environment – the Difference a Year Makes

6 6

USG & DoD Transitioning to the Cloud…

The Transition has begun: Is it secure? Will it meet the goals?

UNCLASSIFIED UNCLASSIFIED

UNCLASSIFIED

FedRAMP – Federal Risk and Authorization Management Program – Cloud computing for USG DoD Cloud Computing Security Requirements Guide (SRG) Version 1, Release 1, 1/13/2015 National Institute of Standards and Technology (NIST)

Cloud Computing Strategy working paper, April 2011 USG Cloud Computing Technology Roadmap Volume 1 Release 1.0 (Draft) November 2011

NIST Federal Information Processing Standards (FIPS) and Special Publication (SP) Relevant to Cloud Computing FIPS 199; Minimum Security Requirements for Federal Information and Information Systems NIST SP 500-291; NIST Cloud Computing Standards Roadmap, Version 2.0, July 2013 NIST SP 500-292; NIST Cloud Computing Reference Architecture, September 2011, NIST SP 800-37; Guide for Applying the Risk Management Framework to Federal Information Systems; A Security Life Cycle

Approach; NIST SP 800-53 Rev.4; Security and Privacy Controls for Federal Information systems and Organizations; NIST SP 800-53A Rev.3; Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Build

Effective Assessment Plans; June 2010; NIST SP 800-92; Guide to Computer Security Log Management; September 2006 NIST SP 800-125; Guide to Security for Full Virtualization Technologies; January 2011 NIST SP 800-137; Information Security Continuous Monitoring for Federal Information Systems and Organizations;

September 2011; NIST SP 800-144; Guidelines on Security and Privacy Issues in Public Cloud Computing, December 2011 NIST SP 800-145; The NIST Definition of Cloud Computing; September 2011 NIST SP 800-146; Cloud Computing Synopsis and Recommendations; May 2012

Page 7: Cloud Computing Security in the Tactical Environment the Difference a · PDF file · 2015-11-10Cloud Computing Security in the Tactical Environment – the Difference a Year Makes

7 7

The Solution must address…

UNCLASSIFIED

UNCLASSIFIED

Timely Keep Bad Guys & Malware Out

Cloud

Computing,

COTS &

GOTS Device(s)

& Types

Page 8: Cloud Computing Security in the Tactical Environment the Difference a · PDF file · 2015-11-10Cloud Computing Security in the Tactical Environment – the Difference a Year Makes

8

Cloud Security at the Edge Jeff Boleng, PhD

Principal Research Scientist

Dr. Jeff Boleng, Carnegie Mellon University,

Software Solutions Division, Software Engineering

Institute,

Introduction & Opening Statement of Panel Member

Page 9: Cloud Computing Security in the Tactical Environment the Difference a · PDF file · 2015-11-10Cloud Computing Security in the Tactical Environment – the Difference a Year Makes

9 9

Copyright 2015 Carnegie Mellon University and IEEE This material is based upon work funded and supported by the Department of Defense under Contract No. FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN “AS-IS” BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. This material has been approved for public release and unlimited distribution. This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use. Requests for permission should be directed to the Software Engineering Institute at [email protected]. DM-0002951

Page 10: Cloud Computing Security in the Tactical Environment the Difference a · PDF file · 2015-11-10Cloud Computing Security in the Tactical Environment – the Difference a Year Makes

10 10

• Dr. Jeff Boleng, PhD, Principal Research Scientist, Software Solutions Division, Software Engineering Institute, Carnegie Mellow University

• Since 2012, Advanced Mobile Systems Team

• Co-PI of Tactical Computing and Communications and Tactical Analytics research at SEI

• Research areas: Context Computing, Mobile Ad Hoc Networks, Scientific Computing, Parallel and Distributed Systems

• BS in CS from US Air Force Academy 1991, MS and PhD from Colorado School of Mines (1997 and 2002) in Mathematical and Computer Sciences

• 25 years experience as AF Cyber Operation Officer, deployable networks, command post integration, 21st Mission Support Squadron Commander

• 8 years on faculty at USAFA as Associate Professor, 4 years as Deputy Computer Science Department Head

Jeff Boleng, PhD, CMU/SEI

Page 11: Cloud Computing Security in the Tactical Environment the Difference a · PDF file · 2015-11-10Cloud Computing Security in the Tactical Environment – the Difference a Year Makes

11 11

Securing the cloud

• Tail of two layers

– Infrastructure

– Services

• Securing each is different

• Infrastructure

– Largely virtualized

– Depends on security of every VM

• Services

– “Secured” by numerous external administrators

Largest risk to the hypervisor is through poorly secured services

Page 12: Cloud Computing Security in the Tactical Environment the Difference a · PDF file · 2015-11-10Cloud Computing Security in the Tactical Environment – the Difference a Year Makes

12 12

Securing the Services*

• Simplify!

• Simple, well defined, and enforced interfaces

• “Do one thing and do it well” -- Doug McIlroy

• Favor composability over monolithic design

• Assume components are compromised

– Use fail-safe/fail-secure design

– Never implicitly trust the results of another service

– Always ask “What will my service do when it fails?”

*Note: these ideas aren’t new or mine. Thanks to Ken Thompson, Dennis Ritchie, Brian Kernighan, Rob Pike, Doug McIlroy, Eric Raymond and others…

Page 13: Cloud Computing Security in the Tactical Environment the Difference a · PDF file · 2015-11-10Cloud Computing Security in the Tactical Environment – the Difference a Year Makes

13 13

Piping diagram of a Westinghouse Air Brake System - 1909

Page 14: Cloud Computing Security in the Tactical Environment the Difference a · PDF file · 2015-11-10Cloud Computing Security in the Tactical Environment – the Difference a Year Makes

14 14

Elisha Otis’s elevator patent drawing, 15 January 1861

Page 15: Cloud Computing Security in the Tactical Environment the Difference a · PDF file · 2015-11-10Cloud Computing Security in the Tactical Environment – the Difference a Year Makes

15 15

Microservice architectures

• Modular operating system containers

– Docker and LXC

– OSv

– Unikernels and MirageOS

– CoreOS

– Intel Clear Containers

• Small, lightweight, typically single process, multi-

threaded VMs built with only the OS and library

components necessary to support the code

implementing the service

Page 16: Cloud Computing Security in the Tactical Environment the Difference a · PDF file · 2015-11-10Cloud Computing Security in the Tactical Environment – the Difference a Year Makes

16 16

Microservice architectures • Our experience on an embedded robotics sensor system

– OSv with nanoMsg and protocol buffers on Xen

– ≈12Mb VM on disk, ≈60Mb VM when running

– Redis benchmark ≈30% faster in OSv container

– No other OS service running (i.e. only 1 or 2 ports open at all)

• Pros

– ↑ cohesion ↓ coupling

– Forces rigorous commitment to interfaces and standardization

– Small size on disk and in RAM

– Faster startup and migration

– Reduced attack surface and complexity

– High availability (redundancy, load balancing, fail over) techniques from data center

experience directly applicable

• Cons

– Timing, network latency, etc. (all the distributed computing challenges)

– Startup and shutdown orchestration

– Service discovery

Page 17: Cloud Computing Security in the Tactical Environment the Difference a · PDF file · 2015-11-10Cloud Computing Security in the Tactical Environment – the Difference a Year Makes

17 17

Simplicity is the ultimate sophistication -Leonardo da Vinci

Page 18: Cloud Computing Security in the Tactical Environment the Difference a · PDF file · 2015-11-10Cloud Computing Security in the Tactical Environment – the Difference a Year Makes

18

Sensor-Cloud:

Opportunities and Research Directions Elisa Bertino

Purdue University

Cyber

Center

Professor; Elisa Bertino , Purdue University,

Professor CS, Research Director of CERIAS, Director of Cyber

Center,

Introduction & Opening Statement of Panel Member

Page 19: Cloud Computing Security in the Tactical Environment the Difference a · PDF file · 2015-11-10Cloud Computing Security in the Tactical Environment – the Difference a Year Makes

19 19

Definitions and Conceptual Architecture

Military Target Tracking Natural Disaster Relief

What is a Sensor-Cloud? An Infrastructure supporting pervasive computation based on: • sensors as an interface between physical and cyber

worlds • the cloud as the cyber backbone • the Internet and wireless technologies as the

communication medium

IoT and NoT These recent trends will further accelerate the deployment of sensor networks and sensor-based applications

Drones and UAV The use of these devices will multiply the opportunities for collecting data from (possibly mobile) sensors on-the-ground and for managing these sensors

Page 20: Cloud Computing Security in the Tactical Environment the Difference a · PDF file · 2015-11-10Cloud Computing Security in the Tactical Environment – the Difference a Year Makes

20 20

Research Directions

Diagram from: A. Alamri et al. A Survey on Sensor-Cloud: Architectures, Applications, and Approaches, 2013.

• Network access management • Encryption techniques for small devices • Sensor software and firmware security • Secure sensor localization techniques • Provenance techniques for sensors • Tools supporting the deployment and

monitoring of sensors, and the design of sensor-based data collection applications

• Data fusion techniques to assess and enhance sensor data trustworthiness

• Fault-tolerant and reliable continuous data acquisition

• Efficient sensor streamed data processing techniques

• Event processing and management • Privacy for sensor-based applications and data

Page 21: Cloud Computing Security in the Tactical Environment the Difference a · PDF file · 2015-11-10Cloud Computing Security in the Tactical Environment – the Difference a Year Makes

21

Introduction & Opening Statement of Panel Member

Mr. Randall Brooks, Raytheon, Raytheon Engineering Fellow,

Member of the Technical Staff

Page 22: Cloud Computing Security in the Tactical Environment the Difference a · PDF file · 2015-11-10Cloud Computing Security in the Tactical Environment – the Difference a Year Makes

22 22

Position Statement

• Cloud Security is difficult to achieve in a tactical

environment. It is faced with connectivity issues, a

lack of elasticity and limited Infrastructure as a

Service (IaaS) and Platform as a Service (PaaS)

providers.

Outer Router

On Prem Server Farm

FirewallProxy

(Deep Packet Inspection)

IaaSServer Farm

SaaSProvider

PaaSServer Farm

Host Operating System

Clo

ud

Ap

plic

atio

n (

ho

sted

VM

)

Clo

ud

Ap

plic

atio

n (

ho

sted

VM

)

Clo

ud

Ap

plic

atio

n (

ho

sted

VM

)

Clo

ud

Ap

plic

atio

n (

ho

sted

VM

)

App A App A App B App C

Mobile User

IsolatedServices

Page 23: Cloud Computing Security in the Tactical Environment the Difference a · PDF file · 2015-11-10Cloud Computing Security in the Tactical Environment – the Difference a Year Makes

23 23

Cloud Computing

• Essential

Characteristics:

– Rapid Elasticity

– Resource Pooling

– Measured Service

– Broad network access

– On-demand self-

service

PaaS

Host Operating System

Clo

ud

Ap

plic

atio

n (

ho

sted

VM

)

Clo

ud

Ap

plic

atio

n (

ho

sted

VM

)

Clo

ud

Ap

plic

atio

n (

ho

sted

VM

)

Clo

ud

Ap

plic

atio

n (

ho

sted

VM

)

App A App A App B App C

• NIST SP 800-145, Mell and Grance, 2011

– Cloud computing is a model for enabling ubiquitous, convenient, on-demand

network access to a shared pool of configurable computing resources (e.g.,

networks, servers, storage, applications, and services) that can be rapidly

provisioned and released with minimal management effort or service provider

interaction. This cloud model is composed of five essential characteristics, three

service models, and four deployment models.

Page 24: Cloud Computing Security in the Tactical Environment the Difference a · PDF file · 2015-11-10Cloud Computing Security in the Tactical Environment – the Difference a Year Makes

24 24

Cloud Computing Models

• Service Models

– Software as a Service

(SaaS)

– Platform as a Service

(PaaS)

– Infrastructure as a

Service (IaaS)

• Deployment Models

– Public Cloud

– Hybrid Cloud

– Private Cloud

– Community Cloud

IaaSServer Farm

SaaSProvider

PaaSServer Farm

Host Operating System

Clo

ud

Ap

plic

atio

n (

ho

sted

VM

)

Clo

ud

Ap

plic

atio

n (

ho

sted

VM

)

Clo

ud

Ap

plic

atio

n (

ho

sted

VM

)

Clo

ud

Ap

plic

atio

n (

ho

sted

VM

)

App A App A App B App C

IaaSServer Farm

SaaSProvider

PaaSServer Farm

Host Operating System

Clo

ud

Ap

plic

atio

n (

ho

sted

VM

)

Clo

ud

Ap

plic

atio

n (

ho

sted

VM

)

Clo

ud

Ap

plic

atio

n (

ho

sted

VM

)

Clo

ud

Ap

plic

atio

n (

ho

sted

VM

)

App A App A App B App C

Page 25: Cloud Computing Security in the Tactical Environment the Difference a · PDF file · 2015-11-10Cloud Computing Security in the Tactical Environment – the Difference a Year Makes

25 25

The Notorious Nine: Cloud Computing Top Threats

• Data Breaches

• Data Loss

• Account Hijacking

• Insecure APIs

• Denial of Service

• Malicious Insiders

• Abuse of Cloud Services

• Insufficient Due Diligence

• Shared Technology Issue

Page 26: Cloud Computing Security in the Tactical Environment the Difference a · PDF file · 2015-11-10Cloud Computing Security in the Tactical Environment – the Difference a Year Makes

26 26

Mr. David A. Smith, Raytheon Certified Architect, Chair Cloud

TIG

C4I Business Area Technical Lead

Introduction & Opening Statement of Panel Member

Page 27: Cloud Computing Security in the Tactical Environment the Difference a · PDF file · 2015-11-10Cloud Computing Security in the Tactical Environment – the Difference a Year Makes

27 27

The Power of Cloud Applications

Instances are added, deleted, and restarted by the application

itself based on need.

Security is built in, or not, to the application.

(Mobile) User Interface

Service Interfaces

Service Processing

Data

Cloud Application Designs are Scalable and Resilient – when connected

Cloud Native Applications are built differently.

Stateless services are composed

of many separate, identical instances.

Page 28: Cloud Computing Security in the Tactical Environment the Difference a · PDF file · 2015-11-10Cloud Computing Security in the Tactical Environment – the Difference a Year Makes

28 28

The Solution must address…

UNCLASSIFIED

UNCLASSIFIED

Timely Keep Bad Guys & Malware Out

Cloud

Computing,

COTS &

GOTS Device(s)

& Types

Page 29: Cloud Computing Security in the Tactical Environment the Difference a · PDF file · 2015-11-10Cloud Computing Security in the Tactical Environment – the Difference a Year Makes

29 29

Mr. David A. Smith, Raytheon Certified Architect, Chair Cloud TIG

C4I Business Area Technical Lead

Mr. Randall Brooks, Raytheon, Raytheon Engineering Fellow,

Member of the Technical Staff

Professor; Elisa Bertino , Purdue University, Professor CS, Research Director of CERIAS, Director of Cyber

Center,

Dr. Jeff Boleng, Carnegie Mellon University, Software Solutions Division, Software Engineering Institute,

Principal Research Scientist

Panel Coordinator / Moderator, Noel Ellis (Eli) Johnson – Raytheon Sr. Principal Systems Engineer,

Closing Comments

Page 30: Cloud Computing Security in the Tactical Environment the Difference a · PDF file · 2015-11-10Cloud Computing Security in the Tactical Environment – the Difference a Year Makes

30 30

Questions !!

Page 31: Cloud Computing Security in the Tactical Environment the Difference a · PDF file · 2015-11-10Cloud Computing Security in the Tactical Environment – the Difference a Year Makes

31 31

Biography

Noel Ellis (Eli) Johnson, CISSP-ISSEP, CSSLP Information Systems Security Engineer Business Unit: SAS Location: Fort Wayne Email: [email protected] Office Phone: 260.429.5457

Mr. Johnson is a Senior Principal Engineer at Raytheon with over 26 years’ experience in designing security and information assurance (IA) solutions for the Defense and Commercial Telecommunications markets.

Mr. Johnson recently was the Principal Investigator for secure mobility and supports the development and capture of a wide variety of crypto modern solutions for Type 1 applications as an IA subject matter expert.

Mr. Johnson holds the following International Information Systems Security Certification Consortium (ISC)2 certification credentials: Certified Information Systems Security Professional (CISSP) Information Systems Security Engineering Professional (ISSEP) Certified Secure Software Lifecycle Professional (CSSLP)

Mr. Johnson supports the International Information Systems Security Certification Consortium (ISC)2 Information Systems Security Engineering Professional (ISSEP) credential as a volunteer domain expert to perform Job Task Analyses and writes domain related items for the internationally recognized credential examination.

Mr. Johnson has published articles relating to Cryptographic Solutions for Mobile Devices and Secure Mobility in 2011 and 2012, presented at MILCOM 2012, panel chair for MILCOM 2014 & MILCOM 2015 relating to Cloud Computing Security.