1

SECURING ELASTIC APPLICATIONS ON MOBILE DEVICESFOR CLOUD COMPUTINGXinwen Zhang ,Joshua Schiffman,Simon Gibbs

2009 ACM Cloud Computing Security Workshop (CCSW)

2

Outline

Introduction Issue and challenges Elastic Framework Architecture Threat Model Security Objectives Authentication Authorization Conclusion

3

Introduction

Cloud computing delivers new computing models for service providers and individual consumers Infrastructure-as-a-service (IaaS), Platform-as-a-service (PaaS), Software-as-a-service (SaaS)

Enable novel IT business models Resource-on-demand, pay-as-you-go, and utility-computing

Research exploration The benefits of cloud computing Cloud aware

applications

4

Issue

In the scope of consumer electronic (CE) devices, applications traditionally are constrained by limited resources such as low CPU frequency, small memory, and a battery-

powered computing environment. We aim to design an elastic services protocol,

which are augmented CE devices with cloud-based functionality. Executing elastic applications that can run

efficiently on resource constrained devices. Seamlessly and transparently making use of cloud

resources whenever needed

5

Key Definition in this paper

Weblet: One or more weblet can consist of an elastic

application. function independently, but communicate with each

other. Elasticity manager:

Installed in mobile devices Make decisions where weblet should be launched.

Elasticity service: Residing on the cloud Arranges the execution resources of the weblet

launched on the cloud

6

Elastic Application Overview

Elastic service may not be the Iaas/Paas Provider

7

Scenario

Weblet should be launched on one or more platforms in the cloud: Computation or communication intensive weblets

usually strain the processors of mobile devices Such as image and video processing

Launched on the device: Needing extensive access to local data.

Such as User interface components (UI). Fast response is not a requirement. Cost concern Device is offline

8

Challenges(1/2)

A new application model is needed: Support applications partitioned into

multiple components Can run autonomously from the others [14,11] Communication[7]

An appropriate protocol is needed between weblets during runtime Synchronize the state of the application

[7] R. K. Balan, M. Satyanarayanan, S. Park, and T. Okoshi. Tactics-based remote execution for mobile computing. In Proc. of MobiSys, 2003.[14] A. Messer, I. Greenberg, P. Bernadat, D. Milojicic, D. Chen,T. Giuli, and X. Gu. Towards a distributed platform for resource-constrained devices. Technical Report HPL-2002-26, HP Laboratories, 2002.[11] G. C. Hunt, M. L. Scott, G. C. Hunt, and M. L. Scott. The coign automatic distributed partitioning system. In Proc. Of OSDI, 1999.

9

Challenges(2/2)

A set of cost objective functions are needed Should be optimized when elastic

scheduling decisions are made Security and privacy

considering some sensitive weblets and data migrating from device to cloud.

10

Elastic Framework Architecture

11

Security Assumptions

We place trust in the Cloud Elasticity Services (CES) including cloud manager, application manager, cloud node manager, and CFI. Note. this assumption does not mean we

completely trust the IaaS/Paas providers. Also, as part of the elastic framework we

trust the elasticity manager on each device. We require that each user should first pair

their DEM with a CES.

12

Threat Model : Threats to Mobile Devices

Malware targeting mobile devices such as smartphones have become prevalent. including Symbian and iPhone platforms [12, 2]

Malware can compromise the Device Elasticity Manager(DEM).

Compromise of the device’s sensing components

Bypass the elasticity manager and launch weblets on cloud platforms on behalf of the user

[12] M. Hypponen. State of cell phone malware in 2007, http://www.usenix.org/events/sec07/tech/hypponen.pdf.[2] Mcafee mobile security report 2009, http://www.mcafee.com/us/local_content/reports/mobile_security_report_2009.pdf.

13

Threat Model: Threats to Cloud Platform and Application Container Misconfigurations of critical cloud

components could lead to weblet compromise Weak authentication Access control settings Software vulnerabilities

Malicious entities can change network and cost settings, or even cloud sensing information

Other malicious activities can consume resources of cloud platform such as CPU cycles, storage, and network traffic.

14

Threat Model: Threats to Communication Channels

Threats exist from active network entities such as packet injection and Man-in-the-Middle (MITM) attacks Eavesdrop DDoS

Not only exhaust bandwidth resources, but also result in excessive charges to user accounts

15

Security Objectives

Trustworthy weblet containers on both device and cloud: How trust is established with the container should not

only rely on social and legal agreements (e.g., those for cloud providers), but also via technical mechanisms such as integrity measurement and attestation [4, 16].

Authentication and secure session management Authorization and access control Logging and auditing

Behaviors of weblets should be logged and audited routinely to prevent malicious activities[4] Tcg mobile reference architecture specification,

https://www.trustedcomputinggroup.org/specs/mobilephone/tcg-mobile-reference-architecture-1.0.pdf.[16]R. Sailer, T. Jaeger, X. Zhang, and L. van Doorn. Attestation-based policy enforcement for remote access. In Proc. of ACM CCS, 2004.

16

Secure Installation of Elastic Applications(1/2)

Manifest: description of the application the developer signed SHA1 hash values of

the individual weblets The location Where individual weblets can

be installed and executed, (e.g., migratable, cloud side only, or device side

only).

17

Secure Installation of Elastic Applications(2/2)

User downloads and installs an application the installer will recompute and compare their hashes and with those in the bundle

As an installation option, parts of the elastic application can be installed by the application manager into the CES. The cloud-based application manager also can

download the same application from an application store

To save communication overhead of mobile device.

18

Building Authentication between Weblets

Goal: enable a weblet to authenticate another

weblet of the same application in different location

19

wsk: weblet session keyswss: weblet secretSig: Signature(use HMAC)

20

Secure Migration

Assumption: VM migration by cloud infrastructure is

transparent to end users and applications including SaaS providers

If the VM’s IP address changes, the cloud provider would provide migration events and status to other service providers

21

Secure Migration

22

Authorization of Weblets:Scennario

23

Authorization of Weblets(1/2) Shared user credentials

Each weblet has user credentials such as username and password or digital certificate of the web service.

simplest solution, but implies that each weblet can represent the user

and introduces risks, especially for those on cloud. Shared session information

it shares application session key (ask) and secret(ass) Safer solution than the first one

Usually is only valid for a short time period after authentication

24

Authorization of Weblets(2/2) Cloud based weblet forwards the requests to the

authenticated device weblet, which has ask and ass. This enhances the security as session information is only

available on the device. Multiple re-directions are needed communication

overhead OAuth-like authentication

It generates an authentication challenge on behalf of the user and redirects any responded authentication URL to the UI.

If success, device weblet re-directs the resulting session information to the original requesting cloud weblet

User can choose by himself.

25

Conclusion & Future work

To augment computing, storage, and communication capabilities of applications for resource-constrained devices.

We are developing an elastic application framework with new application model and elasticity infrastructure.

This paper analyzes security threats to elastic applications and identifies security objectives that should be provided by the infrastructure

We then propose authentication, secure migration, and different approaches to authorize weblets.

Future work: A cost service for mobile users running elastic applications