Tag Archives: virtual machine

Predicting Performance Anomalies In Cloud Systems

Leave a reply

Researchers from North Carolina State University have developed a new software tool to prevent performance disruptions in cloud computing systems by automatically identifying and responding to potential anomalies before they can develop into problems. Cloud computing enables users to create multiple “virtual machines” that operate independently, even though they are all operating on one large computing platform. However, this approach can cause performance issues when a software bug, or other problem, in one virtual machine disrupts the entire cloud.

Now researchers have designed software that looks at the amount of memory being used, network traffic, CPU usage and other system-level data in a cloud computing infrastructure to develop a definition of the wide range of behaviors that can be considered “normal.” CPU usage is the amount of computing power being used at any given time. The program defines normal behavior for every virtual machine in the cloud, and can then look for deviations and predict anomalies that could affect the system’s ability to provide service to users.

One advantage of this approach is that it does not require users to provide so-called “training data” about what constitutes abnormal behavior, which is important because training data are often difficult to obtain in production cloud systems. Moreover, this approach is also able to predict anomalies that have never been seen before.

If the program spots a virtual machine that is deviating from its normal behavior, it runs a “black box” diagnostic that can determine which metrics — such as CPU usage — may be affected, without exposing user data. This metric data can then be used to trigger the appropriate prevention system, which will address the deviation and prevent it from becoming a problem.

“If we can identify the initial deviation and launch an automatic response, we can not only prevent a major disturbance, but actually prevent the user from even experiencing any change in system performance,” says Dr. Helen Gu, an assistant professor of computer science at NC State and co-author of a paper describing the research. “Also, it’s important to note that this program does not access any user’s individual information. We’re looking only at system-level behavior.”

The program is also lightweight, meaning it does not use much of the cloud’s computing power to operate. It is able to collect the initial data and define normal behavior much faster than existing approaches. Once it is up and running, it uses less than 1 percent of the CPU load and 16 megabytes of memory.

In benchmark testing, the program identified up to 98 percent of anomalies, which is much higher than the rate found in existing approaches. “It also had a 1.7 percent rate of false positives, meaning it triggered very few false alarms,” Gu says. “And because the false alarms resulted in automatic responses, which are easily reversible, the cost of the false alarms is negligible.”

Gu says her team’s next step is to incorporate more detailed “white box” diagnostic tools into the software, so they can identify the software bugs causing any anomalies and correct them.

The paper, “UBL: Unsupervised Behavior Learning for Predicting Performance Anomalies in Virtualized Cloud Systems,” was co-authored by NC State Ph.D. students Daniel Dean and Hiep Nguyen. The paper will be presented Sept. 20 at the 9th Annual ACM International Conference on Autonomic Computing in San Jose, Calif. The research was supported by the National Science Foundation, the U.S. Army Research Office, an IBM faculty award and a Google research award.

Source

SaaS, PaaS, and IaaS: A Security Checklist for Cloud Models

2 Replies

How does security apply to Cloud Computing? In this article, we address this question by listing the five top security challenges for Cloud Computing, and examine some of the solutions to ensure secure Cloud Computing.

Organizations and enterprises are increasingly considering Cloud Computing to save money and to increase efficiency. However, while the benefits of Cloud Computing are clear, most organizations continue to be concerned about the associated security implications. Due to the shared nature of the Cloud where one organization’s applications may be sharing the same metal and databases as another firm, Chief Security Officers (CSOs) must recognize they do not have full control of these resources and consequently must question the inherent security of the Cloud. However, it is important to note that Cloud Computing is not fundamentally insecure; it just needs to be managed and accessed in a secure way.

All Cloud Models Are Not the Same

Although the term Cloud Computing is widely used, it is important to note that all Cloud Models are not the same. As such, it is critical that organizations don’t apply a broad brush one-size fits all approach to security across all models. Cloud Models can be segmented into Software as a Service (Saas), Platform as a service (PaaS) and Integration as a Service (IaaS). When an organization is considering Cloud security it should consider both the differences and similarities between these three segments of Cloud Models:

SaaS: this particular model is focused on managing access to applications. For example, policy controls may dictate that a sales person can only download particular information from sales CRM applications. For example, they are only permitted to download certain leads, within certain geographies or during local office working hours. In effect, the security officer needs to focus on establishing controls regarding users’ access to applications.

PaaS: the primary focus of this model is on protecting data. This is especially important in the case of storage as a service. An important element to consider within PaaS is the ability to plan against the possibility of an outage from a Cloud provider. The security operation needs to consider providing for the ability to load balance across providers to ensure fail over of services in the event of an outage. Another key consideration should be the ability to encrypt the data whilst stored on a third-party platform and to be aware of the regulatory issues that may apply to data availability in different geographies.

IaaS: within this model the focus is on managing virtual machines. The CSOs priority is to overlay a governance framework to enable the organization to put controls in place regarding how virtual machines are created and spun down thus avoiding uncontrolled access and potential costly wastage.

The following check-list of Cloud Security Challenges provides a guide for Chief Security Officers who are considering using any or all of the Cloud models.

For CSOs focused on PaaS

Challenge #1: Protect private information before sending it to the Cloud

There are already many existing laws and policies in place which disallow the sending of private data onto third-party systems. A Cloud Service Provider is another example of a third-party system, and organizations must apply the same rules in this case. It’s already clear that organizations are concerned at the prospect of private data going to the Cloud. The Cloud Service Providers themselves recommend that if private data is sent onto their systems, it must be encrypted, removed, or redacted. The question then arises “How can the private data be automatically encrypted, removed, or redacted before sending it up to the Cloud Service Provider”. It is known that encryption, in particular, is a CPU-intensive process which threatens to add significant latency to the process.

Any solution implemented should broker the connection to the Cloud Service and automatically encrypt any information an organization doesn’t want to share via a third party. For example, this could include private or sensitive employee or customer data such as home addresses or social security numbers, or patient data in a medical context. CSOs should look to provide for on-the-fly data protection by detecting private or sensitive data within the message being sent up to the Cloud Service Provider, and encrypting it such that only the originating organization can decrypt it later. Depending on the policy, the private data could also be removed or redacted from the originating data, but then re-inserted when the data is requested back from the Cloud Service Provider.

For CSOs Focused on SaaS

Challenge #2: Don’t replicate your organization in the Cloud

Large organizations using Cloud services face a dilemma. If they potentially have thousands of employees using Cloud services, must they create thousands of mirrored users on the Cloud platform? The ability to circumvent this requirement by providing single sign-on between on-premises systems and Cloud negates this requirement.

Users with multiple passwords are also a potential security threat and a drain on IT Help Desk resources. The risks and costs associated with multiple passwords are particularly relevant for any large organization making its first foray into Cloud Computing and leveraging applications or SaaS. For example, if an organization has 10,000 employees, it is very costly to have the IT department assign new passwords to access Cloud Services for each individual user. For example, when the user forgets their password for the SaaS service, and resets it, they now have an extra password to take care of.

By leveraging single sign-on capabilities an organization can enable a user to access both the user’s desktops and any Cloud Services via a single password. In addition to preventing security issues, there are significant costs savings to this approach. For example, single sign-on users are less likely to lose passwords reducing the assistance required by IT helpdesks. Single sign-on is also helpful for the provisioning and de-provisioning of passwords. [Editor's note: Also read Role management software--how to make it work for you.] If a new user joins or leaves the organization there is only a single password to activate or deactivate vs. having multiple passwords to deal with. In a nutshell, the danger of not having a single sign-on for the Cloud is increased exposure to security risks and the potential for increased IT Help Desk costs, as well the danger of dangling accounts after users leave the organizations, which are open to rogue usage.

For CSOs focused on PaaS

Challenge #3: Keep an Audit Trail

Usage of Cloud Services is on a paid-for basis, which means that the finance department will want to keep a record of how the service is being used. The Cloud Service Providers themselves provide this information, but in the case of a dispute it is important to have an independent audit trail. Audit trails provide valuable information about how an organization’s employees are interacting with specific Cloud services, legitimately or otherwise!

The end-user organization could consider a Cloud Service Broker (CSB) solution as a means to create an independent audit trail of its cloud service consumption. Once armed with his/her own records of cloud service activity the CSO can confidently address any concerns over billing or to verify employee activity. A CSB should provide reporting tools to allow organizations to actively monitor how services are being used. There are multiple reasons why an organisation may want a record of Cloud activity, which leads us to discuss the issue of Governance.

For CSOs focused on IaaS

Challenge #4: Governance: Protect yourself from rogue cloud usage and redundant Cloud providers

The classic use case for Governance in Cloud Computing is when an organization wants to prevent rogue employees from mis-using a service. For example, the organization may want to ensure that a user working in sales can only access specific leads and does not have access to other restricted areas. Another example is that an organization may wish to control how many virtual machines can be spun up by employees, and, indeed, that those same machines are spun down later when they are no longer needed. So-called “rogue” Cloud usage must also be detected, so that an employee setting up their own accounts for using a Cloud service is detected and brought under an appropriate governance umbrella.

Whilst Cloud Service providers offer varying degrees of cloud service monitoring, an organization should consider implementing its own Cloud service governance framework. The need for this independent control is of particular benefit when an organization is using multiple SaaS providers, i.e. HR services, ERP and CRM systems. However, in such a scenario the CSO and Chief Technology Officer (CTO) also need to be aware that different Cloud Providers have different methods of accessing information. They also have different security models on top of that.

Some use REST, some use SOAP and so on. For security, some use certificates, some use API keys, which we’ll examine in the next section. Some simply use basic HTTP authentication. The problem that needs to be solved is that these cloud service providers all present themselves very differently. So, in order to use multiple Cloud Providers, organizations have to overcome the fact they are all different at a technical level.

Again, that points to the solution provided by a Cloud Broker, which brokers the different connections and essentially smoothes over the differences between them. This means organizations can use various services together. In situations where there is something relatively commoditized like storage as a service, they can be used interchangeably. This solves the issue of what to do if a Cloud Provider becomes unreliable or goes down and means the organization can spread the usage across different providers. In fact, organizations should not have to get into the technical weeds of being able to understand or mitigate between different interfaces. They should be able to move up a level where they are using the Cloud for the benefits of saving money.

For CSOs focused on SaaS, PaaS and IaaS

Challenge #5: Protect your API Keys

Many Cloud services are accessed using simple REST Web Services interfaces. These are commonly called “APIs”, since they are similar in concept to the more heavyweight C++ or Java APIs used by programmers, though they are much easier to leverage from a Web page or from a mobile phone, hence their increasing ubiquity. “API Keys” are used to access these services. These are similar in some ways to passwords. They allow organizations to access the Cloud Provider. For example, if an organization is using a SaaS offering, it will often be provided with an API Keys. The protection of these keys is very important.

Consider the example of Google Apps. If an organization wishes to enable single sign-on to their Google Apps (so that their users can access their email without having to log in a second time) then this access is via API Keys. If these keys were to be stolen, then an attacker would have access to the email of every person in that organization.

The casual use and sharing of API keys is an accident waiting to happen. Protection of API Keys can be performed by encrypting them when they are stored on the file system, or by storing them within a Hardware Security Module (HSM).

Conclusion: Homemade or Off-the-shelf?

When implementing a security framework to address these challenges, the CSO is faced with a buy vs. build option. They could engage developers to put together open source components to build Cloud Service Broker-like functionality from scratch. This approach creates the runtime components of a broker, such as routing to a particular Cloud Service Provider. However, other components of the solution, such as reporting and an audit trail, may not be present. An off-the-shelf Cloud Service Broker product will provide these extra features as standard and should also provide support for all the relevant WS-Security standards at a minimum.

As the Cloud Security Alliance notes in its Security Guidance White Paper. “Cloud Computing isn’t necessarily more or less secure than your current environment. As with any new technology, it creates new risks and new opportunities. In some cases moving to the cloud provides an opportunity to re-architect older applications and infrastructure to meet or exceed modern security requirements. At other times the risk of moving sensitive data and applications to an emerging infrastructure might exceed your tolerance.” I hope this article provides sufficient data points to guide readers on their journey.

Source

Voice Networks Make Botnet Control Easy

Leave a reply

Botnets and their masters can communicate with each other by calling into the same VoIP conference call and swapping data using touch tones, researchers demonstrated at Defcon.

This gives the botmasters, whose top goals include remaining anonymous, the ability to issue orders from random payphones and disposable wireless handsets, said researchers Itzik Kotler and Iftach Ian Amit of security and risk assessment firm Security Art.

Using phones and the public phone networks eliminates one of the prime tools bot fighters have: taking down the domains of botnets’ command and control servers, the researchers say. If the botmaster isn’t using a command and control server, it can’t be taken down.

In fact, the botmaster can communicate with the zombie machines that make up the botnet without using the Internet at all if the zombies are within a corporate network. So even if a victim company’s VoIP network is segregated from the data network, there is still a connection to the outside world.

In addition to its stealth, the VoIP tactic employs technology that readily pierces corporate firewalls and uses only traffic that is difficult for data loss prevention software to peer into. The traffic is streamed audio, so data loss prevention scanners can’t recognise patterns of data they are supposed to filter, the researchers say.

The downsides of VoIP as a command channel are that it severely limits the number of zombie machines that can be contacted at once, and the rate at which stolen data can be sent out of a corporate network is limited by the phone system. But Kotler and Amit say the connections are plenty big to send commands in.

During their demo at the conference, the pair had an Asterisk open source IP PBX stand in as the corporate PBX. A virtual machine representing a zombie computer on a corporate network called via TCP/IP through the PBX and into a corporate conference call. A BlackBerry representing the botmaster dialled in over the public phone network to the same conference call.

The researchers then used Moshi Moshi open source software to communicate between the botmaster phone and the zombie machine. Moshi Moshi includes a translator that converts commands into DTMF touch tones as input, and converts stolen data from text to speech for output. The resulting voice traffic is phoned into a voice mailbox that the botmaster can pick up whenever it’s convenient.

One tricky part is configuring the PBX to allow DTMF tones to pass through into the conference. Another is that the botmaster has to create a DTMF-based language that the bots are programmed to understand.

The researchers say their demonstration was merely a proof of concept, and that it could work much better with refinements. For instance, incorporating modem technology into the scheme could result in faster exfiltration rates than sending speech generation voicemails.

To defend against this type of VoIP abuse, Kotler and Amit recommend separating VoIP from the corporate network altogether in order to prevent compromised computers from tapping into conference calls. They recommend monitoring VoIP activity to discover unauthorised use of conference calls, say after business hours. And they say conference calls should be whitelisted, allowing access only from authorised IP addresses and phone numbers.

Source

Gartner: Virtualisation and cloud computing race ahead of security practices

1 Reply

The rush toward virtualisation of internal enterprise computing resources and cloud computing can have many advantages, such as server consolidation, but it’s largely outracing traditional security and identity management practices.

That’s leaving huge gaps, a sense of chaos and questions about where security products and services should be applied in the world of multi-vendor virtual-machine (VM) hypervisors.

“Virtualisation will radically change how you secure and manage your computing environment,” Gartner analyst Neil MacDonald said this week at a Gartner Security and Risk Management Summit in the US. “Workloads are more mobile, and more difficult to secure. It breaks the security policies tied to physical location. We need security policies independent of network topology.”

Gartner estimates almost half of x86-based server workloads are virtualised today, with VMware the clear market leader, but with Microsoft Hyper-V on the rise and Citrix a contender. Gartner advocates that enterprises plan to move to a private-cloud architecture. But at the same time, the consultancy acknowledged management tools and security really haven’t risen to meet the occasion.

“The hypervisor will be less secure than the physical systems they replace,” MacDonald said. “The integrity of that bottom layer is paramount. The hypervisor layer you don’t want compromised.”

Today there’s often a “lack of visibility and controls on internal VM-to-VM communications,” said MacDonald. “Should VM No. 1 be talking to VM No. 3? How do you know they’re not attacking? The traffic never comes out onto our physical network.” Some companies are willing to live with this uncertainty, others not, MacDonald said.

But it’s questions such as these that demand to be addressed to find out what options exist to tackle virtualisation and cloud security. In MacDonald’s view, there needs to be a wide range of security controls in the VM, such as virtual firewalls, intrusion-prevention systems and antivirus, in addition to load balancers and traffic shapers.

Increasingly, vendors such as Altor, Cisco, Juniper, IBM, Hytrust, HP, Enterasys, McAfee, Catbird, StillSecure, Sourcefire, Reflex Systems and StoneSoft are offering virtual-appliance options for firewalling, monitoring and intrusion-prevention, for example. For the VMware platform, “Check Point has gotten furthest along,” said MacDonald. “After a slow start, finally the big security vendors are making progress on their virtual-security controls.”

VMware has provided VMSafe APIs to facilitate hypervisor-based “introspection” so that multiple software agents are no longer required. The need to deploy and run agent software has traditionally “been the bane of our existence,” MacDonald acknowledged. But there are still a lot of questions about exactly how this works.

Trend Micro, seen as the No. 3 player in antivirus behind Symantec and McAfee, has been the fastest to embrace some of VMware’s ideas on this, including support for VMware’s latest security APIs, vShield in its Deep Security product that can perform A/V scanning for vSphere. Trend Micro has been charging less for VM-based A/V software, perhaps figuring “it has nothing to lose,” MacDonald said.

The downside of the Trend Micro Deep Security approach with vShield, though, is that “stub code” for VMware is still needed to make it work and a hypervisor extension, plus it’s for Windows only and it quarantines but does not remove malware infection; it only does anti-malware scanning, MacDonald said. And the possible drawback with vShield, which has the software taking on the role of firewall, is that it’s so specific to VMware vSphere, customers will end up with “another silo.”

The transition to more virtualisation-focused software-based security controls, though now filled with uncertainties, is still expected to occur, and though only deployed “in the single digits today,” by 2015, Gartner predicts 40% of security controls, such as antivirus, will be virtualised. This will happen, MacDonald added, despite the fact that vendors such as Cisco and Juniper have been dragging their feet because they like to sell “overpriced physical hardware.”

At this point, the main idea is to “treat the virtualisation platform as the most important IT platform in your data centre, from a security and management perspective,” MacDonald said.

For those responsible for the identity management arena in the cloud, however, the situation appears to be particularly challenging.

“Until about two years ago, we were talking about how to do identity management internally,” said Gartner analyst Gregg Kreizman. “Now, it’s about how do we get our arms around the SaaS [software-as-a-service] problem? Or we used to manage the applications but now they’re in the cloud” … so it’s leading to a never-before-asked question, “How about if we have our identities there?”

This is the cloud relative to the on-premises systems of yore, Kreizman said, and with SaaS providers using different interfaces, there’s now a growing “interface risk” of a wider attack surface, plus more people potentially with their hands on the data. Google “is not very upfront about their security practices,” Kreizman said. “Salesforce is a little bit better.”

“Unfortunately, the default way to get identity information into a SaaS is to administer directly,” said Kreizman. “A FTP or a Dropbox might be involved.” Dropbox is a service that has suffered several security failures, including one this week involving a password-management problem that left user information exposed.

Companies today wanting to extend their corporate identity management systems to the cloud can seek to extend corporate identity-management systems, such as those from CA (which acquired Arcot Systems) or IBM, to specific cloud providers, if it’s supported, in a hybrid arrangement. In addition, Exostar and Covisint fall into a realm now called a “community federation hub” to serve specific types of groups, in this case mainly aerospace, defense, auto manufacturing and healthcare. “It’s a collection of users willing to pay for identity services under established federations and SaaS providers,” Kreizman said.

There’s a stampede of new choices racing into the identity-management market to hook up to the cloud, creating a “volatile market” and even “kind of a Wild West here,” said Kreizman.

Among the players are Okta, Clavid, Symplified, Onelogin, Ping Identity (which also offers stand-alone federation software) and Nordic Edge (acquired by Intel). Some traditional identity and access management vendors, including Fisher International, idEntropy, Novell and Lighthouse, are selling packages and services for the benefit of cloud providers and customers.

VMware last August acquired TriCipher with the expectation of giving customer easier controls for SaaS in the future. And RSA technologies are expected to be leveraged in the cloud-trust authentication system that’s expected to go into beta soon.

Although identity and access management as a service is still new, Gartner expects this could grow enormously in just a few years, from about 5% of identity and access management sales to as much as 20% by the end of 2012.

Source

Stateless Computing to Become Core to Cloud Computing?

1 Reply

As companies glom onto cloud computing, stateless computing is likely to emerge as a core tenant within the cloud and one that can deliver cost savings, predicted the chief technology architect for Merrill Lynch.
LinuxWorld

But to get to the state of stateless computing, companies will need to change the way they view their hardware needs and how they store and access the information, said Jeffrey Birnbaum of Merrill Lynch, who served as a keynote speaker Tuesday at LinuxWorld in San Francisco.

“Stateless computing isn’t about having no state. It’s kind of a misnomer. It’s about where that state is stored. Since the emergence of the PC in the early ’80s, we have stored the state on the physical computer and that has presented a myriad of challenges that has driven IT costs through the roof,” Birnbaum said.

With stateless computing, users’ settings and data are automatically saved to the server, which could be run by their employer or outsourced. Cloud computing generally refers to technology that lets people use Web browsers to access applications running on central servers, though it also can refer to general-purpose server infrastructure that companies can tap into as needed.

Birnbaum noted that in stateless computing, as in cloud computing, companies need to ask themselves what they seek to achieve, how much capacity they expect they’ll need, and whether those needs will change and when. And from there, a placement engine goes out and searches for capacity within a physical server or through a virtual machine (verses, for example, filling the need by buying an additional 20 dedicated servers on a network.)

But key to accessing the information and applications via stateless computing is placing them all in an organized name space file system. For example, Gmail.google.com is a name space, in which Gmail is the application and Google is the domain, which aids users in how to navigate to the site.

A similar method can be use with applications, said Birnbaum, who noted Merrill Lynch is in the process of building a name space, with a file system behind it and a set of tools to manage that name space.

Whether companies are using Windows or Linux, there is a root of a file system, a meta project, and version number.

“The key to this is the version. The idea is to put everything you view, whether it’s an application or library, you put it into this file system. So, therefore, you never have this problem of an IT industry created problem of the software stack,” Birnbaum said. “If you placed every little thing that you had, a config file, everything, into a version name space, and then you were able to build your applications against that and all the dependencies for applications were referable in this file system, there would be no need to ever build a stack because every application would inherently know what it’s dependents were and would all be (retrievable) through this global file system.”

He added that the advent of 10GB Ethernet will aid the move to cloudless computing, and also stateless computing.

As for cost savings via stateless computing, Birnbaum noted that the use of stateless computing will remove a lot of IT redundancies for companies. He added that 61 percent of computing systems are underutilized, because of these redundancies.

Source