Adversaries in Clouds: Protecting Data in Cloud-Based Applications

Nick FeamsterGeorgia Tech

Building Applications on the Cloud

• Used for a wide variety of services and applications• Built using a variety of technology

– Programming languages– Web servers– Load balancers– Application frameworks

• New opportunities for external adversaries– About 85% of data leaks occur due to external attacks at

servers [Verizon data breach report]. – Existing attacks on software applications– But, applications are also hosted on untrusted platforms

“You can’t trust code that you did not totally create yourself.” – Ken Thomson, Reflections on

Trusting Trust

Possible Defenses

• Check the Web application for vulnerabilities– Doesn’t defend against zero-day attacks,

programmer error, etc.– Must trust all underlying hardware and software

infrastructure, as well– No protection once the account is compromised

• Isolate each session in a virtual machine– Significant performance overhead

Protect the Data (in addition to the application)

• Proposal: A data firewall for cloud-based Web applications

• Apply network-level information flow control to data hosted by Web applications– Associate a taint with a piece of data (e.g., row in

a database table)– Rewrite queries to retrieve taints with data– Propagate taints across processes and network– Perform IFC based on taints associated with data

New Adversary Models

• The “foreign” code base is increasing– Application security is getting harder

• Position: Protect the data, not just the application

• Network-wide DLP could benefit cloud-based applications in other settings, too– Data isolation between multi-tenant application

services