Vulnerabilities in Cloud Computing

Transcription

1 Vulnerabilities in Cloud Computing Zeshan Hussain Akshay Gummadi George Mason University INFS 612 Spring 2013

2 Table of Contents 0. Abstract Introduction Background on Cloud Computing History of Cloud Computing Cloud Computing Service Models Infrastructure as a Service (IaaS) Platform as a Service (PaaS) Software as a Service (SaaS) Importance of Virtual Machines in Cloud Computing Security Risks that Exist in Cloud Computing Vulnerabilities that exist in Cloud Computing Caused by Virtual Machine Vulnerabilities Hypervisor Vulnerabilities Denial of Service Attacks Data Leakage VM Hopping VM-Based Root Kits Vulnerabilities that Exist in Virtual Machines Path Traversal Vulnerability Overview Technical Details Implication of Attack on a Cloud Computing Environment Personal Related Works Experiment Lab Enviornement Attacker Host Victim Host Solution 9 8. Conclusion Works Cited... Table of Figures Figure 1 Cloud Computing Example [Wikipedia]... 5 Figure 2 Cloud Computing Service Models [Wikipedia]... 6 Figure 3 Vulnerability Statistics... 9 Page 2 of 13

3 0. Abstract Security vulnerabilities exists in most, if not all system and infrastructure in an organization and the monetary repercussion of just one security incident can lead an organization to turmoil. What we intend to do in this research is to educate our readers to understand Information System known vulnerabilities on cloud environment and how it can easily be exploited by hackers using software bugs found within the software that make up the cloud. Our focus is mostly on virtual platform that are used for the backbones of cloud computing and the software used to support virtual system. The research includes education on Information System infrastructure being built based on various cloud models. As companies are moving its data from in-house system to cloud infrastructure, the security risk are gradually moving toward that direction as well and protection mechanism are being slow to build. In our research we will analyze the software flaw that builds virtual environment and demo how an exploited vulnerability using simple technique can overtake a host, which can be used as a pivot point to compromise the entire farm of servers on the physical host. The specific technique we will illustrate is referred to as Buffer Overflow vulnerability in VMware. The demo will illustrate a buffer overflow compromise in one of the host machine and penetrates to completely non-networked virtual machine on the same host and steal information. The lab environment will demonstrate the ability to technically expose virtual machine that are completely secured but just one flaw on a segregated host can lead to data leak. The concept we will demonstrate that one virtual machine successfully exploited on cloud in a particular farm can lead to most if not all host on the same farm to be compromised. The concept behind cloud is to reduce cost; however, companies don t realize that by putting their data in a cloud they trust all others on the same cloud to have same security posture if not better as them.. Page 3 of 13

4 1. Introduction Since the evolution of cloud computing and the various service models it provides, more and more companies are turning to this solution as a way to increase efficiencies at a reduced cost. However, an important factor that must not be forgotten when considering cloud computing as a solution is the security risks that may come with it. This paper will discuss the history of cloud computing as well as provide an overview of the various service models provided by cloud computing. In addition, this paper will provide an overview of the various vulnerabilities that exist in cloud computing; however, will focus, on one specific vulnerability brought on by the use of virtual machines to support the cloud computing architecture. The vulnerability will be reviewed from technical point of view and steps taken to exploit the vulnerability in underline technology used to build cloud, Virtual Machine, will demonstrate a successful exploit and breach of data. This paper will also summarize an experiment performed, in which one of the specific virtual machine vulnerabilities is exploited and the implication this would have on a cloud computing environment. 2. Background on Cloud Computing This section will provide an overview of cloud computing how it began, the service models being provided today, as well as the importance of virtual machines within the cloud computing architecture History of Cloud Computing Authors, Foster et.al., define cloud computing as a large-scale distributed computing paradigm that is driven by economies of scale, in which a pool of abstracted, virtualized, dynamicallyscalable, managed computing power, storage, platforms, and services are delivered on demand to external customers over the Internet [Foster et. al, 2008]. However, this is just one of several definitions that can be found in various articles, books, the internet, etc. Although there are many variations of a definition for cloud computing, one common theme remains across all definitions, that cloud computing is services (e.g. applications, hardware), delivered as a service, over the internet. The services themselves have long been referred to as Software as a Service (SaaS) The datacenter hardware and software is what we will call the cloud [Armbrust et. al., 2009]. Figure 1 below depicts an example of the types of services offered in the cloud. Page 4 of 13

5 Figure 1 Cloud Computing Example [Wikipedia] There is no one true inventor of cloud computing. The fundamental ideology behind cloud computing dates back to the 1960 s. In fact, back in 1961, computing pioneer John McCarthy predicted that computation may someday be organized as a public utility and went on to speculate how this might occur [Foster et.al, 2008]. Some scholars even say that the ideology dates back to the 1950s, when scientist Herb Grosch (the author of Grosch's law) postulated that the entire world would operate on dumb terminals powered by about 15 large data centers [Wikipedia]. In terms of vendors who played in integral role, in the commercializing of cloud computing, one that stands out above all the rest is Amazon. Amazon played a key role in the development of cloud computing by modernizing their data centers Having found that the new cloud architecture resulted in significant internal efficiency improvements Amazon initiated a new product development effort to provide cloud computing to external customers, and launched Amazon Web Service (AWS) on a utility computing basis in 2006 [Wikipedia]. Today there are hundreds of vendors providing various cloud computing service models to meet their clients needs Cloud Computing Service Models Cloud computing providers now offer various services, and variations of the three fundamental cloud computing service models, however, in this paper; we will focus on providing an overview of the three fundamental models: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (Saas). These model are served as the fundamental building block for cloud computing. There are various model out in public but the standard one is globally accepted by cloud provided is broken down from providing thin-client cloud computing to infrastructure service cloud computing. Figure 2 below provides a visual depiction of the Cloud Computing Service Models. Page 5 of 13

6 Figure 2 Cloud Computing Service Models [Wikipedia] Infrastructure as a Service (IaaS) In the Infrastructure as a Service ( IaaS ) model, the service provider is offering physical equipment, or virtual machines to support operations, including storage, hardware, servers and networking components. The service provider owns the equipment and is responsible for housing, running and maintaining it. The client typically pays on a per-use basis [Rouse, 2010]. It is important to note that although the cloud service provider is offering the infrastructure to support an organization, the client organization is still responsible for patching and maintaining the operating systems and application software installed on the infrastructure Platform as a Service (PaaS) In the Platform as a Service ( PaaS ) model, the service provider is offering a computing platform, and or solution stack. This typically includes an operating system, programming language execution environment, database, and web server [Wikipedia]. One of the benefits of PaaS is that most cloud providers will offer the automatic scaling of the underlying computing and storage resources to match application demand [Wikipedia]. It is also important to note PaaS can be seen as stacking on top of IaaS, and similar to IaaS, virtual machines can also be used to support PaaS services as well. One well known PaaS service provider that does this is Windows Azure; Windows Azure offers highly-available compute capacity that enables its clients to run application code in the cloud and quickly scale their applications up or down to meet their own individual needs. With Windows Azure, each compute instance is a virtual machine [Windows Azure 2013] Software as a Service (SaaS) In the Software as a Service ( SaaS ) model, the service provider is offering a software distribution model in which applications are hosted by the service provider and made available to customers over a network, typically the Internet [Rouse 2010]. One of the benefits of SaaS is allowing its clients greater elasticity with the cloud application. This Page 6 of 13

7 [elasticity] can be achieved by having load balancers distribute the work over a set of virtual machines. In other words, tasks are cloned onto multiple virtual machines at run-time to meet the changing work demand [Wikipedia] Importance of Virtual Machines in Cloud Computing As was discussed in section 2.2 above, virtual machines are a critical aspect of the IaaS cloud service model, and can also be seen in the PaaS service model as well (as discussed with the Windows Azure example), and even with SaaS service models, in which the SaaS provider may be hosting the application through multiple virtual machines, to improve load balance. As such, it can be seen that virtual machines play an integral role in all cloud computing service models, the most well-known use of virtual machines being through the IaaS model. 3. Security Risks that Exist in Cloud Computing While there are a number of benefits that come with cloud computing, such as scalability and cost, organizations need to also consider the risks and vulnerabilities associated with this type of service model. While overall governance of data and regulatory compliance become major risks when moving to a cloud service provider the purpose of this paper is to focus more on operational vulnerabilities that exist within cloud computing environments and specifically, how weaknesses in virtual machines can be used to exploit these vulnerabilities Vulnerabilities that exist in Cloud Computing Caused by Virtual Machine Vulnerabilities There are a number of vulnerabilities that virtual machines introduce to a cloud computing environment. Though the cloud is hosted in data center but all servers are set up similar to physical ones. The only difference is that more software is used to support Virtual machine that make up the cloud. There have been number of vulnerability discovered on such software and partially the one that if exploited can lead to total compromise of the farm hosting the virtual machines. These vulnerabilities include hypervisor vulnerabilities, vulnerable hypervisors, virtual machine-based root kits, denial of service attacks, VM hopping, and data leakage Hypervisor Vulnerabilities In most implementations of virtual environments there are multiple guest operating systems running within a single environment. Because of this, a hypervisor or virtual machine monitor is used to isolate and control access between the guests and the physical computing resources as depicted in Figure 4. However, should the hypervisor be compromised, an attacker would be able to execute arbitrary code on the host with the privileges of the hypervisor which would allow them to control all virtual machines which are running on the host itself. Page 7 of 13

8 Figure 4: VM Implementations [Price 2010] Denial of Service Attacks Because multiple virtual machines run on a single host, the threat of denial of service attacks is a major concern in VM implementations. This is due to the fact that these guests are all sharing resources from the host they reside on so that a successful denial of service attack on one of the guest virtual machines ultimately affects all other machines running on the same host. This is why it is critical to configure the hypervisor properly so that it can detect this extreme resource consumption and protect against these types of attacks Data Leakage Another concern with virtual machines is introduced when the VMs are suspended. When VMs are suspended, the memory footprint is placed in a file and can be searchable. Any information that is placed into the file is most likely not protected and can be retrieved by an attacker that may have access to the host where this file resides VM Hopping This type of attack occurs when a hacker has access to one VM and is able to gain access to another victim VM. Typically this type of attack can only occur when the two VMs are running on the same host and the attacker must know the victims IP address. Multitenancy makes the impact of VM hopping very large due to the possibility of many VMs possibly running on the same host VM-Based Root Kits VM-based root kits or VMBRs install a virtual machine monitor beneath an existing operating system and hoist it onto a virtual machine. Similar to legitimate VMMs, the VMBRs can gain complete control of an operating system without being detected and can also control all hardware interfaces. At this layer, the VMBR would be able to view all keystrokes, network packets, disk states, and memory states while going completely undetected by the operating system. Page 8 of 13

9 3.2. Vulnerabilities that Exist in Virtual Machines Figure 3 below depicts the number of vulnerabilities that have been identified in all VMware products from 1999 to present. During this timeframe, 160 vulnerabilities have been identified within the VMware suite of products and these vulnerabilities range from denial of service attacks to memory corruption. As you can see from the figure, the top four areas where vulnerabilities were discovered involve attacks which include denial of service, gaining privileges, buffer overflows, and executing malicious code. Figure 3 Vulnerability Statistics [cvedetails.com] 4. Path Traversal Vulnerability 4.1. Overview The Path traversal vulnerability subsists in the shared folder functionality in VMware software. When exploited it give attacker control not only to the guest VM image but also break out to access the host system. The shared folder within VM and host is enabled by default therefore if not disabled we can use this method to disrupt the flow and launch a successful attack Technical Details The vulnerability is how pathname is processed to by VMware to use the API to provide shared folder functionality. The PathName parameter is converted from a multi byte string to a wide character string. The security hole in this process is that it doesn t properly check for dot-dot (..) sub-string resulting in path traversal attack. Since the validation of dot-dot substring is performed before calling the Windows function MultiByteWideChar (maps a character string to wchar string UTF-16) it can therefore be bypassed by passing a string that gets mapped to a Unicode UTF-16 Page 9 of 13

10 of the dot-dot substring. So to trigger this vulnerability a valid UTF- 8 byte sequence can be used that translate to dot-dot substring such as 0xc20x2e0xc20x2e which is translated to Implication of Attack on a Cloud Computing Environment As we are moving our critical infrastructure to the cloud environment we tend to overlook the security aspect of such move. Attack such as the path traversal is one of the very few examples on how one piece of software flaw in an important functionally can lead to devastating result if taken advantage. One of the key selling points of cloud computing environment based on virtualization is the promise of improved information security posture due to the isolation between virtualization system and non-virtualized system. As we demonstrated in our demo, one security flaw in a guest image on your virtualized system can potentially make all of your other fully patched system vulnerable to security attacks. When the isolation of a guest and host is compromised the entire virtualized system is at risk; therefore, consolidation is great for cost and efficiency but lack of security can have tremendous consequences if attacks can break out of the guest and take control of your underlying host. 5. Personal Research Works I currently for an organization we write exploit in python for vulnerable system. As I was working on this project I realized that we performed testing on virtual host that are treated under our cloud infrastructure. Each year we have security audit that we performed from scanning network to testing their security posture. We have always found those hosts that are virtualized are far less secure than the physical server. The main component of this finding is due to lack of sufficient software guideline used to build software that support virtual host. Our research in the organization that I work is mostly identifying software weakness on cloud and attempting to exploit them. We have identified many buffer overflows mostly due to weak coding within the software and not adding appropriate buffer control on memory that lead to memory leak by the attacker. We are currently working on developing a new vulnerability scanning program that would only concentrate on hypervisor and other virtual environment and specifically target those to identify buffer overflow leaks within the application. The purpose of this approach will be isolate vulnerability scanner to cloud based environment in order to target only the virtual host. 6. Experiment 6.1. Lab environment configuration For this setup we utilized two physical laptops, a victim and a attacker. The attacker was used to discover the vulnerability host that is running on Virtual machine. The victim was running an older version of virtual workstation that is vulnerable to path traversal vulnerability. The two host were not connected to internet but were physical wired to each other as point to point network. This was completely isolated from the rest of the network and was done in a secure lab environment. A virtual workstation which one shared folder. Page 10 of 13

11 6.1.1 Attacker Host The attacker host was a new build window 7 machine in which we downloaded and install open source tool such as nmap, zenmap, metasploit, and 30 days free copy of core impact. We gave the host static IP on our newly created subnet /24 for this experiment. This laptop is configured similar to what an attacker would have on their machine. We will run all of our attacks from this host and monitor the behavior of our victim s machine while recording session thru proxy that we configured. The firewall on this host has been disabled to ensure no filtering is done due to the sensitive of our lab environment Victim Host The victim host is configured as virtual environment. It s baseline operating system is configure to be a vmware workstation which is hosting two virtual operating system, imitating, a real cloud computing environment. The victim machine has vmware workstation 6.0 to ensure that the exploit will successfully be launched. 6.2 Exploit in Action The order of the exploit starts with the scanning phase where we scan our victim machine and identity the vulnerabilities. In this case, we explored that the virtual software was running vmware workstation 6 which is susceptible to path traversal exploit. We then attempt to successfully execute the malicious binary onto the computer and get a revers shell. The reverse shell allowed us to penetrate thru the victim host and any other virtual host on the same farm. This is demonstrated in the demo we will present. 7. Solutions While there are many solutions available but hardly you will read organization applying a combination of them within their software. As we move toward less hardware and are pushing our data to cloud the increase of software need that can support such task is high; therefore, a security must be built in the starting phase. We have outlined the following four solutions that we highly recommend all cloud computing technologies should utilize in order to identify, mitigated and improve their vulnerable system. 7.1 Secure system Approach As many virtual providers are hosting customer data on their cloud network they tend to undermine the most valuable component to protecting the data. The secure system approach is built from the beginning of your design phase; a cloud computing company should invest in building their system in a secure manner by following security benchmarks provided by the National Institute of Standards (NIST) which validate the security baseline of system and their integration. Page 11 of 13

12 7.2 Security Vulnerability Testing New vulnerabilities are discovered each and every day, attackers are getting smarter and we need to be ahead of them. By deploying vulnerability scanning on your environment you can ensure that the known risk are not source of threat for your organization. Vulnerability scanner can be configured to look for specific vulnerabilities within your system. The vulnerability we are exposing was discovered by a vulnerability scanning vendor, Core Security, however most organization did not known until attackers scanned their system and compromised it. 7.3 Security built with System Developing Lifecycle SDLC Must implement security within the System Development Lifecycle otherwise the after fact security will only cost more dollar, either after a compromise of data or going back and fixing the entire code. Security should be part of testing phase within the 5 step of SDLC: 1) Requirement analysis 2) Design 3) Implementation 4) Testing 5) Evolution This approach can ensure that code is validated thru proper channel to ensure that security risk are very limited, if any. Many vendors lack application security skills needed to accomplish this as security does not have direct profit associated with it but in the long run will save money for the company. 8. Conclusion In this paper we discussed the history of cloud computing and the importance of virtual machines in support the various cloud service models. With the importance of virtual machines in cloud computing service models, we explored the various vulnerabilities that exist in cloud computing, with a focus on the vulnerabilities that exist, as a result of leveraging virtual machines. In this paper, we discussed in detail one specific known vulnerability that exists within an older version of VMware software (Path Traversal Vulnerability), and discussed the disastrous impact exploiting this type of vulnerability would have on a cloud computing service model. Security is thought of as after the fact approach in the current market, but building it within their business process and early in the stage of the development can lead to significant amount of saving in dollar amount. As we move toward virtualizing our data center we need to ensure that Operating system that are being built on software such as vmware is properly vetted thru security and withhold aggressive application attacks. Page 12 of 13

13 Works Cited Wikipedia. (n.d.). Cloud Computing Wiki. Retrieved March 10, 2013, from Wikipedia: Windows Azure, Windows Azure Compute, March 10, 2013, from Windows Azure: Foster, Ian, et. al. Cloud Computing and Grid Computing 360-Degree Compared. 2008: Armbrust, Micheal, et. al. Above the Clouds: A Berkeley View of Cloud Computing. February 10, 2009: _Impact_2009_Nachlese/$file/abovetheclouds.pdf Rouse, Margaret. Infrastructure as a Service. August 2010: Price, Michael. The Paradox of Security in Virtual Environments. 2008: IEEE Computer Society Tsai, Hsin-Yi, et. al. Threat as a Service? Virtualization s Impact on Cloud Security February 2012: Published by IEEE Computer Society cvedetails.com. (n.d.). VMWare: Vulnerability Statistics Retrieved April 5, 2013, from cvedetails.com: Page 13 of 13