11 research outputs found

    A Security Service for Performance-Aware End-to-End Protection of Sensitive Data in Cloud Native Applications

    No full text
    The characteristics of cloud native applications — like decentralized architectures, high automation, and dynamic and interconnected microservices — bring forth a number of security challenges across both architectural design and lifecycle management. Some prominent challenges are authentication and authorization, real-time detection of security incidents, network security, microservice (as well as container) security, and, especially, data security. An ecosystem of security mechanisms already exists and provides excellent solutions addressing these challenges throughout the developing and operating of cloud native applications: identity and access management, monitoring and logging, intrusion prevention and detection systems, vulnerabilities assessment and hardening, and cryptography, to mention a few. Nonetheless, despite the availability of such a rich ecosystem, some cloud native applications entail additional considerations linked to the aforementioned challenges — and, in particular, to data security — which may need to be contemplated when evaluating the adoption of security mechanisms and their effectiveness. First, the level of trust assigned to participating parties within the scope of some cloud native applications is inherently limited — e.g., those aligning with the well-known security-by-design and zero trust principles. These cloud native applications confront a multifaceted threat landscape that extends beyond external attackers by including malicious insiders and honest-but-curious cloud providers which threaten the confidentiality and integrity of the (often sensitive) data managed by cloud native applications. Moreover, cloud native applications are frequently deployed in resource-constrained environments — e.g., the Internet of Things (IoT) — or operate in delicate fields (e.g., eHealth, automotive) offering critical functions (e.g., remote monitoring, cooperative vehicle maneuvering) where the quality of service may suffer from computationally or network heavy security mechanisms. In other words, security is not absolute, and its achievement must instead be balanced with that of performance requirements relevant to the underlying cloud native applications — e.g., low latency, minimal bandwidth utilization, and high scalability — underscoring the necessity for nuanced security mechanisms that are mindful of performance aspects. Therefore, in this thesis, we propose a security service addressing the convoluted dynamics of data security in cloud native applications. Our security service comprises four security mechanisms — namely CryptoAC, ACE and ACME, and MOMO — which implement the actual contributions of this thesis as we describe below. First, the threat model of cloud native applications requires preventing unauthorized access to data while offering strong guarantees of data confidentiality and integrity. To this end, we consider the use of cryptography to enforce Access Control (AC) policies — a combination usually called Cryptographic Access Control (CAC) — and propose the design of two CAC schemes, compatible with the aforementioned characteristics, for the end-to-end (E2E) protection of data both in transit and at rest in cloud native applications. We implement both CAC schemes — one for Role-Based Access Control (RBAC) and one Attribute-Based Access Control (ABAC) — into CryptoAC , discuss its security, and conduct a thorough performance evaluation. Then, we propose a methodology for evaluating the performance of generic AC enforcement mechanisms — hence, applicable to both CAC and centralized AC — starting from realistic workloads expressed as Business Process Model and Notation (BPMN) workflows. In detail, our methodology comprises a procedure deriving sequences of AC requests (e.g., access data, distribute permission) which are representative of the scenarios in which a cloud native application is deployed, and an evaluator executing these sequences against the AC enforcement mechanisms under test; we implement the procedure and the evaluator into ACE and ACME, respectively. Finally, we define an architectural model that identifies the common base building blocks of CAC over which we formalize a Multi-Objective Combinatorial Optimization Problem (MOCOP) to balance the achievement of security and performance in cloud native applications. Consequently, we implement an algorithm to solve the aforementioned MOCOP in MOMO, for which we provide both a conceptual application and a proof-of-concept application

    A large-scale study on the adoption of anti-debugging and anti-tampering protections in android apps

    No full text
    Android apps are subject to malicious reverse engineering and code tampering for many reasons, like premium features unlocking and malware piggybacking. Scientific literature and practitioners proposed several Anti-Debugging and Anti-Tampering protections, readily implementable by app developers, to em- power Android apps to react against malicious reverse engineering actively. However, the extent to which Android app developers deploy these protections is not known. In this paper, we describe a large-scale study on Android apps to quantify the practical adoption of Anti-Debugging and Anti-Tampering protections. We analyzed 14,173 apps from 2015 and 23,610 apps from 2019 from the Google Play Store. Our analysis shows that 59% of these apps implement neither Anti-Debugging nor Anti-Tampering protections. Moreover, half of the remaining apps deploy only one protection, not exploiting the variety of available protections. We also observe that app developers prefer Java to Native protections by a ratio of 99 to 1. Finally, we note that apps in 2019 employ more protections against reverse engineering than apps in 2015

    Mitigating Debugger-based Attacks to Java Applications with Self-debugging

    No full text
    Java bytecode is a quite high-level language and, as such, it is fairly easy to analyze and decompile with malicious intents, e.g., to tamper with code and skip license checks. Code obfuscation was a first attempt to mitigate malicious reverse engineering based on static analysis. However, obfuscated code can still be dynamically analyzed with standard debuggers to perform step-wise execution and to inspect (or change) memory content at important execution points, e.g., to alter the verdict of license validity checks. Although some approaches have been proposed to mitigate debugger-based attacks, they are only applicable to binary compiled code and none address the challenge of protecting Java bytecode. In this paper, we propose a novel approach to protect Java bytecode from malicious debugging. Our approach is based on automated program transformation to manipulate Java bytecode and split it into two binary processes that debug each other (i.e., a self-debugging solution). In fact, when the debugging interface is already engaged, an additional malicious debugger cannot attach. To be resilient against typical attacks, our approach adopts a series of technical solutions, e.g., an encoded channel is shared by the two processes to avoid leaking information, an authentication protocol is established to avoid Man-in-the-Middle attacks and the computation is spread between the two processes to prevent the attacker to replace or terminate either of them. We test our solution on 18 real-world Java applications, showing that our approach can effectively block the most common debugging tasks (either with the Java debugger or the GNU debugger) while preserving the functional correctness of the protected programs. While the final decision on when to activate this protection is still up to the developers, the observed performance overhead was acceptable for common desktop application domains

    Cryptographic Enforcement of Access Control Policies in the Cloud: Implementation and Experimental Assessment

    No full text
    While organisations move their infrastructure to the cloud, honest but curious Cloud Service Providers (CSPs) threaten the confidentiality of cloud-hosted data. In this context, many researchers proposed Cryptographic Access Control (CAC) schemes to support data sharing among users while preventing CSPs from accessing sensitive data. However, the majority of these schemes focuses on high-level features only and cannot adapt to the multiple requirements arising in different scenarios. Moreover, (almost) no CAC scheme implementation is available for enforcement of authorisation policies in the cloud, and performance evaluation is often overlooked. To fill this gap, we propose the toolchain COERCIVE, short for CryptOgraphy killEd (the honest but) cuRious Cloud servIce proVidEr, which is composed of two tools: TradeOffBoard and CryptoAC. TradeOffBoard assists organisations in identifying the optimal CAC architecture for their scenario. CryptoAC enforces authorisation policies in the cloud by deploying the architecture selected with TradeOffBoard. In this paper, we describe the implementation of CryptoAC and conduct a thorough performance evaluation to demonstrate its scalability and efficiency with synthetic benchmarks

    End-to-End Protection of IoT Communications Through Cryptographic Enforcement of Access Control Policies

    No full text
    It is crucial to ensure the security and privacy of communications in Internet of Things (IoT) scenarios that process an increasingly large amount of sensitive data. In this context, we propose a cryptographic enforcement mechanism of access control policies to guarantee the confidentiality and integrity of messages exchanged with the MQTT protocol in presence of external attackers, malicious insiders and “honest-but-curious” service providers. A preliminary performance evaluation with a prototype implementation in an open-source tool shows the overhead is acceptable in relevant use case scenarios and provides a higher level of security with respect to other approaches

    Multi-Objective Microservice Orchestration: Balancing Security and Performance in CCAM

    No full text
    We (devise and) demonstrate the benefits of a methodology and a toolset for orchestrating Cloud-native applications to balance the minimization of risks due to the presence of security threats and the achievement of service performance requirements - expressed on, e.g., computational resources, network throughput and latency. The demo proves the effectiveness of the methodology in orchestrating a set of microservices implementing a prominent Cooperative, Connected and Automated Mobility (CCAM) service

    Safety-Related Cooperative, Connected, and Automated Mobility Services: Interplay Between Functional and Security Requirements

    No full text
    Together with the electrification of vehicles, the provision of cooperative, connected, and automated mobility (CCAM) services is a prominent recent trend in the automotive sector. Upcoming car models will be able to exchange messages between themselves and with road traffic authorities by means of vehicle-to-everything (V2X) communication – in particular, leveraging mobile network technologies for the so-called cellular V2X (C-V2X) paradigm. Moreover, (part of) such exchanged messages will be processed as a whole in, e.g., edge computing servers, in order to generate a global vision of the state of a given road stretch. CCAM services will exploit vehicular information transport and processing to implement complex maneuvers in a (semi)automatic manner by interacting with the in-car network. The undeniable benefits of CCAM services should be coupled with their security, though. Proper protection mechanisms of V2X communication as well as of edge processing must be put in place with the ultimate scope of ensuring the security of car’s critical functions such as e.g., driver assistance, collision warning, and automatic emergency braking. As a matter of fact, according to the ongoing discussions in the European Union (EU) and United Nations Economic Commission for Europe (UNECE), all new vehicle models will be approved only if they fulfill the cybersecurity requirements of the General Safety Regulation starting July 6, 2022. In this article, we will overview the major standards in terms of automotive security specifications, specifically focusing on those related to the external connectivity of cars. Moreover, since not all threats may be caught at a specification level, we will perform a qualitative security assessment of safetyrelated CCAM services featured by the EU-funded project 5G-CARMEN, with the final aim of highlighting the delicate interplay between functional and security requirements

    Blockchain Based RAN Data Sharing

    No full text
    Providing seamless connectivity and services across national borders are intricate challenges with multifarious underlying aspects, ranging from the network management to business and political considerations. Since the cross-border inter-Public Land Mobile Network (PLMN) network handover is currently not available in European cellular networks, we present a complementary approach, diminishing the connectivity gap to a minimum. By leveraging Distributed Ledger Technology (DLT), we establish a dynamic, secure data exchange and management solution between several Mobile Network Operators (MNOs) of different countries. Systematically integrating foreign cell and base station parameter (i.e., Radio Access Network (RAN) data) of border regions into the internal network management systems permits their usage in standardized Mobility Management procedures. We demonstrate that this type of collaboration on the interMNO network governance considerably improves the network quality and customer experience when crossing national borders. Since foreign RAN data is also required for the inter-PLMN network handover (and can serve many additional purposes) and provided that our solution is not relying on any specific mobile network technology generation (e.g., 4G or 5G), we conclude that it is a fundamental step towards an inter-MNO ecosystem beyond 5G
    corecore