Assured Cloud Computing

Digital Forensic Analysis: From Low-Level Events to High-Level Actions  slides | video
Imani Palmer, Computer Science Research Assistant, University of Illinois at Urbana-Champaign
August 31, 2016, 4:00 p.m., 2405 Siebel Center

Abstract: As digital forensic science advances it is important to be able to rigorously determine conclusions drawn from electronic evidence. The process of analyzing digital evidence is based on the individual knowledge of an examiner. This framework will provide examiners with a analysis toolkit, in order to provide a mapping of low-level events to user actions. This framework will handle the analysis phase of the digital forensic investigative process. It will receive information from digital forensic tools. We have implemented various methods for developing these mappings. We evaluate our prototype and discuss the possibility of applying in real-world scenarios.

An Indirect Attack on Computing Infrastructure through Targeted Alteration on Environmental Control  slides | video
Keywhan Chung, Electrical and Computer Engineering Research Assistant, University of Illinois at Urbana-Champaign
September 28, 2016, 4:00 p.m., 2405 Siebel Center

Abstract: With increasing concern of securing the computer infrastructure, massive amount of effort had been put into hardening them. However, relatively less amount of effort had been put into considering the surrounding cyber-physical systems that the infrastructure heavily relies on. In this talk, I present how a malicious user can attack a large computing infrastructure by compromising the environmental control systems in the facilities that host the compute nodes. This talk will cover the study on failures of a computer infrastructure related to problems in the cooling system and demonstrate, using real data, that the control systems that provide chilled water can be used as entry points by an attacker to indirectly compromise the computing functionality through the orchestration of clever alterations of sensing and control devices. In this way, the attacker does not leave any trace of his or her malicious activity on the nodes of the cluster. Failures of the cooling systems can trigger unrecoverable failure modes that can be recovered only after service interruption and manual intervention.

Lateral Movement Detection Using Distributed Data Fusion  slides | video
Atul Bohara, Electrical and Computer Engineering Research Assistant, University of Illinois at Urbana-Champaign
September 28, 2016, 4:00 p.m., 2405 Siebel Center

Abstract: Attackers often attempt to move laterally from host to host, infecting them until an overall goal is achieved. One possible defense against this strategy is to detect such coordinated and sequential actions by fusing data from multiple sources. In this paper, we propose a framework for distributed data fusion that specifies the communication architecture and data transformation functions. Then, we use this framework to specify an approach for lateral movement detection that uses host- level process communication graphs to infer network connection causations. The connection causations are then aggregated into system-wide host-communication graphs that expose possible lateral movement in the system. In order to provide a balance between the resource usage and the robustness of the fusion architecture, we propose a multilevel fusion hierarchy that uses different clustering techniques. We evaluate the scalability of the hierarchical fusion scheme in terms of storage overhead, number of message updates sent, fairness of resource sharing among clusters, and quality of local graphs. Finally, we implement a host-level monitor prototype to collect connection causations, and evaluate its overhead. The results show that our approach provides an effective method to detect lateral movement between hosts, and can be implemented with acceptable overhead.

Cloud Security Certifications: Are They Adequate to Provide Baseline Protection?  slides | video
Carlo Di-Giulio, Library and Information Science Research Assistant, University of Illinois at Urbana-Champaign
October 5, 2016, 4:00 p.m., 2405 Siebel Center

Abstract: Information security certifications, compliance with standards, and third-party assessment are among the most commonly used approaches to reassure potential and current users of cloud computing services. While at least two prominent examples of such certification/audit based security controls exist (i.e ISO/IEC 27001, and SOC2) the US government has created new requirements for Federal Agencies with new regulations and initiatives aimed at improving cloud security services offered by industry. In this presentation we will review and evaluate security controls and procedures required by the Federal Risk Authorization Management Program (FedRAMP) as well as compare FedRAMP to existing certifications for completeness and adequacy. Our research contextualizes the adoption and development of FedRAMP, and offers a big picture of performances of ISO/IEC 27001, SOC2, and FedRAMP, questioning on the level of protection that they provide by comparing them to each other.

Energy-Aware, Security-Conscious Code Offloading for the Mobile Cloud  slides | video
Kirill Mechitov, Computer Science Postdoc, University of Illinois at Urbana-Champaign
October 12, 2016, 4:00 p.m., 2405 Siebel Center

Abstract: Mobile cloud computing (MCC) enables overcoming the energy and processing limitations of mobile devices by leveraging the virtually unlimited, elastic, on-demand resources of the cloud. The increased dynamicity and complexity of hybrid cloud applications making use of both public and private cloud services (e.g., for reasons of privacy and information security) requires open systems that interact with the environment while addressing application-specific constraints, user expectations, and security/privacy policies of multiple systems and organizations. We have developed IMCM, a proof-of-concept implementation of an actor-based framework for mobile hybrid cloud applications. IMCM uses dynamic fine-grained code offloading to achieve significant performance and energy consumption improvements in cloud-backed mobile applications, while respecting specified privacy and security policies. In this talk, we discuss the energy monitoring and estimation aspects of the IMCM framework.

Using Reachability Logic to Verify Distributed Systems  slides | video
Stephen Skeirik, Computer Science Research Assistant, University of Illinois at Urbana-Champaign
November  2, 2016, 4:00 p.m., 2405 Siebel Center

Abstract: Model checking is a method traditionally used to verify distributed systems, but it suffers from the limitation that it requires concrete initial states.  This applies in particular to ACC distributed systems, where verification efforts so far have mostly used model checking.  To gain higher levels of assurance, deductive verification, not for some concrete initial states, but for possibly infinite sets of initial states, is needed. In this presentation, we describe a recently developed logic, reachability logic, and show how it can be used to deductively verify distributed systems over a possibly infinite number of initial states. We conclude by examining what work has already been done and possible future directions, with special emphasis on deductive verification of ACC systems.