Embed Size (px)
DESCRIPTION
Explaining Cloud security issues using "Security Wars" theory
Citation preview
Cloud Security WarsCloud Security Wars
Ikuo Takahashi
1
15
A long time agoin a network far ,far away
The word “hacker”used to be a respectful word for the master of
computer.However many hackers fell into the Dark World led by dark side of their
power-anger, exhibitionism and temporary joy. Internet has been messed up by the unprecedented
attacks from people who covet the Internet by lust, people who impose on others for economic interests, people who
juggle with the bot. This "Saga" is about the epic of the battle with the society, Engineers who crossed the line of social
activity, and ISP who stand up against the messed up Internet.
………………..
ハッカー
は、選ばれし者。
多数の者が、怒り、自己顕示欲、楽しみのために堕ちていった。
社会は、暗黒の技術者と永遠の初心者からネットワー
クを
守る決心をした。
2
Security Wars Theory
• Every Information Security issue can be explained by analogy of Star Wars
• Balance of “Force”-Hacker power
• Light side• Efficiency• Scalability
• Dark side• Security• Lack of
responsibility
VirtualizationRemote Computing
3
セキュリティウォー
ズ理論
Factor Analysis of Cloud Computing
Virtualization
Remote
No standard
No location of data
Network Security
Beyond Boundary4
仮想化因子と遠隔因子の影
響
possibility
Loss of governance
jurisdiction
complianceData protection
subpoenaE-discovery
1 2
Incident response
3 4 5
Quoted form ENISA “ Cloud Computing- Benefits, risks and recommendations for information security”
Risk analysis for Compliant Cloud Computing
5
Compliance/Governance Issues
No standard
Under Development
Network Security
Beyond Boundary
Incident Response
Subpoena/Accountability
Loss of Governance
Compliance
Data Protection/Data breach
Jurisdiction6
コンプライアンス問題の位
置づけ
Behind Scenes
Network
Network Security
Beyond Boundary
Sovereign
Privacy ???Human Factor
7
問題の潜在因子
Privacy and Security
Network
Network Security
Beyond BoundaryCompliance
Concern
“Cyber Warfare”
Privacy
Sovereign
Human Factors
Enforcement/Judicial
Jurisdiction
Organised Crime
Hacktivism
Innocent Users
8
プライバシの微妙な役割
Spectrum of Cyber Attack
Cyber crime
Cyber terrorism
Cyber Warfare
natureorganization
armed attack
Damage
State
Damage CI
money
Issues1)private as State
-State Responsibility2)Political motive
vs. Monetary greed
3) Jus in Bello vs.Serious Crime
use of force
攻撃の分布と概念の限界
9
Analysis of “Cyber Warfare”
10
“Cyber Warfare”
Sovereign
Human Factors
Bot Net
Mass Society
Technology
Attribute
Asymmetric
Innocent users
Definition Issue
Privacy
Order 66 vs ”Bot net” Order
• Order 66– Holoscan appeared on the
palm of his gauntlet ”It is time” the holoscan said.”Execute Order Sixty-Six”
– Standing Order Number One was,apparently,Kill Everything That moves.
– Combat droids were equipped with sophisticated self-motivators that kicked in automatically.
• Star Wars ep3 Chapter 18
• Bot net Order– Bot net were equipped to attack
the target by D-Dos or posting spam
– They communicate each other with sophisticated self-motivators that kicked in automatically. They change their using port or protocol in order to hide themselves.
11
ボットオーダー
とオー
ダー66
の類似
Is this WAR?• Presumably
– Start from actual fact.
• definition of “War”– “asymmetric war”– no nation, no blood
• Defend the mass user– Refer; “Wire fraud
recovery Act”
•“Victory?” Yoda echoed with great skepticism.• ”The shroud of the dark side has fallen. Begun,this clone War has!”
•Master Yoda after “War of Geonosis”
12
Asymmetric Warfare
• Definition– war between belligerents whose relative military
power differs significantly, or whose strategy or tactics differ significantly.
• e.g. Guerilla War– Guerrilla warfare is the irregular warfare and
combat in which a small group of combatants use mobile military tactics in the form of ambushes and raids to combat a larger and less mobile formal army.
13
非対称戦争としてのサイバ
ー
戦争
Lack of balance
• No standard to get the information outside the boundary(Criminal, Administrative)
• Very difficult to discuss about privacy vs. security– Defend Innocent users– Prevent innocent users to
be troopers
14
Sovereign
Human Factors
Enforcement/Judicial
Jurisdiction
Organised Crime
Hacktivism
Innocent Users
Privacy
バランスの喪失
Who will bring the balanceof Light side and Dark side?
• “Force” will resolve such problems.– Reveal the “Two Faces of Privacy”
– Framework and industrial standard to get the information outside the boundaries
– Transparent Cloud Defense System
15
バランスをもたらすのは、
ルー
クなのか。
Two Faces of Privacy
• When talking about privacy, people agree that privacy is essential to their life.
• (Japan) MIC had been insisting that ISP’s security activity is infringing secrecy of communication.
• Privacy is least importance between price, function and privacy in actual trade-offs.
• Users reliable person’s security activity is preferable activity.(IPA research)
16
プライバシのトウー
フェイ
ス
Framework and industrial standard
• Cloud Computing Convention Initiative (?)– Information Security Standard all over the world
– Applicable law of privacy
– Industrial Standard for administrative investigation
– Industrial Standard for Forensic research of cloud stored data
– Define the domicile at Civil litigation
– ….17
産業標準と枠組の必要性
Transparent Cloud Defense
• ISP activity– security
– phishing
– inappropriate information
– copyright
• Domain Registrar's take down procedure
18
透明性ある中間防御
ISP’s grief
• Vador didn’t intend to kill Padome.– “I’m very sorry, Lord
Vador.(..) It seems in your anger, you killed her”
• “No…no. it is not possible” (ep3) – Darth Vader
ISPの悲しみ
・言論の自由の制限のつもりはない
・どのように・何を・コストは誰が
Does not intend to regulate “Freedom of
speech” concepts
How to control?What control?Who control?
Who pay for costs?
19
Why Han Solo fight for the peace?
• Han – “I’m not on this mission for
your revolution. Economics interest me, not politics .There’s business to be done under any government.”
• Ep4 Page172
• Cloud security issues are external inefficiencies.
• May the force be with you.
20
フォー
スのご加護を
