System-Centric Security

Security Threat Landscape

The notion of system in ICT is notably so generic to be suitable to denote almost everything that is based on software components. The system is widely used as a synonym of Operating System (OS), or in general, software that enables applications to take advantage of the computation connectivity and storage capabilities of the hardware. Due to their centrality, their role in some crucial security features (e.g., authentication), and their complexity, OSs were a preferred target of many disruptive attacks in the past (e.g., Code Red exploiting IIS buffer overflow, Sasser attacking the Local Security Authority Subsystem Service, Snakso Linux server rootkit). Nonetheless, they will have a fundamental role even in the future due to the fact that OSs are increasingly immersed in a more complex environment (e.g., mobile devices, virtualized systems), where their vulnerabilities can be either exacerbated or mitigated and they can become a commodity for applications (e.g.,  containerization of applications). Linux OS, for instance, is deeply involved in complex environments such as IoT.

Assets

Assets can be categorized into 6 different classes as follows:

  • Data – In modern systems architectures, data represent an important asset. For instance, in the case of virtualization, it refers to data exchange strategy (i.e., at the hypervisor, VMM, and management level) or virtual machine/device/container image file data format (Guest machines, virtual devices). In the case of cloud, it refers to the data exchange channel between cloud components, or how their configurations are stored and protected at rest.
  • Infrastructure – It includes all the services aimed to guarantee access to the physical world, including virtualized storage infrastructure and virtualized networking infrastructure, but also access to memory and computation resources. At the level of cloud, it mainly refers to services for datastore provisioning and networking provisioning.
  • Middleware – It comprises all the intermediate software layers that characterized modern software systems, from cloud SaaS to hypervisors and host machines.
  • Management – It refers to all management components keeping the entire system monitored for a number of purposes from performance to traceability and security. It includes VMM, management server and console at the virtualization layer and cloud management components.
  • Security mechanisms – It refers to all security techniques that are the target for an attacker. These represent the interesting components that would result for instance in unauthorized access to the system if compromised.  For instance, the cloud/virtualization access control mechanisms preserving the multitenancy of the platform, as well as service-level security components for channel integrity and confidentiality.
  • Roles – it includes human resources and related assets. Cloud tenants and privileged users are the most important roles.

Data assets can be summarized as follows:

  • In transit – It is associated with services that provide functionalities for data encapsulation and exchange between components/layers.
  • At rest – It is associated with services that provide abstractions of storage services.
  • Virtual file format – The file format used to encapsulate the virtualized environment at the file system level.
  • Credentials/configurations – Files that are fundamental to set up working infrastructure at virtualization and cloud levels, and to set up authorization and authentication across the set of services.

Infrastructure assets can be summarized as follows:

  • Network – Based on the concept of SDN for the virtualization environment. It shows specific peculiarities and shares the basic functions as in the physical network.
  • Virtualized storage – Abstraction of the real storage offered as a service in the cloud and virtualized as needed.
  • Compute nodes – Specific cloud nodes that offer computation capabilities as a service.

Middleware assets can be summarized as follows:

  • Hypervisors – Middleware enabling virtualization. It offers basics functionalities and has a central role in offering security features such as isolation.
  • Host machines – OSs mounted on the host (physical) machine.
  • Platforms – The service platforms used as containers for the cloud services offered to the users or internally to support cloud functionalities.

Management assets can be summarized as follows:

  • VMM – A crucial component in virtualization that permits VM monitoring and inspections.
  • Management/Server console – Similar to VMM at the cloud service level. Crucial to keep the Cloud platform under control and to monitor user activities to maintain efficiency.
  • Audit/log engine – Cloud/virtualization components for auditing and log inspection. In the cloud, these assets are based most of the time on third parties’ tools.
  • Assurance tool – Tools to verify the correctness of the adopted security/privacy mechanisms.

Security mechanisms assets can be summarized as follows:

  • Infrastructure – Refers to the security of the distributed system at all levels from the virtualized environment towards the cloud architecture.
  • Access control/authorization – Refers to services offering authentication among cloud components. It is also offered at the virtualization level to handle resources.
  • Channel integrity and confidentiality – Services that allow internal channel confidentiality and integrity.

Roles assets can be summarized as follows:

  • Administrator – In cloud and virtualization, the hierarchy of administrative privileges is very fine-grained and spans all the services at all the layers.
  • Tenant – In the framework of a shared environment, a tenant is a Cloud service client that has a specific set of administrative privileges.

We note that most of the categories and sub-categories in the above tables are still relevant for generic systems. For example, OS, a very typical and common resource in every enterprise infrastructure, shares security concerns with the virtualized ones except for some peculiarities of the virtual environment (e.g., OS escape attacks).  On the other hand, leakages at OS level in most of the cases apply also to virtualized OSs.