Cloud tenant threats
Threats to tenants may come from a cloud provider (insider threats)
or another tenant (co-tenant threats).
Insider threats (from a cloud provider):
- OpenStack services misconfiguration may lead to EoP.
- A failure in maintenance. For example, not wiping disks on nodes
between re-allocations may lead to Information Disclosure.
- Improper configuration of security services or turning them off
when high loaded. For example, disabling rules and taking protocols
out of scan by IDPS may lead to missing an attack (EoP).
- Connecting VMs to the management network may lead to
Information Disclosure and, as a result, EoP.
To mitigate the insider threats in two ways:
- Contractually - negotiate agreements related to privacy, security,
and reliability, even though, it may increase costs (Information Disclosure).
- Cryptographically - encrypting data on a cloud storage and when
transferring through the network channel (Information Disclosure).
- Isolate the management network from tenants’ networks
(Information Disclosure, EoP).
Co-tenant threats:
- Another tenant might try to escape a VM and take over the host (EoP).
- Getting access to shared resources such as storage, network, and so on
(EoP, Information Disclosure, Availability, Tampering).
- Another tenant might be taken over to run a DoS attack
(EoP, Spoofing, DoS).
- Brute-force and dictionary attack (EoP).
- Shared cloud provider’s infrastructure such as:
- A shared mail service may lead to spear-phishing attacks from
one tenant to another (Spoofing),
- A shared DNS service may led to DNS poisoning attack (Spoofing, Tampering)
- A shared Web service such as cloud admin web interfaces may be a source
of XSS, CSRF, SQL injection, and so on attacks. (EoP)
To mitigate co-tenant threats:
- Provide cloud separation. Use Host Aggregation and Availability Zones
to separate VMs with different security level. (EoP, Tampering,
Information Disclosure, Availability)
- Use nodes from Trusted Computing Pool based on Intel TXT - a technology
designed to harden platforms from the emerging threats of hypervisor attacks,
BIOS, firmware attacks, malicious rootkit installations, or other
software-based attacks (EoP).
- Brute-force protection. Lock out an attacker’s logins after repeated
failures (EoP).
- Change default passwords (EoP).
- Use network IDPS to monitor and detect anomalies in management and tenants
networks (Information Disclosure, EoP).