This article originally appeared on the TACC website
Last December, a cyber attack on Vtech Holdings, a digital toymaker, exposed the data of 6.4 million children, representing the largest known attack on children to date. As an increasing number of companies begin transitioning to cloud computing — a pool of resources including hardware, software, and other applications accessed via web — the risk of data compromise continues to rise.
From government, to retailers, to the entertainment industry, no one is immune to this type of threat, signifying the need for new and creative methods to prevent attacks.
One group of cybersecurity researchers at the University of Arkansas at Pine Bluff (UAPB), North Carolina AT&T State University, and Louisiana State University are working on novel ways to detect cyber attacks in the early stages. Funded by the National Science Foundation (NSF), the group is developing and testing approaches on cloud computing ecosystems, particularly infrastructure as a service (IaaS) ecosystems, and modeling and visualizing security threats known as multi-stage intrusion attacks (MAS) to better understand how hackers can access and steal data.
“Many organizations are now outsourcing their computing resources to cloud providers, because the overall cost of ownership for such hardware has become considerably more expensive, in terms of skilled IT, support staff, and overall system maintenance,” said Leonardo Vieira, a graduate student at the University of Arkansas at Pine Bluff, and leader of the project at UAPB. “The cloud provides an amazing opportunity for organizations to utilize computing resources on an as-needed basis, without worrying about any of the tangible costs associated with the computing environment.”
“This project’s potential contribution for the cloud computing communities and the United States resides in its potential to enhance detection, prevention mechanisms for MAS in cloud computing environments,” said Jessie Walker, the project’s principal investigator (PI). “This research project by a diverse team has the potential to impact numerous communities that use cloud computing services, such as Dropbox, OneDrive, Owncloud, Microsoft Azure, and even Amazon Cloud computing services.”
According to Vieira, the researchers are digging into how attacks happen and what can be done to stop them with three main research questions: 1) how vulnerable is a cloud infrastructure when an attack comes from the outside of the cloud; 2) how vulnerable is the cloud when the attack comes from the inside of the cloud — virtual machine to virtual machine; and 3) what happens when both of these situations are happening at the same time.
As white hat hackers, or ethical computer security researchers, the team simulates attacks in the cloud using a main server in two research labs, one hosted at the University of Arkansas at Pine Bluff’s CyberSecurity Research, and a second at North Carolina AT&T State University’s lab and virtual machines inside the cloud. They simultaneously run intrusion detection and prevention systems, applications that monitor the network for malicious activity, to understand how large-scale MAS can be detected when an intruder is attempting to hide in everyday network traffic.
One intrusion detection and prevention system that is currently deployed on both campuses is Snort, an open-sourced program used by Department of Defense to monitor and analyze network flow and traffic in real time. An important tool the team utilizes that is commonly used by most hackers and even terrorist groups is Tor, an open source program developed by the U.S. Navy to protect government communications. Tor, attempts to hide a user’s actual location by routing a user’s network traffic through numerous proxy servers across the web.
One long-term goal for the team of researchers is using these experiments to re-engineer intrusion detection systems and make them more effective against MAS.
“We’re creating our own rules on Snort,” said Darius Brown, an undergraduate student and researcher on the team. “These new rules later become open source items, as part of the Snort repository, for other users to download and employ with Snort running on their infrastructure.”
Initially, the researchers created their own cloud computing ecosystems between the two universities, but faced several limitations that slowed their progress. “We had to buy equipment, set it up, and train students which is very time consuming and tedious as far as the infrastructure requirements for our campuses,” Walker said.
Because of the nature of their research, the team also encountered numerous roadblocks attaining the permissions needed to run cybersecurity attacks through their campuses’ cyberinfrastructure.
So Walker and Rajeev Agrawal, co-PI, turned to Chameleon, a new system hosted by the Computation Institute at the University of Chicago and the Texas Advanced Computing Center (TACC). The researchers use Chameleon to set up virtual machines to simulate attacks in the cloud and run intrusion detection systems. They are also using the system to visualize logs, which document the incoming and outgoing traffic on a network. Walker anticipates that visualizing traffic on the cloud will benefit those responsible for maintenance of the cloud system.
As TACC’s first system to focus solely on computer science research, Chameleon enables researchers to develop and experiment with new cloud architectures. “I estimate we save 20 to 30 hours a week using Chameleon because it’s all remote. Researchers, and students can access it anywhere to work on the project,” Walker said.
Led by minority graduate students, the project gives other graduate and undergraduates exposure to real-world problems using cutting-edge technology. “One of the important components of our education experience is exposing our students early on to show them the education they’re gaining is not just theoretical, but has practical value to people’s everyday lives,” Walker said.
The team published several papers and presented their findings at conferences around the world, such as the International Conference of Management of Computational and Collective Intelligence and Digital EcoSystems (MEDES) in Brazil.
While the research is ongoing, the team has already started building partnerships with companies including Oracle, Cisco Systems, and Microsoft. “We are hoping to create something which will give companies a better view of how they can use the cloud and run all the services they want without being so vulnerable,” Vieira said.