André van Cleeff

Security Implications of Virtualization: A Literature Study

Server virtualization is a key technology for todays data centers, allowing dedicated hardware to be turned into resources that can be used on demand.However, in spite of its important role, the overall security impact of virtualization is not well understood.To remedy this situation, we have performed a systematic literature review on the security effects of virtualization. Our study shows that, given adequate management, the core virtualization technology has a clear positive effect on availability, but that the effect on confidentiality and integrity is less positive.Virtualized systems tend to lose the properties of location-boundedness, uniqueness and monotonicity.In order to ensure corporate and private data security, we propose to either remove or tightly manage non-essential features such as introspection, rollback and transfer.

Two methodologies for physical penetration testing using social engineering

Penetration tests on IT systems are sometimes coupled with physical penetration tests and social engineering. In physical penetration tests where social engineering is allowed, the penetration tester directly interacts with the employees. These interactions are usually based on deception and if not done properly can upset the employees, violate their privacy or damage their trust toward the organization and might lead to law suits and loss of productivity. We propose two methodologies for performing a physical penetration test where the goal is to gain an asset using social engineering. These methodologies aim to reduce the impact of the penetration test on the employees. The methodologies have been validated by a set of penetration tests performed over a period of two years.

External Insider Threat: A Real Security Challenge in Enterprise Value Webs

Increasingly, organizations collaborate with other organizations in value webs with various arrangements, such as outsourcing, partnering, joint ventures, or subcontracting. As the Jericho Forum (an industry consortium of the Open Group) observed, in all these forms of collaboration, the boundaries between organizations become permeable and, as a consequence, insiders and outsiders can no longer be neatly separated using the notion of a perimeter. Such organizational arrangements have security implications because individuals from the value web are neither outsiders nor completely insiders. To address this phenomenon this paper proposes a third set of individuals, called External Insiders. External insiders add challenges to the already known insider threat problem because, unlike outsiders, external insiders have granted access and are trusted; and, unlike traditional insiders, external insiders are not subjected to as many internal controls enforced by the organization for which they are external insiders. In fact, external insiders are part of two or more organizational control structures, and business-to-business contracts are often insufficiently detailed to establish security requirements at the level of granularity needed to counter the threat they pose.

A risk management process for consumers: the next step in information security

Simply by using information technology, consumers expose themselves to considerable security risks. Because no technical or legal solutions are readily available, and awareness programs have limited impact, the only remedy is to develop a risk management process for consumers. Consumers need to understand the IT risks they face, and decide how to deal with them in an iterative and structured manner: implement technical mitigations, alter their behavior or simply accept the risks. Such a process is feasible: enterprises already execute such processes, and time-saving tools can support the consumer in her own process. In fact, given our societys emphasis on individual responsibilities, skills and devices, a risk management process for consumers is the logical next step in improving information security information security.

Integrated assessment and mitigation of physical and digital security threats: Case studies on virtualization

Virtualization is one of the enabling technologies of cloud computing. It turns once dedicated physical computing resources such as servers into digital resources that can be provisioned on demand. Cloud computing thus tends to replace physical with digital security controls, and cloud security must be understood in this context. In spite of extensive research on new hardware-enabled solutions such as trusted platforms, not enough is known about the actual physical-digital security trade-off in practice. In this paper, we review what is currently known about security aspects of the physical-digital trade-off, and then report on three case studies of private clouds that use virtualization technology, with the purpose of identifying generalizable guidelines for security trade-off analysis. We identify the important security properties of physical and digital resources, analyze how these have been traded off against each other in these cases, and what the resulting security properties were, and we identify limits to virtualization from a security point of view. The case studies show that physical security mechanisms all work through inertness and visibility of physical objects, whereas digital security mechanisms require monitoring and auditing. We conclude with a set of guidelines for trading off physical and digital security risks and mitigations. Finally, we show how our findings can be used to combine physical and digital security in new ways to improve virtualization and therefore also cloud security.

Future consumer mobile phone security: A case study using the data-centric security model

Consumer mobile phone security requires more attention, now that their data storage capacity is increasing. At the same time, much effort is spent on data-centric security for large enterprises. In this article we try to apply data-centric security to consumer mobile phones. We show a maturity model that can be used as a roadmap for improving their security. Additionally, several shortcomings of the data-centric approach are discussed.

Realizing Security Requirements with Physical Properties: A Case Study on Paper Voting

Well-established security models exist for testing and proving the logical security of IT systems. For example, we can assert the strength of cryptographic protocols and hash functions that prevent attackers from unauthorized changes of data. By contrast, security models for physical security have received far less attention. This situation is problematic, especially because IT systems are converging with physical systems, as is the case when SCADA systems are controlling industrial processes, or digital door locks in apartment buildings are replacing physical keys. In such cases, it is necessary to understand the strengths, weaknesses and combinations of physical and digital security mechanisms. To realize this goal, we must first learn how security requirements are realized by the physical environment alone and this paper presents a method for analyzing this, based on the KAOS requirements engineering framework. We demonstrate our method on a security-critical case, namely an election process with paper ballots. Our analysis yields a simple ontology of physical objects used in this process, and their security-relevant properties such as visibility, inertness and spatial architecture. We conclude with a discussion of how our results can be applied to analyze and improve the security in other processes and perform trade-off analysis, ultimately contributing to models in which physical and logical security can be analyzed together.

Engineering Security Agreements Against External Insider Threat

Companies are increasingly engaging in complex inter-organisational networks of business and trading partners, service and managed security providers to run their operations. Therefore, it is now common to outsource critical business processes and to completely move IT resources to the custody of third parties. Such extended enterprises create individuals who are neither completely insiders nor outsiders of a company, requiring new solutions to mitigate the security threat they cause. This paper improves the method introduced in Franqueira et al. 2012 for the analysis of such threat to support negotiation of security agreements in B2B contracts. The method, illustrated via a manufacturer-retailer example, has three main ingredients: modelling to scope the analysis and to identify external insider roles, access matrix to obtain need-to-know requirements, and reverse-engineering of security best practices to analyse both pose-threat and enforce-security perspectives of external insider roles. The paper also proposes future research directions to overcome challenges identified.