Magellan Final Report - Office of Science - U.S. Department of Energy
Magellan Final Report - Office of Science - U.S. Department of Energy
Magellan Final Report - Office of Science - U.S. Department of Energy
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Magellan</strong> <strong>Final</strong> <strong>Report</strong><br />
The set <strong>of</strong> controls set out in the FedRAMP document are designated for low and medium baselines. For<br />
the current control baseline, we have a low impact cloud system. Since the focus <strong>of</strong> the FedRAMP document<br />
was on consumers <strong>of</strong> cloud resources rather than producers, we needed to digest the contents <strong>of</strong> the document<br />
from an alternate perspective. As well, since institutional responses to individual control entities are driven<br />
by local requirements, needs, and philosophy, any sort <strong>of</strong> detailed response is well outside the scope <strong>of</strong> this<br />
document. However, at a minimum, the following steps should be taken.<br />
1. A “user” should be a uniquely identifiable entity (such as a user account) where a complete Access<br />
Control, Audit and Accountability process can take place, and who then is granted the right to launch<br />
a VM within their own system context.<br />
2. For pre-vetted instances (where the user is not granted root access), site security controls must be<br />
applied for sections Access Controls (AC), Audit and Accountability (AU), and Identification and<br />
Authentication (IA ) from the NIST 800-53 publication.<br />
3. For non-vetted images, or where the users will be granted root access, active scanning and analysis is<br />
required.<br />
In the same way that the technical aspects <strong>of</strong> computer security are evolving for cloud computing<br />
providers, identifying how this new technology will fit into the current sets <strong>of</strong> security controls remains<br />
an area for exploration.<br />
8.3 Recommended Further Work<br />
There are a number <strong>of</strong> areas that we feel should be addressed to advance the state <strong>of</strong> security on a cloudbased<br />
system like <strong>Magellan</strong>. While many tools and techniques used with typical large multiuser systems can<br />
be applied to cloud-based systems, these tools and techniques would evolve more rapidly through tighter<br />
integration into the cloud-stack s<strong>of</strong>tware.<br />
Further Security Control Automation. Some work was done during the project to integrate the cloud<br />
s<strong>of</strong>tware with automated security systems. Additional work is required in this area. With the dynamic nature<br />
<strong>of</strong> cloud systems, the security controls must evolve to be similarly dynamic and flexible. The integration <strong>of</strong><br />
security policy tools directly into the cloud control s<strong>of</strong>tware would be ideal, as it would allow enforcement <strong>of</strong> a<br />
site’s security policies while the user worked instead <strong>of</strong> being applied after the fact by systems that monitor<br />
for changes. This would also enhance the responsiveness <strong>of</strong> the system. Security setting modifications<br />
could be requested by the user, checked against a site’s policies, and implemented or denied, all in a single<br />
integrated operation.<br />
Enhanced Forensic Capabilities. Due to the ephemeral nature <strong>of</strong> cloud resources, performing forensic<br />
analysis on these virtualized systems is fraught with many challenges, both technical and legal. When<br />
there is a need to analyze a physical system involved in a security incident or crime, the system is usually<br />
taken into evidence. Its storage devices are copied and verified, and those files are then analyzed. The<br />
practice <strong>of</strong> computer forensics is well established, and evidence produced through this analysis is accepted<br />
in courts worldwide. Virtualized systems provide a new twist for computer investigators. Should the need<br />
arise to collect evidence from a virtualized system, the methods and practices are not as clear-cut. Can<br />
the investigator capture an image <strong>of</strong> the virtual disk associated with a given resource, or must they analyze<br />
the physical hardware that underlies the infrastructure Depending on the size <strong>of</strong> the cloud itself and the<br />
underlying s<strong>of</strong>tware, the answer to this question could have widespread effects on the cloud system. If a<br />
portion <strong>of</strong> the physical system must be removed for processing, the resources <strong>of</strong> the cloud could be diminished<br />
significantly. On the other hand, if an investigator captures and analyzes only the virtual disk associated<br />
with a given virtual system, will that satisfy the court Or will the opposing attorneys be able to raise<br />
enough doubt about the evidence in the judge or jury that it may be thrown out<br />
42