What we want to do?
The blog post proposes procedures to analyze architectures and applications that are based on clients, server and cloud technologies to find vulnerabilities with the goal to increase security.
Who are the unknowns?
Web Desktop Systems (WDS) are based on web technologies that distribute their parts over clients and servers with clients that provide simple versions of an operating system and installed browsers. The server part integrates cloud computing and cloud storage technologies.
Cover our main idea.
The main idea is to transform a common WDS environment to a more secure environment by using a way that is divided into single phases to split the whole process into small pieces that can be handled more easily. The approach visualizes strategies against security issues to increase security with the help of a predefined rule set. Use that set to handle transform strategies and execute phases that can be processed separately similar transforming objects to executable pieces.
Let’s start with the phase model. It’s very simple to use.
Formula 1 explains a mathematical abstraction of the proposed phase model. In is the current security issue that has to be localized and handled. Rn is a single element from the defined rule set. The optimal case is the elimination of the issue In while applying the rule set element Rn. Sgescovers all issues and approximate the best security transformation of all issues that were handled and eliminated. Formula 2 shows the range of all security issues nmax that exists and must be processed.
Step 1: Preparation Phase
The aim of this phase is the definition of the areas in which we want to examine the architecture and functionality of the application. Define a rule set and transformation strategies, visualize how it would be accomplished and propose appropriated methods to finalize it.
Include technical aspects and indicate appropriate search phrases to cover all important technical parts. Prepare metrics like LOC to get the amount of source code lines and cyclomatic complexity to cover complexity and get details about the structure. Figure out operational tools like TCP/IP Sniffer e.g. Wireshark® which are helpful to localize insecure vulnerabilities.
According to these findings define a rule set for transformation of vulnerabilities to ensure security. A target that will be covered is transfer data to the cloud. Study encryption on the client and server side. Look for sections that are used to send data that are a potential risk to compromise data. The following part shows an example to store documents to Amazon S3® to cover a real live scenario:
Important vulnerable application part:
Use as example the important application unit to transfer data to the cloud and the storage system. Think about the possibility to attack that part and how can an unauthorized person get access to sensitive data and entries? If data was stored in clear text form a hacker can access all data or a part of information without any protection. To prevent this kind of access store data encrypted with a proper algorithm. Now, the task is to find a mechanism to mitigate that risk and create a rule set entity that matches the current behavior and can be used for similar risks in the future. See Table 1which shows a possible entry.
Create rule set entity that matches the vulnerability:
Amazon S3 provides a process that handles encrypted exchange of data between client and server. A request-header covers encrypted exchange of data that will be transferred between client and cloud service.
|R2||Specifying Server-Side Encryption using the AWS SDK for PHP||Use request-header x-amz-server-side-encryption that handles encrypted exchange of data between client and cloud service.|
Table 1 Rule set entity
Step 2: Analysis Phase
The aim of the analysis phase is to find security issues depending on the code structure. After scanning the architecture order all findings in descending sequence to start with the important one.
To get information cover technical environments and determine all facts specified in the preparation phase. Find critical fragments with code reviews that are interesting like the cloud service on the server side. These are parts that are not in the user space and managed by the provider.
Recognize procedures that will be used to optimize the technical structure and prepare techniques for the action phase. For instance, intercept all outgoing and incoming request headers that were exchanged between client instances and cloud components. Search for critical vulnerabilities and evaluate the way how data is processed during a request.
Source code part: StoreObjects.php
Process all important areas that have been specified in the “Preparation Phase”. Listing 1 shows a source code part that stores entities in the cloud. The method create_object is called with a bucket name testbucket, the name of the file testfile.txt and some optional parameters like body, acl and contentType. All body data testdata will be stored in plain text and can be read by a hacker that gets unauthorized access. Now, step to the “Action Phase” that handles this vulnerable source part.
Step 3: Action Phase
The objective of this phase is the transformation of vulnerabilities which were found in the analysis phase. Therefore the action phase reduces security issues by a defined rule set from the preparation phase. At the end of the action phase all detected vulnerabilities will be covered.
Select critical parts and implement technical code fragments to eliminate security vulnerabilities. An example could be the encryption of data to the server through a secure connection. Similar hackers in web development that get unauthorized access to resources in cloud storages data can be compromised too. A possible scenario is to steal server credentials and hack into to get server access.
Apply rule set Entity: R2: Specifying Server-Side Encryption using the AWS SDK for PHP
To encrypt data add the parameter encryption (see Listing 2) with the value AES256 that set the x-amz-server-side-encryption request header to store the file secure. After that change, it is necessary to check if the modification does not bring the application in an instable status. Now, step to the “Validation Phase” to ensure the stability of the application.
Step 4: Validation Phase
The aim of this phase is ensure architecture consistency during every transformation. Guarantee that every change works as expected and validate all enclosed components. Loose parts have to work separate and through their interfaces as integration. Run unit tests to ensure functionality of separate single code fragments and cover consistency of multiple components.
Scenarios could be either exchange of data between applications that run on the client and the transfer of data to server components. That includes cloud computing and storage with can be used to execute programs and store data.
Testing Tool: PHPUnit
To validate change use test cases and check if the modification runs as expected. The first test case testHeaders validates the request headers and check against the new x-amz-server-side-encryption header if it was set to AES256. The second test case testRetrieveObjects covers the data that was stored and validate the correct data type, format and value that was retrieved.
Each phase of the transformation model concentrates on increasing security and eliminating vulnerabilities. Collect suitable information about code artifacts before transforming it. Always ensure validation of functionality while updating code fragments and cover revert strategies to get an opportunity for role back scenarios in case of incorrect transformation.
Make your life easier.
Use that transformation model as a pattern structure to cover the complexity of current web architectures that includes WDS like “Google Chrome OS®” and cloud services like “Amazon EC2®” and “Eucalyptus Cloud®”. Integrate technologies like cloud computing and storages that manage more computing cycles and storage outside the traditional resources that locate in the basement of companies that manage their own hardware. Handle each part of the whole structure and the communication between each other. Fill every phase with proper single methods – e.g. rule set entities – that fit perfect the current architecture object and integrate that model as helping pattern for your daily work.