Cloud Security
A medium-sized UK advertisement company, called Vertika currently has a server where all the graphic
and multimedia work is permanently stored. This includes work-in progress. The raw material includes
vector graphics and uncut video, which is a necessity to ensure the branding of a client can be
maintained. In the hands of the client or a competitor, these raw files allow clients to stop using
Vertika as a supplier, so ensuring the confidentiality is important. Loss of the raw material would imply
that the branding of the clients cannot be maintained, which would be disastrous for Vertika’s
reputation, and incur financial loss.
Currently, Vertika delivers the final products to the printers via email, or USB sticks if the files are too
large. They have attempted to allow print shops to connect directly to their server, but due to a lack
of a capable security team this led to a serious breach Determined to move away from email and USB,
they have decided to hire a capable security expert (you) to transition the entire system to a public
cloud The workflow of the designers involves working directly on media files that are stored in the
cloud. Vertika’s leadership wants to use this opportunity to simultaneously move administration on
the cloud – this includes HR, finance and corporate strategy related resources
Questions
1 For this question, consider a solution where each of the devices approved by Vertika get an
authentication token K, put on the device by Vertika’s IT department. Possession of this authentication
token is a factor in authenticating to the cloud as an employee – the other part is a valid username
and password.
a) Would you consider this set-up to be a cloud? Why (not)? half page b) On a conceptual
level, how would you authenticate an employee, using his/her username, password, and the
token on their device? With this approach, are you vulnerable to replay attacks, or people
learning the value of K? Why (not)? 1 page
c) Can a disgruntled designer currently employed by Vertika enable a competitor to gain
access to confidential files – in particular, files that the disgruntled designer is authorised to
access? 1 page
d) Describe a process of how an employee that cannot log in can be provided access. 1 page
2 You are tasked with selecting the best cloud provider from a security standpoint – or to recommend
against moving to the cloud, if it cannot be done securely.
a) Which 5 specific security controls do you consider especially important for this system?
Briefly motivate why the control is important for this system. Are each of the 5 security
controls the cloud’s responsibility, your responsibility or both? 2 pages
b) You narrow your choice down to two cloud providers. Cloud provider A has more
accreditations, whereas B is more popular and well-established Cloud provider A claims
ownership of all data uploaded to it, whereas cloud provider B refuses to take responsibility
for data breaches, even if they caused it Cloud provider A has a better defence against denial
of service attacks, whereas cloud provider B offers redundancy over at least 3 data centres.
Which of these two cloud providers would you recommend? 1 page
c) Can you design a (permission based) access control system, encompassing the
administrative systems (HR, finance, etc.) as well as production (the media files)? 1 page
3 Minor changes in a media file (a picture or video) may lead to large changes in the file Effectively,
a designer downloads a design, works on it, and uploads the new design to overwrite the old one. This
may combine well with capability based access control, such as Crypt DAC1 As a spin off project, you
decide to work on a capability-based access control system for storing and editing media on a public
cloud
a) In your capability based access control system, describe the following operations (with
focus on how keys are used): 1) An authorised designer opens a media file, edits it, and
uploads that, and 2) a designer has resigned from their function (and all access is revoked). 2
pages
b) You convince Vertika to use this system. Is it useful to use both this system and the
authentication token from question 1? Why (not)? 1 page
c) If an ex-employee decides to contact the cloud provider, in theory, they could access active
media files by sharing secrets Describe how Presumably, this is unlikely Describe the trust
relevant network (i.e. that your ex employee and your cloud provider will not collude against
you), and provide a formula and a diagram. 1 page
