Risk management is a fundamental requirement for all major information security frameworks, but there is little practical guidance for implementing a risk management program at small or young organizations. Existing risk management practices require varying levels of staff, expertise, tooling, and time — all expensive — as well as a mature concept of risk, when none of these necessities may be available. Consequently, there is an industry-wide need for a “minimum viable program” that allows organizations to manage risk despite lacking the prerequisites for more full-featured risk management programs. This white paper outlines such a program.
We are pleased to announce our new whitepaper: "Quantifying the Cost of Cloud Security." For this whitepaper, the fourth borne of Leviathan's collaboration with Google to study the security impacts of forced localization laws, we chose to focus on the direct costs to companies of forced localization laws--the actual economic disadvantage inflicted by a country on its businesses when it chooses to require that all data be stored within its borders. As we discussed in our three previous whitepapers on this topic (listed below), the harms of forced localization to data confidentiality, integrity, and availability can be devastating, and this can have significant added economic impact--but we wanted to know how much it costs, on day 1, to cut one's country off from the cloud.
One of our outputs from this research is a visualization that we believe will help to crystallize the issues in play. We've taken all the pricing data from the seven public IaaS providers, along with all the locations of their datacenters, and put them onto a map; anyone can simply select the quantity and type of computer they'd like to use, then see where that type is available--and click on a country to find the pricing, the providers that offer it, and the extra cost of using only providers in that country.
We hope you enjoy, and we look forward to contributing to the public debate on this topic in the future.
For more on our work on cloud security policy, please see http://www.valueofcloudsecurity.com.
We are pleased to announce the release of our three whitepapers on the value of cloud computing as it relates to security issues around data storage, in the areas of data availability, scarcity of expert security talent, and the infrastructure and hardware investment to set up new data storage solutions.
We spent several months exploring the value proposition of storing data in the cloud from a security perspective. We wanted to know whether cloud storage is more or less secure than storing data in a local datacenter, for all the different definitions of secure. We wanted to know whether data can be kept confidential, whether data remains available despite localized outages, whether the supply chains that make maintenance of local data centers can be preserved (and at what cost), and whether companies are able to hire sufficient security expertise to defend their investments in storage.
The three whitepapers are as follows:
- Comparison of Availability Between Local and Cloud Storage - a discussion of the challenges of securing the integrity and availability of data stored in datacenters and the cloud in the face of disasters and other large-scale events.
- Analysis of Cloud vs. Local Storage: Capabilities, Opportunities, Challenges - a discussion of the challenges of hiring sufficient cybersecurity expertise given the current talent pool and educational programs available.
- Value of Cloud Security: Vulnerability - a discussion of the challenges around setting up local data storage, for small, medium, and large enterprises, and a comparison of price data between major local and cloud storage vendors.
More information is available at http://www.valueofcloudsecurity.com.
We would also like to thank the entire project team for this research:
Malware authors apply advanced techniques to execute and hide malicious activity on victim Linux systems. ELF runtime infections are among those techniques; they mutate the memory of a victim process to then modify its workings while maintaining stealth against disk-based forensics.
Previously, analysts had to rely on a clunky methodology to investigate ELF runtime infections; they had to manually locate information and reconstruct the part of the process they wanted to inspect. In this paper I describe my Extended Core File Snapshot (ECFS) format which accurately captures all relevant, in-memory forensic information necessary for an analyst to diagnose common ELF injection attacks. PDF Link
The recent disclosure of a flaw in the TLS protocol specification and the majority of its implementations has spawned wide ranging debate on the seriousness of the vulnerability. Experts weighing in on all sides have deemed this flaw either earthshaking or inconsequential, that it poses either little risk to enterprises or is potentially devastating. This report presents the current state of our research as well as our understanding of the risks posed by the TLS Renegotiation Flaw, its ramifications for enterprise users, and steps that can be taken to mitigate its risk during the current window of vulnerability. PDF Link
An increasing number of websites are providing file upload capabilities to web users, following the success of social networking sites that encourage their user community to upload arbitrary files to be shared with other users of the site. File upload features increase the risk to the hosting site and its users. PDF Link
Reliable exploitation of software vulnerabilities has continued to become more difficult as formidable mitigations have been established and are now included by default with most modern operating systems. PDF Link
During the course of this paper the reader will be (re)introduced to many concepts and tools essential to understanding and controlling native Win32 applications through the eyes of Windows Debugger (WinDBG). PDF Link
This paper describes a technique that can be applied in certain situations to gain arbitrary code execution through software bugs that would not otherwise be exploitable, such as NULL pointer dereferences. PDF Link
The version of the Windows kernel that runs on the x64 platform has introduced a new feature, nicknamed PatchGuard, that is intended to prevent both malicious software and third-party vendors from modifying certain critical operating system structures. PDF Link