Date post: | 15-Jan-2017 |
Category: |
Documents |
Upload: | cecil-thornhill |
View: | 178 times |
Download: | 2 times |
Secure File Management Using the Public Cloud AMastersinCybersecurityPracticumProject
CecilThornhill
ABSTRACT
TheProjectexploresthehistoryandevolutionofdocumentmanagementtoolsthroughtheemergenceofcloudcomputinganddocumentsthedevelopmentofabasiccloudcomputingwebbasedsystemforsecuretransmissionandstorageofconfidentialinformationonapubliccloudfollowingguidanceforfederalcomputingsystems.
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page2of46
Introduction ................................................................................................................ 3
Background of the Driving Problem – Ur to the Cloud .................................................. 3
The Cloud in Context – A New Way to Provide IT ......................................................... 7
Cloud Transformation Drivers ...................................................................................... 8
The Federal Cloud & the Secure Cloud Emerge .......................................................... 10
Designing a Project to Demonstrate Using the Cloud .................................................. 13
Planning the Work and Implementing the Project Design ........................................... 15
Findings, Conclusions and Next Steps ......................................................................... 32
References ................................................................................................................. 34
Source Code Listings .................................................................................................. 39
Test Document .......................................................................................................... 46
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page3of46
Introduction ThispaperdescribesthedesignanddevelopmentofasystemtosupporttheencryptedtransferofconfidentialandsensitivePersonallyIdentifiableInformation(PII)andPersonalHealthcareInformation(PHI)toacommercialcloudbasedobjectstoragesystem.ThisworkwasundertakenasaPracticumprojectfortheMastersinCybersecurityprogram,andassuchwasimplementedwithinthetimelimitsofasemestersessionandwascompletedbyasingleindividual.Thisprototyperepresentsabasicversionofaweb-basedsystemimplementedonacommercialcloudbasedobjectstoragesystem.TheprototypedemonstratesanapproachtoimplementationsuitableforusebygovernmentorprivatebusinessforthecollectionofdatasubjecttoextensiveregulationsuchasHIPAA/HiTechhealthcaredata,orcriticalfinancialdata.Ageneralreviewofthecontextofthesubjectareaandhistoryofdocumentmanagementareprovidedbelow,alongwithareviewoftheimplementationefforts.Findingsandresultsareprovidedbothfortheimplementationeffortsaswellastheactualfunctionofthesystem.Duetotherestrictedtimeavailableforthisproject,thescopewaslimitedtofittheschedule.Onlybasicfeatureswereimplementedperthedesignguidancedocumentedbelow.Toexplorefutureoptionsforexpansionoftheprojectseveralexperimentsdesignedtofurtheranalyzethesystemcapacityandperformanceareoutlinedbelow.Theseoptionsrepresentpotentialfuturedirectionstofurtherexplorethisaspectofsecuredeliveryofinformationtechnologyfunctionsusingcloud-basedplatforms.
Background of the Driving Problem – Ur to the Cloud Theneedtoexchangedocumentscontainingimportantinformationbetweenindividuals,andenterprisesisauniversalnecessityinanyorganizedhumansociety.Sincetheearliesthighlyorganizedhumanculturesinformationaboutbothprivateandgovernmentactivitieshasbeenrecordedonphysicalmediaandexchangedbetweenparties1.Variousprivateandgovernmentcourierswereusedtoexchangedocumentsintheancientandclassicalworld.IntheWest,thispracticeofprivatecourierservicecontinuedafterthefallofRome.TheCatholicChurchactedasaprimaryconduitfordocumentexchangeandwasitselfaprimeconsumerofdocumentexchangeservices2.IntheWest,aftertherenaissancethegrowthofboththemodernnationstateandtheemergenceofearlycommerceandcapitalismwerebothdrivenbyandsupportiveofthegrowthofpostalservicesopentoprivateinterest.Theneedsofcommercequicklycametodominatethetraffic,andshapetheevolutionofdocumentexchangeviaphysicalmedia3.IntheearlyUnitedStatesthecriticalroleofpubliclyaccessibledocumentexchangewaswidelyrecognizedbythefoundersofthenewdemocracy.TheContinentalCongressin1775establishedtheUSPostal
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page4of46
Servicetoprovidedocumentcommunicationsservicestotheemergingnewgovernmentpriortothedeclarationofindependence4.Asanewandmodernnationcosteffective,efficientdocumentexchangeservicesfromthenewpostofficewereessentialtothegrowthoftheUSeconomy5.ThegrowthoftheUSasapoliticalandeconomicpowerunfoldsinparallelwiththeIndustrialRevolutioninEnglandandEuropeaswellastheoveralltransitionoftheWesternworldtowhatcanbedescribedasmoderntimes.Newscience,newindustryandcommerceandnewpoliticalurgenciesalldrivethedemandforthetransmissionofdocumentsandmessagesineverfasterandmorecosteffectiveforms6.ItiswithinthisacceleratingtechnicalandcommerciallandscapethatthedigitalageisbornintheUSwhenSamuelMorsepubliclyintroducesthetelegraphtotheworldin1844withthefamousquestion“WhatHathGodWrought?”sentfromtheUSCapitoltothetrainstatininBaltimore,Maryland7.Morse’sdemonstrationwastheresultofyearsofexperimentandeffortbyhundredsofpeopleinscoresofcountries,buthascometorepresentthesingularmomentofcreationforthedigitaleraandmarksthebeginningofthestruggletounderstandandcontroltheissuesstemmingfromdocumenttransmissioninthedigitalrealm.Alloftheissueswefaceemergefromthistimeforward,suchas:
• Translationofdocumentartifactscreatedbypeopleintodigitalformatsandthecreationofhumanreadabledocumentsfromdigitalintermediaryformats.
• Thenecessitytoauthenticatetheoriginofidenticaldigitaldatasetsandtomanagethereplicationofcopies.
• Theneedtoenforceprivacyandsecurityduringthetransmissionprocessacrosselectronicmedia.
Manyoftheseproblemshavesimilarcounterpartsinthephysicaldocumentexchangeprocess,butsomesuchastheissueofanindefinitenumberofidenticalcopieswerenovelandalltheseissuesrequiredifferingsolutionsforaphysicalordigitalenvironment8.Thetelegraphwasremarkablesuccessfulduetoitscompellingcommercial,socialandmilitaryutility.AsDuBoffandYatesnoteintheirresearch:“By1851,onlysevenyearsaftertheinaugurationofthepioneerBaltimore-to-Washingtonline,theentireeasternhalfoftheUSuptotheMississippiRiverwasconnectedbyanetworkoftelegraphwiresthatmadevirtuallyinstantaneouscommunicationpossible.Bytheendofanotherdecade,thetelegraphhadreachedthewestcoast,aswell9,10“.ThereachofthetelegraphwentwellbeyondthebordersoftheUS,oreventheshoresofanyonecontinentby1851.ThatsameyearQueenVictoriasentpresident
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page5of46
BuchannanacongratulatorytelegramtomarkthesuccessfulcompletionoftheAnglo-Americantransatlanticcableproject11.Digitaldocumentsnowhadglobalscope,andthemoderneraofdocumentexchangeandmanagementhadtrulyarrived.TheUSCivilwarwouldbelargelyshapedbythetechnicalimpactofthetelegraphandrailroad.BoththeNorthandSouthruthlesslyexploitedadvancesintransportationandcommunicationduringtheconflict12.Centralizationofinformationmanagementandtheneedtoconfidentiality,integrity,andavailabilityallemergedasissues.Technicaltoolslikeencryptionrapidlybecamestandardapproachestomeetingtheseneeds13.Thepatternsoftechnicalutilizationduringthewarprovidedamodelforfuturecivilgovernmentandmilitaryuseofdigitalcommunicationsandfordigitaldocumenttransmission.Thegovernment’susepatternsthenbecamealessoninthepotentialforcommercialuseofthetechnology.VeteransofthewarwentontoutilizethetelegraphasanessentialtoolinpostwarAmerica’sbusinessclimate.RapidcommunicationandafasterpaceinbusinessbecamethenormastheUSscaledupitsindustryinthelate19thcentury.Trackingandmanagingdocumentsbecameanever-increasingchallengealongwithotheraspectsofmanagingthegrowingandgeographicallydiversebusinessenterprisesemerging.Bytheturnofthe20thcenturythetelegraphprovidedathrivingandvitalalternativetothephysicaltransmissionofmessagesanddocuments.Mostmessagesanddocumentstobesentbytelegraphwereeitherentereddirectlyasdigitalsignalssentoriginallybytelegraphy,ortranscribedbyahumanwhoreadandre-enteredthedatafromthedocument.However,allofthemodernelementsofdigitaldocumentcommunicationexistedandwereinsomeformofuse,includingthethenunder-utilizedfacsimileapparatus14.Asthe20thcenturyprogressestwomore19thcenturytechnologieswhichwouldcometohaveamajorimpactondocumentinterchangeandmanagementwouldcontinuetoevolveinparallelwiththetelegraph:mechanical/electroniccomputationandphotography.MechanicalcomputationtracingitsoriginfromBabbage’sAnalyticalEnginewouldcometobeindispensibleintabulatingandmanagingthedataneededtorunanincreasinglyglobaltechnicalandindustrialsociety15.Photographynotonlyprovidedanewandaccuraterecordofpeopleandevents,butwiththedevelopmentoffinegrainedfilmsinthe20thcentury,microfilmwouldcometobethechampionofhighdensitydocumentandhenceinformationstoragemedia.Despitesomequalitydrawbacks,thesheercapacityandover100-yearshelflifeofmicrofilmmadeitveryattractiveasadocumentstoragetool.Bythe1930’smicrofilmhadbecomethebulkdocumentstoragemediumofchoiceforpublicationsandlibrariesaswellasthefederalgovernment16.
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page6of46
TheexperiencewithearlyelectroniccomputersinWorldWarIIandfamiliaritywithmicrofilmmademergingthetwotechnologiesappearasanaturalnextsteptoforwardthinkers.In1945VannevarBush,thewartimeheadoftheOfficeofScientificResearchandDevelopment(OSRD)wouldproposetheMemex.Memexwasdesignedasanassociativeinformationmanagementdevicecombiningelectroniccomputer-likefunctionswithmicrofilmstorage,butwasnotfullydigitalnorwasitnetworked17.Inmanywaysthisprojectpointedthewaytomoderninformationmanagementtoolsthatwereintroducedinthe1960’sbutnotfullyrealizeduntiltheendofthe20thcentury.Bush,V.,&Think,A.W.M.(1945).TheAtlanticMonthly.As we may think,176(1),101-108.ThecommercialreleaseandrapidadoptionofmoderncomputersystemssuchasthegroundbreakingIBM360inthe1960’s,andseriesofmini-computersystemsinthe1970suchastheDECVAXgreatlyexpandedtheuseofdigitaldocumentsandcreatedthemodernconceptofasearchabledatabasefilledwithdatafromthesedocuments.Thedevelopmentofelectronicdocumentpublishingsystemsinthe1980’sallowedfora“feedbackloop”thatalloweddigitaldatatogobackintoprinteddocuments,generatinganeedtomanagethesenewdocumentswiththecomputersusedtogeneratethemfromthedataanduserinput.Thegrowthofbothelectronicdataexchangeanddocumentscanninginthe1990’s,tobegantoreplacemicrofilm.Manyenterprisesrealizedtheneedtoeliminatepaperandonlyworkwithelectronicversionsofcustomerdocuments.Thedriveformoreefficientandconvenientdeliveryofservicesaswellastheneedtoreducethecostofmanagingpaperrecordscontinuestodrivethedemandforelectronicdocumentmanagementtools.Bythe1990’slarge-scaledocumentmanagementanddocumentsearchsystemssuchasFileNetanditscompetitorsbegantoemergeintothecommercialmarket.Theemergenceoffullydigitaldocumentmanagementsystemsinwidespreadusebytheturnofthe21stcenturybringsthestoryofdocumentmanagementintothepresentday,whereweseeapredominanceofelectronicdocumentsystems,andanexpectationofquickanduniversalaccesstoboththedataanddocumentsasartifactsineveryaspectoflife,includingactivitiesthatareprivate,commercialandinteractionswiththegovernment.AsthedemandforlargeelectronicdocumentmanagementinfrastructuresthescaleofthesesystemsandrelatedITinfrastructurecontinuedtoexpand,placingsignificantcoststressontheenterprise.Therewasaboomintheconstructionofdatacenterstohousetheinfrastructure.Atthesametimethatthephysicaldatacentersforenterpriseswereexpanding,anewmodelofenterprisecomputingwasbeingdeveloped:CloudComputing.
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page7of46
The Cloud in Context – A New Way to Provide IT In1999Salesforcepopularizedtheideaofprovidingenterpriseapplicationsinfrastructureviaawebsite,andby2002AmazonstarteddeliveringcomputationandstoragetoenterprisesviatheAmazonWebServicesplatform.Google,MicrosoftandOracleaswellasahostofothermajorITplayersquicklyfollowedwiththeirownversionofcloudcomputingoptions.Thesenewcloudservicesofferedthespeedandconvenienceofwebbasedtechnologywiththefeaturesofalargedatacenter.Anenterprisecouldleaseandprovisioncloudresourceswithlittletimeandnoinvestmentinupfrontcostsforprocurementofsystemhardware.By2009optionsforcloudcomputingwereplentiful,buttherewasasyetlittlegenerallyacceptedevidenceaboutthereasonsfortheshiftoreventheriskandbenefits18.Whatmadecloudsystemsdifferentfromearliertimeshareapproachesanddatacenterleasingofphysicalspace?Whyweretheymorecompellingthanrentingorleasingequipment?Whileadetailedexaminationofalltheconceptsandconsiderationsleadingtotheemergenceofcloudcomputingisoutsidethescopeofthispaper,thereisabroadnarrativethatcanbesuggestedbasedonpriorhistoricalstudyoftechnologicalchangefromsteamtoelectricityandthentocentralizedgenerationssystems.Whiletheanalogiesmaynotallbeperfect,theycanbeusefultoolsincontextualizingthequestionof"whycloudcomputingnow?"Inthe19thcentury,thedevelopmentofpracticalsteampowerdrovearevolutionintechnicalchange.Thenatureofmechanicalsteampowerwassuchthatthesteamenginewasintrinsicallylocal,asmechanicalpowerishardtotransmitacrossdistance19.Whenelectricalgenerationfirstemergedattheendofthe19thcentury,thefirstelectricalapplicationstendedtoreproducethispattern.Longdistancedistributionofpowerwashardtoachieve,andsomanyfacilitiesusedgeneratorsforlocalpowerproduction20. The nature of electricity was quite different from mechanical power, and so breakthroughs in distribution were rapid. Innovators such as Tesla and Westinghouse quickly developed long distance transmission of electricity. This electrical power distribution breakthrough allowed the rapid emergence of very large centralized power stations; the most significant of these early centers was the Niagara hydroelectric station21. Today, most power is generated in large central stations. Power is transmitted via a complex national grid system. The distribution grid is an amalgam of local and regional grids22. However this was not the end of the demand for local generators. In fact more use of electricity lead to more demand for local generators, but for non-primary use cases such as emergency power, or for alternate use cases such as remote or temporary power supplies23, 24. The way local generation was used changed with the shift to the power grid in ways that can be seen to parallel to shift from local data centers to cloud based data center
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page8of46
operations. Wile it is true that early computers were more centralized since the mid 70's and the emergence of the mini-computer and then micro-computer that came to prominence in the 80's, a much more distributed pattern emerged. The mainframe and mini-computer became the nucleus of emerging local data centers in every enterprise. As Local Area Networks emerged they reinforced the role of the local data center as a hub for the enterprise. Most enterprises in the 1980’s and 90’s had some form of local data center, in a pattern not totally dissimilar to that of early electric generators. As the networks grew in scale and speed, they began to shift the patterns of local computing to emphasize connectivity and wider geographic area of service. When the commercial Internet emerged in the 1990's the stage was set for a radical change, in much the same way that the development of efficient electrical distribution across a grid changed the pattern of an earlier technical system. Connectivity became the driving necessity for en enterprise competing to reach its supply chain and customers by the new network tools. By the turn of the 21st century, firms like Google and Amazon were experimenting with what the came to consider a new type of computer, the Warehouse Scale Computer. By 2009 this was a documented practical new tool, as noted in Google’s landmark paper “The Datacenter as a Computer An Introduction to the Design of Warehouse-Scale Machines”, Luiz André Barroso and Urs Hölzle, Google Inc. 2009. This transition can be considered as similar to the move to centrally generated electrical power sent out via the grid. In a similar manner it will not erase local computer resources but will alter their purpose and use cases25. Aswasthecaseforthechangetomorecentralizedelectricalgeneration,bytheearly21stcenturytherewasconsiderablepressureonITmanagerstoconsidermovingfromlocaldatacenterstocloudbasedsystems.Forbothgeneralcomputingandfordocumentmanagementsystemsthispressuretendstocomefromtwobroadsourcecategories:Technical/ProcessdriversandCostdrivers.Technicaldriversincludethesavingsindeploymenttimeforserversandsystemsatallpointsinthesystemsdevelopmentlifecycle,andcostdriversarereflectedinthereducedoperationalcostsprovidedbycloudsystems26.
Cloud Transformation Drivers Technical and Process drivers also include considerations such as functional performance and flexible response to business requirements. The need to be responsive in short time frames as well as to provide the latest trends in functional support for the enterprise business users and customers favors the quick start up times of cloud based IT services. The wide scope of the business use case drivers goes beyond the scope of this paper, but is important to note.
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page9of46
CostdriversfavoringcloudbasedITservicesaremoreeasilyunderstoodinthecontextofdocumentmanagementasdiscussedinthispaper.MovingtocloudbasedserversandstoragefordocumentmanagementsystemsrepresentsanopportunitytoreducetheTotalCostofOwnership(TCO)oftheITsystems.Thesecostsincludenotonlythecosttoprocurethesystemcomponentsbutalsothecosttooperatetheminamanagedenvironment,controlledbytheenterprise.Evenitappearsthereisnocompellingfunctionalbenefittobeobtainedbytheuseofcloudbasedsystems,thecostfactorsalonearetypicallycompellingasadriverforthedecisiontomovedocumentmanagementsystemsmovefromlocalserversandstoragetothecloud.Asanexampleofthepotentialcostdrivers,AmazonandothervendorsofferanumberofTCOcomparisontoolsthatillustratethecaseforcostsavingsfromcloud-basedoperations.Whilethevendorsclearlyhaveavestedinterestinpromotionofcloudbasedoperations,thesetoolsprovideareasonablestartingpointforan“applestoapples”estimateofcostsforlocalCPUandstoragevs.cloudCPUandstorageoptions.ConsideringthatthenatureofdocumentsystemsisnotespeciallyCPUintense,butisverydemandingofstoragesubsystemsthiscostcomparisonisagoodstartingpoint,asittendstoreducethecomplexityofthepricingmodel.ForpurposesofcomparisonheretheAmazonTCOmodelwillbediscussedbelowtoexaminethestoragecostsimplicationsforasmall(1TB)documentstore.ThedefaultmodelfromAmazonstartswithanassumptionof1TBofdata,thatrequires“hot”storage(fastaccessforondemandapplicationsupport),fullplusincrementalbackupandgrowsby1TBpermonthinsize27.Thisisagoodfitforamodestdocumentstoragesystemandcanbeconsidereda“ballpark”baseline.TotalCostofOwnership.(2016).RetrievedJuly06,2016,fromhttp://www.backuparchive.awstcocalculator.com/Amazon’stoolestimatesthisstoragetocostabout$308,981peryearforlocalSANbackeduptotape.Thetoolestimatesthesamestorageusingthecloudoptioncostabout$37,233forayear.Thecostoflocalhotstoragealoneisestimatedat$129,300forand$29,035forAmazonS3storage.Basedontheauthor’spastexperienceinfederalITdocumentmanagementsystems,theselocalstoragecostsaregenerallywithinwhatcouldbeconsideredreasonablyrelevantandaccurateforaprivateorfederaldatacenterstorageTCOcostranges.Processingcostsestimatesforserversrequiredinthestoragesolutionarealsowithintherangeoftypicalmid-sizetolargedatacentercostsbasedonauthor’sexperienceoverthepast8yearswithfederalandprivatedatacenterprojects.Overall,theAmazontooldoesappeartoproduceestimatesoflocalcoststhatcanbeconsideredreasonablyviableforplanningpurposes.ThisroughandquickanalysisformtheAmazonTCOtoolgivesagoodimpressionofthelevelofcostsavingspossiblewithcloud-basedsystems.ItservesasanexampleofsomeoftheopportunitiespresentedtoITmanagersfacedwithaneedtocontrol
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page10of46
budgetsandprovidemoreservicesforlesscost.Thepotentialtoprovidethesameservicesforhalfto¼thenormalcostoflocalsystemsisveryinterestingtomostenterprisesasawhole.Whenaddedtothecloudbasedflexibilitytorapidlydeployandthefreedomtoscaleservicesupanddown,thesefactorshelpstoexplaintheincreasedpreferenceforcloudbasedITdeployment.Thispreferenceforcloudcomputingnowextendsbeyondtheprivatesectortogovernmententerprisesseekingthebenefitsofthenewcomputingmodelsofferedbycloudvendors.
The Federal Cloud & the Secure Cloud Emerge For the federal customer the transition to Warehouse Scale Computing and the public cloud can be dated to 2011 when the FedRAMP initiative was established. The FedRAMP program is based on policy guidance from President Barack Obama’s 2001 paper titled "International Strategy for Cyberspace” 28 as well as the "Cloud First" policy authored by US CIO Vivek Kundra 29and the “Security Authorization of Information Systems in Cloud Computing Environments “30 memo from Federal Chief Information Officer, Steven VanRoekel. Together these documents framed the proposed revamp of all federal Information Technology systems: In the introduction to his 2011 cloud security memo, VanRoekel provides some concise notes on the compelling reasons for the federal move to cloud computing: “Cloud computing offers a unique opportunity for the Federal Government to take advantage of cutting edge information technologies to dramatically reduce procurement and operating costs and greatly increase the efficiency and effectiveness of services provided to its citizens. Consistent with the President’s International Strategy for Cyberspace and Cloud First policy, the adoption and use of information systems operated by cloud service providers (cloud services) by the Federal Government depends on security, interoperability, portability, reliability, and resiliency. 30“ Collectively,thesethreedocumentsandtheactionstheysetinmotionhavetransformedthefederalcomputinglandscapesince2011andastheprivatesector’suseoflocalcomputinghasbegunarapidshifttotheclouddrivenbycompetitionandthebottomline,intheshortspaceof5yearstheentireparadigmforITinthefederalgovernmentoftheUShasshiftedradically.Itisnotunreasonabletoexpectthatby2020,cloudcomputingwillbethenorm,nottheexceptionforanyfederalITsystem.Thistransitionoffershugeopportunities,butbringsmassivechallengestoimplementsecureinfrastructureinapubliccloudcomputingspace.Functionally,theconversionfromphysicaltoelectronicdocumentshasanumberofengineeringrequirements,butaboveandbeyondthis,therearelegalandsecurityconsiderationsthatmakeanydocumentmanagementsystemmorecomplextoimpalementthanearlierdatabasesofdisparatefacts.Documentsasanentityaremorethanacollectionoffacts.Theyrepresentsocialandlegalrelationshipsand
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page11of46
agreements.Assuchtheauthenticity,integrity,longevityandconfidentialityofthedocumentasanartifactmatter.Thesecurityandprivacyimplicationsofthecontinuedexpansionofelectronicexchangeofdatainconsumerandcommercialfinancialtransactionswasincorporatedintotherules,regulationsandpolicyguidanceincludedintheGramm-Leach-BlileyActof199931.AgoodexampleofthewideswathofsensitivedatathatneedstobeprotectedinbothphysicalandelectronictransactionsisshownintheSensitiveData:YourMoneyANDYourLifewebpagethatispartoftheSafeComputingPamphletSeriesfromMIT.Asthepagenotes:“Sensitivedataencompassesawiderangeofinformationandcaninclude:yourethnicorracialorigin;politicalopinion;religiousorothersimilarbeliefs;memberships;physicalormentalhealthdetails;personallife;orcriminalorciviloffences.Theseexamplesofinformationareprotectedbyyourcivilrights.Sensitivedatacanalsoincludeinformationthatrelatestoyouasaconsumer,client,employee,patientorstudent;anditcanbeidentifyinginformationaswell:yourcontactinformation,identificationcardsandnumbers,birthdate,andparents’names.32“Sensitivedataalsoincludescoreidentitydataasidefromtheinformationaboutanyparticularevent,accountortransaction,personalpreferences,orselfidentifiedcategory.MostusefuldocumentssupportinginteractionsbetweenpeopleandbusinessorgovernmententerprisescontainPersonallyIdentifiableInformation(PII),whichisdefinedbytheGovernmentas:"...anyinformationaboutanindividualmaintainedbyanagency,includinganyinformationthatcanbeusedtodistinguishortraceanindividual’sidentity,suchasname,SocialSecuritynumber,dateandplaceofbirth,mother’smaidenname,biometricrecords,andanyotherpersonalinformationthatislinkedorlinkabletoanindividual.33,"Identitydataisaspecialandcriticalsubsetofsensitivedata,asidentitydataisrequiredtoundertakemostoftheothertransactions,andtointeractwithessentialfinancial,governmentorhealthcareservices.Assuchthisdatamustbeprotectedfromtheftoralterationtoprotectindividualsandsocietyaswellastoensuretheintegrityofotherdatainanydigitalsystem34.InordertoprotectthisPIIdatatheGovernmentthroughtheNationalInstituteofStandards(NIST)definesanumberofbestpracticesandsecuritycontrolsthatformthebasisforsoundmanagementofconfidentialinformation.35Thesecontrolsincludesuchconceptsas:
• Identification and Authentication-uniquelyidentifyingandauthenticatingusersbeforeaccessingPII
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page12of46
• Access Enforcement-implementingrole-basedaccesscontrolandconfiguringitsothateachusercanaccessonlythepiecesofdatanecessaryfortheuser‘srole.
• Remote Access Control-ensuringthatthecommunicationsforremoteaccessareencrypted.
• Event Auditing-monitoreventsthataffecttheconfidentialityofPII,suchasunauthorizedaccesstoPII.
• Protection of Information at Rest-encryptionofthestoredinformationstoragedisks.
Inadditiontotheseconsiderations,manyenterprisesalsoneedtohandledocumentsthatcontainbothPIIandmedicalrecordsordatafrommedicalrecords,orProtectedHeathInformation(PHI).Medicalrecordsbegantobestoredelectronicallyinthe1990’s.Bytheearlypartofthe21stcenturythisgrowthinelectronichealthrecordsresultedinanewsetoflegislationdesigntobothencouragetheswitchtoelectronichealthrecordsandtosetupguidelinesandpolicyformanagingandexchangingtheserecords.TheHealthInsurancePortabilityandAccount-abilityAct(HIPAA)of1996createsasetofguidelinesandregulationsforhowenterprisesmuchmanagePHI36.BuildingonHIPAA,theAmericanRecoveryandReinvestmentActof2009andtheHealthInformationTechnologyforEconomicandClinicalHealthAct(HITECH)of2009addedadditionalpolicyrestrictions,andsecurityrequirementsaswellaspenaltiesforfailuretocomplywiththerules37.TheseregulationsforPHIbothoverlapandaddtotheconsiderationsfordataanddocumentscontainingPII.TheHITEClawincreasedthenumberofcoveredorganizationsor“entities”fromthoseunderthecontroloftheHIPAAlegislations:“Previously,therulesonlyappliedto"coveredentities,"includingsuchhealthcareorganizationsashospitals,physiciangrouppracticesandhealthinsurers.Now,therulesapplytoanyorganizationthathasaccessto"protectedhealthinformation.38”HITECalsoaddedconsiderabledetailandclarificationaswellasnewcomplexityandevenmorestringentpenaltiesforlackofcomplianceordataexposureor“breaches”.UnderHITECabreachisdefinedas:"…theunauthorizedacquisition,access,useordisclosureofprotectedhealthinformationwhichcompromisesthesecurityorprivacyofsuchinformation,exceptwheretheunauthorizedpersontowhomsuchinformationisdisclosedwouldnotreasonablyhavebeenabletoretainsuchinformation.38"TheresultoftheconsiderationsneededtomanagedocumentsthatmightcontainSensitiveData,PIIorPHIoranycombinationoftheseelementsisthatanydocumentmanagementsystemimplementedinprivateorpublicdatacentersmust
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page13of46
implementawiderangeoftechnicalandproceduralstepstooperateinasecuremanner.Protectionofthesecurity,privacyandintegrityofthedocumentsanddatainthosedocumentsbecomesamajorpartofthechallengetodesigning,buildingandoperatinganyinformationsystem.Theseengineeringeffortsareessentialtobusinessoperationshowevertheyalsobecomepartofthecostforanysystem,andassuchcanbeaconsiderableburdenonthebudgetofanyenterprise.
Designing a Project to Demonstrate Using the Cloud Itiswithinthiscontextofprovidingasecuresystemleveragingcloud-basedbenefitsthatthepracticumprojectdescribedinthispaperwasdesigned.ThegoaloftheprojectwastodemonstrateaviableapproachtofollowingthepolicyguidanceasprovidedforfederalITsystems.Toachievethisgoal,thefirststepwastounderstandthecontextasoutlinedinthediscussionabove.Thenextstepwastodesignasystemthatfollowedsoundcybersecurityprinciplesandtherelevantpolicyguidance.Basedonthedemandforelectronicdocumentmanagementinbothprivateandgovernmententerprise,abasicdocumentmanagementsystemwasselectedasthebusinesscasefortheprototypetobedeveloped.Documentmanagementprovidesanopportunitytoimplementsomeserversidelogicfortheoperationoftheuserinterfaceandfortheselectionandmanagementofstoragesystems.Documentmanagementalsoprovidesadrivingproblemthatallowsforclearutilizationofstorageoptions,andthuscandemonstratethebenefitsofthecloudbasedstorageoptionsthatfeatureprominentlyintheconsiderationofcloudadvantagesofbothspeedofdeploymentandlowerTCO.Theseconsiderationswereincorporatedinthedecisiontoimplementadocumentmanagementsystemasthedemonstrationproject.Thescopeofthesystemwasalsoakeyconsideration.Giventhecompressedtimeframeandlimitedaccesstodeveloperresourcesthatareintrinsictoapracticumproject,thefunctionalscopeofthedocumentmanagementsystemwouldneedtobeconstrained.Asasolodeveloper,therangeoffeaturesthatcanbeimplementedwouldneedtobelimitedtothebasicfunctionsneededtoshowproofofconceptforthesystem.Inthiscase,thisweredeterminedtobe:
1. ThesystemwouldbeimplementedontheAmazonEC2publiccloudforthecomputetierofthedemonstration.
2. ThesystemwouldutilizeAmazonS3objectstorageasopposedtoblockstorage.
3. ThesystemwouldbeimplementedusingcommerciallyavailableAmazonprovidedsecurityfeaturesforensuringConfidentiality,IntegrityandAccessibility39.
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page14of46
Dimov,I.(2013,June20).GuidingPrinciplesinInformationSecurity-InfoSecResources.RetrievedJuly09,2016,fromhttp://resources.infosecinstitute.com/guiding-principles-in-information-security/
4. TheserversusedfortheprojectwouldallbeLinuxbased.5. Thesystemwouldfeatureabasicwebinterfacetoallowdemonstrationof
theabilitytostoredocuments.6. ThesystemwouldusePublicKeyInfrastructurecertificatesgenerated
commerciallytomeettheneedtosupportencryptionforbothwebandstoragecomponents.
7. ThewebcomponentsoftheprototypewoulduseHTTPtoenforcesecureconnectiontothecloudbasedserversandstorage.
8. Thesystemwouldutilizeacommercialwebserverinfrastructuresuitableforscalinguptofull-scaleoperationbutonlyasingleinstancewouldbeimplementedintheprototype.
9. Thewebcomponentswouldbeimplementedinalanguageandframeworkwellsuitedtolarge-scaleweboperationswiththeabilitytohandlelargeconcurrentloads.
10. Onlyasingledemonstrationcustomer/vendorwouldbeimplementedintheprototype.
11. ThegroupanduserstructurewouldbedevelopedandimplementedusingtheAmazonEC2consolefunctions.
12. Onlytheessentialadministrativeandusergroupswouldbepopulatedfortheprototype.
13. Theprototypewouldfeatureconfigurablesettingsforbothenvironmentandapplicationvaluessetbyenvironment,files,andAmazonsettingstools.Thecurrentprototypephasewouldnotintroduceadatabasesubsystemexpectedtobeusedtomanageconfigurationinafullyproductionreadyversionofthesystem.
14. DatafilesusedintheprototypewouldbeminimalversionsofXMLfilesanticipatedtobeusedinanoperationalsystem,butwouldonlycontainstructureandminimalIDdatanotfullpayloads.
Inthecaseofanarrowlyscopedprototypesuchasthisdemonstrationprojectitisequallycriticaltodeterminewhatfunctionisoutofscope.Forthissystemthislistincludedthefollowing:
• Thewebinterfacewouldbeleftinabasicstatetodemonstrateproofoffunctiononly.ElaborationandextensionoftheGUIwouldbeoutsidethescopeoftheworkforthisprototypeproject.
• Therewouldbenorestrictiononthedocumentstobeuploaded.Filteringvendoruploadwouldbeoutsidethescopeofworkforthisprototype.
• Testinguploadswithanti-virus/malwaretoolswouldbeoutsidethescopeofthisprototypeproject.
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page15of46
• Securitytestingorrestrictionoftheclientwouldbeoutsidethescopeofthisproject.TheURLtoaccesstheuploadfunctionwouldbeopenfortheprototypeandtheinfrastructureforusermanagementwouldnotbedevelopedintheprototype.
• Loadtestingandperformancetestingoftheprototypewouldbeoutsidethescopeofthisphaseoftheproject.
• NosearchcapacitywouldbeimplementedtoindexthedatastoredintheS3subsystemintheprototypeproject.
Proofofconceptwasthusdefinedas:
A) Theestablishmentofthecloudbasedinfrastructuretosecurelystoredocuments.
B) Theimplementationoftherequiredminimalwebandapplicationserverswiththecoderequiredtosupportuploadofdocuments.
C) Thesuccessfuluploadoftestdocumentstotheprototypesystemusingasecurewebservice.
Whilethescopeoftheprojectmayappearmodestandthenumberofrestrictionsforthephasetobeimplementedinthepracticumcourseperiodannumerous,thesescopelimitationsprovedvitaltocompletionoftheprojectintheanticipatedperiod.Thesubtlechallengestoimplementationofthisproofofconceptfeaturesetprovedmorethanadequatetooccupythetimeavailableandprovidedconsiderablescopeforlearningandvaluableinformationforfutureprojectsbasedoncloudcomputing,asdetailedinthesubsequentsectionsofthispaper.
Planning the Work and Implementing the Project Design Tomovetoimplementation,thenextphaseoftheSoftwareDevelopmentLifecycle(SDLC)therequirementsandscopelimitationslistedabovewereusedtodevelopabasicprojectplanfortheprojectconsistingoftwomainphases:A)Thetechnicalimplementationoftheinfrastructureandcodethroughtoproofofconcept.B)Thedocumentationoftheprojectworkandproductionofthisreport/paper.Theprojectmanagementofanyimplementationprocessforaprojectisacriticalsuccessfactorforanyenterprisenomatterhowlargeofsmall.ThisisverytrueforcloudcomputingprojectsastheyoftenrepresentasignificantdeparturefromexistingITsystemsandprocessedforanenterprise.Thiswasthecaseinthisprojectaswell.WhilenoformalGNATTorPERTchartwasdevelopedfortheprojectplan,astherewasnoneedtotransmittheplantomultipleteammembers,aninformalbreakdown
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page16of46
wasusedtoguidethetechnicalimplementationinanattempttokeepitonschedule:Week1: EstablishtherequiredAmazonEC2accountsandprovisionabasic
serverwithasecuremanagementaccountforremoteadministrationofthecloudsystems.
Week2: ProcuretherequiredPKIcertificatesandthenconfigurethecertificatesneededtosecureaccesstotheservers,andanyS3storageusedbythesystem.ConfiguretheS3Storage.
Week3: ObtainandinstalltherequiredcommercialwebserverandapplicationservertoworktogetherandutilizeasecureHTTPconfigurationforsystemaccess.Implementanylanguageframeworkneededforapplicationcodedevelopment.
Week4: Researchanddeveloptherequiredapplicationcodetodemonstratefileuploadandreachproofofconcept.Createanyrequireddatafilesfortesting.
Weeks5-8: Documenttheprojectandproducethefinalreport/paper.Inpracticethisproposed8weekschedulewouldslipbyabout4weeksduetoabout2weeksofextraworkcausedbythecomplexityandunexpectedissuesfoundinthesystemandcodedevelopmentimplementationandabout2weeksofdelaysinthewriteupcausedbytheauthor’srelocationtoanewaddress.ThesedelaysinschedulearenotatypicalofmanyITprojects.Theyservetoillustratetheimportanceofbothplanningandanticipationofpotentialunexpectedfactorswhenimplementingnewsystemsthatarenotwellunderstoodinadvancebytheteamsinvolved.AllowingslackinanyITschedule,andespeciallythosefornewsystemsiskeytoasuccessfuloutcomeasitallowsflexibilitytodealwithunexpectedaspectsofthenewsystem.TheveryfirsttaskstobeundertakenintheexecutionoftheprojectplanforthisprojectwastoestablishtherequiredAmazonElasticComputeCloud(AmazonEC2)accounts.EC2isthebasiccloudinfrastructureserviceprovidedbyAmazon.Thisserviceprovidesusermanagement,security,systemprovisioning,billingandreportingfeaturesforAmazon’scloudcomputingplatform.Itisthecentralpointforadministrationofanyhostedprojectsuchastheprototypeunderdiscussioninthispaper40.BecausetheauthorwasanexistingAmazoncustomerwithpriorEC2accounts,theexistingidentificationandbillingcredentialscouldbeusedforthisprojectaswell.BothidentityandbillingcredentialsarecriticalcomponentsforthisandanyothercloudbasedprojectonAmazonoranyothercloudvendor.Itisaxiomaticthattheidentityofatleastoneresponsibleparty,eitheranindividualorinstitution,mustbeknownforthecloudvendortoestablishsystemsandaccountsinitsinfrastructure.Thispartyactsasthe“anchor”foranyfuturesecuritychaintobeestablished.The
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page17of46
primaryaccountwillactastheultimatesystemownerandwillberesponsibleforthesystem’suseorabuseandforanycostsincurred.Belowisanexamplehomescreenfortheauthor’sprojectonEC2:
ResponsibilityforcostsistheotherkeyaspectoftheprimaryEC2account.Whilecloudcomputingmayoffercostsavingsbenefits,itisbynomeansafreeservice.EveryaspectoftheEC2systemismonetizedandtrackedingreatdetailtoensurecorrectandcompletebillingforanyfeaturesusedbyanaccountholder.Somebasisforbillingmustbeprovidedatthetimeanyaccountisestablished.InthecaseofthisprojectallexpensesfortheEC2featuresusedwouldbebilledbacktotheauthor’screditaccountpreviouslyestablishedwithAmazon.Inanycloudprojectitisvitalthateachteammembercommittingtoadditionalinfrastructurehavetheunderstandingthattherewillbeabillforeachfeatureused.Amazonandmostcloudvendorsofferanumberofplanningandbudgetingtoolsforprojectingthecostsoffeaturesbeforemakingacommitment.Thisishelpful,butisnotasubstituteforclearlycommunicatingandplanningforcostsinadvanceamongthedevelopmentteammembersandprojectowners,stakeholdersandmanagers.Inthecaseofthisproject,whiletheauthordidreferencethebudgetingtoolstonotecostsestimates,communicationanddecisionsweresimpleduetothesingularteamsize.Belowisanexampleofthebillingreportconsole:
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page18of46
Establishmentofthebasicaccountfortheprojectwas,asindicatedsimpleduetotheauthorhavinganexistingEC2account.Toprovisionaserver,itwasnecessarytodeterminetheconfigurationmostappropriatefortheproject’sneeds,andthendeterminetheAmazonAvailabilityZonewheretheservershouldbelocated.Theserverconfigurationwouldbedecidedbyestimatingtherequiredperformancecharacteristicsneededtohosttherequiredsoftwareandexecutetheapplicationfeaturesfortheanticipateduserload.Inthiscase,alltheseparameterswerescopedtobeminimalfortheprototypetobecreated,reducingthecapacityofvirtualserverrequired.Basedontheauthor’sexperiencewithLinuxserversasmallconfigurationwouldmeettheneedsoftheproject.UsingthedescriptivematerialsprovidedbyAmazondetailingtheserverperformance,amodestconfigurationofserverwasselectedtohosttheproject:
• t2.micro:1GiBofmemory,1vCPU,6CPUCredits/hour,EBS-only,32bitor64-bitplatform41
WhentheserverwasprovisionedRedHatwasselectedastheOS.OtherLinuxdistributionsandevenWindowsoperatingsystemswereavailablefromAmazonEC2.RedHatwasselectedinordertomaintainthemaximumcompatibilitytosystemsnowinusebythefederalsystemscurrentlyapprovedforuseinproductionsystemspertheauthor’spersonalexperience.UseofRedHatLinuxalsomakesgettingsupportanddocumentationofanyopensourcetoolsfromtheInterneteasierasthisisapopulardistributionforwebbasedsystems.BelowisareleasedescriptionfromthevirtualinstanceasconfiguredonEC2forthisproject:
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page19of46
Bydefaulttheserverwasprovisionedinthesamezoneastheauthor’spriorEC2instances,whichwasus-west-2(Oregon).AnAvailabilityZone(zone)istheAmazondatacenterusedtohosttheinstance.Availabilityzonesaredesignedtoofferisolationfromeachotherintheeventofservicedisruptioninanyonezone.EachzoneoperatestothepublishedServiceLevelAgreementprovidedbyAmazon42.UnderstandingtheconceptofzoneisolationandthekeyprovisionsoftheSLAprovidedbyacloudvendorareimportanttothesuccessofanycloudbasedproject.Highlydistributedapplicationsorthoseneededadvancedfaulttoleranceandloadbalancingmightchoosetohostinmultiplezones.ForthepurposedofthisprojectasinglezoneandtheSLAofferedbyAmazonwassufficientforsuccessfuloperation.However,thedefaultzoneallocationwasproblematicandwasthefirstunexpectedimplementationissue.AlmostallEC2featuresareofferedinthemainUSzones,butus-east-1(N.Virginia)doeshaveafewmoreoptionsavailablethanus-west-2(Oregon).Inordertoexploretheimplicationsandeffortneededtomigratebetweenzonesandensureaccesstoallpotentialfeatures,theauthordecidedtomigratetheprojectservertotheus-east-1zone.Migrationinvolvedabackupoftheconfiguredserver,whichappearedtobeprudentoperationalactivityanyway.Followingthebackup,thegeneralexpectationwasthattheinstancecouldberestoreddirectlyinthedesiredlocationandthentheoldinstancecouldberemoved.Ingeneralthisexpectationprovedtobesound,buttheexactstepswerenotsodirect.Someofthecomplexitywasstrictlyduetoneedingtoallowforreplicationtime.SomeofthecomplexityprovedtobeduetotheuseofaElasticIPaddressthatcreatesapublicIPaddressfortheserver.AnAWSElasticIPprovidedastaticpublicIPthatcanthenbeassociatedwithanyinstanceonEC2,allowingpublicDNSconfigurationtothenbere-mappedasneededtoanycollectionofEC2servers.TheauthorhadapriorElasticIPandexpectedto
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page20of46
justre-useitforthisproject,butasnotedintheAWSEC2documentation“AnElasticIPaddressisforuseinaspecificregiononly43”.Thiscreatedanissuewhentheinstancewasmigratedacrosszones.Oncetheproblemwasunderstood,thesolutionwastoreleasetheoldElasticIPandgenerateanewElasticIPthatcouldbemappedusingDNS.ThisnewElasticIPcouldbeassociatedwiththeserversnowrestoredtotheus-east-1(N.Virginia).Thisstepwounduptakingquiteabitoftimetodebugandfixinthefirstweek,andwastoleadtothenextunexpectedissueswithDNS.Noneofthisworkwassocomplexastoputtheprojectatrisk.ThisrequiredIPchangedoesillustratethefactthatunderstandingtheSLAandrestrictionsofeachcloudfeatureiscritical.SmallissueslikerequiringachangeofIPaddresscanhavebigimplicationsforotherworkinaproject.Decisionstoprovisionacrosszonesareeasyinthecloud,butcanhaveunintendedconsequences,suchasthisIPaddresschangeandthesubsequentworkinDNSthatgenerated.Alloftheseissuestakeresourcesandcosttimeinaprojectschedule.Anexistingdomain,Juggernit.com,alreadyregisteredtotheauthorwastheexpectedtargetdomain.SinceoneoftherequirementsfortheprojectwastogetaPublicKeyfortheprojectsite,itwasessentialtohaveapubliclyregisteredInternetdomaintouseforthePKI.OncethepublicIPwasre-establishedinthenewus-east-1zone,andconnectivitywasconfirmedbyaccessingtheinstanceusingSSL,thenextunexpectedtaskwasmovingtheDNSentriesfortheinstancefromthecurrentregistrar.ThiswouldalsoincludelearningtoconfiguretheAmazonElasticLoadBalancerandthenmapthedomaintoit.TheloadbalancerforwardsanyHTTPorHTTPStraffictotheHTTPSsecureinstance.TheHTTPSinstanceisthefinaltargetfortheproject.AmazonElasticLoadBalancingisaservicethatbothdistributesincomingapplicationtrafficacrossmultipleAmazonEC2instances,andallowsforcomplexforwardingtosupportforcingsecureaccesstoadomain.Inthisinstancewhiletheprojectwouldnothavemanyserversintheprototypephase,theuseofloadbalancingwouldreflectthe“tobe”stateofafinalproductioninstanceandallowsecureoperationsinevendevelopmentandpreliminaryphasesoftheprojectusedforthepracticumscope.Theloadbalancerconfigurationwouldrequireadomainrecordoftheform:juggerload1-123781548.us-east-1.elb.amazonaws.com(ARecord)AsnotedintheAmazonwebsite,youshouldnotactuallyusean“ARecord”inyourDNSforadomainunderloadbalancing:BecausethesetofIPaddressesassociatedwithaLoadBalancercanchangeovertime,youshouldnevercreatean"Arecord”withanyspecificIPaddress.IfyouwanttouseafriendlyDNSnameforyourloadbalancerinsteadofthenamegeneratedby
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page21of46
theElasticLoadBalancingservice,youshouldcreateaCNAMErecordfortheLoadBalancerDNSname,oruseAmazonRoute53tocreateahostedzone.Formoreinformation,seeUsingDomainNamesWithElasticLoadBalancing44.TheJuggernit.comdomainwasbeingmanagedbyNetworkSolutions.UnfortunatelytheGUIusedbyNetworkSolutionsdidnotallowfortheentryoftheCNAMErecordformatsneededfortheEC2.ThisrequiredmovingthedomainoutofthecontrolofNetworkSolutionsandintotheAmazonRoute53domainmanagementservice.TheRoute53servicehasavarietyofsophisticatedoptions,butmostcritically,itinteroperateswellwithotherAmazonEC2offeringsincludingtheloadbalancingfeatures45.Route53isagoodexampleofnotonlyanunexpectedissuethatmustbeovercometomigratetothecloud,buthowthenatureofthecloudplatformcreatesasmall“ecosystem”aroundthecloudvendor.Evenwhenstrivingformaximumstandardscomplianceandopenness,thenatureofthecloudplatformofferingssuchasloadbalancingtendtocreateinteroperationsissueswitholderInternetofferingslikethoseforDNSfromNetworkSolutions,whichdatefromtheoriginofthecommercialInternet.TheauthorhadusedNetworkSolutionsDNSsincethelate1990’s,butinthisinstancetherewasnoquickpathtoasolutionotherthanmigrationtotheAmazonRoute53offering.TheJuggernit.comdomainwouldneedtobelinkedtothepublicIPoftheinstance,andpragmaticallythiswasonlyachievableviaRoute53services.OncethesituationwasanalyzedafterconsultationwithbothNetworkSolutionsandAmazonsupport,thedecisiontomovetoRoute53wasmade.ThechangeswererelativelyquickandsimpleusingtheNetworkSolutionsandAmazonwebconsoles.WaitingfortheDNSchangestopropagateimposedsomeadditionaltime,butaswiththezonemigration,thedelaywasnotcriticaltotheprojectschedule.Withtheserver,publicIPaddressandDNSissuesresolvedPKIcertificategenerationcouldbeattempted.TheauthorwasrelativelyexperiencedingenerationanduseofPKIcredentials,butonceagainthecontinuedevolutionoftheInternetenvironmentandofcloudcomputingstandardswastoprovideunexpectedchallengestotheactualimplementationexperience.Therearemanyvendorsofferingcertificatessuitableforthispracticumproject,includingAmazon’sownnewPKIservice.TheauthorselectedNetworkSolutionsasaPKIprovider.UsinganothercommercialcertificatevendorofferedanopportunitytoexploretheinteroperationofAmazon’splatformwithotherpublicofferings.NetworkSolutionsalsohasalonghistorywiththecommercialInternetandhasawell-regardedifnotinexpensivecertificatebusiness46.ThecertificateswereissuedinapackageincludingboththetypicalrootcertificatemostInternetdevelopersareusedto,aswellasanumberofintermediate
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page22of46
certificatesthatwerelessfamiliartotheauthor.Inmostcasesinsideanenterprise,certificatesareissuedforenterpriseresourcesbytrustedsystemsandalltheintermediatecertificatesareofteninplacealready.ThiswasnotthecasefortheAmazonEC2infrastructureforthisproject.Inthisinstance,notonlywastherootcertificateneeded,butalsoalltheintermediatesmustbemanuallybundledintotheuploadedpackage47.Thiswasanewprocessfortheauthorandmanagementofintermediatecertificatesrepresentedanotherunexpectedtask.TheneedtoincludetheintermediatecertificatesintheuploadtoAmazonwasnotimmediatelyapparentanddebuggingthereasonwhyuploadingjusttherootcertificatedidnotwork(aswithpriorsystems)wasgoingtoinvolveamajorresearcheffortandmanyhoursofsupportdiagnosticswitheachvendorinvolved.Tomaketheissuemorecomplex,therewasdocumentationtheAmazonsupportteamfoundforsomecertificatevendorsandtherewasdocumentationforcloudservicevendorsfoundbyNetworkSolutionssupport,butneitherfirmhaddocumentsforworkingwithcertificatesorcloudservicesfromtheother–thiswastheonecasenotdocumentedanywhere.TheNetworksolutioncertificateswereissuedusinganewnamingformatthatdidnotfolloweithertheolderNetworkSolutionsdocumentationtoidentifytheproperchainingorder.Amazonwasalsonottotallysurewhatorderswouldconstituteaworkingpackage.Anumberofordershadtobetriedandtestedoneatatimeandthentheerrorsdiagnosedforcluesastothemorecorrectorderneededintheconcatenatecommand.Ontopofthis,theactualLinuxcommandtoconcatenateandhencechainthecertificateswasnotexactlycorrectwhenattempted.Thiswasduetothetextformatattheendoftheissuedcertificates.Manualeditingofthefileswasneededtofixtheinaccuratenumberofdelimitersleftintheresultingtextfile.ThefinalcommandneededfortheAmazonloadbalancerwasdeterminedtobe:amazon_cert_chain.crt;foriinDV_NetworkSolutionsDVServerCA2.crtDV_USERTrustRSACertificationAuthority.crtAddTrustExternalCARoot.crt;docat"$i">>amazon_cert_chain.crt;echo"">>amazon_cert_chain.crt;doneThisbackandforthdiagnosticworkforcertificatechainsrepresentedamajorunexpectedsourceofcomplexityandextrawork.Again,thisdidnotdisrupttheexecutionschedulebeyondarecoverablelimit.TheexperiencewithcertificatechainingwasavaluablelearningopportunityonthepragmaticuseofPKItools.TheauthorhassubsequentlycomeacrossanumberoffederalITworkersencounteringthesechallengesasmoreandmoresystemsstarttoincludecomponentsfromoutsidevendorsintheinternalenterpriseinfrastructure.Aftertheinstallationofthecertificates,thenextmajorconfigurationtasksweretheinstallationandconfigurationofthewebserverandtheapplicationserverplatformsontheEC2instance.Nginxisthewebserverusedontheproject,and
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page23of46
Node.JSandtheExpressframeworkisusedastheapplicationserver.Eachofthesesubsystemsprovidedfurtheropportunitiesforlearningastheywereinstalled.Nginxwasselectedtoprovideanopportunitytogainexperiencewiththisverypopularcommercialplatformaswellasduetoitsreputationforhighperformanceandexcellentabilitytoscaleandsupportveryhightrafficwebsites.NginxwasdesignedfromthestarttoaddresstheC10Kproblem(10,000concurrentconnections)usinganasynchronous,non-blocking,event-drivenconnection-handlingalgorithm48.ThisisverydifferentfromtheapproachtakenbyApacheormanyotheravailablewebservers.Intheauthor’sexperiencemanywebsitesthatstartoutwithmoretraditionalwebserverssuchasApache,experiencesignificantscaleissuesastheygrowduetohighvolumesofconcurrentusers.StartingwithNginxwasanattempttoavoidproblemthisbydesign,thoughinstallationandconfigurationofthewebserverwasmorecomplexTheopensourceversionofNginxwasusedfortheproject,asaconcessiontocostmanagement.Downloadingthecorrectcodedidprovetobesomewhatofanissue,asitwasnoteasytofindthecorrectrepositoriesforthecurrentpackageandthenitturnedouttheapplicationhadtobeupdatedbeforeitcouldfunction.Itwasalsocriticaltoverifythefirewallstatusoncethesystemwasprovidingconnections.TheAmazoninstallofRedHatLinuxturnsouttodisablethedefaultfirewallsandinsteadusetheAmazonbuiltinfirewallsforthesite.ThisactuallyprovidesaveryfeaturerichGUIfirewallconfigurationbutisanothernon-standardoperationsdetailforthosefamiliarwithtypicalRedHatstand-aloneserveroperations.Thefirewallwasanotherimplementationdetailthatcouldnoteasilybeanticipated.AfterthefirewallwassortedoutthereremainedconsiderableresearchtodeterminehowtoconfiguretheNginxwebservertoutilizeHTTPSbasedonthecertificatesforthedomain.Againtheissueturnedouttobeduetothechainingrequirementsforthecertificate.Inthiscase,Nginxneededaseparateanddifferentconcatenatedpackageinthisformat:catWWW.JUGGERNIT.COM.crtAddTrustExternalCARoot.crtDV_NetworkSolutionsDVServerCA2.crtDV_USERTrustRSACertificationAuthority.crt>>cert_chain.crtAfterdeterminingthecorrectconcatenationformatneededforNginxandmakingtheappropriateuploadsofconcatenatedfiles,HTTPSserviceswereavailableendtoend.However,Nginxdoesnotprovidedynamicwebservices.ToservedynamiccontentitwouldbenecessarytoinstallandconfiguretheNode.JSWebApplicationServerandtheExpressframework.Node.JS(Node)isanopensourceserver-basedimplementationoftheJavaScriptlanguageoriginallydevelopedbyRyanDahlin2009usingbothoriginalcodeand
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page24of46
materialfromtheGoogleV8JavaScriptengine.Mostsignificantly,Nodeisevent-driven,andusesanon-blockingI/Omodel.ThismakesNodebothveryfastandveryeasytoscale.NodeisextremelywellsuitedtosituationsliketheC10Kproblem,andwebsitesthatscalequicklyandefficiently.BeingbasedonJavaScript,NodeisObjectorientedandoffersahugeopensourcesupportbaseofmodulesandlibraries,accessedusingtheNodePackageManager(NPM).ExpressisaminimalandflexibleNode.jswebapplicationframeworkbasedonmanyoftheideasaboutwebsitedesignanddevelopmenttakenfromtheRubyofRailsframeworkproject.ExpressoffersasetofstandardlibrariesandallowsuserstomixinmanyotherNPMtooltocreatewebsitesbaseontheoriginalRubyonRailsprincipleof“conventionoverconfiguration”byprovidingacommonstructureforwebapps49.InstallationofNodeontheserverwasdoneusingthestandardRedHatPackageManagertools.OnceNodeisinstalled,theNodePackageManager(NPM)systemcanbeusedtobootstraploadanyotherpackagessuchastheExpressframework.Inaproductionsystemitisexpectedthatthewebserverandtheapplicationserverwouldbehostedonseparatehardwareinstances,butsincethepracticumwastobesubjecttoonlyasmallload,bothservescanrunonthesameinstanceofLinuxwithlittleimpact.WhileNodecomeswithitsowndynamicwebservertorespondtorequestfordynamicwebcontent,itisnotwellsuitedtoheavy-dutyservingonthefontend.Nginxisdesignforthetaskofrespondingtohighvolumesofinitialuserinquiries.Thecombinationofahighperformancewebserver(Nginx)andsomenumber(N)applicationserverinstances(suchasNode)isawidelyacceptedpatternthatsupportslargescalewebsystems.Implementationofthisdesignpatternwasagoaloftheprototype,topre-testintegrationalltheconstituentcomponentsevenpriortoanyloadtestingofthesystem.DeploymentandconfigurationofNginxandNodetothesingleLinuxserverfulfillsthisrequirementandprovidesaworkingmodelthatcanbeexpandedtomultipleserversasneededinthefuture.Inordertosmoothlytransferwebbrowserrequestfromuserstotheapplicationserverdomain,thewebservermustactasareverseproxyfortheapplicationserver.ToaccomplishthiswithNginxrequirestheadditionofdirectivestotheNginxconfigurationfileinsidethe“server”sectionoftheconfigurationfile.Thesecommandswillinstructthewebservertoforwardwebtraffic(HTTPS)requestfordynamicpagestargetedattheDNSdomainfromNginxtoNode.JS.ThisisarelativelystandardforwardingforNginxandonlyrequiresasmallamountofresearchtoverifythecorrectserverconfigurationdirectiveasshowninthisexamplefromtheNginxdocumentation:server{ #here is the code to redirect to node on 3000
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page25of46
location / { proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $http_host; proxy_pass "http://127.0.0.1:3000"; }}NotethatthisisjustanexampleforuseonLocalHostwithaNode.JSenginerunningonport3000(anyportwillsuffice).ThecriticalissueistoconfigureNginxtoactasareverseproxytotheNode.JSengine.NginxwillthensendtraffictotheconfiguredportfortheNode.JSapplicationinstance.Node.JSandExpressthenuseaRESTFULapproachtoroutingtotheapplicationlogicbasedonparsingtheURL.ThereverseproxyconfigurationwillensurethatwhentrafficcomesintotheNginxserverwiththeformat“HTTPS://Juggernit.com/someurl”itwillbehandledbytheappropriatelogicsectionoftheNode.JSapplicationsasconfiguredintheExpressframework.TheExpresslistenerwillcatchthetrafficonport3000andusetheroutehandlercodeinexpresstoparsetheURLaftertheslashandensurethattheproperlogicforthatrouteislaunchedtoprovidetheservicerequested.ThisisawellestablishedRESTFULwebdesignpattern,firstwidelypopularizedinRubyonRailsandadoptedbyanumberofwebframeworksforlanguagessuchasJava,NodeorPython,etc.ImplementingthispatternrequiresthatbothNginxandNodebeinstalledontheservertobeusedasapre-requisite.Inaddition,theExpressframeworkforwebapplicationsusedbyNodemustalsobeloadedtoallowatleastabasictestoftheforwardingprocess.Allofthiscodeisavailableasopensource,soaccesstotheneededcomponentswasnotablockerfortheproject.EachofthesecomponentswasfirstloadedontotheAuthor’slocalUnixsystem(aMacbookProusingOSX).ThisallowedforindependentandintegrationtestingoftheNginxwebserver,theNodeapplicationserverandtheExpresswebframework.Byalteringtheconfigurationfileandaddingtheappropriatedirectivesasnotedabove,thereverseproxyconfigurationandfunctioncouldbetestedlocallyaswellagainstthelocalhostIPaddress.AftervalidationoftheconfigurationrequirementslocallyontheAuthor’sdevelopmentstation,thewebserverandapplicationserverneededtobothbeinstalledonthecloudserver.Asnotedabove,NginxwasactuallyloadedonthecloudserverearliertoallowforconfigurationofthedomainandHTTPSsecureaccesstothesite.ThisleftonlytheinstallationoftheNodeandExpressapplicationservercomponents.Whileconceptuallyeasy,inpracticeloadingNodealsoprovedtoprovideunexpectedchallenges.The7.xRedHatversionofLinuxinstalledonthecloudserversupportsNodeintheRPMpackagemanagersystem.HowevertheavailableRPMversionwasonlya0.10.xxversion.ThecurrentversionofNodeis
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page26of46
4.4.x.ThestabledevelopmentversioninstalledontheAuthor’slocalsystemwas4.4.5(providedfromtheNodewebsite).TherearesubstantialsyntaxandfunctiondifferencesbetweentheearlierversionofNodeandthecurrentversion.ThisrequiredthattheNodeinstallonthecloudserverbeupdated,andthatprovedtorequirehelpfromtheAmazonsupportteam,asfollowingthedefaultupgradeinstructionsdidnotwork.Again,thedelaywasnotlarge,butcostacoupledaysbetweentesting,explorationofoptions,andfinalcorrectionoftheblockingissues.Thefinalinstallofacurrent4.4.xversionofNoderequiredacompleteuninstallofthedefaultversion,asupgradingresultedinlockedRPMpackages.AftercleaninguptheoldinstallandloadingthenewNodeversion,thecloudserverwasconformedtotherequiredNodeversion.TheExpressframeworkwasloadedontheserverviathestandardcommandlineNodePackageManager(NPM)tool.Asimple“HelloWorld”testwebapplicationwascreatedinExpress/NodeandagainthefunctionofboththeNginxandNodeserverswasvalidated.ToaccomplishtheverificationofwebandapplicationserverfunctionanAmazonfirewallchangewasrequiredtoallowNodetoresponddirectlytotrafficpointedattheIPaddressoftheserverandtheportnumber(3000)oftheNodeserverwasneeded.ThisfirewallruleadditionallowedtestingofHTTPStraffictargetedatthedomainname,whichwasservedbyNginx.HTTPtrafficdirectedtotheIPaddressandport3000couldthenbetestedatthesametime,asthistrafficwasservedbythetestNode/Expressapplication.Tocompletetheintegration,thenextstepwastoreconfiguretheNginxservertoactasareverseproxy.TheNginxconfigurationfilewasbackedup,andthenthereverseproxydirectivesasshownabovewereaddedtotheNginxconfigurationfile,andNginxwasreloadedtoreflectthechanges.Atthispoint,NginxnolongerprovideditsdefaultstaticwebpagetorequestsenttoHTTPS://Juggernit.com.Instead,NginxforwardedtheHTTPStraffictotheNodeapplicationserver,stillunderthesecureconnection,andNoderespondedwiththedefault“HelloWorld”pageasconfiguredintheExpresstestapplication.ThisstaterepresentedacompleteintegrationofNginxandNodefortheproject.TheserverwasbackedupandthenextstageofworktoimplementtheuploadlogictostoredataontheAmazonS3objectstorecouldcontinue.Thetwomajortasksrequiredtofinishthesiteconfigurationandfunctionalcompletionoftheprototypeprojectwere:
• EstablishmentofanAmazonS3storagearea(knowasa“bucket”onAmazon)
• CodingserverandclientlogictoaccesstheS3storageviaHTTPS
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page27of46
ThefirstofthesetaskscouldbeaccomplisheddirectlyviatheAmazonEC2managementconsole.FortheprototypetherewasnorequirementforacustomwebinterfacetocreateS3storage,andnorequirementforanyautomaticstorageassignmentormanagement.Inafullyrealizedproductionapplicationitispossiblethatapplicationbasedmanagementofstoragemightbedesirable,butthisisasystemfeaturerequirementhighlysubjecttoenterprisepolicyandbusinesscaseneeds.However,evenwhenusingtheAmazoninterfacetomanageS3storageasinthisproject,therewasstillaneedtoconsidertheuserandgroupstructureinordertomanageaccesssecuritytotheS3storage.Asdiscussedearlierinthepaper,adefaultEC2accountassumesthattheownerisgrantedallaccesstoallresourcesconfiguredbythatownerintheAmazoncloudinfrastructure.Forthisreason,itisimportanttocreateseparateadministrativeaccountsforresourcesthatrequirefinergrainedaccessandmightalsorequireaccessrestrictions.Inafullyrealizedwebapplicationhostedonlocalservers,thisuserandgroupmanagementisoftendoneattheapplicationlevel.ForthisprototypetheseconsiderationsweretobemanagedbytheAmazonEC2interface.PriortosettingupastorageareaontheS3objectstorage,theadministratorgroupnamed“admins”wascreated,withfullpermissionstomanagethesiteresources.Anothergroupcalled“partners”withaccesstotheS3storage,butnotothersiteresourcesformanagementofserverswascreated.Ausernamed“testone”wasthencreatedandaddedtothe“partners”group.TheAuthorusedtheprimaryAmazonidentitytobuildandmanagethesite,buttheadministrativegroupwasconstructedsothatanyfuturewebbasedmanagementfunctionscouldbeseparatedfromuser-orientedfunctionsoftheprototypewebapplication.Withtheusersandgroupsestablished,theS3storagecalled“ctprojectbucketone”wascreatedusingthestandardAmazonGUI.Belowisascreenshotshowingthisbucket:
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page28of46
Tomanageaccessrights,theS3storagewasthenassignedaCross-OriginResourceSharing(CORS)accesspolicythatallowedGET,POSTandPUTpermissionstotheS3storage.Asshownbelow:
The“partner”groupwasassignedaccesstothisstoragebyprovidingthemwiththeresourcekeys.WiththecreationoftheS3ObjectStorage“bucket”,theremainingtasktoreachfunctionalproofofconceptfortheprototypeprojectwastoconstructtheJavaScriptapplicationcodetoaccesstheS3storagebucketsecurelyfromtheInternet.Tocreatethelogicforbucketaccesstherewereanumberofpre-requisitestepsnotemphasizedsofar.ThemostsignificantofthesestepswastodevelopatleastabasicfamiliaritywithNode.JSandJavaScript.WhiletheauthorpossessomenumberofyearsofexperiencewithusingJavaScriptinacasualmannerforotherwebapplications,sitedevelopmentinJavaScriptwasaverydifferentproposition.Nodealsohasitsown“ecosystem”oftoolsandlibraries,muchlikeanyemergingopensourceproject.Someunderstandingofthesewasalsoessentialtosucceedincreatingthecoderequiredtoachieveaproofofconceptfunctionfortheprototypesite.AsastartingpointthemainNodesite,https://nodejs.org/en/,providedanessentialreference.Inadditiontheauthorreferencedtwoveryusefultextbooks:
• Kiessling,Manuel."Thenodebeginnerbook."Available at [last accessed: 18 March 2013]: http://www. nodebeginner. org(2011).
• Kiessling,Manuel.“TheNodeCraftsmanBook.“.Available at [last accessed: 25 October 2015]: https://leanpub.com/nodecraftsman)(2015).
TheseprovedtobeessentialinprovidingbothbackgroundonNode,andsomeguidanceontheuseoftheExpressapplicationframework.InadditionanumberofothersmallNodelibrarypackageswerekeytocreatingtherequiredcode,specifically:
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page29of46
• NodePackageManager(NPM)–aNodetoolforgettingandmanagingNode
packages(library’soffunction).https://www.npmjs.com• EXPRESS-aNodelibraryprovidinganapplicationframeworkforRESTFUL
webapplicationsbasedontheconceptsfromRubyonRails.https://expressjs.com
• Dotenv–aNodelibrarytoallowloadingenvironmentvariablesfromaconfigurationfilewiththeextension.env.ThiswasusedtoallowpassingcriticalvaluessuchassecuritykeysforS3storageinasecuremannerfromtheservertoaclient.https://www.npmjs.com/package/dotenv
• EJS–aNodelibrarythatallowsembeddedJavaScriptinanHTMLfile.ThiswasusedtoaddtherequiredlogictocommunicatetotheservercomponentsoftheapplicationandthenaccesstheS3bucketfromtheclientpageusingvaluessecurelypassedoverHTTPS.https://www.npmjs.com/package/ejs
• AWS-SDK–aNodelibraryprovidedbyAmazontosupportbasicfunctionsfortheS3storageservicetobeaccessedbyNodecode.https://www.npmjs.com/package/aws-sdk
AsanewcomertoNode,themostcriticalproblemincreationofthiscodefortheAuthorwasalackofstandardexamplestoS3accessusingacommonapproachatasufficientlysimplelevelofclearexplanation.ThereareactuallyatleastdozensofsampleapproachestointegrationofS3storageinNodeprojects,butalmostalluseveryidiosyncraticsetsofdifferinglibrariesordon’taddresssomecriticalbutbasicaspectoftheprototypesuchassecureaccess.TherearealsoanumberofverysophisticatedandcompleteexamplesthatarealmostincompressibletotheNodenovice.Thisinabilitytofindaclearandfunctionalpatterntolearnfromwasamajordelayofoveraweekandahalfincompletionofthefinalstepsoftheprototype.Afterconsiderablereading,coding,andsearchingforreferencemodels,theAuthorfinallycameacrossatutorialfromDr.WillWebberlyoftheCardiffUniversitySchoolofComputerScience&Informatics.Theauthorread,studiedandanalyzedtheexampleprovided.ThenextstepwastocreateseveraltestprogramstoadapttheapproachusedbyDr.WebberlyintheHerokucloudinstancehedocumentedtoalocalNodeExpressproject50.AftersometrialanderrorandsomecorrespondencewithDr.Webberlyviaemail,aworkingsetofcodeemerged.ThefinalproofofconceptfunctionwasaminimalwebapplicationbasedonthepatterusedbyDr.WebberlyandrunninginacloudbasedserverasanExpressapplicationusinglocalvariablesontheAmazonEC2server.TheservercodeprovidesarestfulserviceoverHTTPStoallowaclientwebpageexecutingontheremotePCordevicetouploadtotheS3storageusingHTPS.Belowisascreenshotofsomeoftheserversidecode:
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page30of46
Theuploadpagelogicisprovidedbytheprojectwebsite,asisthebackendserverlogic.Sincetheclientpageisrunningonaremotedevice,theentiretransferisdoneusingclientresources.Theprototypeprojectsiteprovidesonlycontextandsecuritydata,butisnotusedtomanagetheupload.Thisfreesserversideresourcesfromtheworkofthetransferandthuscreatesahigherperformancedistributedsystem.TheexchangeoflogicandcredentialsisalldoneovertheHTTPSprotocolwiththeclient,asisthesubsequentfileupload.ThisprovidesasecuremethodofaccesstothecloudbasedS3storage.ClientsidedatafromthepartnerisencryptedintransferandnootherpartiesbesidesthepartnerandtheprototypeprojectoperationsteamshaveaccesstotheS3bucket.Forpurposesoftheprototypeonlyoneclientidentityandonebucketwereproduced.Inafullyrealizedsystem,therecouldbeuniquebucketsforeachclient,subjecttothesecurityandbusinessrulesrequiredbytheusecaseofthesystem.AfterestablishingthattheNodelogicwasinfactworkingandsuccessfullyuploadedfilestotheS3storage,asmallsetofsamplehealthrecordsbasedontheVeteransAdministrationDisabilityBenefitsQuestionnaires(DBQs)51wereconstructed.Belowisasampleofoneofthesefiles:
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page31of46
ThesesimulatedDBQrecordswerethenuploadedasatest,andverifiedascorrectusingtheAmazonS3GUItoaccessthedocumentsforverification.PDFformatwasusedforthetestfilestomakethemdirectlyreadableviastandardviewingtools.HereisascreenshotoftheuploadedtestfilesintheAmazonS3bucket:
Thistestrepresentsuploadingthesortofsensitiveandconfidentialdataexpectedtobecollectedandmanagedinanyfinishedsystembasedontheprototypeproject.Whilebasicinitsfunctioncreationanduploadofthesedocumentsprovidedthefinalstepsintheimplementationofthisphaseoftheprototypeproject.BelowisascreenshotshowingtheselectionofaDBQforuploadusingtheclientsidewebpage:
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page32of46
Storingthesefilesrepresentsthecompletionofthemajordesigngoalsoftheprojectandthecompletionoftheimplementationphase,andtheprototypeprojectitself.
Findings, Conclusions and Next Steps Whileachievingthesuccessfulsecureuploadofthetestdocumentstotheprototypemeetstheobjectivessetoutforthisproject,itrepresentsonlythefirstmilestoneinextendingthesystemtoamorefullfeaturedplatform,andexplorationofadditionaltopicsofinterestinthisarea.Thearchitectureimplementedoffersagoodexampleofthelatestnon-blocking,asynchronousapproachtoservingwebcontent.ThesedesignsexploitCPUresourcesinverydifferentwaysthantraditionalcodeandwebframeworks,andthereisampleroomforscaleandloadtestingtomeasuretheactualcapacityofthesesystemstoperformon64butarchitectures.TheasynchronousanddistributedclientcontrolledapproachtostorageaccessalsoprovidesanopportunitytotestthecapacityoftheS3interfacetosupportconcurrentaccess.TheResultsshouldprovidetuningdirectionaboutthenumberandpartitionrulesfortheS3storage.Alargerscalesimulationwithmanymorevirtualclientswouldbeanaturalapproachtomeasuringthecapacityofthisusepattern.Thewebsitefunctionsalsoofferanopportunitytoexpandthefunctionalityofthesystemanddemonstratemoreadvancefinegrainaccesscontrolssupportedbytheuserandgroupmodel.Ataminimumadatabaseofadministratorsandpartnerscanbecreatedtobothlockthesitedownfromcasualaccess,andtoexploretheminimallevelsofaccessneededtostillmeetallfunctionalneeds.Drivingeachroletoheabsolutelowestlevelofprivilegewilllikelyrequiretrialanderror,butshouldbeabenefitinassuringthesitehasaminimalprofiletoanypotentialattackers.
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page33of46
Inadditiontotheseoperationsorientedfutureareasofresearch,oncealargerdatasetissimulatedtheabilityoftheS3storagetosupportsearchindexingontheXMLdataisarichareaofexploration.Thereisemergingfederalguidanceonthebestpracticeformeta-datataggingofPIIandPHIdata,andthisprototypewouldallowforaneasywaytocreateversionsofS3bucketswithavarietyofmeta-datapatternsandthendeterminethemostefficientsearchandindexoptionsforeachwithahighervolumeofsimulateddata.Anexpandedprototypecouldactasatestplatformforfutureproductionsystems,revealingbothphysicalandlogicalperformancemetrics.Eachofthesefutureoptionsprovidesscopetoexpandtheproject,butthebasicimplementationalsoprovidessomeimportantbenefits:
• TheimplementationofthesystemshowsthatitispragmatictostoresensitivedataonapubliccloudbasedsystemusingPKIinfrastructuretoprotectthedatafrombothexternalincloudvendoraccess.
• ThedesignoftheprototypeshowsthatmodestcloudresourcescaninfactbeusedtohostasitewiththecapacitytoprovidedistributedworkloadusingHTTPStosecurethedatastreamsandleverageclientresourcestosupportdataupload,notjustcentralservercapacity.
• TheprototypeshowsthatitisrelativelyeasytouseObjectStoragetoacquiresemi-structureddatasuchasXML.ThisvalidatesuseofanObjectStoreasaformofdocumentmanagementtoolbeyondblockstorage.
• Theestablishmentoftheprojectinonlyafewweekswithlimitedstaffhouseshowsthecostandspeedadvantagesofthecloudasopposedtolocalphysicalservers.
• Theexperiencewithboththecloudandnewwebserversandlanguagesdemonstratestheimportanceofflexibleschedulingandallowingfortheunexpected.Evenonprojectsthatleveragemanyofftheshelfcomponentsunexpectedchallengesoftenshowupandconsumetimeandresources.
Theprototypeproducedasaresultofthisprojectdoesmeettheguidanceforbuildingsecureprojectsonapublicinfrastructure.ItallowsPIIandPHIdatatobetransferredtoanenterpriseviasecurewebservices,anddemonstratesanapproachthatcansatisfymanyenterprisesandtheguidelinesforHIPAAandHiTechdatahandling.Thearchitectureuseddemonstrateshowascalablewebservicemodelcanbeimplementedusingacloudinfrastructurebyasmallteaminalimitedtime.Themodeldoesonlyprovideabasicproofofconceptbutofferseasyopportunitiestoexpandtoexploreanumberofadditionalquestions.Assuchtheresultingsitecanbeconsideredasuccessatmeetingsitdesigngoals,andtheinformationgeneratedinthesitedevelopmentcanbeemployedbyboththeAuthorandothersforfutureworkincloudcomputingimplementationforsecuredigitaldocumentstorage.
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page34of46
References
1. Oppenheim,A.L.(Ed.).(1967).LettersfromMesopotamia:Officialbusiness,andprivatelettersonclaytabletsfromtwomillennia.UniversityofChicagoPress.Page1-10
2. Fang,I.(2014).AlphabettoInternet:MediainOurLives.Routledge.Page
90-91
3. Noam,E.M.(1992).TelecommunicationsinEurope(pp.363-368).NewYork:OxfordUniversityPress.Page15-17
4. Moroney,R.L.(1983).HistoryoftheUSPostalService,1775-1982(Vol.100).
TheService.
5. John,R.R.(2009).Spreadingthenews:TheAmericanpostalsystemfromFranklintoMorse.HarvardUniversityPress.Page1-25
6. Johnson,P.(2013).Thebirthofthemodern:worldsociety1815-1830.
HachetteUK.
7. Currie,R.(2013,May29).HistoryWired:Afewofourfavoritethings.RetrievedMay15,2016,fromhttp://historywired.si.edu/detail.cfm?ID=324
8. Standage,T.(1998).TheVictorianInternet:Theremarkablestoryofthe
telegraphandthenineteenthcentury'sonlinepioneers.London:Weidenfeld&Nicolson.
9. Yates,J.(1986).Thetelegraph'seffectonnineteenthcenturymarketsand
firms.BusinessandEconomicHistory,149-163.
10. DuBoff,R.B.(1980).BusinessDemandandtheDevelopmentoftheTelegraphintheUnitedStates,1844–1860.BusinessHistoryReview,54(04),459-479.
11. Gordon,J.S.(2002).Athreadacrosstheocean:theheroicstoryofthe
transatlanticcable.BloomsburyPublishingUSA.
12. Ross,C.D.(2000).Trialbyfire:science,technologyandtheCivilWar.WhiteManePub.
13. Bates,D.H.(1995).Lincolninthetelegraphoffice:recollectionsoftheUnited
StatesMilitaryTelegraphCorpsduringtheCivilWar.UofNebraskaPress.
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page35of46
14. Coopersmith,J.(2015).Faxed:TheRiseandFalloftheFaxMachine.JHUPress.
15. Cortada,J.W.(2000).Beforethecomputer:IBM,NCR,Burroughs,and
RemingtonRandandtheindustrytheycreated,1865-1956.PrincetonUniversityPress.
16. Smith,E.(2016,June14).TheStrangeHistoryofMicrofilm,WhichWillBe
WithUsforCenturies.RetrievedJune22,2016,fromhttp://www.atlasobscura.com/articles/the-strange-history-of-microfilm-which-will-be-with-us-for-centuries
17. Bush,V.,&Think,A.W.M.(1945).TheAtlanticMonthly.Aswemaythink,
176(1),101-108.
18. Mohamed,A.(2015,November).Ahistoryofcloudcomputing.RetrievedJuly07,2016,fromhttp://www.computerweekly.com/feature/A-history-of-cloud-computing
19. ElectricLightandPowerSystem-TheEdisonPapers.(n.d.).RetrievedJuly13,
2016,fromhttp://edison.rutgers.edu/power.htm
20. Thediscoveryofelecticity-CitiPowerandPowercor.(n.d.).RetrievedJuly13,2016,fromhttps://www.powercor.com.au/media/1251/fact-sheet-electricity-in-early-victoria-and-through-the-years.pdf
21. PoweringAGeneration:PowerHistory#1.(n.d.).RetrievedJuly13,2016,
fromhttp://americanhistory.si.edu/powering/past/prehist.htm
22. Electricity-SwitchEnergyProjectDocumentaryFilmand...(n.d.).RetrievedJuly13,2016,fromhttp://www.switchenergyproject.com/education/CurriculaPDFs/SwitchCurricula-Secondary-Electricity/SwitchCurricula-Secondary-ElectricityFactsheet.pdf
23. Tita,B.(2012,November6).ASalesSurgeforGeneratorMaker-WSJ.
RetrievedJuly13,2016,fromhttp://www.wsj.com/articles/SB10001424127887324894104578103334072599870
24. ResidentialGenerators,3rdEdition-U.S.MarketandWorldData.(n.d.).
RetrievedJuly13,2016,fromhttps://www.giiresearch.com/report/sbi227838-residential-generators-3rd-edition-us-market-world.html
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page36of46
25. Barroso,L.A.,Clidaras,J.,&Hölzle,U.(2013).Thedatacenterasacomputer:Anintroductiontothedesignofwarehouse-scalemachines.Synthesislecturesoncomputerarchitecture,8(3),1-154.
26. West,B.C.(2014).FactorsThatInfluenceApplicationMigrationToCloud
ComputingInGovernmentOrganizations:AConjointApproach.
27. TotalCostofOwnership.(2016).RetrievedJuly06,2016,fromhttp://www.backuparchive.awstcocalculator.com/
28. UnitedStates.WhiteHouseOffice,&Obama,B.(2011).InternationalStrategy
forCyberspace:Prosperity,Security,andOpennessinaNetworkedWorld.WhiteHouse.
29. Kundra,V.(2011).Federalcloudcomputingstrategy.
30. VanRoekel,S.(2011,December8).MEMORANDUMFORCHIEF
INFORMATIONOFFICERS.RetrievedJuly13,2016,fromhttps://www.fedramp.gov/files/2015/03/fedrampmemo.pdf
31. Code,U.S.(1999).Gramm-Leach-BlileyAct.Gramm-Leach-BlileyAct/AHIMA,
AmericanHealthInformationManagementAssociation.
32. WhatisSensitiveData?ProtectingFinancialInformation...(2008).RetrievedJune19,2016,fromhttp://ist.mit.edu/sites/default/files/migration/topics/security/pamphlets/protectingdata.pdf
33. GovernmentAccountabilityOffice(GAO)Report08-343,Protecting
PersonallyIdentifiableInformation,January2008,http://www.gao.gov/new.items/d08343.pdf
34. (Wilshusen,G.C.,&Powner,D.A.(2009).Cybersecurity:Continuedefforts
areneededtoprotectinformationsystemsfromevolvingthreats(No.GAO-10-230T).GOVERNMENTACCOUNTABILITYOFFICEWASHINGTONDC.)
35. McCallister,E.,Grance,T.,&Scarfone,K.(2010,April).GuidetoProtectingthe
ConfidentialityofPersonally...RetrievedJuly13,2016,fromhttp://csrc.nist.gov/publications/nistpubs/800-122/sp800-122.pdf
36. Act,A.C.C.O.U.N.T.A.B.I.L.I.T.Y.(1996).Healthinsuranceportabilityand
accountabilityactof1996.Publiclaw,104,191.
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page37of46
37. Graham,C.M.(2010).HIPAAandHITECHCompliance:AnExploratoryStudyofHealthcareFacilitiesAbilitytoProtectPatientHealthInformation.ProceedingsoftheNortheastBusiness&EconomicsAssociation.
38. Anderson,H.(2010,February8).TheEssentialGuidetoHITECHAct.
RetrievedJune19,2016,fromhttp://www.healthcareinfosecurity.com/essential-guide-to-hitech-act-a-2053
39. Dimov,I.(2013,June20).GuidingPrinciplesinInformationSecurity-InfoSec
Resources.RetrievedJuly09,2016,fromhttp://resources.infosecinstitute.com/guiding-principles-in-information-security/
40. AmazonWebServices(AWS)-CloudComputingServices.(n.d.).Retrieved
July10,2016,fromhttps://aws.amazon.com/
41. EC2InstanceTypes–AmazonWebServices(AWS).(2016).RetrievedJuly10,2016,fromhttps://aws.amazon.com/ec2/instance-types/
42. RegionsandAvailabilityZones.(2016,January).RetrievedJuly13,2016,
fromhttp://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html
43. ElasticIPAddresses.(2016).RetrievedJuly10,2016,from
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html
44. AWS|ElasticLoadBalancing-CloudNetworkLoadBalancer.(2016).
RetrievedJuly10,2016,fromhttps://aws.amazon.com/elasticloadbalancing/
45. AWS|AmazonRoute53-DomainNameServer-DNSService.(2016).
RetrievedJuly10,2016,fromhttps://aws.amazon.com/route53/
46. SSLSecuritySolutions.(2016).RetrievedJuly10,2016,fromhttp://www.networksolutions.com/SSL-certificates/index.jsp
47. WhatistheSSLCertificateChain?(2016).RetrievedJuly10,2016,from
https://support.dnsimple.com/articles/what-is-ssl-certificate-chain/
48. Ellingwood,J.(2015,January28).ApachevsNginx:PracticalConsiderations|DigitalOcean.RetrievedJuly10,2016,fromhttps://www.digitalocean.com/community/tutorials/apache-vs-nginx-practical-considerations
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page38of46
49. Node.jsIntroduction.(2016).RetrievedJuly10,2016,from
http://www.tutorialspoint.com/nodejs/nodejs_introduction.htm
50. Webberly,W.(2016,May23).DirecttoS3FileUploadsinNode.js|HerokuDevCenter.RetrievedJuly12,2016,fromhttps://devcenter.heroku.com/articles/s3-upload-node#summary
51. Compensation.(2013,October22).RetrievedJuly12,2016,from
http://www.benefits.va.gov/compensation/dbq_disabilityexams.asp
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page39of46
Source Code Listings App.js – this is the server side logic for the project: /*CecilThornhill5/26/2016BasedoncodeexamplesandsamplesfromWillWebberlyandAmazonforS3uploads*//*InlearninghowtointerfacetoS3viaNodeJSandJavaScriptIstartedwithcodefromatutorialprovidedbyDr.WillWebberlywhowasacomputersciencelectureratCardiffUniversityandisnowCTOatSimplyDiIdeas.Willwaskindenoughtocorrespondwithmyandaddressquestionsontheconceptsandusecasesinvolvedinmyproject.TheoriginalarticleIreferencedisat:https://devcenter.heroku.com/articles/s3-upload-node#initial-setup*//*Thisisthemainlogicfortheserversideoftheproofofconceptdemoformyproject.ThecodeheresupportsthefeaturesrequiredtoallowtheclienttosecurityloadafiletotheS3storagesite.Thesimpleproofpagesandthiscorelogicdonotattempttoimplementanyuserauthentication,authorizationoradministrationofthesite.Thosefuncitonsarepre-selectedviathestructureoftheusersandgroupsbuiltintheS3interfaceforthisdemo.Alltheseaspectswouldbeexpectedinamorefullfeaturedsitedesign,butarenotrequiredtoestablishthefunctionalproofofconceptforthemainsecureuploadoffilesfunctionality.*//*LicensedundertheApacheLicense,Version2.0(the"License");youmaynotusethisfileexceptincompliancewiththeLicense.YoumayobtainacopyoftheLicenseathttp://www.apache.org/licenses/LICENSE-2.0Unlessrequiredbyapplicablelaworagreedtoinwriting,softwaredistributedundertheLicenseisdistributedonan"ASIS"BASIS,WITHOUTWARRANTIESORCONDITIONSOFANYKIND,eitherexpressorimplied.SeetheLicenseforthespecificlanguagegoverningpermissionsandlimitationsundertheLicense.*/
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page40of46
/**Importrequiredpackages.*Packagesshouldbeinstalledwith"npminstall".*//*CT-Iamusinglocalvariableforthedevelopmentversionsofthisdemosite.BelowIrequredotenvtoallowlocalconfigmanagement,sothisdemocanrunwithoutsettingenvirionmentvariablesontheserverwhichisthemorecorrectfinaloperationsconfigurationpracticeonadeployedsystemstopreventexposingthevaluesintheopenproductionenvironment.OfcourseitismucheasiertomanagelocalvaluesfromthisresourcefileinthedevelopmentphasesothatisthewayIwentforthethecurrentdemocode.*/vardotenv=require('dotenv');dotenv.load();/*ToensurethatwegotthevaluesweexpextedIalsoshowthevariablesnowinprocess.env-nowwiththevaluesfromthe.envaddedontheconsole.Ofcoursethisisnotsomethingtodointhefinalproductionsystem.*/console.log(process.env)constexpress=require('express');constaws=require('aws-sdk');/**Set-upandruntheExpressapp.CT-noteweareruuningonport3000inthiscase.ItisimportanttoforawardyourwebtrafficfromtheNGINXservertotheproperportviasettingupthereverseproxyconfigurationintheNGINXserver,sothattrafficgetsthroughfromthewebservertotheapplicaitonserver.*/constapp=express();app.set('views','./views');app.use(express.static('./public'));app.engine('html',require('ejs').renderFile);app.listen(process.env.PORT||3000);/**LoadtheS3informationfromtheenvironmentvariables.
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page41of46
CT-notethatinourcasetheseactuallycomefromtheresoucesfilesinceweareinadevelopmentstyleenvrionmentasisnotedabove.*/constS3_BUCKET=process.env.S3_BUCKET;/**RespondtoGETrequeststo/account.*Uponrequest,renderthe'account.html'webpageinviews/directory.CT-NotethatIleftthedemo/tutorialstructureasmyframework,anddidnotrenamethepages,thoughIdidadjusttheHTMLabit.ThegeneraldemoserverstoshowproofofconceptinallowingclientsideuploadsoverHTTPStotheS3storagefromanon-administrativeaccount,undercontrolofauserandgrouppolicysetontheAWSsitemanagementconsole.*/app.get('/account',(req,res)=>res.render('account.html'));//stubforpostsaveupdateddisplayapp.post('/save-details',(req,res)=>{//TODO:ReadPOSTedformdataanddosomethinguseful});/**RespondtoGETrequeststo/sign-s3.*Uponrequest,returnJSONcontainingthetemporarily-signedS3requestand*theanticipatedURLoftheimage.CT-notethatintheoriginaldemo/tutorialonusingtheS3interfacefromJavaScriptandNodeJS,thedemowasintendedtosendimagefiles,buttheformatisthesameforsendinganydiskfile.Thecriticalstepsbelowaretogetandreturnthetemporarilysignedrequsetsothattheuploadcanbecheckedagainsttheuser'sauthorizationinthepolicyforthegroups,userandtheS3bucket.Notethatalloftheseentitieshavecredentialthatcanbeusedtoauthenticate(notdoneinthisdemo),andauthorizeactionsagainstpolicy.Also,allactionsandpolicyactiviescanbereportedviasystemsbuiltintotheAWSconsoletoallowcompliancewithsecurityandlegalrulesforauditofthesiteevents.*/app.get('/sign-s3',(req,res)=>{consts3=newaws.S3();constfileName=req.query['file-name'];constfileType=req.query['file-type'];consts3Params={Bucket:S3_BUCKET,
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page42of46
Key:fileName,Expires:60,ContentType:fileType,ACL:'public-read'};/*CT-notethisisthe"buinessend"ofthedemo...inthefunctionbelowthecodetakestheenvironmentnameoftheS3bucketandappendsittothegeneralformatoftheAWSS3storageURL,withtheactualfilename.ThisthenbecomestheHTTPSURLusedtosendthedatatotheAWSS3bucketoverasecurenetworkconnection.*/s3.getSignedUrl('putObject',s3Params,(err,data)=>{if(err){console.log(err);returnres.end();}constreturnData={signedRequest:data,url:`https://${S3_BUCKET}.s3.amazonaws.com/${fileName}`};res.write(JSON.stringify(returnData));res.end();});});/**RespondtoPOSTrequeststo/submit_form.*Thisfunctionneedstobecompletedtohandletheinformationin*awaythatsuitsyourapplication.*/app.post('/save-details',(req,res)=>{//TODO:ReadPOSTedformdataanddosomethinguseful});
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page43of46
Account.html – this is the client page for the project <!--/*CecilThornhill5/26/2016BasedoncodeexamplesandsamplesfromWillWebberlyandAmazonforS3uploads*//*InlearninghowtointerfacetoS3viaNodeJSandJavaScriptIstartedwithcodefromatutorialprovidedbyDr.WillWebberlywhowasacomputersciencelectureratCardiffUniversityandisnowCTOatSimplyDiIdeas.Willwaskindenoughtocorrespondwithmyandaddressquestionsontheconceptsandusecasesinvolvedinmyproject.TheoriginalarticleIreferencedisat:https://devcenter.heroku.com/articles/s3-upload-node#initial-setup*//*thispageisthemain"addafile"pagethatallowstheusertoselectthefilefromadiskresourcetheycanreachandsendthefiletoS3storageusinganHTTPScalltotheS3API.Thisearlydemo/testpagedoesnotauthenticatetheuser,butpullscredentialsfromtheserversidevariables.Inafullyimplementedsystemtherewouldneedtobeamechanismtoallowtheusertobeauthenticatedandauthorized.Forthepurposeofproofofconcept,theuservariableshavebeensettothoseofapartnerenterprisewiththerighttoaddfilestotheS3storage,butnotadministerthesite.Theadministrativecredentialsarenotusedforthisclientprocess,butagain,inafullybuiltoutsystem,therewouldneedtobeappropriateadministrativeGUItoolstoallowuserandsitemanagementviatheweb./*--><html><body><h1>Edityouraccount</h1><hr><h2>Youravatar</h2>
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page44of46
<inputtype="file"id="file-input"><pid="status">Pleaseselectafile</p><imgstyle="border:1pxsolidgray;width:300px;"id="preview"src="/images/default.png"><h2>Yourinformation</h2><formmethod="POST"action="/save-details"><inputtype="hidden"id="avatar-url"name="avatar-url"value="/images/default.png"><inputtype="text"name="username"placeholder="Username"><br><inputtype="text"name="full-name"placeholder="Fullname"><br><br><hr><h2>Savechanges</h2><inputtype="submit"value="Updateprofile"></form><script>/*FunctiontocarryouttheactualPUTrequesttoS3usingthesignedrequestfromtheapp.*/functionuploadFile(file,signedRequest,url){constxhr=newXMLHttpRequest();xhr.open('PUT',signedRequest);xhr.onreadystatechange=()=>{if(xhr.readyState===4){if(xhr.status===200){document.getElementById('preview').src=url;document.getElementById('avatar-url').value=url;}else{alert('Couldnotuploadfile.');}}};xhr.send(file);}/*Functiontogetthetemporarysignedrequestfromtheapp.Ifrequestsuccessful,continuetouploadthefileusingthissigned
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page45of46
request.*/functiongetSignedRequest(file){constxhr=newXMLHttpRequest();xhr.open('GET',`/sign-s3?file-name=${file.name}&file-type=${file.type}`);xhr.onreadystatechange=()=>{if(xhr.readyState===4){if(xhr.status===200){constresponse=JSON.parse(xhr.responseText);uploadFile(file,response.signedRequest,response.url);}else{alert('CouldnotgetsignedURL.');}}};xhr.send();}/*Functioncalledwhenfileinputupdated.Ifthereisafileselected,thenstartuploadprocedurebyaskingforasignedrequestfromtheapp.*/functioninitUpload(){constfiles=document.getElementById('file-input').files;constfile=files[0];if(file==null){returnalert('Nofileselected.');}getSignedRequest(file);}/*Bindlistenerswhenthepageloads.*/(()=>{document.getElementById('file-input').onchange=initUpload;})();</script></body></html>
Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill
MastersProjectCThornhillv2final.docx7/13/16 Page46of46
Test Document Sample Disability Benefits Questionnaire PDF (test documents)
VA FORM OCT 2012 21-0960N-1
EAR CONDITIONS (INCLUDING VESTIBULAR AND INFECTIOUS CONDITIONS) DISABILITY BENEFITS QUESTIONNAIRE
NAME OF PATIENT/VETERAN PATIENT/VETERAN'S SOCIAL SECURITY NUMBER
2B. DOES THE VETERAN'S TREATMENT PLAN INCLUDE TAKING CONTINUOUS MEDICATION FOR THE DIAGNOSED CONDITION?
1A. DOES THE VETERAN NOW HAVE OR HAS HE OR SHE EVER BEEN DIAGNOSED WITH AN EAR OR PERIPHERAL VESTIBULAR CONDITION?
NOTE TO PHYSICIAN - Your patient is applying to the U.S. Department of Veterans Affairs (VA) for disability benefits. VA will consider the information you provide on this questionnaire as part of their evaluation in processing the veteran's claim.
1C. IF THERE ARE ADDITIONAL DIAGNOSES THAT PERTAIN TO EAR OR PERIPHERAL VESTIBULAR CONDITIONS, LIST USING ABOVE FORMAT:
OMB Control No. 2900-0778 Respondent Burden: 15 minutes
SECTION I - DIAGNOSIS
2A. DESCRIBE THE HISTORY (including onset and course) OF THE VETERAN'S EAR OR PERIPHERAL VESTIBULAR CONDITIONS (brief summary):SECTION II - MEDICAL HISTORY
NOYES
YES NO
IMPORTANT - THE DEPARTMENT OF VETERANS AFFAIRS (VA) WILL NOT PAY OR REIMBURSE ANY EXPENSES OR COST INCURRED IN THE PROCESS OF COMPLETING AND/OR SUBMITTING THIS FORM. PLEASE READ THE PRIVACY ACT AND RESPONDENT BURDEN INFORMATION BEFORE COMPLETING FORM.
1B. SELECT THE VETERAN'S CONDITION (check all that apply):
Meniere's syndrome or endolymphatic hydrops
Peripheral vestibular disorder
Benign Paroxysmal Positional Vertigo (BPPV)
Chronic otitis externa
Chronic suppurative otitis media
Chronic nonsuppurative otitis media (serous otitis media)
Mastoiditis
Cholesteatoma
Otosclerosis(If the veteran has hearing loss or tinnitus attributable to any ear condition, the VA regional office will schedule a hearing loss or tinnitus exam, as appropriate)
Benign neoplasm of the ear (other than skin only)
Malignant neoplasm of the ear (other than skin only)
Other, specify:
ICD code: Date of diagnosis:
Date of diagnosis:ICD code:
Date of diagnosis:ICD code:
Date of diagnosis:ICD code:
Date of diagnosis:ICD code:
Date of diagnosis:ICD code:
Date of diagnosis:ICD code:
Date of diagnosis:
ICD code:
Date of Diagnosis:
ICD code:
Other, diagnosis #1: Date of Diagnosis:ICD Code:
Other, diagnosis #2: Date of Diagnosis:ICD Code:
IF YES, LIST ONLY THOSE MEDICATIONS USED FOR THE DIAGNOSED CONDITION:
Page 1
ICD Code:
Date of Diagnosis:ICD Code:
Date of diagnosis:
(If "Yes," complete Item 1B)
(If the veteran has hearing loss or tinnitus attributable to any ear condition, the VA regional office will schedule a hearing loss or tinnitus exam, as appropriate)
SUPERSEDES VA FORM 21-0960N-1, FEB 2011, WHICH WILL NOT BE USED.
no
sudden loss of hearing
123-45-6745Chester Tester