CCC Virtual Machines
Virtual machines are virtualized instances of computer hardware that emulate physical servers and run operating systems and applications. Users can provision VMs with custom configurations, including CPU, memory, storage, and networking resources. Cloud providers offer managed VM services with capabilities such as automated provisioning, scaling, monitoring, and pay-as-you-go pricing.
Release Details
Version:
DEV
Assurance Level:
Release Manager:
DB
Development Build
Contributors
DT
Development Team
Change Log
- Development build - no formal changelog available
Capabilities
| ID | Title | Description | Threat Mappings |
|---|---|---|---|
| CCC.VM.F01 | General Purpose Instances | Provides a computing instance that provides a balance of compute, memory and networking resources. They are suitable for a wide range of applications. | 0 |
| CCC.VM.F02 | Compute Optimized Instances | Provides instances that are suited for compute-bound applications that benefits from high performance processors such as batch processing workloads, media transcoding and high performance web servers. | 0 |
| CCC.VM.F03 | Memory Optimized Instances | Provides instances that are suited for memory intensive applications such as high performance databases, in-memory caches, and real-time big data analytics. | 0 |
| CCC.VM.F04 | Storage Optimized Instances | Provides instances that are optimized for applications that require high, sequential read and write access to large datasets on local storage such as distributed file systems, data warehousing applications, and high-frequency online transaction processing (OLTP) systems. | 0 |
| CCC.VM.F05 | Accelerated Computing Instances | Provides instances that use hardware accelerator, or co-processors, such as GPU to perform functions such as floating-point number calculations, graphics processing, or data pattern matching more efficiently. | 0 |
| CCC.VM.F06 | Preemptible Instances | Providing the option for using preemptible virtual machine (spot) instances at a lower cost for non-critical or fault-tolerant workloads that may be terminated by the cloud provider after a notice period. | 1 |
| CCC.VM.F07 | Dedicated Instances | Ability to reserve a physical server dedicated to a single customer for regulatory compliance. | 1 |
| CCC.VM.F08 | Vertical Scaling | Ability to increase or decrease resources such as cpu, memory, and storage of an existing virtual machine instance. | 1 |
| CCC.VM.F09 | Horizontal Scaling | Ability to add or remove VM instances assigned to the application to handle increased or decreased workload. | 1 |
| CCC.VM.F10 | VM Images | Provides templates to create new virtual machines. They usually includes operating system, configuration settings and installed applications. | 1 |
| CCC.VM.F11 | Custom Images | Ability to create virtual machines with images what are created and owned by the customer which are only available within the subscription of the customer. | 1 |
| CCC.VM.F12 | Interoperability with Storage Options | Capability to read/write to non-ephemeral external storage including object storage and encrypted block storage. | 0 |
| CCC.VM.F13 | Patch Management | Offering patch management services and compatibility with third-party patch management tools to keep virtual machine instances up to date with security patches and updates. | 0 |
| CCC.VM.F14 | Isolated Secure Environments | Providing an isolated "enclave" within a virtual machine for processing highly sensitive data such as personal identifiable information, healthcare data and intellectual property. These enclaves are fully isolated from the parent EC2 instance, with no persistent storage, no interactive access, and no external networking. | 0 |
| CCC.VM.F15 | Nested Virtualization | Ability to create and manage virtual machines within instances. | 0 |
| CCC.VM.F16 | Instance Metadata | Providing metadata about virtual machine instances for configuration and management purposes. | 1 |
| CCC.VM.F17 | Instance Snapshots | Creation of snapshots of virtual machine instances to capture and preserve state and data for backup and cloning purposes. | 0 |
| CCC.VM.F18 | Instance Templates | Offering templates for provisioning virtual machine instances with pre-configured images, instance types, and network configurations. | 1 |
| CCC.VM.F19 | Bootstrap Scripts | Ability to provide bootstrap scripts to a VM to run during the instance boot process. | 1 |
| CCC.VM.F20 | Instance Affinity/Anti-affinity | Enabling control over the location of virtual machine instances to ensure or prevent co-location on the same physical hardware. | 0 |
| CCC.VM.F21 | Instance Health Checks | Exposing health checks on virtual machine instances so that unhealthy instances can be automatically replaced or repaired. | 0 |
| CCC.VM.F22 | Instance Remote Access | Offering remote access to virtual machine instances through methods such as SSH or RDP for troubleshooting, debugging, and maintenance purposes. | 1 |
| CCC.VM.F23 | Instance Live Migration | Ability to perform live migration of virtual machine instances between physical hosts for maintenance or load balancing purposes without downtime. | 0 |
| CCC.VM.F24 | TPM Support | Providing support for Trusted Platform Module (TPM) for hardware-based security capabilities such as secure boot and cryptographic key storage. | 0 |
| CCC.Core.F02 | Encryption at Rest Enabled by Default | The service automatically encrypts all data using industry-standard cryptographic protocols prior to being written to a storage medium. | 0 |
| CCC.Core.F06 | Access Control | The service automatically enforces user configurations to restrict or allow access to a specific component or a child resource based on factors such as user identities, roles, groups, or attributes. | 1 |
| CCC.Core.F07 | Event Publication | The service automatically publishes a structured state-change record upon creation, deletion, or modification of data, configuration, components, or child resources. | 2 |
| CCC.Core.F09 | Metrics Publication | The service automatically publishes structured, numeric, time-series data points related to the performance, availability, and health of the service or its child resources. | 3 |
| CCC.Core.F10 | Log Publication | The service automatically publishes structured, verbose records of activities, operations, or events that occur within the service. | 2 |
| CCC.Core.F11 | Backup | The service can generate copies of its data or configurations in the form of automated backups, snapshot-based backups, or incremental backups. | 1 |
| CCC.Core.F12 | Recovery | The service can be reverted to a previous state by providing a compatible backup or snapshot identifier. | 1 |
| CCC.Core.F15 | Cost Management | The service monitors data published by child or networked resources to infer usage patterns and generate cost reports for the service. | 1 |
| CCC.Core.F17 | Alerting | The service may be configured to emit a notification based on a user-defined condition related to the data published by a child or networked resource. | 2 |
| CCC.Core.F20 | Resource Tagging | The service provides users with the ability to tag a child resource with metadata that can be reviewed or queried. | 1 |
| CCC.Core.F22 | Location Lock-In | The service may be configured to restrict the deployment of child resources to specific geographic locations. | 1 |
| CCC.Core.F23 | Network Access Rules | The service restricts access to child or networked resources based on user-defined network parameters such as IP address, protocol, port, or source. | 1 |
Threats
| ID | Title | Description | External Mappings | Capability Mappings | Control Mappings |
|---|---|---|---|---|---|
| CCC.VM.TH01 | Images Contain Vulnerabilities | Virtual machine images may include outdated software, insecure configurations, or secrets. Use of such images can introduce vulnerabilities into environments where they are deployed. | 1 | 1 | 0 |
| CCC.VM.TH02 | Instance Metadata is Unprotected | Instance metadata services may be exposed within virtual machines without appropriate access controls, allowing unauthorized retrieval of sensitive configuration details or temporary credentials. | 1 | 1 | 0 |
| CCC.VM.TH03 | Bootstrap Scripts Introduce Unintended Behavior | Bootstrap scripts executed at startup may include unvalidated commands or configuration changes. If not securely managed, these scripts can modify instance behavior in unexpected or insecure ways. | 1 | 1 | 0 |
| CCC.VM.TH04 | Instance Templates Propagate Insecure Defaults | Instance templates may contain hardcoded credentials, open ports, or insecure configurations. When reused across deployments, these templates can replicate vulnerabilities at scale. | 1 | 1 | 0 |
| CCC.VM.TH05 | Network Access Rules Allow Unintended Communication | Inadequately scoped network access rules may permit communication between virtual machines and untrusted networks or services, increasing exposure to unauthorized access and lateral movement. | 1 | 1 | 0 |
| CCC.VM.TH06 | Remote Access Interfaces Are Insufficiently Restricted | Virtual machine instances may expose remote access methods such as SSH or RDP without proper access controls or network restrictions, allowing unintended access to administrative interfaces. | 1 | 1 | 0 |
| CCC.VM.TH07 | Resource Starvation Through Preemptible (spot) VM Termination | Workloads running on preemptible (spot) instances may experience unexpected termination by the cloud provider with minimal notice. This can result in workload instability, leading to service degradation or denial-of-service if critical processes are scheduled on such VMs, potentially impacting system reliability and availability. | 1 | 1 | 0 |
| CCC.VM.TH08 | Co-Residency Risk on Non-Dedicated Infrastructure | Virtual machines operating on shared infrastructure, rather than dedicated instances, may be exposed to increased risk of side-channel or cross-VM activities. This can result in data leakage or memory scraping, potentially compromising data confidentiality and system integrity. | 1 | 1 | 0 |
| CCC.VM.TH09 | Misconfigured Vertical Scaling Leads to Privilege Escalation | Inadequate permissions or automation logic in vertical scaling processes may allow unauthorized resource escalation, such as adding CPUs or memory. This can result in elevated access rights, increased computational capacity for unintended actions, or unplanned cost increases, potentially affecting system security and operational control. | 1 | 1 | 0 |
| CCC.VM.TH10 | Auto-Scaling Abuse for Resource Exhaustion | Automated horizontal scaling mechanisms may be manipulated through forced load generation, such as distributed denial-of-service events, triggering excessive VM creation. This can lead to billing anomalies, service instability, or disruption of resource quotas, potentially impacting cost management and service availability. | 1 | 1 | 0 |
| CCC.VM.TH11 | VM Image Tampering or Poisoning | Virtual machine images may be created or modified to include backdoors, malware, or misconfigurations. The deployment of compromised images can propagate threats across cloud infrastructure, potentially affecting data integrity, confidentiality, and system reliability. | 1 | 1 | 0 |
| CCC.Core.TH01 | Access is Granted to Unauthorized Users | Logic designed to give different permissions to different entities may be misconfigured or manipulated, allowing unauthorized entities to access restricted parts of the service, its data, or its child resources. This could result in a loss of data confidentiality or tolerance of unauthorized actions which impact the integrity and availability of resources and data. | 1 | 1 | 4 |
| CCC.Core.TH03 | Deployment Region Network is Untrusted | Systems are susceptible to unauthorized access or interception by actors with social or physical control over the network in which they are deployed. If the geopolitical status of the deployment network is untrusted, unstable, or insecure, this could result in a loss of confidentiality, integrity, or availability of the service and its data. | 1 | 1 | 1 |
| CCC.Core.TH05 | Interference with Replication Processes | Misconfigured or manipulated replication processes may lead to data being copied to unintended locations, delayed, modified, or not being copied at all. This could lead to compromised data confidentiality and integrity, potentially also affecting recovery processes and data availability. | 1 | 1 | 0 |
| CCC.Core.TH06 | Data is Lost or Corrupted | Services that rely on accurate data are susceptible to disruption in the event of data loss or corruption. Any actions that lead to the unintended deletion, alteration, or limited access to data can impact the availability of the service and the system it is part of. | 1 | 1 | 1 |
| CCC.Core.TH07 | Logs are Tampered With or Deleted | Tampering or deletion of service logs will reduce the system's ability to maintain an accurate record of events. Any actions that compromise the integrity of logs could disrupt system availability by disrupting monitoring, hindering forensic investigations, and reducing the accuracy of audit trails. | 1 | 1 | 1 |
| CCC.Core.TH08 | Runtime Metrics are Manipulated | Manipulation of runtime metrics can lead to inaccurate representations of system performance and resource utilization. This compromised data integrity may also impact system availability through misinformed scaling decisions, budget exhaustion, financial losses, and hindered incident detection. | 1 | 1 | 0 |
| CCC.Core.TH09 | Runtime Logs are Read by Unauthorized Entities | Unauthorized access to logs may expose valuable information about the system's configuration, operations, and security mechanisms. This could jeopardize system availability through the exposure of vulnerabilities and support the planning of attacks on the service, system, or network. If logs are not adequately sanitized, this may also directly impact the confidentiality of sensitive data. | 1 | 1 | 1 |
| CCC.Core.TH10 | State-change Events are Read by Unauthorized Entities | Unauthorized access to state-change events can reveal information about the system's design and usage patterns. This opens the system up to attacks of opportunity and support the planning of attacks on the service, system, or network. | 1 | 1 | 0 |
| CCC.Core.TH11 | Publications are Incorrectly Triggered | Incorrectly triggered publications may disseminate inaccurate or misleading information, creating a data integrity risk. Such misinformation can cause unintended operations to be initiated, conceal legitimate issues, and disrupt the availability or reliability of systems and their data. | 1 | 1 | 0 |
| CCC.Core.TH13 | Resource Tags are Manipulated | When resource tags are altered, it can lead to misclassification or mismanagement of resources. This can reduce the efficacy of organizational policies, billing rules, or network access rules. Such changes could cause compromised confidentiality, integrity, or availability of the system and its data. | 1 | 1 | 0 |
| CCC.Core.TH16 | Publications are Disabled | Publication of events, metrics, and runtime logs may be disabled, leading to a lack of expected security and operational information being shared. This can impact system availability by delaying the detection of incidents while also impacting system design decisions and enforcement of operational thresholds, such as autoscaling or cost management. | 1 | 1 | 1 |
| CCC.Core.TH17 | Responses are Generated for Unauthorized Requests | The service may generate responses to requests from unauthorized entities. This could lead to the exposure of system details, which may be used to plan an attack against the service, system, or network. Additionally, allocating resources to service the request could lead to a denial of service for legitimate users, leading to a loss of availability anywhere in the system. | 1 | 1 | 0 |
Controls
| ID | Title | Objective | Control Family | Threat Mappings | Guideline Mappings | Assessment Requirements |
|---|---|---|---|---|---|---|
| CCC.Core.C02 | Encrypt Data for Storage | Ensure that all data stored is encrypted at rest using strong encryption algorithms. | Data | 1 | 7 | 1 |
| CCC.Core.C06 | Restrict Deployments to Trust Perimeter | Ensure that the service and its child resources are only deployed on infrastructure in locations that are explicitly included within a defined trust perimeter. | Data | 1 | 4 | 2 |
| CCC.Core.C08 | Replicate Data to Multiple Locations | Ensure that data is replicated across multiple physical locations to protect against data loss due to hardware failures, natural disasters, or other catastrophic events. | Data | 1 | 6 | 2 |
| CCC.Core.C09 | Ensure Integrity of Access Logs | Ensure that access logs are always recorded to an external location that cannot be manipulated from the context of the service(s) it contains logs for. | Data | 3 | 5 | 3 |
| CCC.Core.C11 | Protect Encryption Keys | Ensure that encryption keys are managed securely by enforcing the use of approved algorithms, regular key rotation, and customer-managed encryption keys (CMEKs). | Data | 1 | 7 | 6 |
| CCC.Core.C03 | Implement Multi-factor Authentication (MFA) for Access | Ensure that all sensitive activities require two or more identity factors during authentication to prevent unauthorized access. | Identity and Access Management | 1 | 6 | 4 |
| CCC.Core.C05 | Prevent Access from Untrusted Entities | Ensure that secure access controls enforce the principle of least privilege to restrict access to authorized entities from explicitly trusted sources only. | Identity and Access Management | 1 | 8 | 6 |
| CCC.Core.C04 | Log All Access and Changes | Ensure that all access attempts are logged to maintain a detailed audit trail for security and compliance purposes. | Logging & Monitoring | 1 | 5 | 3 |