A multi-level proactive security auditing framework for clouds through automated dependency building
- PDF / 1,596,066 Bytes
- 16 Pages / 595.276 x 790.866 pts Page_size
- 26 Downloads / 166 Views
REGULAR PAPER
A multi‑level proactive security auditing framework for clouds through automated dependency building Suryadipta Majumdar1 Received: 4 December 2019 / Accepted: 13 May 2020 © China Computer Federation (CCF) 2020
Abstract A cloud is very often a subject to diverse security threats directing to its multiple levels (e.g., user, virtual, and physical). Even though there exist several security solutions for a specific cloud level, none of them provides a comprehensive solution that can protect a cloud tenant against the threats rendered from those multiple levels; which is mainly due to the operational complexity and unique nature of each level of cloud (e.g., authentication and access control models in the user level vs. VM migration rules in the virtual level) in a cloud. Furthermore, a simple integration of those existing tools will not be sufficient as all of them are suffering from different practical issues. For instance, most of the existing solutions suffer from slow response time and require significant manual efforts from the cloud tenants. In this paper, we propose a multi-level proactive security auditing framework, which provides a unified platform to plug-in existing security auditing tools for those levels and overcomes their major practical issues. To this end, our main idea is to design a framework to integrate existing auditing solutions and protect the multiple levels of a cloud. Also, we convert those tools (regardless of their original nature, e.g., retroactive and runtime) into a proactive auditing solution by leveraging a predictive model, which captures the dependency relationships between cloud events and helps to predict future events. We integrate our framework with OpenStack, a popular cloud management platform and outline a concrete guideline to adapt our framework to other major cloud platforms, Google GCP, Amazon EC2, and Microsoft Azure. Our experiments using both synthetic and real data show the practicality and effectiveness of this solution (e.g., responding in a few milliseconds to verify each level of the cloud). Keywords Cloud security · Security auditing · Proactive security · Multi-level security
1 Introduction Different abstraction levels (e.g., user, virtual, and physical level) of a cloud infrastructure very often become a victim of a wide-range of attacks (as evidenced by recent studies, e.g., OpenStack 2018, 2018; Ristenpart et al. 2009; Xu et al. 2015; Zhang et al. 2012, 2014). Those attacks may be launched by various cloud actors, such as hostile tenants, careless cloud providers, and malicious insiders, and may have serious consequences such as threatening the crosstenant isolation. For instance, stealing secrets through crosstenant side-channels (Zhang et al. 2012, 2014), stealing computing resources (Varadarajan et al. 2012), and bypassing
* Suryadipta Majumdar [email protected] 1
Information Security and Digital Forensics, University at Albany, Albany, USA
security group rules (OpenStack 2018) violate tenant isolation boundaries. To defend aga
Data Loading...
