CIADL: cloud insider attack detector and locator on multi-tenant network isolation: an OpenStack case study
- PDF / 5,330,762 Bytes
- 23 Pages / 595.276 x 790.866 pts Page_size
- 13 Downloads / 193 Views
ORIGINAL RESEARCH
CIADL: cloud insider attack detector and locator on multi‑tenant network isolation: an OpenStack case study Jing Zhan1,2,3 · Xudong Fan1 · Jin Han1,2 · Yaqi Gao1,2 · Xiaoqing Xia1,3 · Qian Zhang1,3 Received: 1 May 2019 / Accepted: 26 August 2019 © Springer-Verlag GmbH Germany, part of Springer Nature 2019
Abstract In cloud networks, edging network virtualization technology is widely adopted to protect tenants with isolated networks mainly from threats inside the cloud. However, since tenants completely rely on cloud service provider’s service interface to be aware of their current network policy, malicious admin alone or with concluded tenants is/are fully capable of acquiring any target tenant network data by attacking corresponding policies stored and enforced on the edging end hosts without tenants knowing. Therefore, this paper presents cloud insider attack detector and locator (CIADL) on multi-tenant network isolation for OpenStack. We propose an insider attack threat model with attack category. A layered state model based constructing and attack detection methods are also proposed, enabling efficient policy confliction detection between expected policy on central node and enforcing policy on end hosts. Along with a threat locating method with fine granularity of device policy rules for recovery purpose. We implements the proof of concept system of CIADL, and the experiments and analysis show our method can cover all attack types defined in threat model with low overheads, and scales well with network and policy size and attack number increase. Compared to existing work model with VM–VM state, CIADL state model with NET–NET state gets about 8.5% and 92.3% improvement on construction and verification time costs with most hostile environment (AP = 80%) and largest policy scale (PS = 4000), which suggests CIADL is both efficient and scalable. Keywords Cloud computing · Multi-tenant network isolation · Insider attack detection
1 Introduction * Jing Zhan [email protected] Xudong Fan [email protected] Jin Han [email protected] Yaqi Gao [email protected] Xiaoqing Xia [email protected] Qian Zhang [email protected] 1
College of Computer Science, Faculty of Information Technology, Beijing University of Technology, Beijing 100124, China
2
Beijing Key Laboratory of Trusted Computing, Beijing University of Technology, Beijing 100124, China
3
National Engineering Laboratory for Critical Technologies of Information Security Classified Protection, Beijing University of Technology, Beijing 100124, China
Taiju et al. (2011) and Joe et al. (2016) have proposed edging network virtualization technologies are widely adopted by current cloud platforms, which are proposed by Tiago and Jorge (2014) and Vmware (2018), to create isolated network environment for tenants, so that Yasuharu et al. (2016) have proposed cloud infrastructure can be shared without unwanted information flows. Especially, in IaaS, multitenant isolation network which is proposed by Kevin et al. (2016) can be perc
Data Loading...
