Nothing Special   »   [go: up one dir, main page]

skip to main content
10.1145/2818000.2818034acmotherconferencesArticle/Chapter ViewAbstractPublication PagesacsacConference Proceedingsconference-collections
research-article

Proactive Security Analysis of Changes in Virtualized Infrastructures

Published: 07 December 2015 Publication History

Abstract

The pervasiveness of cloud computing can be attributed to its scale and elasticity. However, the operational complexity of the underlying cloud infrastructure is high, due to its dynamics, multi-tenancy, and size. Misconfigurations and insider attacks carry significant operational and security risks, such as breaches in tenant isolation put both the infrastructure provider and the consumers at risk.
We tackle this challenge by establishing a practical security system, called Weatherman, that proactively analyzes changes induced by management operations with respect to security policies. We achieve this by contributing the first formal model of cloud management operations that captures their impact on the infrastructure in the form of graph transformations. Our approach combines such a model of operations with an information flow analysis suited for isolation as well as a policy verifier for a variety of security and operational policies. Our system provides a run-time enforcement of infrastructure security policies, as well as a what-if analysis for change planning.

References

[1]
Avizienis, A., Laprie, J.-C., Randell, B., and Landwehr, C. Basic concepts and taxonomy of dependable and secure computing. Dependable and Secure Computing, IEEE Transactions on 1, 1 (jan.-march 2004), 11 -- 33.
[2]
Berger, S., Cáceres, R., Pendarakis, D., Sailer, R., Valdez, E., Perez, R., Schildhauer, W., and Srinivasan, D. Tvdc: managing security in the trusted virtual datacenter. SIGOPS Oper. Syst. Rev. 42 (January 2008), 40--47.
[3]
Bleikertz, S., and Gross, T. A Virtualization Assurance Language for Isolation and Deployment. In IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY'11) (Jun 2011), IEEE.
[4]
Bleikertz, S., Gross, T., Schunter, M., and Eriksson, K. Automated Information Flow Analysis of Virtualized Infrastructures. In 16th European Symposium on Research in Computer Security (ESORICS'11) (Sep 2011), Springer.
[5]
Bleikertz, S., Gross, T., and Vogel, C. Cloud Radar: Near Real-Time Detection of Security Failures in Dynamic Virtualized Infrastructures. In Annual Computer Security Applications Conference (ACSAC 2014) (Dec 2014), ACM.
[6]
CSA. Top threats to cloud computing v1.0. Tech. rep., Cloud Security Alliance (CSA), mar 2010.
[7]
ENISA. Cloud computing: Benefits, risks and recommendations for information security. Tech. rep., European Network and Information Security Agency (ENISA), nov 2009.
[8]
Geiss, R., Batz, G. V., Grund, D., Hack, S., and Szalkowski, A. GrGen: A Fast SPO-Based Graph Rewriting Tool. In Third International Conference on Graph Transformation (2006), Springer, pp. 383--397.
[9]
Ghamarian, A. H., de Mol, M., Rensink, A., Zambon, E., and Zimakova, M. Modelling and analysis using GROOVE. International Journal on Software Tools for Technology Transfer (March 2011).
[10]
Hagen, S., Seibold, M., and Kemper, A. Efficient verification of IT change operations or: How we could have prevented Amazon's cloud outage. In Network Operations and Management Symposium (April 2012), pp. 368--376.
[11]
Jackson, D. Alloy: a lightweight object modelling notation. ACM Trans. Softw. Eng. Methodol. 11 (April 2002), 256--290.
[12]
Jeffrey, A., and Samak, T. Model Checking Firewall Policy Configurations. In Proceedings of the 10th IEEE International Conference on Policies for Distributed Systems and Networks (2009), POLICY'09, IEEE Press, pp. 60--67.
[13]
Kazemian, P., Chang, M., Zeng, H., Varghese, G., McKeown, N., and Whyte, S. Real Time Network Policy Checking Using Header Space Analysis. In 10th USENIX Symposium on Networked Systems Design and Implementation (2013), pp. 99--111.
[14]
Khurshid, A., Zou, X., Zhou, W., Caesar, M., and Godfrey, P. B. VeriFlow: Verifying Network-Wide Invariants in Real Time. In 10th USENIX Symposium on Networked Systems Design and Implementation (2013), pp. 15--27.
[15]
Kikuchi, S., and Hiraishi, K. Improving reliability in management of cloud computing infrastructure by formal methods. In Network Operations and Management Symposium (NOMS), 2014 IEEE (May 2014), pp. 1--7.
[16]
Kim, H., Benson, T., Akella, A., and Feamster, N. The Evolution of Network Configuration: A Tale of Two Campuses. In Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference (2011), IMC '11, pp. 499--514.
[17]
Koch, M., Mancini, L. V., and Parisi-Presicce, F. A Graph-based Formalism for RBAC. ACM Trans. Inf. Syst. Secur. 5, 3 (Aug. 2002), 332--365.
[18]
Mahajan, R., Wetherall, D., and Anderson, T. Understanding BGP Misconfiguration. In Proceedings of the 2002 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (2002), SIGCOMM '02, pp. 3--16.
[19]
Narain, S. Network Configuration Management via Model Finding. In Proceedings of the 19th conference on Large Installation System Administration Conference - Volume 19 (2005), LISA '05, pp. 15--15.
[20]
Oppenheimer, D., Ganapathi, A., and Patterson, D. A. Why do internet services fail, and what can be done about it? In Proceedings of the 4th conference on USENIX Symposium on Internet Technologies and Systems - Volume 4 (2003).
[21]
Rensink, A., and Kuperus, J.-H. Repotting the geraniums: on nested graph transformation rules. In Graph transformation and visual modelling techniques (2009), vol. 18 of Electronic Communications of the EASST.
[22]
Ristenpart, T., Tromer, E., Shacham, H., and Savage, S. Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds. In Proceedings of the 16th ACM conference on Computer and communications security (2009), pp. 199--212.
[23]
Rozenberg, G., Ed. Handbook of Graph Grammars and Computing by Graph Transformation: Volume I. Foundations, vol. 1. World Scientific Publishing Co., Inc., River Edge, NJ, USA, 1997.
[24]
Sailer, R., Jaeger, T., Valdez, E., Caceres, R., Perez, R., Berger, S., Griffin, J. L., and Doorn, L. v. Building a mac-based security architecture for the xen open-source hypervisor. In Proceedings of the 21st Annual Computer Security Applications Conference (2005), pp. 276--285.
[25]
Schiffman, J., Sun, Y., Vijayakumar, H., and Jaeger, T. Cloud Verifier: Verifiable Auditing Service for IaaS Clouds. In Proceedings of the IEEE 1st International Workshop on Cloud Security Auditing (CSA 2013) (June 2013).
[26]
Shafer, I., Gylfason, S., and Ganger, G. R. vQuery: a Platform for Connecting Configuration and Performance. VMware Technical Journal 1, 2 (Dec. 2012).
[27]
VMware. vSphere 5.0 API Reference, Aug 2011. http://pubs.vmware.com/vsphere-50/topic/com.vmware.wssdk.apiref.doc_50/right-pane.html.
[28]
VMware. vSphere Security, ESXi 5.5, vCenter Server 5.5 (EN-001164-04), 2013.
[29]
Wei, J., Zhang, X., Ammons, G., Bala, V., and Ning, P. Managing Security of Virtual Machine Images in a Cloud Environment. In Proceedings of the ACM Workshop on Cloud Computing Security (2009), CCSW '09, ACM, pp. 91--96.

Cited By

View all
  • (2024)Network Topology Based Identification and Analysis of Security Threats in Data CentresDigital Business and Intelligent Systems10.1007/978-3-031-63543-4_11(161-176)Online publication date: 23-Jun-2024
  • (2023)Kunerva: Automated Network Policy Discovery Framework for ContainersIEEE Access10.1109/ACCESS.2023.331028111(95616-95631)Online publication date: 2023
  • (2023)VinciDecoder: Automatically Interpreting Provenance Graphs into Textual Forensic Reports with Application to OpenStackSecure IT Systems10.1007/978-3-031-22295-5_19(346-367)Online publication date: 1-Jan-2023
  • Show More Cited By
  1. Proactive Security Analysis of Changes in Virtualized Infrastructures

      Recommendations

      Comments

      Please enable JavaScript to view thecomments powered by Disqus.

      Information & Contributors

      Information

      Published In

      cover image ACM Other conferences
      ACSAC '15: Proceedings of the 31st Annual Computer Security Applications Conference
      December 2015
      489 pages
      ISBN:9781450336826
      DOI:10.1145/2818000
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

      In-Cooperation

      • ACSA: Applied Computing Security Assoc

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 07 December 2015

      Permissions

      Request permissions for this article.

      Check for updates

      Qualifiers

      • Research-article
      • Research
      • Refereed limited

      Conference

      ACSAC 2015

      Acceptance Rates

      Overall Acceptance Rate 104 of 497 submissions, 21%

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)18
      • Downloads (Last 6 weeks)1
      Reflects downloads up to 18 Nov 2024

      Other Metrics

      Citations

      Cited By

      View all
      • (2024)Network Topology Based Identification and Analysis of Security Threats in Data CentresDigital Business and Intelligent Systems10.1007/978-3-031-63543-4_11(161-176)Online publication date: 23-Jun-2024
      • (2023)Kunerva: Automated Network Policy Discovery Framework for ContainersIEEE Access10.1109/ACCESS.2023.331028111(95616-95631)Online publication date: 2023
      • (2023)VinciDecoder: Automatically Interpreting Provenance Graphs into Textual Forensic Reports with Application to OpenStackSecure IT Systems10.1007/978-3-031-22295-5_19(346-367)Online publication date: 1-Jan-2023
      • (2022)A Survey of Practical Formal Methods for SecurityFormal Aspects of Computing10.1145/352258234:1(1-39)Online publication date: 5-Jul-2022
      • (2022)ProSPEC: Proactive Security Policy Enforcement for ContainersProceedings of the Twelveth ACM Conference on Data and Application Security and Privacy10.1145/3508398.3511515(155-166)Online publication date: 15-Apr-2022
      • (2022) ProSAS : Proactive Security Auditing System for Clouds IEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2021.306220419:4(2517-2534)Online publication date: 1-Jul-2022
      • (2021)SECURITY AUDITING OF INTERNET OF THINGS DEVICES IN A SMART HOMEAdvances in Digital Forensics XVII10.1007/978-3-030-88381-2_11(213-234)Online publication date: 15-Oct-2021
      • (2020)Secure VM management with strong user binding in semi-trusted cloudsJournal of Cloud Computing: Advances, Systems and Applications10.1186/s13677-020-0152-99:1Online publication date: 17-Jan-2020
      • (2020)Continuous complianceProceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering10.1145/3324884.3416593(511-523)Online publication date: 21-Dec-2020
      • (2020)VMGuard: State-based Proactive Verification of Virtual Network Isolation with Application to NFVIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2020.3041430(1-1)Online publication date: 2020
      • Show More Cited By

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Media

      Figures

      Other

      Tables

      Share

      Share

      Share this Publication link

      Share on social media