research-article

Proactive Security Analysis of Changes in Virtualized Infrastructures

Authors:

Sören Bleikertz,

Sebastian MödersheimAuthors Info & Claims

ACSAC '15: Proceedings of the 31st Annual Computer Security Applications Conference

Pages 51 - 60

https://doi.org/10.1145/2818000.2818034

Published: 07 December 2015 Publication History

Abstract

The pervasiveness of cloud computing can be attributed to its scale and elasticity. However, the operational complexity of the underlying cloud infrastructure is high, due to its dynamics, multi-tenancy, and size. Misconfigurations and insider attacks carry significant operational and security risks, such as breaches in tenant isolation put both the infrastructure provider and the consumers at risk.

We tackle this challenge by establishing a practical security system, called Weatherman, that proactively analyzes changes induced by management operations with respect to security policies. We achieve this by contributing the first formal model of cloud management operations that captures their impact on the infrastructure in the form of graph transformations. Our approach combines such a model of operations with an information flow analysis suited for isolation as well as a policy verifier for a variety of security and operational policies. Our system provides a run-time enforcement of infrastructure security policies, as well as a what-if analysis for change planning.

References

[1]

Avizienis, A., Laprie, J.-C., Randell, B., and Landwehr, C. Basic concepts and taxonomy of dependable and secure computing. Dependable and Secure Computing, IEEE Transactions on 1, 1 (jan.-march 2004), 11 -- 33.

Digital Library

[2]

Berger, S., Cáceres, R., Pendarakis, D., Sailer, R., Valdez, E., Perez, R., Schildhauer, W., and Srinivasan, D. Tvdc: managing security in the trusted virtual datacenter. SIGOPS Oper. Syst. Rev. 42 (January 2008), 40--47.

Digital Library

[3]

Bleikertz, S., and Gross, T. A Virtualization Assurance Language for Isolation and Deployment. In IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY'11) (Jun 2011), IEEE.

Digital Library

[4]

Bleikertz, S., Gross, T., Schunter, M., and Eriksson, K. Automated Information Flow Analysis of Virtualized Infrastructures. In 16th European Symposium on Research in Computer Security (ESORICS'11) (Sep 2011), Springer.

Digital Library

[5]

Bleikertz, S., Gross, T., and Vogel, C. Cloud Radar: Near Real-Time Detection of Security Failures in Dynamic Virtualized Infrastructures. In Annual Computer Security Applications Conference (ACSAC 2014) (Dec 2014), ACM.

Digital Library

[6]

CSA. Top threats to cloud computing v1.0. Tech. rep., Cloud Security Alliance (CSA), mar 2010.

[7]

ENISA. Cloud computing: Benefits, risks and recommendations for information security. Tech. rep., European Network and Information Security Agency (ENISA), nov 2009.

[8]

Geiss, R., Batz, G. V., Grund, D., Hack, S., and Szalkowski, A. GrGen: A Fast SPO-Based Graph Rewriting Tool. In Third International Conference on Graph Transformation (2006), Springer, pp. 383--397.

Digital Library

[9]

Ghamarian, A. H., de Mol, M., Rensink, A., Zambon, E., and Zimakova, M. Modelling and analysis using GROOVE. International Journal on Software Tools for Technology Transfer (March 2011).

Digital Library

[10]

Hagen, S., Seibold, M., and Kemper, A. Efficient verification of IT change operations or: How we could have prevented Amazon's cloud outage. In Network Operations and Management Symposium (April 2012), pp. 368--376.

[11]

Jackson, D. Alloy: a lightweight object modelling notation. ACM Trans. Softw. Eng. Methodol. 11 (April 2002), 256--290.

Digital Library

[12]

Jeffrey, A., and Samak, T. Model Checking Firewall Policy Configurations. In Proceedings of the 10th IEEE International Conference on Policies for Distributed Systems and Networks (2009), POLICY'09, IEEE Press, pp. 60--67.

Digital Library

[13]

Kazemian, P., Chang, M., Zeng, H., Varghese, G., McKeown, N., and Whyte, S. Real Time Network Policy Checking Using Header Space Analysis. In 10th USENIX Symposium on Networked Systems Design and Implementation (2013), pp. 99--111.

Digital Library

[14]

Khurshid, A., Zou, X., Zhou, W., Caesar, M., and Godfrey, P. B. VeriFlow: Verifying Network-Wide Invariants in Real Time. In 10th USENIX Symposium on Networked Systems Design and Implementation (2013), pp. 15--27.

Digital Library

[15]

Kikuchi, S., and Hiraishi, K. Improving reliability in management of cloud computing infrastructure by formal methods. In Network Operations and Management Symposium (NOMS), 2014 IEEE (May 2014), pp. 1--7.

[16]

Kim, H., Benson, T., Akella, A., and Feamster, N. The Evolution of Network Configuration: A Tale of Two Campuses. In Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference (2011), IMC '11, pp. 499--514.

Digital Library

[17]

Koch, M., Mancini, L. V., and Parisi-Presicce, F. A Graph-based Formalism for RBAC. ACM Trans. Inf. Syst. Secur. 5, 3 (Aug. 2002), 332--365.

Digital Library

[18]

Mahajan, R., Wetherall, D., and Anderson, T. Understanding BGP Misconfiguration. In Proceedings of the 2002 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (2002), SIGCOMM '02, pp. 3--16.

Digital Library

[19]

Narain, S. Network Configuration Management via Model Finding. In Proceedings of the 19th conference on Large Installation System Administration Conference - Volume 19 (2005), LISA '05, pp. 15--15.

Digital Library

[20]

Oppenheimer, D., Ganapathi, A., and Patterson, D. A. Why do internet services fail, and what can be done about it? In Proceedings of the 4th conference on USENIX Symposium on Internet Technologies and Systems - Volume 4 (2003).

Digital Library

[21]

Rensink, A., and Kuperus, J.-H. Repotting the geraniums: on nested graph transformation rules. In Graph transformation and visual modelling techniques (2009), vol. 18 of Electronic Communications of the EASST.

[22]

Ristenpart, T., Tromer, E., Shacham, H., and Savage, S. Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds. In Proceedings of the 16th ACM conference on Computer and communications security (2009), pp. 199--212.

Digital Library

[23]

Rozenberg, G., Ed. Handbook of Graph Grammars and Computing by Graph Transformation: Volume I. Foundations, vol. 1. World Scientific Publishing Co., Inc., River Edge, NJ, USA, 1997.

Digital Library

[24]

Sailer, R., Jaeger, T., Valdez, E., Caceres, R., Perez, R., Berger, S., Griffin, J. L., and Doorn, L. v. Building a mac-based security architecture for the xen open-source hypervisor. In Proceedings of the 21st Annual Computer Security Applications Conference (2005), pp. 276--285.

Digital Library

[25]

Schiffman, J., Sun, Y., Vijayakumar, H., and Jaeger, T. Cloud Verifier: Verifiable Auditing Service for IaaS Clouds. In Proceedings of the IEEE 1st International Workshop on Cloud Security Auditing (CSA 2013) (June 2013).

Digital Library

[26]

Shafer, I., Gylfason, S., and Ganger, G. R. vQuery: a Platform for Connecting Configuration and Performance. VMware Technical Journal 1, 2 (Dec. 2012).

[27]

VMware. vSphere 5.0 API Reference, Aug 2011. http://pubs.vmware.com/vsphere-50/topic/com.vmware.wssdk.apiref.doc_50/right-pane.html.

[28]

VMware. vSphere Security, ESXi 5.5, vCenter Server 5.5 (EN-001164-04), 2013.

[29]

Wei, J., Zhang, X., Ammons, G., Bala, V., and Ning, P. Managing Security of Virtual Machine Images in a Cloud Environment. In Proceedings of the ACM Workshop on Cloud Computing Security (2009), CCSW '09, ACM, pp. 91--96.

Digital Library

Cited By

Kampars JMosāns GGrabis J(2024)Network Topology Based Identification and Analysis of Security Threats in Data CentresDigital Business and Intelligent Systems10.1007/978-3-031-63543-4_11(161-176)Online publication date: 23-Jun-2024
https://doi.org/10.1007/978-3-031-63543-4_11
Lee SNam J(2023)Kunerva: Automated Network Policy Discovery Framework for ContainersIEEE Access10.1109/ACCESS.2023.331028111(95616-95631)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3310281
Tabiban AZhao HJarraya YPourzandi MWang L(2023)VinciDecoder: Automatically Interpreting Provenance Graphs into Textual Forensic Reports with Application to OpenStackSecure IT Systems10.1007/978-3-031-22295-5_19(346-367)Online publication date: 1-Jan-2023
https://doi.org/10.1007/978-3-031-22295-5_19
Show More Cited By

Proactive Security Analysis of Changes in Virtualized Infrastructures
1. Security and privacy
  1. Systems security
2. Social and professional topics
  1. Computing / technology policy

Recommendations

Auditing Security Compliance of the Virtualized Infrastructure in the Cloud: Application to OpenStack
CODASPY '16: Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy

Cloud service providers typically adopt the multi-tenancy model to optimize resources usage and achieve the promised cost-effectiveness. Sharing resources between different tenants and the underlying complex technology increase the necessity of ...
Cloud Security with Virtualized Defense and Reputation-Based Trust Mangement
DASC '09: Proceedings of the 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing

Internet clouds work as service factories built around web-scale datacenters. The elastic cloud resources and huge datasets processed are subject to security breaches, privacy abuses, and copyright violations. Provisioned cloud resources on-demand are ...
Controlled Intelligent Agents' Security Model for Multi-Tenant Cloud Computing Infrastructures

Data security in the cloud continues to be a huge concern. The adoption of cloud services continues to increase with more businesses transitioning from on premise technology infrastructures to outsourcing cloud-based infrastructures. As the cloud ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ACSAC '15: Proceedings of the 31st Annual Computer Security Applications Conference

December 2015

489 pages

ISBN:9781450336826

DOI:10.1145/2818000

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

In-Cooperation

ACSA: Applied Computing Security Assoc

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 December 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article
Research
Refereed limited

Conference

ACSAC 2015

ACSAC 2015: 2015 Annual Computer Security Applications Conference

December 7 - 11, 2015

CA, Los Angeles, USA

Acceptance Rates

Overall Acceptance Rate 104 of 497 submissions, 21%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

24
Total Citations
View Citations
305
Total Downloads

Downloads (Last 12 months)18
Downloads (Last 6 weeks)1

Reflects downloads up to 16 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Kampars JMosāns GGrabis J(2024)Network Topology Based Identification and Analysis of Security Threats in Data CentresDigital Business and Intelligent Systems10.1007/978-3-031-63543-4_11(161-176)Online publication date: 23-Jun-2024
https://doi.org/10.1007/978-3-031-63543-4_11
Lee SNam J(2023)Kunerva: Automated Network Policy Discovery Framework for ContainersIEEE Access10.1109/ACCESS.2023.331028111(95616-95631)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3310281
Tabiban AZhao HJarraya YPourzandi MWang L(2023)VinciDecoder: Automatically Interpreting Provenance Graphs into Textual Forensic Reports with Application to OpenStackSecure IT Systems10.1007/978-3-031-22295-5_19(346-367)Online publication date: 1-Jan-2023
https://doi.org/10.1007/978-3-031-22295-5_19
Kulik TDongol BLarsen PMacedo HSchneider STran-Jørgensen PWoodcock J(2022)A Survey of Practical Formal Methods for SecurityFormal Aspects of Computing10.1145/352258234:1(1-39)Online publication date: 5-Jul-2022
https://dl.acm.org/doi/10.1145/3522582
Kermabon-Bobinnec HGholipourchoubeh MBagheri SMajumdar SJarraya YPourzandi MWang LJoshi AFernandez MVerma R(2022)ProSPEC: Proactive Security Policy Enforcement for ContainersProceedings of the Twelveth ACM Conference on Data and Application Security and Privacy10.1145/3508398.3511515(155-166)Online publication date: 15-Apr-2022
https://doi.org/10.1145/3508398.3511515
Majumdar SChawla GAlimohammadifar AMadi TJarraya YPourzandi MWang LDebbabi M(2022) ProSAS : Proactive Security Auditing System for Clouds IEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2021.306220419:4(2517-2534)Online publication date: 1-Jul-2022
https://doi.org/10.1109/TDSC.2021.3062204
Majumdar SBastos DSinghal A(2021)SECURITY AUDITING OF INTERNET OF THINGS DEVICES IN A SMART HOMEAdvances in Digital Forensics XVII10.1007/978-3-030-88381-2_11(213-234)Online publication date: 15-Oct-2021
https://doi.org/10.1007/978-3-030-88381-2_11
Inokuchi KKourai K(2020)Secure VM management with strong user binding in semi-trusted cloudsJournal of Cloud Computing: Advances, Systems and Applications10.1186/s13677-020-0152-99:1Online publication date: 17-Jan-2020
https://dl.acm.org/doi/10.1186/s13677-020-0152-9
Kellogg MSchäf MTasiran SErnst MGrundy JLe Goues CLo D(2020)Continuous complianceProceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering10.1145/3324884.3416593(511-523)Online publication date: 21-Dec-2020
https://dl.acm.org/doi/10.1145/3324884.3416593
Chawla GZhang MMajumdar SJarraya YPourzandi MWang LDebbabi M(2020)VMGuard: State-based Proactive Verification of Virtual Network Isolation with Application to NFVIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2020.3041430(1-1)Online publication date: 2020
https://doi.org/10.1109/TDSC.2020.3041430
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents