Cloud Radar: Near Real-Time Detection of Security Failures in Dynamic Virtualized Infrastructures

Sören Bleikertz; Carsten Vogel; Thomas Groß

doi:10.1145/2664243.2664274

Cloud Radar: Near Real-Time Detection of Security Failures in Dynamic Virtualized Infrastructures

Sören Bleikertz, Carsten Vogel, Thomas Groß

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

28 Citations (Scopus)

Abstract

Cloud infrastructures are designed to share physical resources among many different tenants while ensuring overall secu- rity and tenant isolation. The complexity of dynamically changing and growing cloud environments, as well as insider attacks, can lead to misconfigurations that ultimately result in security failures. The detection of these misconfigura- tions and subsequent failures is a crucial challenge for cloud providers—an insurmountable challenge without tools. We establish an automated security analysis of dynamic virtualized infrastructures that detects misconfigurations and security failures in near real-time. The key is a systematic, differential approach that detects changes in the infrastruc- ture and uses those changes to update its analysis, rather than performing one from scratch. Our system, called Cloud Radar, monitors virtualized infrastructures for changes, up- dates a graph model representation of the infrastructure, and also maintains a dynamic information flow graph to determine isolation properties. Whereas existing research in this area performs analyses on static snapshots of such infrastructures, our change-based approach yields significant performance improvements as demonstrated with our proto- type for VMware environments.

Original language	English
Title of host publication	ACSAC '14
Subtitle of host publication	Proceedings of the 30th Annual Computer Security Applications Conference
Place of Publication	New York
Publisher	Association for Computing Machinery (ACM)
Pages	26-35
Number of pages	10
ISBN (Print)	9781450330053
DOIs	https://doi.org/10.1145/2664243.2664274
Publication status	Published - Dec 2014
Event	30th Annual Computer Security Applications Conference, ACSAC 2014 - Hyatt French Quarter, New Orleans, United States Duration: 8 Dec 2014 → 12 Dec 2014 Conference number: 30 https://www.acsac.org/2014/

Conference

Conference	30th Annual Computer Security Applications Conference, ACSAC 2014
Abbreviated title	ACSAC 2014
Country	United States
City	New Orleans
Period	8/12/14 → 12/12/14
Internet address	https://www.acsac.org/2014/

Keywords

EC Grant Agreement nr.: FP7/318003
EC Grant Agreement nr.: FP7/2007-2013

Access to Document

10.1145/2664243.2664274

Fingerprint Dive into the research topics of 'Cloud Radar: Near Real-Time Detection of Security Failures in Dynamic Virtualized Infrastructures'. Together they form a unique fingerprint.

Cite this

@inproceedings{a791028e204e4d70bfda7ada2320f029,

title = "Cloud Radar: Near Real-Time Detection of Security Failures in Dynamic Virtualized Infrastructures",

abstract = "Cloud infrastructures are designed to share physical resources among many different tenants while ensuring overall secu- rity and tenant isolation. The complexity of dynamically changing and growing cloud environments, as well as insider attacks, can lead to misconfigurations that ultimately result in security failures. The detection of these misconfigura- tions and subsequent failures is a crucial challenge for cloud providers—an insurmountable challenge without tools. We establish an automated security analysis of dynamic virtualized infrastructures that detects misconfigurations and security failures in near real-time. The key is a systematic, differential approach that detects changes in the infrastruc- ture and uses those changes to update its analysis, rather than performing one from scratch. Our system, called Cloud Radar, monitors virtualized infrastructures for changes, up- dates a graph model representation of the infrastructure, and also maintains a dynamic information flow graph to determine isolation properties. Whereas existing research in this area performs analyses on static snapshots of such infrastructures, our change-based approach yields significant performance improvements as demonstrated with our proto- type for VMware environments.",

keywords = "EC Grant Agreement nr.: FP7/318003, EC Grant Agreement nr.: FP7/2007-2013",

author = "S{\"o}ren Bleikertz and Carsten Vogel and Thomas Gro{\ss}",

year = "2014",

month = dec,

doi = "10.1145/2664243.2664274",

language = "English",

isbn = "9781450330053",

pages = "26--35",

booktitle = "ACSAC '14",

publisher = "Association for Computing Machinery (ACM)",

address = "United States",

note = "30th Annual Computer Security Applications Conference, ACSAC 2014, ACSAC 2014 ; Conference date: 08-12-2014 Through 12-12-2014",

url = "https://www.acsac.org/2014/",

}

Bleikertz, S, Vogel, C & Groß, T 2014, Cloud Radar: Near Real-Time Detection of Security Failures in Dynamic Virtualized Infrastructures. in ACSAC '14: Proceedings of the 30th Annual Computer Security Applications Conference. Association for Computing Machinery (ACM), New York, pp. 26-35, 30th Annual Computer Security Applications Conference, ACSAC 2014, New Orleans, United States, 8/12/14. https://doi.org/10.1145/2664243.2664274

Cloud Radar: Near Real-Time Detection of Security Failures in Dynamic Virtualized Infrastructures. / Bleikertz, Sören; Vogel, Carsten; Groß, Thomas.

ACSAC '14: Proceedings of the 30th Annual Computer Security Applications Conference. New York : Association for Computing Machinery (ACM), 2014. p. 26-35.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Cloud Radar: Near Real-Time Detection of Security Failures in Dynamic Virtualized Infrastructures

AU - Bleikertz, Sören

AU - Vogel, Carsten

AU - Groß, Thomas

N1 - Conference code: 30

PY - 2014/12

Y1 - 2014/12

N2 - Cloud infrastructures are designed to share physical resources among many different tenants while ensuring overall secu- rity and tenant isolation. The complexity of dynamically changing and growing cloud environments, as well as insider attacks, can lead to misconfigurations that ultimately result in security failures. The detection of these misconfigura- tions and subsequent failures is a crucial challenge for cloud providers—an insurmountable challenge without tools. We establish an automated security analysis of dynamic virtualized infrastructures that detects misconfigurations and security failures in near real-time. The key is a systematic, differential approach that detects changes in the infrastruc- ture and uses those changes to update its analysis, rather than performing one from scratch. Our system, called Cloud Radar, monitors virtualized infrastructures for changes, up- dates a graph model representation of the infrastructure, and also maintains a dynamic information flow graph to determine isolation properties. Whereas existing research in this area performs analyses on static snapshots of such infrastructures, our change-based approach yields significant performance improvements as demonstrated with our proto- type for VMware environments.

AB - Cloud infrastructures are designed to share physical resources among many different tenants while ensuring overall secu- rity and tenant isolation. The complexity of dynamically changing and growing cloud environments, as well as insider attacks, can lead to misconfigurations that ultimately result in security failures. The detection of these misconfigura- tions and subsequent failures is a crucial challenge for cloud providers—an insurmountable challenge without tools. We establish an automated security analysis of dynamic virtualized infrastructures that detects misconfigurations and security failures in near real-time. The key is a systematic, differential approach that detects changes in the infrastruc- ture and uses those changes to update its analysis, rather than performing one from scratch. Our system, called Cloud Radar, monitors virtualized infrastructures for changes, up- dates a graph model representation of the infrastructure, and also maintains a dynamic information flow graph to determine isolation properties. Whereas existing research in this area performs analyses on static snapshots of such infrastructures, our change-based approach yields significant performance improvements as demonstrated with our proto- type for VMware environments.

KW - EC Grant Agreement nr.: FP7/318003

KW - EC Grant Agreement nr.: FP7/2007-2013

U2 - 10.1145/2664243.2664274

DO - 10.1145/2664243.2664274

M3 - Conference contribution

SN - 9781450330053

SP - 26

EP - 35

BT - ACSAC '14

PB - Association for Computing Machinery (ACM)

CY - New York

T2 - 30th Annual Computer Security Applications Conference, ACSAC 2014

Y2 - 8 December 2014 through 12 December 2014

ER -