Abstract
Cloud infrastructures are designed to share physical resources among many different tenants while ensuring overall secu- rity and tenant isolation. The complexity of dynamically changing and growing cloud environments, as well as insider attacks, can lead to misconfigurations that ultimately result in security failures. The detection of these misconfigura- tions and subsequent failures is a crucial challenge for cloud providers—an insurmountable challenge without tools.
We establish an automated security analysis of dynamic virtualized infrastructures that detects misconfigurations and security failures in near real-time. The key is a systematic, differential approach that detects changes in the infrastruc- ture and uses those changes to update its analysis, rather than performing one from scratch. Our system, called Cloud Radar, monitors virtualized infrastructures for changes, up- dates a graph model representation of the infrastructure, and also maintains a dynamic information flow graph to determine isolation properties. Whereas existing research in this area performs analyses on static snapshots of such infrastructures, our change-based approach yields significant performance improvements as demonstrated with our proto- type for VMware environments.
Original language | English |
---|---|
Title of host publication | ACSAC '14 |
Subtitle of host publication | Proceedings of the 30th Annual Computer Security Applications Conference |
Place of Publication | New York |
Publisher | Association for Computing Machinery (ACM) |
Pages | 26-35 |
Number of pages | 10 |
ISBN (Print) | 9781450330053 |
DOIs | |
Publication status | Published - Dec 2014 |
Event | 30th Annual Computer Security Applications Conference, ACSAC 2014 - Hyatt French Quarter, New Orleans, United States Duration: 8 Dec 2014 → 12 Dec 2014 Conference number: 30 https://www.acsac.org/2014/ |
Conference
Conference | 30th Annual Computer Security Applications Conference, ACSAC 2014 |
---|---|
Abbreviated title | ACSAC 2014 |
Country/Territory | United States |
City | New Orleans |
Period | 8/12/14 → 12/12/14 |
Internet address |
Keywords
- EC Grant Agreement nr.: FP7/318003
- EC Grant Agreement nr.: FP7/2007-2013