A System for Detecting Malicious Insider Data Theft in IaaS Cloud Environments

The Cloud Security Alliance lists data theft and insider attacks as critical threats to cloud security. Our work puts forth an approach using a train, monitor, detect pattern which leverages a stateful rule based k-nearest neighbors anomaly detection technique and system state data to detect inside attacker data theft on Infrastructure as a Service (IaaS) nodes. We posit, instantiate, and demonstrate our approach using the Eucalyptus cloud computing infrastructure where we observe a 100 percent detection rate for abnormal login events and data copies to outside systems

Improving Security in Software-as-a-Service Solutions

The essence of cloud computing is about moving workloads from your local IT infrastructure to a data center that scales and provides resources at a moments notice. Using a pay-as-you-go model to rent virtual infrastructure is also known as a Infrastructure-as-a-Service (IaaS) offering. This helps consumers provision hardware on-demand without the need for physical infrastructure and the challenges and costs that come with it. When moving to the cloud, however, issues regarding the confidentiality, integrity, and availability of the data and infrastructure arise, and new security challenges compared to traditional on-premises computing appear. It is important for the consumer to know exactly what is their responsibility when it comes to securing software running on IaaS platforms. Axis has one such software solution, henceforth referred to as the 'Axis-hosted cloud service'. There is a need for Axis to improve the client-cloud communication, and in this report, we detail a prototype solution for a new secure communication between client and cloud. Additionally, an evaluation of the prototype is presented. The evaluation is based on a model constructed by studying literature from state-of-the-art cloud service providers and organizations dedicated to defining best practices and critical areas of focus for cloud computing. This was collected and compiled in order to present a summary of the most important aspects to keep in mind when deploying software on an IaaS. It showed that the cloud service fulfills many industry best-practices, such as encrypting data in transit between client and cloud, using virtual private clouds to separate infrastructure credentials from unauthorized access, and following the guidelines from their infrastructure provider. It also showed areas where there was a need for improvement in order to reach a state-of-the-art level. The model proved to be a useful tool to ensure that security best practices are being met by an organization moving to the cloud, and specifically for Axis, the prototype communication solution can be used as a base for further development

Transmissão de video melhorada com recurso a SDN em ambientes baseados em cloud

The great technological development of informatics has opened the way for provisioning various services and new online-based entertainment services, which have expanded significantly after the increase in social media applications and the number of users. This significant expansion has posed an additional challenge to Internet Service Providers (ISP)s in terms of management for network, equipment and the efficiency of service delivery. New notions and techniques have been developed to offer innovative solutions such as SDN for network management, virtualization for optimal resource utilization and others like cloud computing and network function virtualization. This dissertation aims to manage live video streaming in the network automatically by adding a design architecture to the virtual network environment that helps to filter video packets from the remaining ones into a certain tunnel and this tunnel will be handled as a higher priority to be able to provide better service for customers. With the dedicated architecture, side by side, a monitoring application integrated into the system was used to detect the video packets and notify the SDN server to the existence of the video through the networkOs grandes avanços tecnológicos em informática abriram o caminho para o fornecimento de vários serviços e novos aplicações de entretenimento baseadas na web, que expandiram significativamente com a explosão no número de aplicações e utilizadores das redes sociais. Esta expansão significativa colocou desafios adicionais aos fornecedores de serviços de rede, em termos de gestão de rede, equipamento e a eficácia do fornecimento de serviços. Novas noções e técnicas foram desenvolvidas para oferecer soluções inovadoras, tais como redes definidas por software (SDN) para a gestão de rede, virtualização para a optimização da utilização dos recursos e outros, tais como a computação em nuvem e as funções de rede virtualizadas. Esta dissertação pretende gerir automaticamente a emissão de vídeo ao vivo na rede, através da adição de uma arquitetura ao ambiente de rede virtualizado, que auxilie a filtragem de pacotes de vídeo dos do restante tráfego, para um túnel específico, que será gerido com uma prioridade maior, capaz de fornecer melhor serviço aos clientes. Além do desenho da arquitectura, scripts de Python foram usados para detectar os pacotes de vídeo e injetar novas regras no controlador SDN que monitoriza o tráfego ao longo da rede.Mestrado em Engenharia de Computadores e Telemátic

Automated Anomaly Detection in Virtualized Services Using Deep Packet Inspection

Virtualization technologies have proven to be important drivers for the fast and cost-efficient development and deployment of services. While the benefits are tremendous, there are many challenges to be faced when developing or porting services to virtualized infrastructure. Especially critical applications like Virtualized Network Functions must meet high requirements in terms of reliability and resilience. An important tool when meeting such requirements is detecting anomalous system components and recovering the anomaly before it turns into a fault and subsequently into a failure visible to the client. Anomaly detection for virtualized services relies on collecting system metrics that represent the normal operation state of every component and allow the usage of machine learning algorithms to automatically build models representing such state. This paper presents an approach for collecting service-layer metrics while treating services as black-boxes. This allows service providers to implement anomaly detection on the application layer without the need to modify third-party software. Deep Packet Inspection is used to analyse the traffic of virtual machines on the hypervisor layer, producing both generic and protocol-specific communication metrics. An evaluation shows that the resulting metrics represent the normal operation state of an example Virtualized Network Function and are therefore a valuable contribution to automatic anomaly detection in virtualized services

Systematic survey on evolution of cloud architectures

Cloud architectures are becoming an active area of research. The quality and durability of a software system are defined by its architecture. The architecture approaches that are used to build cloud-based systems are not available in a blended fashion to achieve an effective universal architecture solution. The paper aims to contribute to the systematic literature review (SLR) to assist researchers who are striving to contribute in this area. The main objective of this review is to systematically identify and analyse the recently published research topics related to software architecture for cloud with regard to research activity, used tools and techniques, proposed approaches, domains. The applied method is SLR based on four selected electronic databases proposed by (Kitchenham and Charters, 2007). Out of 400 classified publications, we regard 121 as relevant for our research domain. We outline taxonomy of their topics and domains, provide lists of used methods and proposed approaches. At present, there is little research coverage on software architectures for cloud, while other disciplines have become more active. The future work is to develop a secure architecture to achieve quality of service and service level agreements