2,269 research outputs found
Recommended from our members
Collecting Provenance via the Xen Hypervisor
The Provenance Aware Storage Systems project (PASS) currently collects system-level provenance by intercepting system calls in the Linux kernel and storing the provenance in a stackable filesystem. While this approach is reasonably efficient, it suffers from two significant drawbacks: each new revision of the kernel requires reintegration of PASS changes, the stability of which must be continually tested; also, the use of a stackable filesystem makes it difficult to collect provenance
on root volumes, especially during early boot. In this paper we describe an approach to collecting system-level provenance from virtual guest machines running under the Xen hypervisor. We make the case that our approach alleviates the aforementioned difficulties and promotes adoption of provenance collection within cloud computing platforms.Engineering and Applied Science
Systematic support for accountability in the cloud
PhD ThesisCloud computing offers computational resources such as processing,
networking, and storage to customers. Infrastructure as a Service
(IaaS) consists of a cloud-based infrastructure to offer consumers raw
computation resources such as storage and networking. These resources
are billed using a pay-per-use cost model. However, IaaS is
far from being a secure cloud infrastructure as the seven main security
threats defined by the Cloud Security Alliance (CSA) indicate. Use
of logging systems can provide evidence to support accountability for
an IaaS cloud.
An accountability helps when mitigating known threats. However,
previous accountability with logging systems solutions are provided
without systematic approaches. These solutions are usually either for
the cloud customer side or for the cloud provider side, not for both
of them. Moreover, the solutions also lack descriptions of logging
systems in the context of a design pattern of the systems' components.
This design pattern facilitates analysis of logging systems in terms of
their quality.
Additionally, there is a number of benefits of this pattern. They could
be: to promote the reusability of design and development of logging
systems; that designers can access this pattern more easily; to assist
a designer adopts design approaches which make a logging system
reusable and not to choose approaches which do not concern reusability
concepts; and to enhance the documentation and maintenance of
existing logging systems.
Thus, the aim of this thesis is to provide support for accountability in
the cloud with systematic approaches to assist in mitigating the risks
associated with real world CSA threats, to benefit both customers and
providers. We research the extent to which such logging systems help
us to mitigate risks associated with the threats identified by the CSA.
The thesis also presents a way of identifying the reference components
of logging systems and how they may be arranged to satisfy logging
requirements. 'Generic logging components' for logging systems are
proposed.
These components encompass all possible instantiations of logging solutions
for IaaS cloud. The generic logging components can be used to
map existing logging systems for the purposes of analysis of the systems'
security. Based on the generic components, the thesis identifies
design patterns in the context of logging in IaaS cloud. We believe
that these identified patterns facilitate analysis of logging systems in
terms of their quality.
We also argue that: these identified patterns could increase reusability
of the design and development of logging systems; designers should
access these patterns more easily; the patterns could assist a designer
adopts design approaches which make a logging system reusable and
not to choose approaches which do not concern reusability concepts;
and they can enhance the documentation and maintenance of existing
logging systems.
We identify a logging solution which is based on the generic logging
components to mitigate the risks associated with CSA threat number
one. An example of the threat is malicious activities, for example
spamming, which are performed in consumers' virtual machines or
VMs. We argue that the generic logging components we suggest could
be used to perform a systematic analysis of logging systems in terms
of security before deploying them in production systems.
To assist in mitigating the risks associated with this threat to benefit
both customers and providers, we investigate how CSA threat number
one can affect the security of both consumers and providers. Then we
propose logging solutions based on the generic logging components
and the identified patterns. We systematically design and implement
a prototype system of the proposed logging solutions in an IaaS to
record history of customer's files.
This prototype system can be also modified in order to record VMs'
process behaviour log files. This system can record the log files while
having a smaller trusted computing base, compared to previous work.
Additionally, the system can be seen as possible solutions that could
tackle the dificult problem of logging file and process activities in the
IaaS. Thus, the proposed logging solutions can assist in mitigating the
risks associated with the CSA threats to benefit both consumers and
providers. This could promote systematic support for accountability
in the cloud
Provenance-Aware Tracing of Worm Break-in and Contaminations: A Process Coloring Approach
To investigate the exploitation and contamination by self-propagating Internet worms, a provenanceaware tracing mechanism is highly desirable. Provenance unawareness causes difficulties in fast and accurate identification of a worm’s break-in point (namely, a remotely-accessible vulnerable service running in the infected host), and incurs significant log data inspection overhead. This paper presents the design, implementation, and evaluation of process coloring, an efficient provenance-aware approach to worm breakin and contamination tracing. More specifically, process coloring assigns a “color”, a unique system-wide identifier, to each remotely-accessible server or process. The color will then be either inherited by spawned child processes or diffused indirectly through process actions (e.g., read or write operations). Process coloring brings two major advantages: (1) It enables fast color-based identification of the break-in point exploited by a worm even before detailed log analysis; (2) It naturally partitions log data according to their associated colors, effectively reducing the volume of log data that need to be examined and correspondingly, log processing overhead for worm investigation. A tamper-resistant log collection method is developed based on the virtual machine introspection technique. Our experiments with a number of real-world worms demonstrate the advantages of processing coloring. For example, to reveal detaile
- …