short-paper

VESPA: multi-layered self-protection for cloud resources

Authors:

Aurélien Wailly,

Hervé DebarAuthors Info & Claims

ICAC '12: Proceedings of the 9th international conference on Autonomic computing

Pages 155 - 160

https://doi.org/10.1145/2371536.2371564

Published: 18 September 2012 Publication History

Abstract

Self-protection has recently raised growing interest as possible element of answer to the cloud computing infrastructure protection challenge. Faced with multiple threats and heterogeneous defense mechanisms, the autonomic approach proposes simpler, stronger, and more efficient cloud security management. Yet, previous solutions fall at the last hurdle as they overlook key features of the cloud, by lack of flexible security policies, cross-layered defense, multiple control granularities, and open security architectures. This paper presents VESPA, a self-protection architecture for cloud infrastructures overcoming such limitations. VESPA is policy-based, and regulates security at two levels, both within and across infrastructure layers. Flexible coordination between self-protection loops allows enforcing a rich spectrum of security strategies such as cross-layer detection and reaction. A multi-plane extensible architecture also enables simple integration of commodity detection and reaction components. Evaluation of a VESPA implementation shows that the design is applicable for effective and flexible self-protection of cloud infrastructures.

References

[1]

Y. Al-Nashif, A. Kumar, S. Hariri, G. Qu, Y. Luo, and F. Szidarovsky. Multi-Level Intrusion Detection System (ML-IDS). In International Conference on Autonomic Computing (ICAC), 2008.

Digital Library

[2]

A. M. Azab et al. HyperSentry: Enabling Stealthy In-Context Measurement of Hypervisor Integrity. In ACM Conference on Computer and Communications Security (CCS), 2010.

Digital Library

[3]

A. Baliga, L. Iftode, and X. Chen. Automated Containment of Rootkits Attacks. Computers & Security, 27:323--334, 2008.

Digital Library

[4]

Cloud Security Alliance. Top Threats To Cloud Computing, 2011. http://www.cloudsecurityalliance.org/topthreats.html.

[5]

N. Damianou, N. Dulay, E. Lupu, and M. Sloman. The Ponder Policy Specification Language. In International Workshop on Policies for Distributed Systems and Networks (POLICY), 2001.

Digital Library

[6]

N. De Palma, D. Hagimont, F. Boyer, and L. Broto. Self Protection in a Clustered Distributed System. Parallel and Distributed Systems, IEEE Transactions on, 23(2):330--336, 2012.

Digital Library

[7]

D. Frincke, A. Wespi, and D. Zamboni. From Intrusion Detection to Self-Protection. Comput. Netw., 51:1233--1238, April 2007.

Digital Library

[8]

V. Ganapathy et al. The Design and Implementation of Microdrivers. In International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2008.

Digital Library

[9]

R. He, M. Lacoste, and J. Leneutre. ASPF: A Policy Administration Framework for Self-Protection of Large-Scale Systems. IARIA International Journal On Advances in Security, 3(3-4):104--122, 2010.

[10]

A. Ibrahim, J. Hamlyn-Harris, J. Grundy, and M. Almorsy. CloudSec: A Security Monitoring Appliance for Virtual Machines in the IaaS Cloud Model. In International Conference on Network and Systems (NSS), 2011.

[11]

X. Jiang, X. Wang, and D. Xu. Stealthy Malware Detection through VMM-Based "Out-of-the-Box" Semantic View Reconstruction. ACM Trans. Inf. Syst. Secur., 13:1--28, 2010.

Digital Library

[12]

J. Kephart and W. Walsh. An Artificial Intelligence Perspective on Autonomic Computing Policies. In Fifth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY), 2004.

Digital Library

[13]

R. Koller et al. Anatomy of a Real-Time Intrusion Prevention System. In International Conference on Autonomic Computing (ICAC), 2008.

Digital Library

[14]

O. Mola and M. Bauer. Towards Cloud Management by Autonomic Manager Collaboration. International Journal of Communications, Network and System Sciences, 4(12):790--802, 2011.

[15]

K. Nance, M. Bishop, and B. Hay. Virtual Machine Introspection: Observation or Interference? IEEE Security and Privacy, 6:32--37, September 2008.

Digital Library

[16]

ObjectSecurity. OpenPMF White Paper, 2011. www.openpmf.org.

[17]

R. Sailer et al. Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor. In Annual Computer Security Applications Conference (ACSAC), 2005.

Digital Library

[18]

J. Strassner. Policy-Based Network Management: Solutions for the Next Generation. Morgan Kaufman, 2003.

Digital Library

[19]

J. Strassner et al. The Design of a New Context-Aware Policy Model for Autonomic Networking. In International Conference on Autonomic Computing (ICAC), 2008.

Digital Library

[20]

L. Tan et al. iKernel: Isolating Buggy and Malicious Device Drivers Using Hardware Virtualization Support. In International Symposium on Dependable, Autonomic and Secure Computing (DASC), 2007.

Digital Library

[21]

A. Wailly, M. Lacoste, and H. Debar. KungFuVisor: Enabling Hypervisor Self-Defense. In EUROSYS Doctoral Workshop (EURODW), 2012.

[22]

Y.-M. Wang, D. Beck, B. Vo, and C. Verbowski. Detecting Stealth Software with Strider GhostBuster. In International Conference on Dependable Systems and Networks (DSN), 2005.

Digital Library

[23]

Z. Wang and X. Jiang. HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity. In IEEE Symposium on Security and Privacy, 2010.

Digital Library

Cited By

Juan Ferrer AJuan Ferrer A(2022)Computing Beyond Edge: The Swarm Computing ConceptBeyond Edge Computing10.1007/978-3-031-23344-9_8(111-129)Online publication date: 26-Dec-2022
https://doi.org/10.1007/978-3-031-23344-9_8
Ferrer ABecker SSchmidt FThamsen LKao O(2021)Towards a Cognitive Compute Continuum: An Architecture for Ad-Hoc Self-Managed Swarms2021 IEEE/ACM 21st International Symposium on Cluster, Cloud and Internet Computing (CCGrid)10.1109/CCGrid51090.2021.00076(634-641)Online publication date: May-2021
https://doi.org/10.1109/CCGrid51090.2021.00076
Agrawal NKumar RMishra P(2021)A Study of Resource Management and Security-Based Techniques in Autonomic Cloud ComputingAutonomic Computing in Cloud Resource Management in Industry 4.010.1007/978-3-030-71756-8_20(385-395)Online publication date: 26-Feb-2021
https://doi.org/10.1007/978-3-030-71756-8_20
Show More Cited By

Index Terms

VESPA: multi-layered self-protection for cloud resources
1. Security and privacy
  1. Systems security
    1. Operating systems security
2. Software and its engineering
  1. Software organization and properties
    1. Software system structures
      1. Distributed systems organizing principles

Recommendations

Security-Aware Autonomic Allocation of Cloud Resources: A Model, Research Trends, and Future Directions

Cloud computing has emerged as a dominant platform for computing for the foreseeable future. A key factor in the adoption of this technology is its security and reliability. Here, this article addresses a key challenge which is the secure allocation ...
Autonomic specification of self-protection for distributed MARF with ASSL
C3S2E '09: Proceedings of the 2nd Canadian Conference on Computer Science and Software Engineering

This paper presents practical results of our endeavor towards formal specification and code generation of the Autonomic Distributed Modular Audio Recognition Framework (AD-MARF) system. We used the Autonomic System Specification Language (ASSL) to ...
A review on architecture and models for autonomic software systems
Abstract
Autonomic computing was the term coined by IBM in 2001. The term autonomic computing was used to define the self-adaptable nature of the human body. According to IBM, the same self-adaptable feature was the need to be incorporated in the software ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ICAC '12: Proceedings of the 9th international conference on Autonomic computing

September 2012

222 pages

ISBN:9781450315203

DOI:10.1145/2371536

General Chair:
Dejan Milojicic
HP Labs
,
Program Chairs:
Dongyan Xu
Purdue University
,
Vanish Talwar
HP Labs

Copyright © 2012 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

University of Arizona: University of Arizona
SIGARCH: ACM Special Interest Group on Computer Architecture

In-Cooperation

IEEE

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 September 2012

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Conference

ICAC '12

Sponsor:

University of Arizona
SIGARCH

ICAC '12: 9th International Conference on Autonomic Computing

September 18 - 20, 2012

California, San Jose, USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

21
Total Citations
View Citations
510
Total Downloads

Downloads (Last 12 months)9
Downloads (Last 6 weeks)1

Reflects downloads up to 12 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Juan Ferrer AJuan Ferrer A(2022)Computing Beyond Edge: The Swarm Computing ConceptBeyond Edge Computing10.1007/978-3-031-23344-9_8(111-129)Online publication date: 26-Dec-2022
https://doi.org/10.1007/978-3-031-23344-9_8
Ferrer ABecker SSchmidt FThamsen LKao O(2021)Towards a Cognitive Compute Continuum: An Architecture for Ad-Hoc Self-Managed Swarms2021 IEEE/ACM 21st International Symposium on Cluster, Cloud and Internet Computing (CCGrid)10.1109/CCGrid51090.2021.00076(634-641)Online publication date: May-2021
https://doi.org/10.1109/CCGrid51090.2021.00076
Agrawal NKumar RMishra P(2021)A Study of Resource Management and Security-Based Techniques in Autonomic Cloud ComputingAutonomic Computing in Cloud Resource Management in Industry 4.010.1007/978-3-030-71756-8_20(385-395)Online publication date: 26-Feb-2021
https://doi.org/10.1007/978-3-030-71756-8_20
Agrawal N(2021)Autonomic cloud computing based management and security solutions: State‐of‐the‐art, challenges, and opportunitiesTransactions on Emerging Telecommunications Technologies10.1002/ett.4349Online publication date: 25-Aug-2021
https://doi.org/10.1002/ett.4349
Gill SShaghaghi A(2020)Security-Aware Autonomic Allocation of Cloud ResourcesJournal of Organizational and End User Computing10.4018/JOEUC.202007010232:3(15-22)Online publication date: Jul-2020
https://doi.org/10.4018/JOEUC.2020070102
Chen Q(2019)Toward realizing self-protecting healthcare information systems: Design and security challenges10.1016/bs.adcom.2019.02.003Online publication date: 2019
https://doi.org/10.1016/bs.adcom.2019.02.003
Gill SBuyya R(2018)SECURE: Self-Protection Approach in Cloud Resource ManagementIEEE Cloud Computing10.1109/MCC.2018.0117917155:1(60-72)Online publication date: Jan-2018
https://doi.org/10.1109/MCC.2018.011791715
Giannakou ARilling LMorin CPazat J(2018)Automatic Reconfiguration of NIDSs in IaaS Clouds with SAIDS2018 IEEE International Conference on Cloud Computing Technology and Science (CloudCom)10.1109/CloudCom2018.2018.00031(99-106)Online publication date: Dec-2018
https://doi.org/10.1109/CloudCom2018.2018.00031
Giannakou ARilling LMorin CPazat JEl-Araby EEl-Ghazawi TPanda D(2018)SAIDSProceedings of the 18th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing10.1109/CCGRID.2018.00054(354-355)Online publication date: 1-May-2018
https://dl.acm.org/doi/10.1109/CCGRID.2018.00054
Palesandro ALacoste MBennani NGhedira-Guegan CBourge D(2017)Mantus: Putting Aspects to Work for Flexible Multi-Cloud Deployment2017 IEEE 10th International Conference on Cloud Computing (CLOUD)10.1109/CLOUD.2017.88(656-663)Online publication date: Jun-2017
https://doi.org/10.1109/CLOUD.2017.88
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents