Proactivizer: Transforming Existing Verification Tools into Efficient Solutions for Runtime Security Enforcement
作者: Suryadipta Majumdar , Azadeh Tabiban , Meisam Mohammady , Alaa Oqaily , Yosr Jarraya
DOI: 10.1007/978-3-030-29962-0_12
关键词: Software security assurance 、 Enforcement 、 Key (cryptography) 、 Distributed computing 、 Proof of concept 、 Computer science 、 Dependency (UML) 、 Leverage (statistics) 、 Cloud computing 、 Process (engineering)
摘要: Security verification plays a vital role in providing users the needed security assurance many applications. However, applying existing tools for runtime enforcement may suffer from common limitation, i.e., causing significant delay to user requests. The key reason this limitation is that these are not specifically designed enforcement, especially dynamic and large-scale environment like clouds. In paper, we address issue by proposing proactive framework, namely, Proactivizer, transform into efficient solutions enforcement. Our main idea leverage as black boxes proactively trigger process based on dependency relationships among events. As proof of concept, apply Proactivizer several integrate it with OpenStack, popular cloud platform. We perform extensive experiments both simulated real environments results demonstrate effectiveness reducing response time significantly (e.g., within 9 ms verify 100,000 VMs up 99.9% reduction time).
springer.com
sci-hub.st 参考文章(33)
Sören Bleikertz, Thomas Groß, Matthias Schunter, Konrad Eriksson, Automated Information Flow Analysis of Virtualized Infrastructures Computer Security – ESORICS 2011. pp. 392- 415 ,(2011) , 10.1007/978-3-642-23822-2_22
Stephen S. Yau, Arun Balaji Buduru, Vinjith Nagaraja, Protecting Critical Cloud Infrastructures with Predictive Capability international conference on cloud computing. pp. 1119- 1124 ,(2015) , 10.1109/CLOUD.2015.165
Sungmin Hong, Lei Xu, Haopei Wang, Guofei Gu, None, Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures. network and distributed system security symposium. ,(2015) , 10.14722/NDSS.2015.23283
Jay Ligatti, Lujo Bauer, David Walker, Run-Time Enforcement of Nonsafety Policies ACM Transactions on Information and System Security. ,vol. 12, pp. 1- 41 ,(2009) , 10.1145/1455526.1455532
Min Li, Wanyu Zang, Kun Bai, Meng Yu, Peng Liu, MyCloud: supporting user-configured privacy protection in cloud computing annual computer security applications conference. pp. 59- 68 ,(2013) , 10.1145/2523649.2523680
Egor Dolzhenko, Jay Ligatti, Srikar Reddy, Modeling runtime enforcement with mandatory results automata International Journal of Information Security. ,vol. 14, pp. 47- 60 ,(2015) , 10.1007/S10207-014-0239-8
Cong Wang, Sherman S.M. Chow, Qian Wang, Kui Ren, Wenjing Lou, Privacy-Preserving Public Auditing for Secure Cloud Storage IEEE Transactions on Computers. ,vol. 62, pp. 362- 375 ,(2013) , 10.1109/TC.2011.245
Frank Doelitzscher, Christian Fischer, Denis Moskal, Christoph Reich, Martin Knahl, Nathan Clarke, Validating Cloud Infrastructure Changes by Cloud Audits world congress on services. pp. 377- 384 ,(2012) , 10.1109/SERVICES.2012.12
Kui Ren, Cong Wang, Qian Wang, Security Challenges for the Public Cloud IEEE Internet Computing. ,vol. 16, pp. 69- 73 ,(2012) , 10.1109/MIC.2012.14
Sören Bleikertz, Carsten Vogel, Thomas Groß, Cloud radar: near real-time detection of security failures in dynamic virtualized infrastructures annual computer security applications conference. pp. 26- 35 ,(2014) , 10.1145/2664243.2664274