The MEERKATS Cloud Security Architecture
作者: Angelos D. Keromytis , Roxana Geambasu , Simha Sethumadhavan , Salvatore J. Stolfo , Junfeng Yang
关键词:
摘要: MEERKATS is a novel architecture for cloud environments that elevates continuous system evolution and change as first-rate design principles. Our goal to enable an environment services constantly changes along several dimensions, toward creating unpredictable target adversary. This unpredictability will both impede the adversary's ability achieve initial compromise and, if occurs, detect, disrupt, and/or otherwise his exploit this success. Thus, we envision where data are in flux, using adaptive (both proactive reactive) protection mechanisms distributed monitoring at various levels of abstraction. A key element focus on software cloud, not just protecting but leveraging improve mission resilience. seeks effectively "economies scale" (in resources available) provide higher flexibility effectiveness deployment use needed, focusing current anticipated application needs instead inefficient, "blanket" approach "everything same way, all time". We outline our vision describe prototyping it.
columbia.edu 
sci-hub.se 参考文章(13)
Georgios Portokalidis, Angelos D. Keromytis, REASSURE: A Self-contained Mechanism for Healing Software Using Rescue Points Advances in Information and Computer Security. pp. 16- 32 ,(2011) , 10.1007/978-3-642-25141-2_2
Brian M. Bowen, Shlomo Hershkop, Angelos D. Keromytis, Salvatore J. Stolfo, Baiting Inside Attackers Using Decoy Documents international conference on security and privacy in communication systems. ,vol. 19, pp. 51- 70 ,(2008) , 10.1007/978-3-642-05284-2_4
Ke Wang, Janak J. Parekh, Salvatore J. Stolfo, Anagram: A Content Anomaly Detector Resistant to Mimicry Attack Lecture Notes in Computer Science. pp. 226- 248 ,(2006) , 10.1007/11856214_12
Frank Apap, Andrew Honig, Shlomo Hershkop, Eleazar Eskin, Sal Stolfo, None, Detecting malicious software by monitoring anomalous windows registry accesses recent advances in intrusion detection. pp. 36- 53 ,(2002) , 10.1007/3-540-36084-0_3
Brian M. Bowen, Pratap Prabhu, Vasileios P. Kemerlis, Stelios Sidiroglou, Angelos D. Keromytis, Salvatore J. Stolfo, BotSwindler: tamper resistant injection of believable decoys in VM-based hosts for crimeware detection recent advances in intrusion detection. pp. 118- 137 ,(2010) , 10.1007/978-3-642-15512-3_7
Brian M. Bowen, Vasileios P. Kemerlis, Pratap Prabhu, Angelos D. Keromytis, Salvatore J. Stolfo, Automating the injection of believable decoys to detect snooping wireless network security. pp. 81- 86 ,(2010) , 10.1145/1741866.1741880
Amir Herzberg, Stanisław Jarecki, Hugo Krawczyk, Moti Yung, Proactive Secret Sharing Or: How to Cope With Perpetual Leakage international cryptology conference. pp. 339- 352 ,(1995) , 10.1007/3-540-44750-4_27
Gaurav S. Kc, Angelos D. Keromytis, Vassilis Prevelakis, Countering code-injection attacks with instruction-set randomization computer and communications security. pp. 272- 280 ,(2003) , 10.1145/948109.948146
Georgios Portokalidis, Angelos D. Keromytis, Fast and practical instruction-set randomization for commodity systems annual computer security applications conference. pp. 41- 48 ,(2010) , 10.1145/1920261.1920268
David A. Schultz, Barbara Liskov, Moses Liskov, Mobile proactive secret sharing principles of distributed computing. pp. 458- 458 ,(2008) , 10.1145/1400751.1400856