Adopting an Agent and Event Driven Approach for Enabling Mutual Auditability and Security Transparency in Cloud based Services

Moussa Ouedraogo, Eric Dubois, Djamel Khadraoui, Sebastien Poggi, Benoit Chenal

2015

Abstract

We propose an event-driven approach for the automated audit of cloud based services security. The proposed approach is a solution to two of the intrinsic security issues of cloud based services, notably the need of security transparency and mutual auditability amongst the stakeholders. We leverage a logic based event specification language to represent patterns of events which occurrence can be evidence of security anomaly or breach or simply a sign of a nefarious use of the cloud infrastructure by some of its users. The use of dedicated algorithms for the detection of composite events coalesced with the definition of primitive events structure based on XCCDF format ensures the reuse and interoperability with security audit tools based on the Security Content and Automation Protocol-SCAP. The implementation and application of the approach on a cloud service dealing with electronic archiving have demonstrated its feasibility and viability.

References

  1. Anicic D., Rudolph S., Fodor P., Stojanovic N.: Stream reasoning and complex event processing in ETALIS. Semantic Web 3(4): 397-407 (2012).
  2. Bellifemine F., Caire G, Poggi A., Rimassa G. 2008 JADE: A software framework for developing multiagent applications. Lessons learned. Information & Software Technology 50(1-2): 10-21.
  3. Carasso D. (2012) Exploring Splunk, CITO Research, New York.
  4. Chen Y, Paxson V, Katz RH (2010) What's New About Cloud Computing Security? Report EECS Department, University of California, Berkeley,
  5. http://www.eecs.berkeley.edu/Pubs/TechRpts /2010/EECS-2010-5.html.
  6. Dölitzscher F., Knahl M., Reich C., Clarke N.L. 2013 Anomaly Detection in IaaS Clouds. In proceedings of CloudCom (1) 387-394.
  7. Etzion O., Niblett P. 2010. Event Processing in Action. Manning Publications Company 2010, ISBN 978-1- 935182-21-4, pp. I-XXIV, 1-360.
  8. Lorenzoli D., Spanoudakis G. 2010 EVEREST+: Runtime SLA Violations Prediction: In: Proceedings of the 5th Middleware for Service-oriented Computing Workshop, ACM.
  9. Luckham D. C. (2005) The power of events - an introduction to complex event processing in distributed enterprise systems. ACM 2005, ISBN 978-0-201-72789-0, pp. I-XIX, 1-376.
  10. M. (2014): Agent-oriented computing for distributed systems and networks. J. Network and Computer Applications 37: 45-46 (2014). McAfee and Guardian Analytics. 2012. Dissecting. Operation High Roller. Accessed 10 December 2014. From: http://www.mcafee.com/us/resources/reports/rp.operat ion-high-roller.pdf.
  11. Nuñez D., Fernandez - Gago C., Pearson S., Felici M. 2013 A Metamodel for Measuring Accountability Attributes in the Cloud. In: Proceedings of the 2013 IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2013), IEEE.
  12. Ouedraogo M., Khadraoui D., Mouratidis, H. and Dubois E. (2012): Appraisal and reporting of security assurance at operational systems level. Journal of Systems and Software 85(1): 193-208 (2012).
  13. Ouedraogo M, Mouratidis M (2013) Selecting a cloud service provider in the age of cybercrime, Computers & Security, vol.38, pp.3-13 Special issue on Cybercrime in the Digital Economy, Elsevier.
  14. Ouedraogo M., Kuo C.T, Tjoa S., Preston D, Dubois E., Simões P., Cruz T.: Keeping an Eye on Your Security Through Assurance Indicators. In proceedings of SECRYPT 2014: 476-483.
  15. Pervilä, M.A., 2007. Using Nagios to monitor faults in a self-healing environment. In:Seminar on Self-Healing Systems. University of Helsinki.
  16. Rak M, Liccardo L, Aversa R 2011. A SLA-based interface for security management in cloud and GRID integrations. In: Proceedings of the 7th International. Conference on Information Assurance and Security (IAS), pp.378-383, IEEE.
  17. Robert J. Zhang, Elizabeth A. Unger (1996) Event Specification and Detection Technical report TR CS-96-8, 1996, Kansas State University.
  18. Sunyaev A., Schneider S. 2013. Cloud services. certification Communication of the ACM 56(2): 33-36, ACM digital Library.
  19. Winkler V. (2011) Securing the cloud- cloud computer. security techniques and tactics. Syngress.
  20. Ziring N. 2012. Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.2, NIST Interagency Report 7275Revision 4, National Institute of Standards and Technology Gaithersburg, MD 20899-89.
Download


Paper Citation


in Harvard Style

Ouedraogo M., Dubois E., Khadraoui D., Poggi S. and Chenal B. (2015). Adopting an Agent and Event Driven Approach for Enabling Mutual Auditability and Security Transparency in Cloud based Services . In Proceedings of the 5th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-758-104-5, pages 565-572. DOI: 10.5220/0005496205650572


in Bibtex Style

@conference{closer15,
author={Moussa Ouedraogo and Eric Dubois and Djamel Khadraoui and Sebastien Poggi and Benoit Chenal},
title={Adopting an Agent and Event Driven Approach for Enabling Mutual Auditability and Security Transparency in Cloud based Services},
booktitle={Proceedings of the 5th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},
year={2015},
pages={565-572},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005496205650572},
isbn={978-989-758-104-5},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 5th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
TI - Adopting an Agent and Event Driven Approach for Enabling Mutual Auditability and Security Transparency in Cloud based Services
SN - 978-989-758-104-5
AU - Ouedraogo M.
AU - Dubois E.
AU - Khadraoui D.
AU - Poggi S.
AU - Chenal B.
PY - 2015
SP - 565
EP - 572
DO - 10.5220/0005496205650572