Towards a Security SLA-based Cloud Monitoring Service

Dana Petcu, Ciprian Crăciun

2014

Abstract

Following the community concerns related to security and trust in cloud services, services level agreements (SLAs) are nowadays revised to include security requirements. In order to speedup their take-up by the service providers and consumers, security SLAs monitoring at run-time should be ensured. Several tools for SLA management are available, but most of them are dealing with performance parameters, and not referring to security. Other tools are available for cloud security monitoring, but not currently related or mapped to security SLAs. Aiming to design and develop a security SLA-based cloud monitoring service, which can be deployed or hosted, we identify in this paper the concepts, mechanism and available tools which can lead to a proper design of such a service, as well as the main barriers to overcome.

References

  1. Aceto, G., Botta, A., De Donato, W., and Pescapè, A. (2013). Survey cloud monitoring: A survey. Computer Networks, 57(9):2093-2115.
  2. (2012). Qos-monaas: A portable architecture for qos monitoring in the cloud. SITIS 7812, pages 527-532.
  3. Bernsmed, K., Jaatun, M. G., Meland, P. H., and Undheim, A. (2011). Security slas for federated cloud services. ARES 7811, pages 202-209.
  4. Chen, X., Garfinkel, T., Lewis, E. C., Subrahmanyam, P., Waldspurger, C. A., Boneh, D., Dwoskin, J., and Ports, D. R. (2008). Overshadow: A virtualizationbased approach to retrofitting protection in commodity operating systems. SIGOPS Oper. Syst. Rev., 42(2):2-13.
  5. Chow, J., Garfinkel, T., and Chen, P. M. (2008). Decoupling dynamic program analysis from execution in virtual environments. ATC 7808, pages 1-14.
  6. de Chaves, S., Westphall, C., and Lamin, F. (2010). Sla perspective in security management for cloud computing. ICNS 7810, pages 212-217.
  7. Dunlap, G. W., King, S. T., Cinar, S., Basrai, M. A., and Chen, P. M. (2002). Revirt: enabling intrusion analysis through virtual-machine logging and replay. SIGOPS Oper. Syst. Rev., 36(SI):211-224.
  8. Emeakaroha, V., Brandic, I., Maurer, M., and Dustdar, S. (2010). Low level metrics to high level slas - lom2his framework: Bridging the gap between monitored metrics and sla parameters in cloud environments. HPCS 7810, pages 48-54.
  9. Emeakaroha, V., Ferreto, T., Netto, M., Brandic, I., and De Rose, C. (2012). Casvid: Application level monitoring for sla violation detection in clouds. COMPSAC 7812, pages 499-508.
  10. Garfinkel, T. and Rosenblum, M. (2003). A virtual machine introspection based architecture for intrusion detection. NDSS'03, pages 191-206.
  11. Hogben, G. and Dekker, M. (2012). Procure secure. a guide to monitoring of security service levels in cloud contracts. Technical report, European Network and Information Security Agency (ENISA).
  12. Ibrahim, A., Hamlyn-Harris, J., Grundy, J., and Almorsy, M. (2011). Cloudsec: A security monitoring appliance for virtual machines in the iaas cloud model. NSS 7811, pages 113-120.
  13. Jiang, X., Wang, X., and Xu, D. (2007). Stealthy malware detection through vmm-based ”out-of-the-box” semantic view reconstruction. CCS 7807, pages 128- 138.
  14. Jones, S. T., Arpaci-Dusseau, A. C., and Arpaci-Dusseau, R. H. (2008). Vmm-based hidden process detection and identification using lycosid. VEE 7808, pages 91- 100.
  15. Lanzi, A., Sharif, M. I., and Lee, W. (2009). K-tracer: A system for extracting kernel malware behavior. NDSS'09.
  16. Lombardi, F. and Di Pietro, R. (2009). Kvmsec: A security extension for linux kernel virtual machines. SAC 7809, pages 2029-2034.
  17. McCune, J., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., and Perrig, A. (2010). Trustvisor: Efficient tcb reduction and attestation. SP 7810, pages 143-158.
  18. and Pannetrat, A., Hogben, G., Katopodis, S., Spanoudakis, G., and Cazorla, C. S. (2013). D2.1: Security-aware sla specification language and cloud security dependency model. Technical report, Certification infrastrUcture for MUlti-Layer cloUd Services (CUMULUS).
  19. Payne, B., Carbone, M., Sharif, M., and Lee, W. (2008). Lares: An architecture for secure active monitoring using virtualization. SP 7808, pages 233-247.
  20. Petcu, D., Di Martino, B., Venticinque, S., Rak, M., Máhr, T., Esnal Lopez, G., Brito, F., Cossu, R., Stopar, M., S?perka, S., and Stankovski, V. Experiences in building a mosaic of clouds. Journal of Cloud Computing: Advances, Systems and Applications, 2:12.
  21. Rak, M., Luna, J., Petcu, D., Casola, V., Suri, N., and Villano, U. (2013). Security as a service using an slabased approach via specs. CloudCom 78 13.
  22. Rak, M., Venticinque, S., Máhr, T., Echevarria, G., and Esnal, G. (2011). Cloud application monitoring: The mosaic approach. CloudCom 7811, pages 758-763.
  23. Riley, R., Jiang, X., and Xu, D. (2008). Guest-transparent prevention of kernel rootkits with vmm-based memory shadowing. RAID 7808, pages 1-20.
  24. Riley, R., Jiang, X., and Xu, D. (2009). Multi-aspect profiling of kernel rootkit behavior. EuroSys 7809, pages 47-60.
  25. Seshadri, A., Luk, M., Qu, N., and Perrig, A. (2007). Secvisor: A tiny hypervisor to provide lifetime kernel code integrity for commodity oses. SOSP 7807, pages 335- 350.
  26. Sharif, M. I., Lee, W., Cui, W., and Lanzi, A. (2009). Secure in-vm monitoring using hardware virtualization. CCS 7809, pages 477-487.
  27. Shin, S. and Gu, G. (2012). Cloudwatcher: Network security monitoring using openflow in dynamic cloud networks (or: How to provide security monitoring as a service in clouds?). ICNP 7812, pages 1-6.
  28. Smit, M., Simmons, B., and Litoiu, M. (2013). Distributed, application-level monitoring for heterogeneous clouds using stream processing. Future Generation Computer Systems, 29(8):2103-2114.
  29. Szefer, J. M. (2013). Architectures for Secure Cloud Computing Servers. PhD thesis, University of Princeton.
  30. Wagner, R., Heiser, J., Perkins, E., Nicolett, M., Kavanagh, K. M., Chuvakin, A., and Young, G. (2012). Predicts 2013: Cloud and services security. Technical report, Gartner ID:G00245775.
  31. Wu, X., Gao, Y., Tian, X., Song, Y., Guo, B., Feng, B., and Sun, Y. (2013). Secmon: A secure introspection framework for hardware virtualization. PDP 7813, pages 282-286.
  32. Xuan, C., Copeland, J., and Beyah, R. (2009). Toward revealing kernel malware behavior in virtual execution environments. RAID 7809, pages 304-325.
  33. Zou, D., Zhang, W., Qiang, W., Xiang, G., Yang, L. T., Jin, H., and Hu, K. (2013). Design and implementation of a trusted monitoring framework for cloud platforms. Future Generation Computer Systems, 29(8):2092 - 2102.
Download


Paper Citation


in Harvard Style

Petcu D. and Crăciun C. (2014). Towards a Security SLA-based Cloud Monitoring Service . In Proceedings of the 4th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-758-019-2, pages 598-603. DOI: 10.5220/0004957305980603


in Bibtex Style

@conference{closer14,
author={Dana Petcu and Ciprian Crăciun},
title={Towards a Security SLA-based Cloud Monitoring Service},
booktitle={Proceedings of the 4th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},
year={2014},
pages={598-603},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004957305980603},
isbn={978-989-758-019-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 4th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
TI - Towards a Security SLA-based Cloud Monitoring Service
SN - 978-989-758-019-2
AU - Petcu D.
AU - Crăciun C.
PY - 2014
SP - 598
EP - 603
DO - 10.5220/0004957305980603