Design, Implementation and Verification of Cloud Architecture for Monitoring a Virtual Machine’s Security Health
نویسندگان
چکیده
Cloud customers need guarantees regarding the security of their virtual machines (VMs), operating within an Infrastructure as a Service (IaaS) cloud system. This is complicated by the customer not knowing where his VM is executing, and on the semantic gap between what the customer wants to know versus what can be measured in the cloud. We present CloudMonatt, an architecture for monitoring a VM’s security health. We show a full prototype based on the OpenStack open source cloud software. It is necessary to verify CloudMonatt to guarantee that there are no security vulnerabilities that could allow an attacker to subvert its protection. As such, we conduct a systematic security verification of CloudMonatt. We model and verify the network protocols within the distributed system, as well as interactions of hardware/software modules inside the cloud server. Our results show that CloudMonatt is capable of delivering this monitoring and attestation service to customers in an unforgeable and reliable manner.
منابع مشابه
Verifying cloud service-level agreement by a third-party auditor
In this paper, we study the important issue of verifying service-level agreement (SLA) with an untrusted cloud and present an SLA verification framework that utilizes a third-party auditor (TPA). A cloud provides users with elastic computing and storage resources in a pay-as-you-go way. An SLA between the cloud and a user is a contract that specifies the computing resources and performances tha...
متن کاملAn Architecture for Security and Protection of Big Data
The issue of online privacy and security is a challenging subject, as it concerns the privacy of data that are increasingly more accessible via the internet. In other words, people who intend to access the private information of other users can do so more efficiently over the internet. This study is an attempt to address the privacy issue of distributed big data in the context of cloud computin...
متن کاملOpenFlow Virtual Appliance: An Efficient Security Interface For Cloud Forensic Spyware Robot
Network forensics vis-a-vis cloud computing offerings can be leveraged to address the needs of enterprise-grade spyware solutions online. A modular, extensible cloud architecture with intrinsic support for efficient security monitoring is proposed and an implementation architecture which facilitates dynamic interface with OpenFlow hardware to create infinite flexibility in managing security dec...
متن کاملA Model based on Cloud Computing for the implementation and management IT services in Banks
In recent years, the banking industry has made significant changes in technology and communications. The expansion of electronic communications and a large number of people around the world access to the Internet, appropriate to establish trade and economic exchanges provided but high costs, lack of flexibility and agility in existing systems because of the large volume of information, confiden...
متن کاملA Model based on Cloud Computing for the implementation and management IT services in Banks
In recent years, the banking industry has made significant changes in technology and communications. The expansion of electronic communications and a large number of people around the world access to the Internet, appropriate to establish trade and economic exchanges provided but high costs, lack of flexibility and agility in existing systems because of the large volume of information, confiden...
متن کامل