Security audits of multi-tier virtual infrastructures in public infrastructure clouds

Sören Bleikertz, Matthias Schunter, Christian W. Probst, Dimitrios Pendarakis, Konrad Eriksson

    Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

    Abstract

    Cloud computing has gained remarkable popularity in the recent years by a wide spectrum of consumers, ranging from small start-ups to governments. However, its benefits in terms of flexibility, scalability, and low upfront investments, are shadowed by security challenges which inhibit its adoption. Managed through a web-services interface, users can configure highly flexible but complex cloud computing environments. Furthermore, users misconfiguring such cloud services poses a severe security risk that can lead to security incidents, e.g., erroneous exposure of services due to faulty network security configurations. In this article we present a novel approach in the security assessment of the end-user configuration of multi-tier architectures deployed on infrastructure clouds such as Amazon EC2. In order to perform this assessment for the currently deployed configuration, we automated the process of extracting the configuration using the Amazon API. In the assessment we focused on the reachability and vulnerability of services in the virtual infrastructure, and presented a way for the visualization and automated analysis based on reachability and attack graphs. We proposed a query and policy language for the analysis which can be used to obtain insights into the configuration and to specify desired and undesired configurations. We have implemented the security assessment in a prototype and evaluated it for practical scenarios. Our approach effectively allows to remediate today’s security concerns through validation of configurations of complex cloud infrastructures.
    Original languageEnglish
    Title of host publicationProceedings of the 2010 ACM workshop on Cloud computing security workshop
    Publication date2010
    Publication statusPublished - 2010
    EventCloud computing security workshop - Chicago
    Duration: 1 Jan 2010 → …

    Conference

    ConferenceCloud computing security workshop
    CityChicago
    Period01/01/2010 → …

    Fingerprint

    Dive into the research topics of 'Security audits of multi-tier virtual infrastructures in public infrastructure clouds'. Together they form a unique fingerprint.

    Cite this