Abstract
Cloud computing has gained remarkable popularity in the recent years by a wide spectrum of consumers, ranging from small start-ups to governments. However, its benefits in terms of flexibility, scalability, and low upfront investments, are shadowed by security challenges which inhibit its adoption.
Managed through a web-services interface, users can configure highly flexible but complex cloud computing environments. Furthermore, users misconfiguring such cloud services poses a severe security risk that can lead to security incidents, e.g., erroneous exposure of services due to faulty
network security configurations. In this article we present a novel approach in the security assessment of the end-user configuration of multi-tier architectures deployed on infrastructure clouds such as Amazon
EC2. In order to perform this assessment for the currently deployed
configuration, we automated the process of extracting the configuration using the Amazon API. In the assessment we focused on the reachability and vulnerability of services in the virtual infrastructure, and presented a way for the visualization and automated analysis based on reachability and attack graphs. We proposed a query and policy language for the analysis which can be used to obtain insights into the configuration and to specify desired and undesired configurations. We have implemented the security assessment
in a prototype and evaluated it for practical scenarios. Our approach effectively allows to remediate today’s security concerns through validation of configurations of complex cloud infrastructures.
Original language | English |
---|---|
Title of host publication | Proceedings of the 2010 ACM workshop on Cloud computing security workshop |
Publication date | 2010 |
Publication status | Published - 2010 |
Event | Cloud Computing Security Workshop - Chicago, United States Duration: 8 Oct 2010 → 8 Oct 2010 |
Conference
Conference | Cloud Computing Security Workshop |
---|---|
Country/Territory | United States |
City | Chicago |
Period | 08/10/2010 → 08/10/2010 |