Proactive Security Auditing in Clouds [chapter]

Suryadipta Majumdar, Taous Madi, Yushun Wang, Azadeh Tabiban, Momen Oqaily, Amir Alimohammadifar, Yosr Jarraya, Makan Pourzandi, Lingyu Wang, Mourad Debbabi
2019 Advances in Information Security  
School of Graduate Studies This is to certify that the thesis prepared By: Suryadipta Majumdar Entitled: Proactive Security Auditing for Clouds and submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy (Information and Systems Engineering) complies with the regulations of this University and meets the accepted standards with respect to originality and quality. Abstract Proactive Security Auditing for Clouds Suryadipta Majumdar, Ph.D. Concordia University,
more » ... 18 Cloud computing is emerging as a promising IT solution for enabling ubiquitous, convenient, and on-demand accesses to a shared pool of configurable computing resources. However, the widespread adoption of cloud is still being hindered by the lack of transparency and accountability, which has traditionally been ensured through security auditing techniques. Security auditing in the cloud poses many unique challenges in data collection and processing (e.g., data format inconsistency and lack of correlation due to the heterogeneity of cloud infrastructures), and in verification (e.g., prohibitive performance overhead due to the sheer scale of cloud infrastructures and need of runtime verification for the dynamic nature of cloud). To this extent, existing security auditing solutions can mainly be categorized into three types: retroactive, intercept-and-check and proactive. The retroactive auditing approach is the traditional auditing technique, which audits after the fact and cannot prevent irreversible damages (e.g., leakage of sensitive information and denial of service attacks). The intercept-and-check approach offers runtime auditing and performs all the auditing steps after the occurrence of a critical event (i.e., which may potentially violate a security property). However, this approach results significant delay in responding each critical event. On the other hand, the existing proactive approach requires the changes (in the cloud configurations) planned for the future in advance to verify its compliance; however, this approach is not practical, because the future change plan is not always available due to cloud's dynamic and ad-hoc nature. In this thesis, we address all the above-mentioned limitations of the existing works by proposing a proactive security auditing system, which potentially can prevent irreversible damages, respond in significantly less time and offer a practical approach without requiring any future change plan. To this purpose, we conduct our work into three main phases. During the first phase, we propose a runtime security auditing system for the user-level of the cloud; where our proposed system audits wide range of security properties relevant to different authentication and authorization mechanisms, such as role-based access control (RBAC), attribute-based access control (ABAC) and single sign-on (SSO), and enhances the existing intercept-and-check solutions by adopting an incremental approach to improve the efficiency. In the second phase of our work, we propose a novel approach of proactive security auditing; which leverages the dependency relationship among cloud events and pre-computes the most expensive parts of the auditing process to keep the response time iii of the solution to a practical level. In our final phase, we utilize learning techniques to automatically capture these probabilistic dependency relationships, and propose an automated log processing approach to prepare the raw logs collected from cloud deployments for these learning methods to significantly enhance the practicality of our proactive security auditing system. Also, to demonstrate the applicability, scalability and efficiency of our proposed system, we integrate it to OpenStack, a major cloud platform, and evaluate it using both synthetic and real data. In summary, this thesis contributes towards enhancing security, efficiency and practicality of security auditing in the cloud environment. iv
doi:10.1007/978-3-030-23128-6_6 fatcat:b6exjivobrfg5pju3d2eqx6jvu