Biblio

Filters: Author is Tabiban, Azadeh  [Clear All Filters]
2021-05-05
Tabiban, Azadeh, Jarraya, Yosr, Zhang, Mengyuan, Pourzandi, Makan, Wang, Lingyu, Debbabi, Mourad.  2020.  Catching Falling Dominoes: Cloud Management-Level Provenance Analysis with Application to OpenStack. 2020 IEEE Conference on Communications and Network Security (CNS). :1—9.

The dynamicity and complexity of clouds highlight the importance of automated root cause analysis solutions for explaining what might have caused a security incident. Most existing works focus on either locating malfunctioning clouds components, e.g., switches, or tracing changes at lower abstraction levels, e.g., system calls. On the other hand, a management-level solution can provide a big picture about the root cause in a more scalable manner. In this paper, we propose DOMINOCATCHER, a novel provenance-based solution for explaining the root cause of security incidents in terms of management operations in clouds. Specifically, we first define our provenance model to capture the interdependencies between cloud management operations, virtual resources and inputs. Based on this model, we design a framework to intercept cloud management operations and to extract and prune provenance metadata. We implement DOMINOCATCHER on OpenStack platform as an attached middleware and validate its effectiveness using security incidents based on real-world attacks. We also evaluate the performance through experiments on our testbed, and the results demonstrate that DOMINOCATCHER incurs insignificant overhead and is scalable for clouds.

2020-03-09
Majumdar, Suryadipta, Tabiban, Azadeh, Mohammady, Meisam, Oqaily, Alaa, Jarraya, Yosr, Pourzandi, Makan, Wang, Lingyu, Debbabi, Mourad.  2019.  Multi-Level Proactive Security Auditing for Clouds. 2019 IEEE Conference on Dependable and Secure Computing (DSC). :1–8.
Runtime cloud security auditing plays a vital role in mitigating security concerns in a cloud. However, there currently does not exist a comprehensive solution that can protect a cloud tenant against the threats rendered from the multiple levels (e.g., user, virtual, and physical) of the cloud design. Furthermore, most of the existing solutions suffer from slow response time and require significant manual efforts. Therefore, a simple integration of the existing solutions for different levels is not a practical solution. In this paper, we propose a multilevel proactive security auditing system, which overcomes all the above-mentioned limitations. To this end, our main idea is to automatically build a predictive model based on the dependency relationships between cloud events, proactively verify the security policies related to different levels of a cloud by leveraging this model, and finally enforce those policies on the cloud based on the verification results. Our experiments using both synthetic and real data show the practicality and effectiveness of this solution (e.g., responding in a few milliseconds to verify each level of the cloud).
2020-05-11
Tabiban, Azadeh, Majumdar, Suryadipta, Wang, Lingyu, Debbabi, Mourad.  2018.  PERMON: An OpenStack Middleware for Runtime Security Policy Enforcement in Clouds. 2018 IEEE Conference on Communications and Network Security (CNS). :1–7.

To ensure the accountability of a cloud environment, security policies may be provided as a set of properties to be enforced by cloud providers. However, due to the sheer size of clouds, it can be challenging to provide timely responses to all the requests coming from cloud users at runtime. In this paper, we design and implement a middleware, PERMON, as a pluggable interface to OpenStack for intercepting and verifying the legitimacy of user requests at runtime, while leveraging our previous work on proactive security verification to improve the efficiency. We describe detailed implementation of the middleware and demonstrate its usefulness through a use case.