Visible to the public Auditing Security Compliance of the Virtualized Infrastructure in the Cloud: Application to OpenStack

TitleAuditing Security Compliance of the Virtualized Infrastructure in the Cloud: Application to OpenStack
Publication TypeConference Paper
Year of Publication2016
AuthorsMadi, Taous, Majumdar, Suryadipta, Wang, Yushun, Jarraya, Yosr, Pourzandi, Makan, Wang, Lingyu
Conference NameProceedings of the Sixth ACM Conference on Data and Application Security and Privacy
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-3935-3
Keywordscloud, co-residence, compositionality, formal verification, isolation, Metrics, openstack, pubcrawl, Resiliency, Scalability, scalable verification, security auditing, Security Audits, Security Policies Analysis, virtualization
Abstract

Cloud service providers typically adopt the multi-tenancy model to optimize resources usage and achieve the promised cost-effectiveness. Sharing resources between different tenants and the underlying complex technology increase the necessity of transparency and accountability. In this regard, auditing security compliance of the provider's infrastructure against standards, regulations and customers' policies takes on an increasing importance in the cloud to boost the trust between the stakeholders. However, virtualization and scalability make compliance verification challenging. In this work, we propose an automated framework that allows auditing the cloud infrastructure from the structural point of view while focusing on virtualization-related security properties and consistency between multiple control layers. Furthermore, to show the feasibility of our approach, we integrate our auditing system into OpenStack, one of the most used cloud infrastructure management systems. To show the scalability and validity of our framework, we present our experimental results on assessing several properties related to auditing inter-layer consistency, virtual machines co-residence, and virtual resources isolation.

URLhttp://doi.acm.org/10.1145/2857705.2857721
DOI10.1145/2857705.2857721
Citation Keymadi_auditing_2016