Auditing Security Compliance of the Virtualized Infrastructure in the Cloud: Application to OpenStack
Title | Auditing Security Compliance of the Virtualized Infrastructure in the Cloud: Application to OpenStack |
Publication Type | Conference Paper |
Year of Publication | 2016 |
Authors | Madi, Taous, Majumdar, Suryadipta, Wang, Yushun, Jarraya, Yosr, Pourzandi, Makan, Wang, Lingyu |
Conference Name | Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy |
Publisher | ACM |
Conference Location | New York, NY, USA |
ISBN Number | 978-1-4503-3935-3 |
Keywords | cloud, co-residence, compositionality, formal verification, isolation, Metrics, openstack, pubcrawl, Resiliency, Scalability, scalable verification, security auditing, Security Audits, Security Policies Analysis, virtualization |
Abstract | Cloud service providers typically adopt the multi-tenancy model to optimize resources usage and achieve the promised cost-effectiveness. Sharing resources between different tenants and the underlying complex technology increase the necessity of transparency and accountability. In this regard, auditing security compliance of the provider's infrastructure against standards, regulations and customers' policies takes on an increasing importance in the cloud to boost the trust between the stakeholders. However, virtualization and scalability make compliance verification challenging. In this work, we propose an automated framework that allows auditing the cloud infrastructure from the structural point of view while focusing on virtualization-related security properties and consistency between multiple control layers. Furthermore, to show the feasibility of our approach, we integrate our auditing system into OpenStack, one of the most used cloud infrastructure management systems. To show the scalability and validity of our framework, we present our experimental results on assessing several properties related to auditing inter-layer consistency, virtual machines co-residence, and virtual resources isolation. |
URL | http://doi.acm.org/10.1145/2857705.2857721 |
DOI | 10.1145/2857705.2857721 |
Citation Key | madi_auditing_2016 |