PERMON: An OpenStack Middleware for Runtime Security Policy Enforcement in Clouds

Submitted by aekwall on Mon, 05/11/2020 - 10:29am

Title	PERMON: An OpenStack Middleware for Runtime Security Policy Enforcement in Clouds
Publication Type	Conference Paper
Year of Publication	2018
Authors	Tabiban, Azadeh, Majumdar, Suryadipta, Wang, Lingyu, Debbabi, Mourad
Conference Name	2018 IEEE Conference on Communications and Network Security (CNS)
Keywords	Access Control, cloud computing, cloud environment accountability, cloud providers, cloud runtime security policy enforcement, Cloud Security, composability, Conferences, Event Interception, Metrics, middleware, middleware security, Monitoring, network accountability, openstack, openstack middleware, PERMON, pluggable interface, policy-based governance, privacy, proactive security verification, pubcrawl, Resiliency, Runtime, security, security of data, security policies, user interfaces
Abstract	To ensure the accountability of a cloud environment, security policies may be provided as a set of properties to be enforced by cloud providers. However, due to the sheer size of clouds, it can be challenging to provide timely responses to all the requests coming from cloud users at runtime. In this paper, we design and implement a middleware, PERMON, as a pluggable interface to OpenStack for intercepting and verifying the legitimacy of user requests at runtime, while leveraging our previous work on proactive security verification to improve the efficiency. We describe detailed implementation of the middleware and demonstrate its usefulness through a use case.
DOI	10.1109/CNS.2018.8433180
Citation Key	tabiban_permon_2018

Groups:

Science of Security VO