Visible to the public Malware Containment in Cloud

TitleMalware Containment in Cloud
Publication TypeConference Paper
Year of Publication2019
AuthorsMalvankar, A., Payne, J., Budhraja, K. K., Kundu, A., Chari, S., Mohania, M.
Conference Name2019 First IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA)
Date PublishedDec. 2019
PublisherIEEE
ISBN Number978-1-7281-6741-1
Keywordsblockchain, business processes, cloud computing, cloud computing environments, Computing Theory, Containment, containment process, contracts, cryptography, decentralized malware containment, Distributed databases, Dominance Frontier, graph analytics, graph neural networks, graph theory, high risk trust assumptions, Human Behavior, human factors, hyperledger, invasive software, Malware, Privacy-invasive software, protection mechanisms, pubcrawl, smart contracts, Trust, Trusted Computing
Abstract

Malware is pervasive and poses serious threats to normal operation of business processes in cloud. Cloud computing environments typically have hundreds of hosts that are connected to each other, often with high risk trust assumptions and/or protection mechanisms that are not difficult to break. Malware often exploits such weaknesses, as its immediate goal is often to spread itself to as many hosts as possible. Detecting this propagation is often difficult to address because the malware may reside in multiple components across the software or hardware stack. In this scenario, it is usually best to contain the malware to the smallest possible number of hosts, and it's also critical for system administration to resolve the issue in a timely manner. Furthermore, resolution often requires that several participants across different organizational teams scramble together to address the intrusion. In this vision paper, we define this problem in detail. We then present our vision of decentralized malware containment and the challenges and issues associated with this vision. The approach of containment involves detection and response using graph analytics coupled with a blockchain framework. We propose the use of a dominance frontier for profile nodes which must be involved in the containment process. Smart contracts are used to obtain consensus amongst the involved parties. The paper presents a basic implementation of this proposal. We have further discussed some open problems related to our vision.

URLhttps://ieeexplore.ieee.org/document/9014345
DOI10.1109/TPS-ISA48467.2019.00036
Citation Keymalvankar_malware_2019