Login | Register

Proactive Security Auditing for Clouds

Title:

Proactive Security Auditing for Clouds

Majumdar, Suryadipta ORCID: https://orcid.org/0000-0002-6501-4214 (2018) Proactive Security Auditing for Clouds. PhD thesis, Concordia University.

[img]
Preview
Text (application/pdf)
Majumdar_PhD_S2019.pdf - Accepted Version
Available under License Spectrum Terms of Access.
3MB

Abstract

Cloud computing is emerging as a promising IT solution for enabling ubiquitous, convenient, and on-demand accesses to a shared pool of configurable computing resources. However, the widespread adoption of cloud is still being hindered by the lack of transparency and accountability, which has traditionally been ensured through security auditing techniques. Security auditing in the cloud poses many unique challenges in data collection and processing (e.g., data format inconsistency and lack of correlation due to the heterogeneity of cloud infrastructures), and in verification (e.g., prohibitive performance overhead due to the sheer scale of cloud infrastructures and need of runtime verification for the dynamic nature of cloud). To this extent, existing security auditing solutions can mainly be categorized into three types: retroactive, intercept-and-check and proactive. The retroactive auditing approach is the traditional auditing technique, which audits after the fact and cannot prevent irreversible damages (e.g., leakage of sensitive information and denial of service attacks). The intercept-and-check approach offers runtime auditing and performs all the auditing steps after the occurrence of a critical event (i.e., which may potentially violate a security property). However, this approach results significant delay in responding each critical event. On the other hand, the existing proactive approach requires the changes (in the cloud configurations) planned for the future in advance to verify its compliance; however, this approach is not practical, because the future change plan is not always available due to cloud’s dynamic and ad-hoc nature. In this thesis, we address all the above-mentioned limitations of the existing works by proposing a proactive security auditing system, which potentially can prevent irreversible damages, respond in significantly less time and offer a practical approach without requiring any future change plan. To this purpose, we conduct our work into three main phases. During the first phase, we propose a runtime security
auditing system for the user-level of the cloud; where our proposed system audits wide range of security properties relevant to different authentication and authorization mechanisms, such as role-based access control (RBAC), attribute-based access control (ABAC) and single sign-on (SSO), and enhances the existing intercept-and-check solutions by adopting an incremental approach to improve the efficiency. In the second phase of our work, we propose a novel approach of proactive security auditing; which leverages the dependency relationship among cloud events and pre-computes the most expensive parts of the auditing process to keep the response time of the solution to a practical level. In our final phase, we utilize learning techniques to automatically capture these probabilistic dependency relationships, and propose an automated log processing approach to prepare the raw logs collected from cloud deployments for these learning methods to significantly enhance the practicality of our proactive security auditing system. Also, to demonstrate the applicability, scalability and efficiency of our proposed system, we integrate it to OpenStack, a major cloud platform, and evaluate it using both synthetic and real data. In summary, this thesis contributes towards enhancing security, efficiency and practicality of security auditing in the cloud environment.

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering
Item Type:Thesis (PhD)
Authors:Majumdar, Suryadipta
Institution:Concordia University
Degree Name:Ph. D.
Program:Information and Systems Engineering
Date:18 May 2018
Thesis Supervisor(s):Wang, Lingyu
Keywords:cloud security, security auditing, proactive auditing, cloud
ID Code:984104
Deposited By: SURYADIPTA MAJUMDAR
Deposited On:10 Jun 2019 15:04
Last Modified:10 Jun 2019 15:04
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Back to top Back to top