Login | Register

Protecting Audit Data using Segmentation-Based Anonymization for Multi-Tenant Cloud Auditing (SEGGUARD)

Title:

Protecting Audit Data using Segmentation-Based Anonymization for Multi-Tenant Cloud Auditing (SEGGUARD)

Oqaily, Momen (2018) Protecting Audit Data using Segmentation-Based Anonymization for Multi-Tenant Cloud Auditing (SEGGUARD). Masters thesis, Concordia University.

[img]
Preview
Text (application/pdf)
SegGuardThesisMomenCompliant pdfa-b1.pdf - Accepted Version
2MB

Abstract

With the rise of security concerns regarding cloud computing, the importance of security auditing, conducted either in-house or by a third party, has become evident more than ever. However, the input data required for auditing a multi-tenant cloud environment typically contains sensitive information, such as the topology of the underlying cloud infrastructure. Additionally, audit results intended for one tenant may unexpectedly reveal private information, such as unpatched security flaws, about other tenants. How to anonymize audit data and results in order to prevent such information leakage is a novel challenge that has received little attention. Directly applying most existing anonymization techniques to such a context would either lead to insufficient protection or render the data unsuitable for auditing. In this thesis, we propose SegGuard, a novel anonymization approach that protects the sensitive information in both the audit data and auditing results, while assuring the data utility for effective auditing. Specifically, SegGuard prevents cross-tenant information leakage through per-tenant encryption, and it prevents information leakage to auditors through an innovative way of applying property-preserving anonymization. We apply SegGuard on audit data collected from an OpenStack cloud, and evaluate its effectiveness and efficiency using both synthetic and real data. Our experimental results demonstrate that SegGuard can reduce information leakage to a negligible level (e.g., less than 1% for an adversary with 50% pre-knowledge) with a practical response time (e.g., 62 seconds to anonymize a cloud virtual infrastructure with 25,000 virtual machines).

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science
Item Type:Thesis (Masters)
Authors:Oqaily, Momen
Institution:Concordia University
Degree Name:M.A. Sc.
Program:Information Systems Security
Date:30 July 2018
Thesis Supervisor(s):Wang, Lingyu and Debbabi, Mourad
ID Code:984116
Deposited By: Momen Oqaily
Deposited On:16 Nov 2018 16:22
Last Modified:16 Nov 2018 16:22
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Research related to the current document (at the CORE website)
- Research related to the current document (at the CORE website)
Back to top Back to top