Majumdar, Suryadipta ORCID: https://orcid.org/0000-0002-6501-4214 (2018) Proactive Security Auditing for Clouds. PhD thesis, Concordia University.
Preview |
Text (application/pdf)
3MBMajumdar_PhD_S2019.pdf - Accepted Version Available under License Spectrum Terms of Access. |
Abstract
Cloud computing is emerging as a promising IT solution for enabling ubiquitous, convenient, and on-demand accesses to a shared pool of configurable computing resources. However, the widespread adoption of cloud is still being hindered by the lack of transparency and accountability, which has traditionally been ensured through security auditing techniques. Security auditing in the cloud poses many unique challenges in data collection and processing (e.g., data format inconsistency and lack of correlation due to the heterogeneity of cloud infrastructures), and in verification (e.g., prohibitive performance overhead due to the sheer scale of cloud infrastructures and need of runtime verification for the dynamic nature of cloud). To this extent, existing security auditing solutions can mainly be categorized into three types: retroactive, intercept-and-check and proactive. The retroactive auditing approach is the traditional auditing technique, which audits after the fact and cannot prevent irreversible damages (e.g., leakage of sensitive information and denial of service attacks). The intercept-and-check approach offers runtime auditing and performs all the auditing steps after the occurrence of a critical event (i.e., which may potentially violate a security property). However, this approach results significant delay in responding each critical event. On the other hand, the existing proactive approach requires the changes (in the cloud configurations) planned for the future in advance to verify its compliance; however, this approach is not practical, because the future change plan is not always available due to cloud’s dynamic and ad-hoc nature. In this thesis, we address all the above-mentioned limitations of the existing works by proposing a proactive security auditing system, which potentially can prevent irreversible damages, respond in significantly less time and offer a practical approach without requiring any future change plan. To this purpose, we conduct our work into three main phases. During the first phase, we propose a runtime security
auditing system for the user-level of the cloud; where our proposed system audits wide range of security properties relevant to different authentication and authorization mechanisms, such as role-based access control (RBAC), attribute-based access control (ABAC) and single sign-on (SSO), and enhances the existing intercept-and-check solutions by adopting an incremental approach to improve the efficiency. In the second phase of our work, we propose a novel approach of proactive security auditing; which leverages the dependency relationship among cloud events and pre-computes the most expensive parts of the auditing process to keep the response time of the solution to a practical level. In our final phase, we utilize learning techniques to automatically capture these probabilistic dependency relationships, and propose an automated log processing approach to prepare the raw logs collected from cloud deployments for these learning methods to significantly enhance the practicality of our proactive security auditing system. Also, to demonstrate the applicability, scalability and efficiency of our proposed system, we integrate it to OpenStack, a major cloud platform, and evaluate it using both synthetic and real data. In summary, this thesis contributes towards enhancing security, efficiency and practicality of security auditing in the cloud environment.
Divisions: | Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering |
---|---|
Item Type: | Thesis (PhD) |
Authors: | Majumdar, Suryadipta |
Institution: | Concordia University |
Degree Name: | Ph. D. |
Program: | Information and Systems Engineering |
Date: | 18 May 2018 |
Thesis Supervisor(s): | Wang, Lingyu |
Keywords: | cloud security, security auditing, proactive auditing, cloud |
ID Code: | 984104 |
Deposited By: | SURYADIPTA MAJUMDAR |
Deposited On: | 10 Jun 2019 15:04 |
Last Modified: | 10 Jun 2019 15:04 |
Repository Staff Only: item control page