A Tiered Strategy for Auditing in the Cloud

Xie, Rui; Gamble, Rose F.

doi:10.1109/cloud.2012.144

Cited by 16 publications

(11 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Xie and Gamble [13] deploy an auditable event capture mechanism on service chains to detect message based attacks. This detection mechanism has been built on a tiered strategy for security auditing where each tier logs data on a specific level such as the service tier and the service chain tier.…”

Section: A Logging and Monitoring Techniques In The Cloudmentioning

confidence: 99%

“…The Session Manager also retains a basic history of the configuration, indicating services involved in particular session, and the session status, i.e. success or failure [13]. Additionally, the Session Manager requires the issuing of a token or ID to provide identity management for the session using an authority, such as a Security Token Service (STS).…”

Section: Introductionmentioning

confidence: 99%

“…This token-based authentication forms trusted conversations by encrypting and authorizing transmitted SOAP messages inside the cloud to protect them from being tainted or disclosed to an unauthorized party. The STS token can be a security context token (SCT) which is built on a SAML standard format for exchanging authentication and authorization data between different parties [13]. This token holds information to specify its scope, creation and expiration time.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Embedding a Distributed Auditing Mechanism in the Service Cloud

Alqahtani

Gamble

2014

2014 IEEE World Congress on Services

Self Cite

View full text Add to dashboard Cite

The Cloud Security Alliance identified the "notorious nine" threats for cloud computing. The range of these threats across the cloud indicates that centralized prevention and detection would be highly inefficient, potentially reporting incidents to tenants well after they occur and are difficult to mitigate. This paper presents an auditing framework for the service cloud that distributes logging, monitoring, and reporting at the local service level, at the application or session level that can involve multiple tenant services, and at the cloud level where corroboration and verification of threats takes place. To verify the forensic coverage of the framework, a set of CAPEC attack patterns are investigated to match attack evidence gathering and mitigation techniques with the proposed distributed detection and mitigation levels of the framework.

show abstract

Section: A Logging and Monitoring Techniques In The Cloudmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Embedding a Distributed Auditing Mechanism in the Service Cloud

Alqahtani

Gamble

2014

2014 IEEE World Congress on Services

Self Cite

View full text Add to dashboard Cite

show abstract

“…The use of the Session Manager is derived from segregating cloud architecture components for better manageability [27]. Its purpose in this case study is to establish the session and the communication channels needed for improved and deliberate information sharing.…”

Section: Case Studymentioning

confidence: 99%

A Design and Verification Framework for Service Composition in the Cloud

Hale

Gamble

2013

2013 IEEE Ninth World Congress on Services

View full text Add to dashboard Cite

Abstract-The service cloud model allows hosted services to be dynamically provisioned and composed as part of larger, more complex cloud applications. Compatibility of interaction and quality of service are important to provisioning similar services available in the cloud to a client request. Auditing individual services, the composition and its outcome, and the overall cloud resources, used for monetary assessment or to ensure critical operations, also provide properties for reasoning over service and composition capabilities. Security policies and potential violations pose a threat to the composition since sensitive data may be leaked if information flow control guarantees cannot be proven. Service engineering lacks design principles and an expression infrastructure for formal representation and reasoning within a service cloud model. Reasoning over service compositions requires a formal language that can express multiple service and cloud properties. In this paper, we use coordination language techniques to express services, their interaction capabilities and information sharing constraints, and the infrastructure of a service cloud model in which services can be accurately provisioned, composed and reasoned over to provide necessary guarantees. We discuss lessons learned from the process of formulating the service representation and cloud model infrastructure.

show abstract

“…Such a service provides warning about various types of attacks, often involving multiple organizations. Figure 1 shows a multi tier architecture of the cloud adopted from [30]. Various types of auditing may take place in the cloud.…”

Section: Example Applicationmentioning

confidence: 99%

Stream Processing with Secure Information Flow Constraints

Ray

Adaikkalavan

Xie

et al. 2015

Data and Applications Security and Privacy XXIX

Self Cite

View full text Add to dashboard Cite

Abstract. In the near future, clouds will provide situational monitoring services such as health monitoring, stock market monitoring, shopping cart monitoring, and emergency control and threat management. Offering such services require securely processing data streams generated by multiple, possibly competing and/or complementing, organizations, such that there is no overt or covert leakage of sensitive information. We demonstrate how an information flow control model adapted from the Chinese Wall policy can be used to protect against sensitive data disclosure in data stream management system. We also develop a language based on Continuous Query Language that can be used to express information flow constraints in stream processing and provide its formal semantics.

show abstract

A Tiered Strategy for Auditing in the Cloud

Cited by 16 publications

References 9 publications

Embedding a Distributed Auditing Mechanism in the Service Cloud

Embedding a Distributed Auditing Mechanism in the Service Cloud

A Design and Verification Framework for Service Composition in the Cloud

Stream Processing with Secure Information Flow Constraints

Contact Info

Product

Resources

About