IDS Based Defense for Cloud Based Mobile Infrastructure as a Service

Gupta, S. V.; Horrow, Susmita; Sardana, Anjali

doi:10.1109/services.2012.45

Cited by 6 publications

(6 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Many other design and implementation vulnerabilities due to increased code size and use of unpatched old images are also vulnerable to zero-day attacks, VM escape attack, and VM checkpoint attack [47]. Furthermore, malicious hypervisors such as BLUEPILL rootkit [85], Vitriol [11] and SubVir are installed on the fly, which give attacker the host privileges to modify and control VMs [38]. These vulnerabilities may allow the insiders to bypass certain security boundaries, escalate privileges and remote code execution.…”

Section: Virtualizationmentioning

confidence: 99%

“…In addition to the above-mentioned issues, there are many other security and privacy challenges which have been familiarized after the emergence of new cloud concepts that mainly include cloud federation, insourcing and outsourcing of dynamic resources [38,47,62,97]. These advance-level security challenges can be categorized into five main classes, including safety standards, network, access control, cloud infrastructure and data categories.…”

Section: Other Security Issuesmentioning

confidence: 99%

See 1 more Smart Citation

Access Control As a Service in Cloud: Challenges, Impact and Strategies

Shibli

Masood

Habiba

et al. 2014

Computer Communications and Networks

View full text Add to dashboard Cite

The evolution of service-oriented architecture has given birth to the promising cloud technology, which enables the outsourcing of existing hardware and software information technology (IT) infrastructure via the Internet. Since the cloud offers services to a variety of organizations under the same umbrella, it raises security issues including unauthorized access to resources and misuse of data stored in third-party platform. The fact that the cloud supports multiple tenants is the cause for the biggest concern among organizations: how to prevent malicious users from accessing and manipulating data they have no right to access. In this regard, various access control techniques have been proposed, which concentrate on certain authorization issues like the ease of privilege assignment or the resolution of policy conflicts, while ignoring other important weaknesses such as the lack of interoperability and management issues which arise in the dynamic cloud environment. To cover all these challenges, access control as a service (ACaaS), which stems from its significantly more popular parent, security as a service (SECaaS), is considered a viable solution for mediating cloud service consumers' access to sensitive data. In this chapter, we assist the cloud community in understanding the various issues associated with providing authorization services in the cloud that may be technical, such as privilege escalation and separation of duties, or managerial, such as the steep requirement of time and money for this purpose. ACaaS is the comprehensive

show abstract

Section: Virtualizationmentioning

confidence: 99%

Section: Other Security Issuesmentioning

confidence: 99%

Access Control As a Service in Cloud: Challenges, Impact and Strategies

Shibli

Masood

Habiba

et al. 2014

Computer Communications and Networks

View full text Add to dashboard Cite

show abstract

“…Many intrusion detection and information security approaches for securing cloud have been proposed and are in practice [5,[6][7][8][9][10][11][12][13][14][15][16]. In a recent research paper by, Rocha and Correia [17] presents how malicious insiders can steal confidential data.…”

Section: Introductionmentioning

confidence: 99%

Cloud Services Usage Profile Based Intruder Detection and Prevention System: Intrusion Meter

Annappaian¹,

Agrawal²

2014

TNC

View full text Add to dashboard Cite

With the emerging usage of cloud computing services, the misuse of possible vulnerabilities grows at the same speed. The distributed nature, on demand services, wide usage of the cloud computing makes it an attractive target for potential intruders. Intruders are the network security attackers intend to breach cloud security. Despite security issues delaying cloud adoption, cloud computing has already become an inescapable needs and ready industry solutions. Thus, security mechanisms to ensure its secure adoption are in demand. One security mechanism is intrusion detection and prevention systems (IDPS). IDPS have been used widely to detect malicious behaviors in network communication and hosts. Here, we focus on IDPS to defend against the cloud intruders. We propose a technique called cloud service usage profile based IDPS technique. This technique is to detect and prevent intruders in cloud service intrusion based on the cloud service usage profile. In turn, this usage profile helps to detect unusual usage and prevent intrusion.

show abstract

“…The VM's are compromised as zombies, moreover, the detection of these zombies is very difficult because the cloud users are allowed to install any number of applications on their VM's some of which may be malicious. Some of the attacks launched on the VM's are listed below [1]:…”

Section: Introductionmentioning

confidence: 99%

A Scheme for Detecting Intrusions and Minimising Data Loss in Virtual Networks

Maqsood¹,

Shahabuddin²,

Upadhyay³

2014

2014 International Conference on Computational Intelligence and Communication Networks

View full text Add to dashboard Cite

Cloud computing is an enticing field nowadays due to its cost effective nature, easy accessibility, the pay per use service and shared resources. These shared resources, easy accessibility and shared storage of resources are responsible for putting the confidential information under a great deal of risk. Although the cloud is becoming gigantic day by day but its efficiency is being hampered considerably due to the threats in the cloud computing environment. The threats in the cloud computing environment not only account to external attacks which are launched with the intention of hampering work flow of the cloud provider but the internal attacks also which are being launched so that the efficiency and the reliability of the cloud is at stake. The firewalls monitor traffic between networks such that all the traffic must flow through it, but they are certainly not sufficient to shield the dynamic cloud computing environment from all attacks. They may be able to subvert external attacks to a certain extent but internal attacks do not even pass through the firewalls, therefore rendering them useless. Moreover, attackers exploit vulnerabilities in the virtual machines in order to set up large scale attacks like Ddos. They compromise these VM's into zombies and the detection of these VM's is very difficult because cloud users install all types of applications onto their VM's some of which may be malicious. Thus, the cloud needs stronger security for handling all the intrusions of every scale. An intrusion detection system is presented in the paper which detects the intrusions launched on the VM's which act an avenue for deploying large scale attacks, therefore, minimising the loss. The IDS presented in the paper is a network IDS and provides security from the IaaS based attacks.

show abstract

IDS Based Defense for Cloud Based Mobile Infrastructure as a Service

Cited by 6 publications

References 6 publications

Access Control As a Service in Cloud: Challenges, Impact and Strategies

Access Control As a Service in Cloud: Challenges, Impact and Strategies

Cloud Services Usage Profile Based Intruder Detection and Prevention System: Intrusion Meter

A Scheme for Detecting Intrusions and Minimising Data Loss in Virtual Networks

Contact Info

Product

Resources

About