Verification for security monitoring SLAs in IaaS clouds: The example of a network IDS

Teshome, Amir; Rilling, Louis; Morin, Christine

doi:10.1109/noms.2018.8406157

Cited by 6 publications

(9 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…So, this research has enabled tenants to verify the integrity of the data, and providers need to verify the claim [7]. Wonjiga et al [8,35] has proposed detailed infrastructure for the monitoring of the security of service level agreements in IaaS clouds [8,35].…”

Section: Related Workmentioning

confidence: 99%

“…The transparency and immutability are enforced by enabling the nodes to view and maintain the ledger, which can only be altered with other mining nodes' consensus. Some initial work has been done in the blockchain for SLAs, such as a blockchain-based framework for the negotiation of cloud services [2], implementation of SLAs in supply chain management system [3], validation of SLA violations [4], payment of the penalties in case of SLA violations [5,6], the integrity of SLA [7] and secure monitoring of SLA [8]. However, further work is required to investigate challenges to achieve end to end SLA monitoring and enforcement in a trustworthy manner.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Blockchain-enabled real-time SLA monitoring for cloud-hosted services

et al. 2021

View full text Add to dashboard Cite

Cloud computing is an important technology for businesses and individual users to obtain computing resources over the Internet on-demand and flexibly. Although cloud computing has been adopted across diverse applications, the owners of time-and-performance critical applications require cloud service providers’ guarantees about their services, such as availability and response times. Service Level Agreements (SLAs) are a mechanism to communicate and enforce such guarantees typically represented as service level objectives (SLOs), and financial penalties are imposed on SLO violations. Due to delays and inaccuracies caused by manual processing, an automatic method to periodically verify SLA terms in a transparent and trustworthy manner is fundamental to effective SLA monitoring, leading to the acceptance and credibility of such service to the customers of cloud services. This paper presents a blockchain-based distributed infrastructure that leverages fundamental blockchain properties to achieve immutable and trustworthy SLA monitoring within cloud services. The paper carries out an in-depth empirical investigation for the scalability of the proposed system in order to address the challenge of transparently enforcing real-time monitoring of cloud-hosted services leveraging blockchain technology. This will enable all the stakeholders to enforce accurate execution of SLA without any imprecisions and delays by maintaining an immutable ledger publicly across blockchain network. The experimentation takes into consideration several attributes of blockchain which are critical in achieving optimum performance. The paper also investigates key characteristics of these factors and their impact to the behaviour of the system for further scaling it up under various cases for increased service utilization.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Blockchain-enabled real-time SLA monitoring for cloud-hosted services

et al. 2021

View full text Add to dashboard Cite

show abstract

“…Current cyber threats in the cloud are becoming highly sophisticated, and detecting such threats are both costly and time-consuming. Designing an effective IDS is essential for detecting insider and outsider attacks for securing cloud operations [11].…”

Section: Intrusion Detection In Cloudmentioning

confidence: 99%

“…The protection of VM migration is still an unsolved and complex issue, dependent on several factors, vendors and technology stacks [5]- [7]. Protecting VM migration against attacks from either insider or outsider threats is still challenging [9]- [11]. The live migration of VMs is insecure when the migration protocol is not encrypted, or it travels over an unprotected channel [10].…”

Section: Introductionmentioning

confidence: 99%

Mixture Localization-Based Outliers Models for securing Data Migration in Cloud Centers

et al. 2019

View full text Add to dashboard Cite

The cloud computing paradigm is changing how businesses operate, providing greater efficiency, tolerance, elasticity and flexibility in computing workloads. Underpinning these changes are multiple data centers, operated by different entities and distributed globally. Despite these benefits, cloud computing presents new classes of cyber-attack, opportunities to attack and processes to subvert. One of the primary strategies to defend against cyber-attacks is the migration process. A secure Virtual Machine (VM) migration is essential to safeguard cloud data centers against insider and outsider attacks. In this paper, we propose a collaborative anomaly detection system for discovering insider and outsider attacks from cloud systems and their migration process. The proposed system is named Mixture Localization-based Outliers (MLO) and utilizes Gaussian-mixture models for fitting network data and a local outlier factor function for discovering abnormal patterns in network traffic data. In order to validate the effectiveness of the models, the datasets of UNSW-NB15 and BoT-IoT are employed. The experimental results have revealed the high performance of the proposed system compared with several peer anomaly detection techniques.

show abstract

“…The life-cycle of an SLA can be separated in three phases called SLA definition and negotiation, SLA enforcement and SLA verification [20]. Methods were proposed for the SLA verification phase in the case of an NIDS [2,18,22]. In this paper, we show how we can achieve the SLA definition and negotiation phase, thanks to new constructs in a cloud SLA language and an efficient knowledge-base building method for NIDS performance.…”

Section: Introductionmentioning

confidence: 99%

SLA definition for network intrusion detection systems in IaaS clouds

Wonjiga¹,

Rilling

Morin

2021

Proceedings of the 36th Annual ACM Symposium on Applied Computing

Self Cite

View full text Add to dashboard Cite

Migrating to the cloud results in losing full control of the physical infrastructure as the cloud service provider (CSP) is responsible for managing the infrastructure including its security. To solve the trust issue that this raises, CSPs provide tenants with guarantees through Service Level Agreements (SLA). However no such SLA addresses the security monitoring aspect of tenants' information systems. Moreover, security monitoring services should be configured according to the tenant's specific requirements. In this paper, we propose a method allowing CSPs to define SLAs providing each tenant with guarantees about the performance of a security monitoring probe, specifically a Network Intrusion Detection System (NIDS), configured according to the tenant's requirements. This method is based on an enhanced cloud SLA language and an efficient SLA template preparation method allowing a CSP to estimate the performance of an NIDS for any possible set of tenant's requirements at reasonable costs. Experimental evaluations show the feasibility of our approach.

show abstract

Verification for security monitoring SLAs in IaaS clouds: The example of a network IDS

Cited by 6 publications

References 14 publications

Blockchain-enabled real-time SLA monitoring for cloud-hosted services

Blockchain-enabled real-time SLA monitoring for cloud-hosted services

Mixture Localization-Based Outliers Models for securing Data Migration in Cloud Centers

SLA definition for network intrusion detection systems in IaaS clouds

Contact Info

Product

Resources

About