Securing services in networked cloud infrastructures

Research output: Contribution to journalArticleResearchpeer-review

Abstract

In this paper, we propose techniques and architecture for securing services that are hosted in a multi-tenant networked cloud infrastructures. Our architecture is based on trusted virtual domains and takes into account both security policies of the tenant domains as well as specific security policies of the virtual machines in the tenant domains. We describe techniques for detecting a range of attacks such as attacks between the virtual machines within a trusted virtual domain, attacks between the virtual machines in different domains, malicious insider attacks and attacks against specific services such as DNS, database and web servers within a domain. We address security policies for trusted virtual domain management such as secure addition and deletion of a virtual machine and the revocation of privileges associated with a virtual machine in a domain. We also discuss forensic analysis of attacks and fine granular detection of malicious entities and mechanisms for restoration of services. Furthermore the proposed architecture provides mechanisms for enhancing the assurance of communications between the virtual machines in different domains. Finally, we present the implementation of our security architecture using Xen and illustrate how our architecture is able to secure services in networked cloud infrastructures.

LanguageEnglish
Article number7473937
Pages1149-1163
Number of pages15
JournalIEEE Transactions on Cloud Computing
Volume6
Issue number4
DOIs
Publication statusPublished - 1 Oct 2018

Fingerprint

Restoration
Virtual machine
Servers
Communication

Keywords

  • Networked cloud security
  • Security architecture
  • Security attacks
  • Security management
  • Trusted virtual domains

Cite this

@article{1adecc010793407fb58d5044e9b3f0ca,
title = "Securing services in networked cloud infrastructures",
abstract = "In this paper, we propose techniques and architecture for securing services that are hosted in a multi-tenant networked cloud infrastructures. Our architecture is based on trusted virtual domains and takes into account both security policies of the tenant domains as well as specific security policies of the virtual machines in the tenant domains. We describe techniques for detecting a range of attacks such as attacks between the virtual machines within a trusted virtual domain, attacks between the virtual machines in different domains, malicious insider attacks and attacks against specific services such as DNS, database and web servers within a domain. We address security policies for trusted virtual domain management such as secure addition and deletion of a virtual machine and the revocation of privileges associated with a virtual machine in a domain. We also discuss forensic analysis of attacks and fine granular detection of malicious entities and mechanisms for restoration of services. Furthermore the proposed architecture provides mechanisms for enhancing the assurance of communications between the virtual machines in different domains. Finally, we present the implementation of our security architecture using Xen and illustrate how our architecture is able to secure services in networked cloud infrastructures.",
keywords = "Networked cloud security, Security architecture, Security attacks, Security management, Trusted virtual domains",
author = "Vijay Varadharajan and Udaya Tupakula",
year = "2018",
month = "10",
day = "1",
doi = "10.1109/TCC.2016.2570752",
language = "English",
volume = "6",
pages = "1149--1163",
journal = "IEEE Transactions on Cloud Computing",
issn = "2168-7161",
publisher = "Institute of Electrical and Electronics Engineers (IEEE)",
number = "4",

}

Securing services in networked cloud infrastructures. / Varadharajan, Vijay; Tupakula, Udaya.

In: IEEE Transactions on Cloud Computing, Vol. 6, No. 4, 7473937, 01.10.2018, p. 1149-1163.

Research output: Contribution to journalArticleResearchpeer-review

TY - JOUR

T1 - Securing services in networked cloud infrastructures

AU - Varadharajan, Vijay

AU - Tupakula, Udaya

PY - 2018/10/1

Y1 - 2018/10/1

N2 - In this paper, we propose techniques and architecture for securing services that are hosted in a multi-tenant networked cloud infrastructures. Our architecture is based on trusted virtual domains and takes into account both security policies of the tenant domains as well as specific security policies of the virtual machines in the tenant domains. We describe techniques for detecting a range of attacks such as attacks between the virtual machines within a trusted virtual domain, attacks between the virtual machines in different domains, malicious insider attacks and attacks against specific services such as DNS, database and web servers within a domain. We address security policies for trusted virtual domain management such as secure addition and deletion of a virtual machine and the revocation of privileges associated with a virtual machine in a domain. We also discuss forensic analysis of attacks and fine granular detection of malicious entities and mechanisms for restoration of services. Furthermore the proposed architecture provides mechanisms for enhancing the assurance of communications between the virtual machines in different domains. Finally, we present the implementation of our security architecture using Xen and illustrate how our architecture is able to secure services in networked cloud infrastructures.

AB - In this paper, we propose techniques and architecture for securing services that are hosted in a multi-tenant networked cloud infrastructures. Our architecture is based on trusted virtual domains and takes into account both security policies of the tenant domains as well as specific security policies of the virtual machines in the tenant domains. We describe techniques for detecting a range of attacks such as attacks between the virtual machines within a trusted virtual domain, attacks between the virtual machines in different domains, malicious insider attacks and attacks against specific services such as DNS, database and web servers within a domain. We address security policies for trusted virtual domain management such as secure addition and deletion of a virtual machine and the revocation of privileges associated with a virtual machine in a domain. We also discuss forensic analysis of attacks and fine granular detection of malicious entities and mechanisms for restoration of services. Furthermore the proposed architecture provides mechanisms for enhancing the assurance of communications between the virtual machines in different domains. Finally, we present the implementation of our security architecture using Xen and illustrate how our architecture is able to secure services in networked cloud infrastructures.

KW - Networked cloud security

KW - Security architecture

KW - Security attacks

KW - Security management

KW - Trusted virtual domains

UR - http://www.scopus.com/inward/record.url?scp=85057901669&partnerID=8YFLogxK

U2 - 10.1109/TCC.2016.2570752

DO - 10.1109/TCC.2016.2570752

M3 - Article

VL - 6

SP - 1149

EP - 1163

JO - IEEE Transactions on Cloud Computing

T2 - IEEE Transactions on Cloud Computing

JF - IEEE Transactions on Cloud Computing

SN - 2168-7161

IS - 4

M1 - 7473937

ER -