PERMON: An OpenStack Middleware for Runtime Security Policy Enforcement in Clouds

被引:0
作者
Tabiban, Azadeh [1 ]
Majumdar, Suryadipta [1 ]
Wang, Lingyu [1 ]
Debbabi, Mourad [1 ]
机构
[1] Concordia Univ, Concordia Inst Informat Syst Engn, Montreal, PQ, Canada
来源
2018 IEEE CONFERENCE ON COMMUNICATIONS AND NETWORK SECURITY (CNS) | 2018年
基金
加拿大自然科学与工程研究理事会;
关键词
Access Control; Event Interception; Middleware; Cloud Security; OpenStack;
D O I
暂无
中图分类号
TM [电工技术]; TN [电子技术、通信技术];
学科分类号
0808 ; 0809 ;
摘要
To ensure the accountability of a cloud environment, security policies may be provided as a set of properties to be enforced by cloud providers. However, due to the sheer size of clouds, it can be challenging to provide timely responses to all the requests coming from cloud users at runtime. In this paper, we design and implement a middleware, PERMON, as a pluggable interface to OpenStack for intercepting and verifying the legitimacy of user requests at runtime, while leveraging our previous work on proactive security verification to improve the efficiency. We describe detailed implementation of the middleware and demonstrate its usefulness through a use case.
引用
收藏
页数:7
相关论文
共 25 条
[1]  
[Anonymous], 2015, OPENSTACK OP SOURC C
[2]  
[Anonymous], 2013, P 10 USENIX S NETW S
[3]  
Bleikertz S., 2014, P 30 ANN COMP SEC AP
[4]  
Bleikertz S., 2011, EUR S RES COMP SEC E
[5]  
Bleikertz Soren, 2015, ACSAC
[6]  
Doelitzscher F., SERVICES 12
[7]  
Ibrahim A. S., 2011, 5 INT C NETW SYST SE
[8]  
Kazemian P., 2013, P 10 USENIX S NETW S
[9]  
Luo Y, 2016, IEEE INT CONF CLOUD, P51, DOI [10.1109/CLOUD.2016.15, 10.1109/CLOUD.2016.0017]
[10]  
Madi T., 2016, P 6 ACM C DAT APPL S
123