An agent based business aware incident detection system for cloud environments

biomed - Doelitzscher Frank , Reich Christoph , Knahl Martin , Passfall Alexander , Clarke , Clarke Nathan

Découvre YouScribe en t'inscrivant gratuitement

Je m'inscris

Obtenez un accès à la bibliothèque pour le consulter en ligne
En savoir plus

19 pages

English

Obtenez un accès à la bibliothèque pour le consulter en ligne
En savoir plus

A propos
Informations
Extrait

Description

Classic intrusion detection mechanisms are not flexible enough to cope with cloud specific characteristics such as frequent infrastructure changes. This makes them unable to address new cloud specific security issues. In this paper we introduce the cloud incident detection system Security Audit as a Service (SAaaS). It is built upon intelligent autonomous agents, which are aware of underlying business driven intercommunication of cloud services. This enables the presented SAaaS architecture to be flexible and to supported cross customer event monitoring within a cloud infrastructure. A contribution of this paper it to provide a high-level design of the SAaaS architecture, an introduction into the proposed Security Business Flow Language (SBFL), a first prototype of an autonomous agent and an evaluation about, which cloud specific security problems are addressed by the presented architecture. It is shown that autonomous agents and behaviour analysis are fertile approaches to detect cloud specific security problems and can create a cloud audit system.

Sujets

Agent (informatique)

Informations

Publié par	biomed
Publié le	01 janvier 2012
Nombre de lectures	7
Langue	English
Poids de l'ouvrage	2 Mo

Extrait

Doelitzscher et al. Journal of Cloud Computing: Advances, Systems and Applications 2012, 1 :9 http://www.journalofcloudcomputing.com/content/1/1/9

R E S E A R C H Open Access An agent based business aware incident detection system for cloud environments Frank Doelitzscher 1* , Christoph Reich 1 , Martin Knahl 1 , Alexander Passfall 1 and Nathan Clarke 2

Abstract Classic intrusion detection mechanisms are not ﬂexible enough to cope with cloud speciﬁc characteristics such as frequent infrastructure changes. This makes them unable to address new cloud speciﬁc security issues. In this paper we introduce the cloud incident detection system Security Audit as a Service (SAaaS). It is built upon intelligent autonomous agents, which are aware of underlying business driven intercommunication of cloud services. This enables the presented SAaaS architecture to be ﬂexible and to supported cross customer event monitoring within a cloud infrastructure. A contribution of this paper it to provide a high-level design of the SAaaS architecture, an introduction into the proposed Security Business Flow Language (SBFL), a ﬁrst prototype of an autonomous agent and an evaluation about, which cloud speciﬁc security problems are addressed by the presented architecture. It is shown that autonomous agents and behaviour analysis are fertile approaches to detect cloud speciﬁc security problems and can create a cloud audit system. Keywords: Cloud security, Cloud audit, Agents

Introduction quality of service level agreements of 99.95% availability: Enterprise analysts and research have identiﬁed cloud (=ˆ 1,825 outage days/year), Amazon’s support handling speciﬁc security problems as the major research area had a strong impact on trust in current cloud provider: in cloud computing [1-4]. Since security is still a com-(1) Amazon data nters are divided into several petitive challenge for classic IT environments it is even avilabilityzonceestodistributeimpactof(hardware) more for cloud environments due to its characteristics, a like seamless scalability, shared resources, multi-tenancy, failures. For resilience reasons users distribute their access from everywhere, on-demand availability and 3rd data over diﬀerent availability zones. As a result of party hosting [5]. Pushed by cloud commercials promising the outage EC2 customers permanently lost data, “inﬁnite scalability and resources” combined with on-aalvtahiloaubgilhitsyezrvoinceess.wAecroemhopsatneydooﬀnerdiinﬀgerweentbsEerCv2ice demand access from everywhere, cloud user quickly forget that there is still a real IT infrastructure behind a cloud, ()uDsagegmtohneitcorarisnhgalnosEtC112chuosutrosmoferhirsutnorniicnagladata[7]. where the architecture complexity is actually increased 2muorniintoringserviceofcardiacpatientstriedtoreach compared to traditional data centers. This also intro-duces security and availability issues as recent incidents iAnfmazont’isosnuapbpoourtttuhneseuxccpeescstfeudllyd.oNwenittihmerenor at the major public cloud provider Amazon Web Services moovrinmgatheunreachableinstatadiﬀerentEC2 (AWS) show. After an infrastructure outage in April 2011, data center was oﬀered. nces o Amazon’s Compute Cloud EC2 was not available, caus-(3) Since hardware sovereignty is given away in cloud ing popular services like Reddit to be unable to serve computing security, health and monitoring its customers [6]. While such an outage violates EC2’s information is critical to cloud users to build there services in an appropriate way regardless which 1*CFourrrtewspondence:vferrasnitky.,DColeoluitdzsRcehseera@rchhs-Lfuarbt,wRaonbgeertn-.Gdeerwig-Platz1,78120 cTlhoiusdismalordeeald(ypkunbloicw,nhfyrborimd,trparidvitaitoencalloIuTd)isused. angen Uni Furtwangen, Germany Full list of author information is available at the end of the article outsourcing and providers try to establish trust to

© 2012 Doelitzscher et al.; licensee Springer. This is an Open Access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/2.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.