DEALING WITH ROGUE VIRTUAL MACHINES IN A CLOUD SERVICES ENVIRONMENT

B. Colbert, L. M. Batten

Abstract

In current cloud services hosting solutions, various mechanisms have been developed to minimize the possibility of hosting staff from breaching security. However, while functions such as replicating and moving machines are legitimate actions in clouds, we show that there are risks in administrators being able to perform them. We describe three threat scenarios related to hosting staff on the cloud architecture and indicate how an appropriate accountability architecture can mitigate these risks in the sense that the attacks can be detected and the perpetrators identified. We identify requirements and future research and development needed to protect cloud service environments from these attacks.

References

  1. Cattedu, D. and Hogben, G., editors. 'Cloud computing security benefits, risks and recommendations', Nov. 2009 Report by the European Network and Information Security Agency.
  2. Corney, M., Mohay, G., Clark, A., R., Lopes, J. 2011. Detection of anomalies from user profiles generated from system logs. In Proceedings of AISC; to appear.
  3. Dalton, C., Plaquin, D., Weidner, W., Kuhlmann, D., Balacheff, B. and Brown, R. 2009. Trusted virtual platforms: A key enabler for converged client devices. In ACM SIGOPS Operating Systems Review, vol.43, 36-43.
  4. Gartner Inc. 'How cloud computing will change business' in www.businessweek.com/print/magazine/content/ 09_24/b4135042942270.htm
  5. Popa, R., Lorch, J., Molnar, D., Wang, H., Zhuang, L. 2010. Enabling security in cloud storage SLAs with CloudProof. Microsoft report available at http:// research.microsoft.com/pubs/131137/cloudproof-msrtr.pdf
  6. Ristenpart, T., Tromer, E., Shacham, H., & Savage, S. (2009). Hey, You, Get off of my Cloud: Exploring Information Leakage in Third
  7. Schneier, B., Kelsey, J. 1999. Secure audit logs to support computer forensics. In ACM Transactions on Information and System Security, 2, 159-176.
  8. Simmhan, Y. and Gomadam, K. 2010. Social web-scale provenence in the cloud. In Proceedings of IPAW 2010, LNCS vol. 6378, pp 298-300.
  9. Yao, J., Chen, S., Wang, C., Levy, D. Zic, J. 2010. Accountability as a service for the cloud. Proceedings of IEEE International Conference on Services Computing, IEEE Computer Society, 81-88.
Download


Paper Citation


in Harvard Style

Colbert B. and M. Batten L. (2011). DEALING WITH ROGUE VIRTUAL MACHINES IN A CLOUD SERVICES ENVIRONMENT . In Proceedings of the 1st International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-8425-52-2, pages 43-48. DOI: 10.5220/0003381700430048


in Bibtex Style

@conference{closer11,
author={B. Colbert and L. M. Batten},
title={DEALING WITH ROGUE VIRTUAL MACHINES IN A CLOUD SERVICES ENVIRONMENT},
booktitle={Proceedings of the 1st International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},
year={2011},
pages={43-48},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003381700430048},
isbn={978-989-8425-52-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 1st International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
TI - DEALING WITH ROGUE VIRTUAL MACHINES IN A CLOUD SERVICES ENVIRONMENT
SN - 978-989-8425-52-2
AU - Colbert B.
AU - M. Batten L.
PY - 2011
SP - 43
EP - 48
DO - 10.5220/0003381700430048