Konrad Eriksson scite author profile

Konrad Eriksson

5Publications

90Citation Statements Received

51Citation Statements Given

How they've been cited

142

How they cite others

Affiliations

IBM Research - Zurich

Publications

Order By: Most citations

Security audits of multi-tier virtual infrastructures in public infrastructure clouds

Bleikertz

Schunter

Probst

et al. 2010

View full text Add to dashboard Cite

Cloud computing has gained remarkable popularity in the recent years by a wide spectrum of consumers, ranging from small start-ups to governments. However, its benefits in terms of flexibility, scalability, and low upfront investments, are shadowed by security challenges which inhibit its adoption. Managed through a web-services interface, users can configure highly flexible but complex cloud computing environments. Furthermore, users misconfiguring such cloud services poses a severe security risk that can lead to security incidents, e.g., erroneous exposure of services due to faulty network security configurations.In this article we present a novel approach in the security assessment of the end-user configuration of multi-tier architectures deployed on infrastructure clouds such as Amazon EC2. In order to perform this assessment for the currently deployed configuration, we automated the process of extracting the configuration using the Amazon API. In the assessment we focused on the reachability and vulnerability of services in the virtual infrastructure, and presented a way for the visualization and automated analysis based on reachability and attack graphs. We proposed a query and policy language for the analysis which can be used to obtain insights into the configuration and to specify desired and undesired configurations. We have implemented the security assessment in a prototype and evaluated it for practical scenarios. Our approach effectively allows to remediate today's security concerns through validation of configurations of complex cloud infrastructures.

show abstract

Automated Information Flow Analysis of Virtualized Infrastructures

Bleikertz

Groß

Schunter

et al. 2011

View full text Add to dashboard Cite

Towards automated security policy enforcement in multi-tenant virtual data centers

Cabuk

Dalton

Eriksson

et al. 2010

JCS

View full text Add to dashboard Cite

Virtual data centers allow the hosting of virtualized infrastructures (networks, storage, machines) that belong to several customers on the same physical infrastructure. Virtualization theoretically provides the capability for sharing the infrastructure among different customers. In reality, however, this is rarely (if ever) done because of security concerns. A major challenge in allaying such concerns is the enforcement of appropriate customer isolation as specified by high-level security policies. At the core of this challenge is the correct configuration of all shared resources on multiple machines to achieve this overall security objective.To address this challenge, this paper presents a security architecture for virtual data centers based on virtualization and Trusted Computing technologies. Our architecture aims at automating the instantiation of a virtual infrastructure while automatically deploying the corresponding security mechanisms. This deployment is driven by a global isolation policy, and thus guarantees overall customer isolation across all resources. We have implemented a prototype of the architecture based on the Xen hypervisor.

show abstract

Trusted Virtual Domains – Design, Implementation and Lessons Learned

Catuogno

Dmitrienko

Eriksson

et al. 2010

View full text Add to dashboard Cite

A NEW DISTRIBUTED CONTENTION CONTROL PROTOCOL FOR THE IEEE 802.11 MAC LAYER - Project of ATcrc Application Programms

Hu¹,

Eriksson²

2004

View full text Add to dashboard Cite

The famous binary backoff algorithm in IEEE 802.11 MAC layer can forget the contention level between each successfully transmitted data frame and hence suffers significant performance degradation when the contention level is high. In IEEE 802.11 standard, a distributed contention control (DCC) algorithm is proposed to address this problem by observing how many of slots in the last backoff period were busy, i.e. slot utilization. The introduction of slot utilization can provide good estimation of the most recent congestion dynamics, i.e. transient fluctuations of the traffic. However, it is inaccurate to estimate the overall traffic pattern as one backoff period is too short to obtain accurate stationary statistics. In this paper, a new DCC algorithm is proposed that can combine transient and stationary characteristics, which provides better estimation of congestion level of the medium. Extensive simulation by using NS-2 simulator has shown that our scheme has better throughput and low collisions compared with original binary backoff MAC protocol and slot utilization algorithm (Nononi, Conti and Donatiello, 1998).

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Konrad Eriksson

Security audits of multi-tier virtual infrastructures in public infrastructure clouds

Automated Information Flow Analysis of Virtualized Infrastructures

Towards automated security policy enforcement in multi-tenant virtual data centers

Trusted Virtual Domains – Design, Implementation and Lessons Learned

A NEW DISTRIBUTED CONTENTION CONTROL PROTOCOL FOR THE IEEE 802.11 MAC LAYER - Project of ATcrc Application Programms

Contact Info

Product

Resources

About