A New Paradigm to Address Threats for Virtualized Services

Covaci, Stefan; Repetto, Matteo; Risso, Fulvio

doi:10.1109/compsac.2018.10320

Cited by 8 publications

(11 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Remote collection of logs is already a well established practice, with many frameworks available for this purpose: Scribe 1 , Flume 2 , Heka 3 , Logstash 4 , Chukwa 5 , fluentd 6 , nsq 7 and Kafka 8 . There are two ways to collect logs from applications: either forcing applications to directly write to these sources through specific APIs (as happens for Scribe, nsq and Kafka) or parsing their own log files (this option is available for Logstash, Heka, fluentd and Flume).…”

Section: Methodsmentioning

confidence: 99%

“…Recently, we have outlined the general architecture of a novel framework for AddreSsing ThReats for virtualIzeD services (ASTRID) [7]. The underlying concept is the decoupling of inspection tasks (to be integrated into the different forms of virtualization boxes, as Virtual Machines or containers) from a (logically) centralized ans shared detection logic (to be kept outside the graph), as schematically shown in Fig 1b. In this paper, we describe our on-going work about the definition of an abstraction layer to provide the detection logic with uniform and "bi-directional" access to heterogeneous security context of virtualized services.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

An abstraction layer for cybersecurity context

Bolla

Carrega²,

Repetto³

2019

2019 International Conference on Computing, Networking and Communications (ICNC)

View full text Add to dashboard Cite

The growing complexity and diversification of cyberattacks are largely reflected in the increasing sophistication of security appliances, which are often too cumbersome to be run in virtual services and IoT devices. Hence, the design of cyber-security frameworks is today looking at more cooperative models, which collect security-related data from a large set of heterogeneous sources for centralized analysis and correlation. In this paper, we outline a flexible abstraction layer for access to security context. It is conceived to program and gather data from lightweight inspection and enforcement hooks deployed in cloud applications and IoT devices. We also provide a preliminary description of its implementation, by reviewing the main software components and their role.

show abstract

Section: Methodsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

An abstraction layer for cybersecurity context

Bolla

Carrega²,

Repetto³

2019

2019 International Conference on Computing, Networking and Communications (ICNC)

View full text Add to dashboard Cite

show abstract

“…The use of virtualization to support security-related duties and the mitigation of attacks targeting virtual services have been already partially investigated in the literature. For instance, the approaches proposed in [7], [8] take advantage of an orchestrator for controlling pervasive and lightweight security hooks embedded in the virtual layers at the basis of cloud applications. The work in [9] discusses a mechanism to enhance a network hypervisor with new functions for implementing a flexible monitoring service.…”

Section: Related Workmentioning

confidence: 99%

Programmable Data Gathering for Detecting Stegomalware

Carrega¹,

Caviglione

Repetto

et al. 2020

2020 6th IEEE Conference on Network Softwarization (NetSoft)

Self Cite

View full text Add to dashboard Cite

The "arm race" against malware developers requires to collect a wide variety of performance measurements, for instance to face threats leveraging information hiding and steganography. Unfortunately, this process could be timeconsuming, lack of scalability and cause performance degradations within computing and network nodes. In this paper we propose to take advantage of the joint activities of two H2020 Projects, namely ASTRID and SIMARGL. To prove the benefits of the cooperation between the solutions developed by the two aforementioned projects, this paper reports a preliminary performance evaluation on the use of the extended Berkeley Packet Filter to gather data for detecting stegomalware.

show abstract

“…The general architecture of a novel framework proposed for AddreSsing ThReats for virtualIzeD services (ASTRID) [6] shifts security appliances away from service graph design. In ASTRID, security properties of each graph component as well as the whole service are defined by proper models and policies, which are then used at deployment time to properly configure the execution environment.…”

Section: Introductionmentioning

confidence: 99%

“…ASTRID leverages data plane technologies for fast and efficient monitoring and inspection of packets and software, removing the need for deploying many overwhelming virtual security appliances throughout the service graph; and iv) Portability of the security logic. Every orchestration engine has its own graph models and packaging format (e.g., OpenBaton, 2 TeNOR, 3 Arcadia, 4 Juju, 5 OpenStack Heat 6 ). If applications are deployed inside the service graphs, different versions must be built and maintained, which complicates the distribution of updates and security patches.…”

Section: Introductionmentioning

confidence: 99%

Data Log Management for Cyber-Security Programmability of Cloud Services and Applications

Carrega

Repetto

2019

Proceedings of the 1st ACM Workshop on Workshop on Cyber-Security Arms Race

Self Cite

View full text Add to dashboard Cite

In last years, the security appliance is becoming a more important and critical challenge considering the growing complexity and diversification of cyber-attacks. The current solutions are often too cumbersome to be run in virtual services and Internet of Things (IoT) devices. Therefore, it is necessary to evolve to a more cooperative models, which collect security-related data from a large set of heterogeneous sources for centralized analysis and correlation. In this paper, we outline a flexible abstraction layer for access to security context. It is conceived to program and gather data from lightweight inspection and enforcement hooks deployed in cloud applications and IoT devices. We provide a description of its implementation, by reviewing the main software components and their role. Finally, we test this abstraction layer with a performance evaluation of a Proof of Concept (PoC) implementation with the aim to evaluate the effectiveness to collect data / logs from virtual services and IoT to enable a centralized security analysis.

show abstract

A New Paradigm to Address Threats for Virtualized Services

Cited by 8 publications

References 15 publications

An abstraction layer for cybersecurity context

An abstraction layer for cybersecurity context

Programmable Data Gathering for Detecting Stegomalware

Data Log Management for Cyber-Security Programmability of Cloud Services and Applications

Contact Info

Product

Resources

About