CloudMon: a resource‐efficient IaaS cloud monitoring system based on networked intrusion detection system virtual appliances

Li, Bo; Li, Jianxin; Liu, Lu

doi:10.1002/cpe.3166

Cited by 20 publications

(12 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We slightly modify the permission assignment part of iVIC to implement type‐to‐role assignment and type‐type permission matrix. Because both malware detection and intrusion detection are supported in iVIC, we take their results as event input to drive our permission transition model. KVM is used as the underlying virtualization infrastructure of iVIC.…”

Section: Methodsmentioning

confidence: 99%

Toward a flexible and fine‐grained access control framework for infrastructure as a service clouds

Liu

et al. 2015

Security Comm Networks

Self Cite

View full text Add to dashboard Cite

Cloud computing, as an emerging computing paradigm, greatly facilitates resource sharing and enables providing computing power as services over the Internet. However, it also brings new challenges for security and access control, especially in infrastructure as a service clouds. The introduction of virtualization layer increases new security risks, which should be restricted and confined by more stringent access control techniques. In this paper, we propose a flexible and fine-grained access control framework, named IaaS-oriented Hybrid Access Control (iHAC), which combines the advantages of both the role-based access control and type enforcement model. We consider access control issues from the perspective of virtual machines. A permission transition model is designed to dynamically assign permissions to virtual machines. A Virtual Machine Monitor (VMM)-based access control mechanism is presented to confine the virtual machine's behaviors in a fine-grained manner. A VMM-enabled network access control approach is proposed to regulate the communication among virtual machines. iHAC is successfully implemented in the Internet based Virtual Computing Infrastructure (iVIC)† platform, and several experiments are conducted to evaluate its effectiveness and efficiency. The results show that iHAC can make correct access control decisions with low performance overhead

show abstract

Section: Methodsmentioning

confidence: 99%

Toward a flexible and fine‐grained access control framework for infrastructure as a service clouds

Liu

et al. 2015

Security Comm Networks

Self Cite

View full text Add to dashboard Cite

show abstract

“…We slightly modify the permission assignment part of iVIC to implement Type-to-Role assignment and TypeType permission matrix. Since both malware detection [8] and intrusion detection [9] are supported in iVIC, we take the results of both of them as event input to drive our permission transition model. KVM is used as the underlying virtualization infrastructure of iVIC.…”

Section: A Implementationmentioning

confidence: 99%

iHAC: A Hybrid Access Control Framework for IaaS Clouds

Zhou

2014

2014 IEEE/ACM 7th International Conference on Utility and Cloud Computing

Self Cite

View full text Add to dashboard Cite

Cloud computing, as an emerging computing paradigm, greatly facilitates resource sharing and enables providing computing power as services over the Internet. However, it also brings new challenges for security and access control, especially in IaaS clouds. The introduction of virtualization layer increases new security risks which should be restricted and confined by more stringent access control techniques. In this paper, we propose a hybrid access control framework, named iHAC, which combines the advantages of both Role-based Access Control (RBAC) and Type Enforcement (TE) model to enable unified access control and authorization for IaaS clouds. A permission transition model is provided to dynamically assign permission to virtual machines. A VMM-based access control mechanism is designed to confine the VM's behaviors in a fine-grained manner. iHAC is implemented and evaluated in iVIC 1 platform. The experimental results show that our proposed framework is effective and efficient.

show abstract

“…Incident handling is a general strategy that guides an organisation in dealing with crises, and generally describes the types of incident, identifies the relevant person in‐charge, and outlines the action strategy. Both Cloud Service Providers (CSP) and Cloud Service Users (CSU) may find that ‘traditional’ incident handling procedures are not fit‐for‐purpose because of the challenges posed by the nature of cloud infrastructure . Furthermore, the requirements and challenges of the incident handling principles faced by CSUs and CSPs are likely to differ (e.g.…”

Section: Introductionmentioning

confidence: 99%

Cloud incident handling and forensic‐by‐design: cloud storage as a case study

Rahman

Cahyani

Choo

2016

Concurrency and Computation

View full text Add to dashboard Cite

Summary Information security incident handling strategies or models are important to ensure the security of organisations, particularly in cloud and big data environments. However, existing strategies or models may not adequate as cloud data are generally virtualised, geographically distributed and ephemeral, presenting both technical and jurisdictional challenges. We present an integrated cloud incident handling and forensic‐by‐design model. We then seek to validate the model using a set of controlled experiments on a cloud‐related incident. Three popular cloud storage applications were deployed namely, Dropbox, Google Drive, and OneDrive. This study demonstrates the utility of the model for organisational cloud users to undertake incident investigations (e.g. collect and analyse residual data from cloud storage applications). Copyright © 2016 John Wiley & Sons, Ltd.

show abstract

CloudMon: a resource‐efficient IaaS cloud monitoring system based on networked intrusion detection system virtual appliances

Cited by 20 publications

References 27 publications

Toward a flexible and fine‐grained access control framework for infrastructure as a service clouds

Toward a flexible and fine‐grained access control framework for infrastructure as a service clouds

iHAC: A Hybrid Access Control Framework for IaaS Clouds

Cloud incident handling and forensic‐by‐design: cloud storage as a case study

Contact Info

Product

Resources

About