Abstract
Cloud Computing has been receiving great attention in the last few years due to the benefits it provides in terms of flexibility, scalability, virtualization and service provision. Nevertheless, many companies remain reluctant to such a cutting-edge technology due to the serious security issues affecting virtualized environments, especially in critical application scenarios where high safety and dependability levels are required. This work is aimed at discussing and presenting the main security threats for cloud computing infrastructures, as well as proposing a novel architecture in charge of reacting to security attacks in Infrastructure as a Service platforms. The basic idea is to migrate the attacked virtual appliance and to reconfigure the network by means of Software Defined Networking approach. The paper presents the architecture we have in mind and that will be deployed and validated against a real world distributed Air Traffic Control system, for which missing dependability and security targets would result in huge business and human losses.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
McKeown, N., et al.: OpenFlow: Enabling Innovation in Campus Networks. ACM SIGCOMM Computer Communication Review Archive 38(2), 69–74 (2008)
Bindra, G.S., et al.: Cloud Security: Analysis and Risk Management of VM Images. In: 2012 International Conference on Information and Automation (ICIA), June 6-8, pp. 646–651 (2012)
Lombardi, F., Di Pietro, R.: Secure Virtualization for Cloud Computing. Journal of Network and Computer Applications 34(4), 1113–1122 (2011)
Yu, T.-T., Zhu, Y.-G.: Research On Cloud Computing and Security. In: 2012 11th International Symposium on Distributed Computing and Applications to Business, Engineering & Science (DCABES), October 19-22, pp. 314–316 (2012)
Mehdi, S.A., Khalid, J., Khayam, S.A.: Revisiting Traffic Anomaly Detection Using Software Defined Networking. In: Sommer, R., Balzarotti, D., Maier, G. (eds.) RAID 2011. LNCS, vol. 6961, pp. 161–180. Springer, Heidelberg (2011)
Nox Controller, http://www.noxrepo.org/
Braga, R., et al.: Lightweight DDoS Flooding Attack Detection Using NOX/OpenFlow. In: 2010 IEEE 35th Conference on Local Computer Networks (LCN), October 10-14, pp. 408–415 (2010)
Wang, K., et al.: LiveSec: Towards Effective Security Management in Large-scale Production Networks. In: 2012 32nd International Conference on Distributed Computing Systems Workshops (ICDCSW), June 18-21, pp. 451–460 (2012)
Floodlight Controller, http://floodlight.openflowhub.org/
Stefano, A., et al.: A Splitting Infrastructure For Load Balancing and Security in an MPLS Network. In: 3rd International Conference on Testbeds and Research Infrastructure for the Development of Networks and Communities, May 21-23, pp. 1–6 (2007)
Roesch, M.: Snort, Lightweight Intrusion Detection For Networks. In: 13th USENIX Systems Administration Conference (LISA 1999), Seattle, WA (November 1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Carrozza, G., Manetti, V., Marotta, A., Canonico, R., Avallone, S. (2013). Exploiting SDN Approach to Tackle Cloud Computing Security Issues in the ATC Scenario. In: Vieira, M., Cunha, J.C. (eds) Dependable Computing. EWDC 2013. Lecture Notes in Computer Science, vol 7869. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38789-0_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-38789-0_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38788-3
Online ISBN: 978-3-642-38789-0
eBook Packages: Computer ScienceComputer Science (R0)