Skip to main content
SpringerLink
Log in
Book cover

Moving Target Defense pp 161–181Cite as

Configuration Management Security in Data Center Environments

  • Chapter
  • First Online:

Part of the book series: Advances in Information Security ((ADIS,volume 54))

Abstract

Modern data centers need to manage complex, multi-level hardware and software infrastructures in order to provide a wide array of services flexibly and reliably. The emerging trends of virtualization and outsourcing further increase the scale and complexity of this management. In this chapter, we focus on the configuration management issues and expose a variety of attack and misconfiguration scenarios, and discuss some approaches to making configuration management more robust. We also discuss a number of challenges in identifying the vulnerabilities in configurations, handling configuration management in the emerging cloud computing environments, and in hardening the configurations against hacker attacks.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   79.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   139.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. H. Ballani and P. Francis, “CONMan: taking the complexity out of network management”, Proc. of ACM SIGCOMM Workshop on Internet Network Management, Sept 2006, pp41-46

    Google Scholar 

  2. L. Bauer, S. Garriss, M.K. Reiter, “Detecting and resolving policy misconfigurations in accesscontrol systems”, In Proc. of 13th ACM Symposium on Access Control Models and Technologies, June 2008, pp185-194.

    Google Scholar 

  3. S. Berger, R. Cceres, D. Pendarakis, et al., “TVDc: managing security in the trusted virtual datacenter”, SIGOPS Oper. Syst. Rev. 42, 1 (Jan. 2008), pp 40–47.

    Article  Google Scholar 

  4. K. Biswas and A. Islam, “Hardware Virtualization Support In INTEL, AMD And IBM Power Processors”, available at arxiv.org/abs/0909.0099.

    Google Scholar 

  5. IEEE task group 802.3.az, “Energy Efficienct Ethernet”, http://www.ieee802.org/3/az/ public/nov07/hays_1_1107.pdf.

  6. K. Butler, T. Farley, T. McDaniel, J. Rexford, “A Survey of BGP Security Issues and Solutions”, to appear in Proc. of IEEE, 2010.

    Google Scholar 

  7. “Common Information Model”, Available at http://www.wbemsolutions.com/tutorials/ CIM/cim-specification.html

  8. S. Cabuk, C.I. Dalton, H. Ramasamy, M. Schunter, “Towards automated provisioning of secure virtualized networks”, Proc. of 14th ACM CCS conference, Oct 2007, pp 235–245.

    Google Scholar 

  9. C. Doccio, J. Sedayao, K. Kant and P. Mohapatra, “Quantifying and Improving DNSSEC Availability”, to appear in proc. of ICCCN conference, Aug 2011.

    Google Scholar 

  10. “Virtualization Management (VMAN) Initiative : DMTF Standards for Virtualization Management”, Available at http://www.dmtf.org/standards/vman

  11. “Open Virtualization Format”, Available at dmtf.org/sites/default/files/ standards/documents/DSP2021_1.0.0.tar

    Google Scholar 

  12. J. Crandall, “DMTF Technologies Overview”, Available at http://www.snia.org/events/ storage-developer2008/presentations/wednesday/JohnCrandall_ DMTF_Profiles_for_Storage.pdf

  13. W. Enk, T. Moyer, P. McDaniel, et.al., “Configuration management at massive scale: system design and experience”, IEEE Journal of Selected Areas in Communications, April 2009, Vol 27, No 3, pp323-335.

    Article  Google Scholar 

  14. Tal Garfinkel and Mendel Rosenblum, “When Virtual Is Harder than Real: Security Challenges in Virtual Machine Based Computing Environments”, USENIX Association, 2005

    Google Scholar 

  15. P. Goyal, R. Mikkilineni, M. Ganti, “FCAPS in the business services fabric management”, Proc. of 18th IEEE Intl. workshop on Enabling Technologies, 2009.

    Google Scholar 

  16. R.C. Merkle, “Protocols for Public Key Cryptosystems”, In Proc. of 1980 IEEE Symposium on Security and Privacy, 1980.

    Google Scholar 

  17. Intel Active Management Technology. Available at en.wikipedia.org/wiki/Intel_ Active_Management_Technology

    Google Scholar 

  18. K. Kant, ”Distributed Energy Adaptive Computing”, Proc. of International Conf. on Communications (ICC), May 2010.

    Google Scholar 

  19. K. Kant, “Data Center Evolution: A Tutorial on State of the Art, Issues, and Challenges”, Elsevier Computer Networks Journal, Dec 2009.

    Google Scholar 

  20. M.S. Lam, M. Martin, B. Livshits, J. Whaley, “Securing Web Applications with Static and Dynamic Information Flow Tracking”, Proc. of ACM sigplan symp. on partial evaluation and semantics based program manipulation (PEPM), 2008.

    Google Scholar 

  21. F. Le, S. Lee, T. Wong, et. al, “Detecting network-wide and router-specific misconfigurations through data mining”, IEEE/ACM Trans. on networking, vol 17, No 1, Feb 2009, pp 66–79.

    Google Scholar 

  22. C. E. Leiserson, “Fat-Trees: Universal Networks for Hardware-Efcient Supercomputing”, IEEE Trans. on Computers, Vol 34, No 10, pp892901, 1985.

    Google Scholar 

  23. I. Mastroeni and D. Zanardini, “Data Dependencies and program slicing: from syntax to abstract semantics”, Proc. of ACM sigplan symp. on partial evaluation and semantics based program manipulation (PEPM), 2008.

    Google Scholar 

  24. F. Palmieri and U. Fiore, “Enhanced security strategies for MPLS signaling”, Journal of Networks, Vol 2, No. 5, Sept 2007.

    Google Scholar 

  25. L. Pasquale, J. Laredo, H. Ludwig, et.al., “Distributed Cross-Domain Configuration Management”, Proc of ICSOC 2009, LNCS 5900, pp622-636.

    Google Scholar 

  26. J.S. Reuben. A Survey on Virtual Machine Security. Helsinki University of Technology, 2007. Available at http://www.tml.tkk.fi/Publications/C/25/chapters/ Reuben_final.pdf

  27. S.A. Rouiller, “Virtual LAN security: weaknesses and countermeasures”, available at uploads.askapache.com/2006/12/vlan-security-3.pdf

    Google Scholar 

  28. R. Sailer, T. Jaeger, E. Valdez, et al, “Building a MAC-based Security Architecture for the Xen Opensource Hypervisor”, 21st Annual Computer Security Applications Conference (ACSAC), Dec 2005.

    Google Scholar 

  29. F.T. Sheldon and C. Vishik, “Moving toward trustworthy systems: R&D Essentials”, IEEE Computer magazine, Sept 2010, pp 31–40.

    Google Scholar 

  30. A. Stamos and S. Stender, “Attacking Web Services: The Next Generation of Vulnerable Enterprise Applications”, Proc. of Defcon XIII. Available at http://www.isecpartners.com/.../iSEC-Attacking-Web-Services.DefCon.pdf.

  31. W. Stanley, J. Laski, “Program Dependencies”, in Software Verification and Analysis, springer-verlag, 2009, pp125-142.

    Google Scholar 

  32. A. Striegel, “Security Issues in a Differentiated Services Internet”, Proc. of HiPC workshop, 2002.

    Google Scholar 

  33. V. Talwar, K. Nahrstedt, S.K. Nath, “RSVP-SQOS : A SECURE RSVP PROTOCOL,” Proc. of IEEE Intl. conf. on Multimedia and Expo (ICME’01), 2001

    Google Scholar 

  34. Web service security specification, available at docs.oasis-open.org/wss/2004/ 01/oasis-200401-wss-soap-message-security-1.0.pdf

    Google Scholar 

  35. Web services secure conversation specification, available at specs.xmlsoap.org/ws/ 2005/02/sc/WS-SecureConversation.pdf

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Center for Secure Information Systems, George Mason University, Fairfax, USA

    Krishna Kant

Authors
  1. Krishna Kant
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Krishna Kant .

Editor information

Editors and Affiliations

  1. Center for Secure Information Systems, George Mason University, Fairfax, 22030-4444, Virginia, USA

    Sushil Jajodia

  2. Center for Secure Information Systems, George Mason University, Fairfax, 22030-4422, Virginia, USA

    Anup K. Ghosh

  3. The MITRE Corporation, McLean, 22102-7508, Virginia, USA

    Vipin Swarup

  4. Computing and Information Science Div., Engineering Sciences Directorate, Triangle Park, 27709-2211, North Carolina, USA

    Cliff Wang

  5. Division of Information & Intelligent Sy, National Science Foundation, Arlington, 22230, Virginia, USA

    X. Sean Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer Science+Business Media, LLC

About this chapter

Cite this chapter

Kant, K. (2011). Configuration Management Security in Data Center Environments. In: Jajodia, S., Ghosh, A., Swarup, V., Wang, C., Wang, X. (eds) Moving Target Defense. Advances in Information Security, vol 54. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-0977-9_10

Download citation

  • DOI: https://doi.org/10.1007/978-1-4614-0977-9_10

  • Published:

  • Publisher Name: Springer, New York, NY

  • Print ISBN: 978-1-4614-0976-2

  • Online ISBN: 978-1-4614-0977-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation