Abstract
This paper describes an approach for automated security analysis of network access controls in operational Infrastructure as a Service (IaaS) cloud computing environments. Our objective is to provide automated and experimental methods to analyze firewall access control mechanisms aiming at protecting cloud architectures. In order to determine the accessibilities in virtual infrastructure networks and detect unforeseen misconfigurations, we present an approach combining static and dynamic analyses, along with the analysis of discrepancies in the compared results. Our approach is sustained by experiments carried out on a VMware-based cloud platform.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Jensen, M., Schwenk, J., Gruschka, N., Iacono, L.L.: On technical security issues in cloud computing. In: IEEE International Conference on Cloud Computing, CLOUD 2009, pp. 109–116. IEEE (2009)
Studnia, I., Alata, E., Deswarte, Y., Kaâniche, M., Nicomette, V., et al.: Survey of security problems in cloud computing virtual machines. In: Proceedings of Computer and Electronics Security Applications Rendez-vous (C&ESAR 2012), pp. 61–74 (2012)
Oktay, Sahingoz: Attack types and intrusion detection systems in cloud computing. In: Proceedings of the 6th International Information Security & Cryptology Conference, pp. 71–76 (2013)
Xie, G.G., Zhan, J., Maltz, D.A., Zhang, H., Greenberg, A., Hjalmtysson, G., Rexford, J.: On static reachability analysis of ip networks. In: Proceedings of the IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies, INFOCOM 2005, vol. 3, pp. 2170–2183. IEEE (2005)
Khakpour, A., Liu, A.X.: Quarnet: A tool for quantifying static network reachability. Michigan State University, East Lansing, Michigan, Tech. Rep. MSU-CSE-09-2 (2009)
Marmorstein, R., Kearns, P.: A tool for automated iptables firewall analysis. In: USENIX Association (ed.) ATEC 2005: Proceedings of the Annual Conference on USENIX Annual Technical Conference, p. 44 (2005)
Nelson, T., Barratt, C., Dougherty, D.J., Fisler, K., Krishnamurthi, S.: The margrave tool for firewall analysis. In: USENIX Large Installation System Administration Conference (2010)
Bleikertz, S.: Automated security analysis of infrastructure clouds. Master’s thesis, Norwegian University of Science and Technologys (2010)
Doelitzscher, F., Ruebsamen, T., Karbe, T., Knahl, M., Reich, C., Clarke, N.: Sun behind clouds-on automatic cloud security audits and a cloud audit policy language. International Journal on Advances in Networks and Services 6(1 and 2), 1–16 (2013)
Alliance, C.S.: Secaas implementation guidance: Security assessments (2012)
Bleikertz, S., Groß, T., Schunter, M., Eriksson, K.: Automated information flow analysis of virtualized infrastructures. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 392–415. Springer, Heidelberg (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Probst, T., Alata, E., Kaâniche, M., Nicomette, V. (2014). An Approach for the Automated Analysis of Network Access Controls in Cloud Computing Infrastructures. In: Au, M.H., Carminati, B., Kuo, CC.J. (eds) Network and System Security. NSS 2015. Lecture Notes in Computer Science, vol 8792. Springer, Cham. https://doi.org/10.1007/978-3-319-11698-3_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-11698-3_1
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-11697-6
Online ISBN: 978-3-319-11698-3
eBook Packages: Computer ScienceComputer Science (R0)