Abstract
Hidden persistent malware in guest virtual machine instances are among the most common internal threats in cloud computing, affecting the security of both cloud customers and providers. With the growing sophistication of modern malware, traditional methods are becoming increasingly ineffective for tackling cloud security problems. Moreover, given the pay-per-use model of clouds, consumption of resources by these malwares and malicious services can cause huge losses to both the cloud provider and customer. Thus, it is important to develop mechanisms that can limit the scale of malicious attacks in order to minimize their resources consumption. Trust management is a fundamental technique for assessing and increasing the reliability and security of cloud services. Unfortunately, majority of existing mechanisms for trust management in clouds have limitations that prevent them from being fully effective. In this paper, we propose a novel limited-trust capacity model to mitigate the threats of internal malicious software and services in cloud computing using concepts from flow networks to reduce the scale of malicious software or services. Our limited-trust capacity model can be utilized in the following two ways: (1) to manage the trust relationship among the guest services and to evaluate the threats of unknown malicious services, and (2) to minimize risk associated with renting cloud services and limiting the resource drain caused by malicious guest services. Finally, experimental results show that our limited-trust capacity model can effectively restrict the scale of malicious services and significantly mitigate the threats of internal attacks.
Similar content being viewed by others
References
Amazon EC2—Virtual server hosting. https://aws.amazon.com/ec2/
Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., Zaharia, M.: A view of cloud computing. Commun. ACM 53(4), 50–58 (2010)
Cormen, T.H., Leiserson, C.E., Rivest, R.L., Stein, C.: Introduction to Algorithms, 3rd edn. The MIT Press, Cambridge (2009)
Fernandes, D.A.B., Soares, L.F.B., Gomes, J.A.V.P., Freire, M.M., Inácio, P.R.M.: Security issues in cloud environments: a survey. Int. J. Inf. Sec. 13(2), 113–170 (2014)
Gilbert, E., Pollak, H.: Steiner minimal trees. SIAM J. Appl. Math. 16(1), 1–29 (1968)
Habib, S.M., Ries, S., Mühlhäuser, M., Varikkattu, P.: Towards a trust management system for cloud computing marketplaces: using CAIQ as a trust information source. Secur. Commun. Netw. 7(11), 2185–2200 (2014)
IBM cloud. http://www.ibm.com/cloud-computing/
Jøsang, A., Gray, E., Kinateder, M.: Analysing topologies of transitive trust. In: Proceedings of the First International Workshop on Formal Aspects in Security & Trust (FAST 2003), pp. 9–22. Pisa (2003)
Jøsang, A., Ismail, R., Boyd, C.: A survey of trust and reputation systems for online service provision. Decis. Support Syst. 43(2), 618–644 (2007)
Jøsang, A., Keser, C., Dimitrakos, T.: Can We Manage Trust? In: Herrmann, P., Issarny, V., Shiu, S. (eds.) Proceedings of iTrust, Third International Conference on Trust Management, Paris, LNCS, vol. 3477, pp. 93–107. Springer May 23–26 (2005)
Jøsang, A., Presti, S.L.: Analysing the relationship between risk and trust. In: Jensen, C.D., Poslad, S., Dimitrakos, T. (eds.) Proceedings of iTrust, Second International Conference on Trust Management, Oxford, LNCS, vol. 2995, pp. 135–145. Springer March 29–April 1 (2004)
Levien, R.: An attack-resistant, scalable name service. http://www.levien.com/fc.ps (2000)
Liu, J., Huang, W., Abali, B., Panda, D.K.: High performance VMM-bypass I/O in virtual machines. Proceedings of the Annual Conference on USENIX. vol. 6, pp. 3 (2006)
Manchala, D.W.: Trust metrics, models and protocols for electronic commerce transactions. In: Proceedings of the 18th International Conference on Distributed Computing Systems, Amsterdam, pp. 312–321. IEEE Computer Society, May 26–29 (1998)
Mell, P., Grance, T.: The NIST definition of cloud computing. Special Publication 800–145, National Institute of Standards and Technology, Gaithersburg (2011)
Modi, C., Patel, D., Borisaniya, B., Patel, H., Patel, A., Rajarajan, M.: A survey of intrusion detection techniques in cloud. J. Netw. Comput. Appl. 36(1), 42–57 (2013)
Munoz, A., Mana, A.: Bridging the GAP between software certification and trusted computing for securing cloud computing. In: IEEE Ninth World Congress on Services (SERVICES), vol. 203, pp. 103–110 (2013)
Noor, T.H., Sheng, Q.Z., Zeadally, S., Yu, J.: Trust management of services in cloud environments: obstacles and solutions. ACM Comput. Surv. 46(1), 12 (2013)
Palo Alto Networks: The modern malware review: analysis of new and evasive malware in live enterprise networks, 1st edn. (2013). http://media.paloaltonetworks.com/documents/The-Modern-Malware-Review-March-2013.pdf
Parno, B., McCune, J.M., Perrig, A.: Bootstrapping Trust in Modern Computers. SpringerBriefs in computer science, vol. 10. Springer, New York (2011)
Prim, R.C.: Shortest connection networks and some generalizations. Bell Syst. Tech. J. 36(6), 1389–1401 (1957)
Robins, G., Zelikovsky, A.: Improved Steiner tree approximation in graphs. In: Proceedings of the eleventh annual ACM-SIAM symposium on Discrete algorithms, pp. 770–779. Society for Industrial and Applied Mathematics (2000)
Robins, G., Zelikovsky, A.: Tighter bounds for graph Steiner tree approximation. SIAM J. Discr. Math. 19(1), 122–134 (2005)
Wang, Y., Ma, J., Lu, D., Lu, X., Zhang, L.: From high-availability to collapse: quantitative analysis of “Cloud-Droplet-Freezing” attack threats to virtual machine migration in cloud computing. Cluster Comput. 17(4), 1369–1381 (2014)
Wang, Y., Ma, J., Lu, D., Zang, L., Meng, X.: A novel DDoS attack in cloud computing—the cloud droplets freezing attack. J. xidian Univ. 41(3), 125–131 (2014)
Acknowledgments
This research work is supported by Program for Changjiang Scholars and Innovative Research Team in University (IRT1078), The Key Program of NSFC-Guangdong Union Foundation (U1135002), Major national S&T program (2011ZX03005-002), and the Fundamental Research Funds for the Central Universities (JY0900120301).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Wang, Y., Chandrasekhar, S., Singhal, M. et al. A limited-trust capacity model for mitigating threats of internal malicious services in cloud computing. Cluster Comput 19, 647–662 (2016). https://doi.org/10.1007/s10586-016-0560-2
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10586-016-0560-2