Skip to main content
SpringerLink
Log in

A limited-trust capacity model for mitigating threats of internal malicious services in cloud computing

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

Hidden persistent malware in guest virtual machine instances are among the most common internal threats in cloud computing, affecting the security of both cloud customers and providers. With the growing sophistication of modern malware, traditional methods are becoming increasingly ineffective for tackling cloud security problems. Moreover, given the pay-per-use model of clouds, consumption of resources by these malwares and malicious services can cause huge losses to both the cloud provider and customer. Thus, it is important to develop mechanisms that can limit the scale of malicious attacks in order to minimize their resources consumption. Trust management is a fundamental technique for assessing and increasing the reliability and security of cloud services. Unfortunately, majority of existing mechanisms for trust management in clouds have limitations that prevent them from being fully effective. In this paper, we propose a novel limited-trust capacity model to mitigate the threats of internal malicious software and services in cloud computing using concepts from flow networks to reduce the scale of malicious software or services. Our limited-trust capacity model can be utilized in the following two ways: (1) to manage the trust relationship among the guest services and to evaluate the threats of unknown malicious services, and (2) to minimize risk associated with renting cloud services and limiting the resource drain caused by malicious guest services. Finally, experimental results show that our limited-trust capacity model can effectively restrict the scale of malicious services and significantly mitigate the threats of internal attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14

Similar content being viewed by others

Notes

  1. For an extensive list of other surveys on trust and reputation management systems in various domains, refer to the references within [18] and [9].

References

  1. Amazon EC2—Virtual server hosting. https://aws.amazon.com/ec2/

  2. Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., Zaharia, M.: A view of cloud computing. Commun. ACM 53(4), 50–58 (2010)

    Article  Google Scholar 

  3. Cormen, T.H., Leiserson, C.E., Rivest, R.L., Stein, C.: Introduction to Algorithms, 3rd edn. The MIT Press, Cambridge (2009)

    MATH  Google Scholar 

  4. Fernandes, D.A.B., Soares, L.F.B., Gomes, J.A.V.P., Freire, M.M., Inácio, P.R.M.: Security issues in cloud environments: a survey. Int. J. Inf. Sec. 13(2), 113–170 (2014)

    Article  Google Scholar 

  5. Gilbert, E., Pollak, H.: Steiner minimal trees. SIAM J. Appl. Math. 16(1), 1–29 (1968)

    Article  MATH  MathSciNet  Google Scholar 

  6. Habib, S.M., Ries, S., Mühlhäuser, M., Varikkattu, P.: Towards a trust management system for cloud computing marketplaces: using CAIQ as a trust information source. Secur. Commun. Netw. 7(11), 2185–2200 (2014)

    Article  Google Scholar 

  7. IBM cloud. http://www.ibm.com/cloud-computing/

  8. Jøsang, A., Gray, E., Kinateder, M.: Analysing topologies of transitive trust. In: Proceedings of the First International Workshop on Formal Aspects in Security & Trust (FAST 2003), pp. 9–22. Pisa (2003)

  9. Jøsang, A., Ismail, R., Boyd, C.: A survey of trust and reputation systems for online service provision. Decis. Support Syst. 43(2), 618–644 (2007)

    Article  Google Scholar 

  10. Jøsang, A., Keser, C., Dimitrakos, T.: Can We Manage Trust? In: Herrmann, P., Issarny, V., Shiu, S. (eds.) Proceedings of iTrust, Third International Conference on Trust Management, Paris, LNCS, vol. 3477, pp. 93–107. Springer May 23–26 (2005)

  11. Jøsang, A., Presti, S.L.: Analysing the relationship between risk and trust. In: Jensen, C.D., Poslad, S., Dimitrakos, T. (eds.) Proceedings of iTrust, Second International Conference on Trust Management, Oxford, LNCS, vol. 2995, pp. 135–145. Springer March 29–April 1 (2004)

  12. Levien, R.: An attack-resistant, scalable name service. http://www.levien.com/fc.ps (2000)

  13. Liu, J., Huang, W., Abali, B., Panda, D.K.: High performance VMM-bypass I/O in virtual machines. Proceedings of the Annual Conference on USENIX. vol. 6, pp. 3 (2006)

  14. Manchala, D.W.: Trust metrics, models and protocols for electronic commerce transactions. In: Proceedings of the 18th International Conference on Distributed Computing Systems, Amsterdam, pp. 312–321. IEEE Computer Society, May 26–29 (1998)

  15. Mell, P., Grance, T.: The NIST definition of cloud computing. Special Publication 800–145, National Institute of Standards and Technology, Gaithersburg (2011)

  16. Modi, C., Patel, D., Borisaniya, B., Patel, H., Patel, A., Rajarajan, M.: A survey of intrusion detection techniques in cloud. J. Netw. Comput. Appl. 36(1), 42–57 (2013)

    Article  Google Scholar 

  17. Munoz, A., Mana, A.: Bridging the GAP between software certification and trusted computing for securing cloud computing. In: IEEE Ninth World Congress on Services (SERVICES), vol. 203, pp. 103–110 (2013)

  18. Noor, T.H., Sheng, Q.Z., Zeadally, S., Yu, J.: Trust management of services in cloud environments: obstacles and solutions. ACM Comput. Surv. 46(1), 12 (2013)

    Article  Google Scholar 

  19. Palo Alto Networks: The modern malware review: analysis of new and evasive malware in live enterprise networks, 1st edn. (2013). http://media.paloaltonetworks.com/documents/The-Modern-Malware-Review-March-2013.pdf

  20. Parno, B., McCune, J.M., Perrig, A.: Bootstrapping Trust in Modern Computers. SpringerBriefs in computer science, vol. 10. Springer, New York (2011)

    Google Scholar 

  21. Prim, R.C.: Shortest connection networks and some generalizations. Bell Syst. Tech. J. 36(6), 1389–1401 (1957)

    Article  Google Scholar 

  22. Robins, G., Zelikovsky, A.: Improved Steiner tree approximation in graphs. In: Proceedings of the eleventh annual ACM-SIAM symposium on Discrete algorithms, pp. 770–779. Society for Industrial and Applied Mathematics (2000)

  23. Robins, G., Zelikovsky, A.: Tighter bounds for graph Steiner tree approximation. SIAM J. Discr. Math. 19(1), 122–134 (2005)

    Article  MATH  MathSciNet  Google Scholar 

  24. Wang, Y., Ma, J., Lu, D., Lu, X., Zhang, L.: From high-availability to collapse: quantitative analysis of “Cloud-Droplet-Freezing” attack threats to virtual machine migration in cloud computing. Cluster Comput. 17(4), 1369–1381 (2014)

    Article  Google Scholar 

  25. Wang, Y., Ma, J., Lu, D., Zang, L., Meng, X.: A novel DDoS attack in cloud computing—the cloud droplets freezing attack. J. xidian Univ. 41(3), 125–131 (2014)

    Google Scholar 

Download references

Acknowledgments

This research work is supported by Program for Changjiang Scholars and Innovative Research Team in University (IRT1078), The Key Program of NSFC-Guangdong Union Foundation (U1135002), Major national S&T program (2011ZX03005-002), and the Fundamental Research Funds for the Central Universities (JY0900120301).

Author information

Authors and Affiliations

  1. School of Computer Science and Engineering, Xi’an University of Technology, No. 5 Jinhua South Road, Beilin District, Xi’an, 710048, Shaanxi, China

    Yichuan Wang

  2. Department of Electrical Engineering and Computer Science, University of California, Merced, 5200 North Lake Road, Merced, CA, 95343, USA

    Santosh Chandrasekhar & Mukesh Singhal

  3. School of Computer Science and Technology, Xidian University, No. 2 South Taibai Road, Yanta District, Xi’an, 710071, Shaanxi, China

    Jianfeng Ma

Authors
  1. Yichuan Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Santosh Chandrasekhar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mukesh Singhal
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jianfeng Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mukesh Singhal.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Wang, Y., Chandrasekhar, S., Singhal, M. et al. A limited-trust capacity model for mitigating threats of internal malicious services in cloud computing. Cluster Comput 19, 647–662 (2016). https://doi.org/10.1007/s10586-016-0560-2

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-016-0560-2

Keywords

Search

Navigation