Abstract
The issue of data security and privacy in multi-cloud based environments requires different solutions for implementing and enforcing security policies. In these environments, many security aspects must be faced, such as security-by-design, risk management, data privacy and isolation, and vulnerability scans. Moreover, it also becomes necessary to have a system that interrelates and operates all security controls which are configured and executed independently on each component of the application (service) being secured and monitored. In addition, thanks to the large diffusion of cloud computing systems, new attacks are emerging, so threat detection systems play a key role in the security schemes, identifying possible attacks. These systems handle an enormous volume of information as they detect unknown malicious activities by monitoring different events from different points of observation, as well as adapting to new attack strategies and considering techniques to detect malicious behaviors and react accordingly.
To target this issue, we propose in the context of the MUSA EU Horizon 2020 project [1], a security assurance platform that allows monitoring the multi-cloud application deployed in different Cloud Server Providers (CSPs). It detects potential deviations from security Server Level Agreements (A formal, negotiated document that defines in quantitative and qualitative terms the service being offered to a Cloud Service Client (CSC). For more information see [8, 17].) (SLAs) and triggers countermeasures to enforce security during application runtime.
This is a preview of subscription content, log in via an institution to check access.
References
MUSA Project. http://www.musa-project.eu/. Accessed Jan 2017
Openstack ceilometer. http://docs.openstack.org/developer/ceilometer/. Accessed Jan 2017
OPNFV Doctor. http://wiki.opnfv.org/doctor. Accessed Jan 2017
Stacktach. http://stacktach.readthedocs.org/en/latest/index.html. Accessed Jan 2017
Lifecycle management of service-based applications on multi-clouds: a research roadmap (2013)
Multi-Cloud: expectations and current approaches (2013)
Carlin, A., Hammoudeh, M., Aldabbas, O.: Intrusion detection and countermeasure of virtual cloud systems - state of the art and current challenges. Int. J. Adv. Comput. Sci. Appl. 6(6), 1–15 (2015)
Casola, V., Benedictis, A.D., Rak, M., Rios, E.: Security-by-design in clouds: a security-sla driven methodology to build secure cloud applications. Procedia Comput. Sci. 97, 53–62 (2016). http://www.sciencedirect.com/science/article/pii/S1877050916320968, 2nd International Conference on Cloud Forward: From Distributed to Complete Computing
Collectd. http://collectd.org/. Accessed Jan 2017
Consul. https://www.consul.io/. Accessed Jan 2017
Ferry, N., Rossini, A., Chauvel, F., Morin, B.: Towards model-driven provisioning, deployment, monitoring, and adaptation of multi-cloud systems. In: 2013 IEEE Sixth International Conference on Cloud Computing (2013)
Global Inter-cloud Technology Forum: Use Cases and Functional Requirements for Inter-Cloud Computing. Technical report (2010)
Grozev, N., Buyya, R.: Inter-cloud architectures and application brokering: taxonomy and survey. Softw. - Pract. Exp. 44(3), 369–390 (2012)
Guide, O.S.: http://docs.openstack.org/sec/. Accessed January 2017
Patel, A., Taghavi, M., Bakhtiyari, K., Celestino Júnior, J.: An intrusion detection and prevention system in cloud computing: a systematic review. J. Netw. Comput. Appl. 36(1), 25–41 (2013)
Project, B.: http://wiki.openstack.org/wiki/Security/Projects/Bandit. Accessed Jan 2017
Rios, E., Mallouli, W., Rak, M., Casola, V., Ortiz, A.M.: SLA-driven monitoring of multi-cloud application components using the MUSA framework. In: ICDCS Workshops (2016)
Zbakh, M., Elmahdi, K., Cherkaoui, R., Enniari, S.: A multi-criteria analysis of intrusion detection architectures in cloud environments. In: 2015 International Conference on Cloud Technologies and Applications (CloudTech), pp. 1–9. IEEE (2015)
Zeginis, C., Kritikos, K., Garefalakis, P., Konsolaki, K., Magoutis, K., Plexousakis, D.: Towards cross-layer monitoring of multi-cloud service-based applications. In: Lau, K.-K., Lamersdorf, W., Pimentel, E. (eds.) ESOCC 2013. LNCS, vol. 8135, pp. 188–195. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40651-5_16
Acknowledgment
The project leading to this paper has received funding from the European Unions Horizon 2020 research and innovation program under grant agreement No. 644429.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Carvallo, P., Cavalli, A.R., Mallouli, W., Rios, E. (2017). Multi-cloud Applications Security Monitoring. In: Au, M., Castiglione, A., Choo, KK., Palmieri, F., Li, KC. (eds) Green, Pervasive, and Cloud Computing. GPC 2017. Lecture Notes in Computer Science(), vol 10232. Springer, Cham. https://doi.org/10.1007/978-3-319-57186-7_54
Download citation
DOI: https://doi.org/10.1007/978-3-319-57186-7_54
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-57185-0
Online ISBN: 978-3-319-57186-7
eBook Packages: Computer ScienceComputer Science (R0)