Proactive Verification of Security Compliance for Clouds Through Pre-computation: Application to OpenStack

  • Suryadipta Majumdar
  • Yosr Jarraya
  • Taous Madi
  • Amir Alimohammadifar
  • Makan Pourzandi
  • Lingyu Wang
  • Mourad Debbabi
Conference paper

DOI: 10.1007/978-3-319-45744-4_3

Part of the Lecture Notes in Computer Science book series (LNCS, volume 9878)
Cite this paper as:
Majumdar S. et al. (2016) Proactive Verification of Security Compliance for Clouds Through Pre-computation: Application to OpenStack. In: Askoxylakis I., Ioannidis S., Katsikas S., Meadows C. (eds) Computer Security – ESORICS 2016. ESORICS 2016. Lecture Notes in Computer Science, vol 9878. Springer, Cham

Abstract

The verification of security compliance with respect to security standards and policies is desirable to both cloud providers and users. However, the sheer size of a cloud implies a major challenge to be scalability and in particular response time. Most existing approaches are either after the fact or incur prohibitive delay in processing user requests. In this paper, we propose a scalable approach that can reduce the response time of online security compliance verification in large clouds to a practical level. The main idea is to start preparing for the costly verification proactively, as soon as the system is a few steps ahead of potential operations causing violations. We present detailed models and algorithms, and report real-life experiences and challenges faced while implementing our solution in OpenStack. We also conduct experiments whose results confirm the efficiency and scalability of our approach.

Keywords

Proactive compliance verification Cloud security Auditing OpenStack 

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Suryadipta Majumdar
    • 1
  • Yosr Jarraya
    • 2
  • Taous Madi
    • 1
  • Amir Alimohammadifar
    • 1
  • Makan Pourzandi
    • 2
  • Lingyu Wang
    • 1
  • Mourad Debbabi
    • 1
  1. 1.CIISEConcordia UniversityMontrealCanada
  2. 2.Ericsson Security Research, Ericsson CanadaMontrealCanada

Personalised recommendations