Abstract
Modern data centers need to manage complex, multi-level hardware and software infrastructures in order to provide a wide array of services flexibly and reliably. The emerging trends of virtualization and outsourcing further increase the scale and complexity of this management. In this chapter, we focus on the configuration management issues and expose a variety of attack and misconfiguration scenarios, and discuss some approaches to making configuration management more robust. We also discuss a number of challenges in identifying the vulnerabilities in configurations, handling configuration management in the emerging cloud computing environments, and in hardening the configurations against hacker attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
H. Ballani and P. Francis, “CONMan: taking the complexity out of network management”, Proc. of ACM SIGCOMM Workshop on Internet Network Management, Sept 2006, pp41-46
L. Bauer, S. Garriss, M.K. Reiter, “Detecting and resolving policy misconfigurations in accesscontrol systems”, In Proc. of 13th ACM Symposium on Access Control Models and Technologies, June 2008, pp185-194.
S. Berger, R. Cceres, D. Pendarakis, et al., “TVDc: managing security in the trusted virtual datacenter”, SIGOPS Oper. Syst. Rev. 42, 1 (Jan. 2008), pp 40–47.
K. Biswas and A. Islam, “Hardware Virtualization Support In INTEL, AMD And IBM Power Processors”, available at arxiv.org/abs/0909.0099.
IEEE task group 802.3.az, “Energy Efficienct Ethernet”, http://www.ieee802.org/3/az/ public/nov07/hays_1_1107.pdf.
K. Butler, T. Farley, T. McDaniel, J. Rexford, “A Survey of BGP Security Issues and Solutions”, to appear in Proc. of IEEE, 2010.
“Common Information Model”, Available at http://www.wbemsolutions.com/tutorials/ CIM/cim-specification.html
S. Cabuk, C.I. Dalton, H. Ramasamy, M. Schunter, “Towards automated provisioning of secure virtualized networks”, Proc. of 14th ACM CCS conference, Oct 2007, pp 235–245.
C. Doccio, J. Sedayao, K. Kant and P. Mohapatra, “Quantifying and Improving DNSSEC Availability”, to appear in proc. of ICCCN conference, Aug 2011.
“Virtualization Management (VMAN) Initiative : DMTF Standards for Virtualization Management”, Available at http://www.dmtf.org/standards/vman
“Open Virtualization Format”, Available at dmtf.org/sites/default/files/ standards/documents/DSP2021_1.0.0.tar
J. Crandall, “DMTF Technologies Overview”, Available at http://www.snia.org/events/ storage-developer2008/presentations/wednesday/JohnCrandall_ DMTF_Profiles_for_Storage.pdf
W. Enk, T. Moyer, P. McDaniel, et.al., “Configuration management at massive scale: system design and experience”, IEEE Journal of Selected Areas in Communications, April 2009, Vol 27, No 3, pp323-335.
Tal Garfinkel and Mendel Rosenblum, “When Virtual Is Harder than Real: Security Challenges in Virtual Machine Based Computing Environments”, USENIX Association, 2005
P. Goyal, R. Mikkilineni, M. Ganti, “FCAPS in the business services fabric management”, Proc. of 18th IEEE Intl. workshop on Enabling Technologies, 2009.
R.C. Merkle, “Protocols for Public Key Cryptosystems”, In Proc. of 1980 IEEE Symposium on Security and Privacy, 1980.
Intel Active Management Technology. Available at en.wikipedia.org/wiki/Intel_ Active_Management_Technology
K. Kant, ”Distributed Energy Adaptive Computing”, Proc. of International Conf. on Communications (ICC), May 2010.
K. Kant, “Data Center Evolution: A Tutorial on State of the Art, Issues, and Challenges”, Elsevier Computer Networks Journal, Dec 2009.
M.S. Lam, M. Martin, B. Livshits, J. Whaley, “Securing Web Applications with Static and Dynamic Information Flow Tracking”, Proc. of ACM sigplan symp. on partial evaluation and semantics based program manipulation (PEPM), 2008.
F. Le, S. Lee, T. Wong, et. al, “Detecting network-wide and router-specific misconfigurations through data mining”, IEEE/ACM Trans. on networking, vol 17, No 1, Feb 2009, pp 66–79.
C. E. Leiserson, “Fat-Trees: Universal Networks for Hardware-Efcient Supercomputing”, IEEE Trans. on Computers, Vol 34, No 10, pp892901, 1985.
I. Mastroeni and D. Zanardini, “Data Dependencies and program slicing: from syntax to abstract semantics”, Proc. of ACM sigplan symp. on partial evaluation and semantics based program manipulation (PEPM), 2008.
F. Palmieri and U. Fiore, “Enhanced security strategies for MPLS signaling”, Journal of Networks, Vol 2, No. 5, Sept 2007.
L. Pasquale, J. Laredo, H. Ludwig, et.al., “Distributed Cross-Domain Configuration Management”, Proc of ICSOC 2009, LNCS 5900, pp622-636.
J.S. Reuben. A Survey on Virtual Machine Security. Helsinki University of Technology, 2007. Available at http://www.tml.tkk.fi/Publications/C/25/chapters/ Reuben_final.pdf
S.A. Rouiller, “Virtual LAN security: weaknesses and countermeasures”, available at uploads.askapache.com/2006/12/vlan-security-3.pdf
R. Sailer, T. Jaeger, E. Valdez, et al, “Building a MAC-based Security Architecture for the Xen Opensource Hypervisor”, 21st Annual Computer Security Applications Conference (ACSAC), Dec 2005.
F.T. Sheldon and C. Vishik, “Moving toward trustworthy systems: R&D Essentials”, IEEE Computer magazine, Sept 2010, pp 31–40.
A. Stamos and S. Stender, “Attacking Web Services: The Next Generation of Vulnerable Enterprise Applications”, Proc. of Defcon XIII. Available at http://www.isecpartners.com/.../iSEC-Attacking-Web-Services.DefCon.pdf.
W. Stanley, J. Laski, “Program Dependencies”, in Software Verification and Analysis, springer-verlag, 2009, pp125-142.
A. Striegel, “Security Issues in a Differentiated Services Internet”, Proc. of HiPC workshop, 2002.
V. Talwar, K. Nahrstedt, S.K. Nath, “RSVP-SQOS : A SECURE RSVP PROTOCOL,” Proc. of IEEE Intl. conf. on Multimedia and Expo (ICME’01), 2001
Web service security specification, available at docs.oasis-open.org/wss/2004/ 01/oasis-200401-wss-soap-message-security-1.0.pdf
Web services secure conversation specification, available at specs.xmlsoap.org/ws/ 2005/02/sc/WS-SecureConversation.pdf
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer Science+Business Media, LLC
About this chapter
Cite this chapter
Kant, K. (2011). Configuration Management Security in Data Center Environments. In: Jajodia, S., Ghosh, A., Swarup, V., Wang, C., Wang, X. (eds) Moving Target Defense. Advances in Information Security, vol 54. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-0977-9_10
Download citation
DOI: https://doi.org/10.1007/978-1-4614-0977-9_10
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4614-0976-2
Online ISBN: 978-1-4614-0977-9
eBook Packages: Computer ScienceComputer Science (R0)