ProvIntSec: a provenance cognition blueprint ensuring integrity and security for real life open source cloud

The distributed nature and growing demand for open source cloud makes the system an ideal target for malicious attacks and unauthorised file transfers. Requirements of provenance cognition scheme can come forward to solve the problem. However, such mechanisms of provenance detection has been considered to a limited extent for open source cloud computing. ProvIntSec is a novel mechanism that ensures effective collection of provenance information from a large pool of virtual machine (VM) instances on open source cloud platform. ProvIntSec captures critical system journals from VM instances and pattern matches those with predefined signatures to detect the presence of malicious activities. In addition, ProvIntSec identifies the Linux process trees to determine unauthorised file movements across different nodes. The experiments were executed in OpenStack Essex cloud environment running on real life system, and standard metrics were used to calculate the results. The obtained results show average precision values of 92.81% and 81.24% for malware detection and unauthorised file transfers respectively. At the same time, cumulative performance gains of 0.3991 and 8.77 are obtained. Upon comparison of the obtained results with benchmarks, ProvIntSec shows desirable gain in performance.

[1]  Margo I. Seltzer,et al.  Provenance for the Cloud , 2010, FAST.

[2]  Elisa Bertino,et al.  The Challenge of Assuring Data Trustworthiness , 2009, DASFAA.

[3]  Shouhuai Xu,et al.  Trustworthy Information: Concepts and Mechanisms , 2010, WAIM.

[4]  Dimitrios Zissis,et al.  Addressing cloud computing security issues , 2012, Future Gener. Comput. Syst..

[5]  John Zic,et al.  Accountability as a Service for the Cloud: From Concept to Implementation with BPEL , 2010, 2010 6th World Congress on Services.

[6]  Vijay Varadharajan,et al.  A flexible cryptographic approach for secure data storage in the cloud using role-based access control , 2012, Int. J. Cloud Comput..

[7]  Shouhuai Xu,et al.  A Characterization of the problem of secure provenance management , 2009, 2009 IEEE International Conference on Intelligence and Security Informatics.

[8]  Peng Ning,et al.  Managing security of virtual machine images in a cloud environment , 2009, CCSW '09.

[9]  Helmut Hlavacs,et al.  Provenance in the Cloud: Why and How? , 2012, CLOUD 2012.

[10]  Elisa Bertino,et al.  Trust Evaluation of Data Provenance , 2008 .

[11]  Siani Pearson,et al.  Enhancing privacy in cloud computing via policy-based obfuscation , 2012, The Journal of Supercomputing.

[12]  Bu-Sung Lee,et al.  Towards Achieving Accountability, Auditability and Trust in Cloud Computing , 2011, ACC.

[13]  Elisa Bertino,et al.  A Provenance Based Mechanism to Identify Malicious Packet Dropping Adversaries in Sensor Networks , 2011, 2011 31st International Conference on Distributed Computing Systems Workshops.

[14]  Mahadev Satyanarayanan,et al.  The Case for Content Search of VM Clouds , 2010, 2010 IEEE 34th Annual Computer Software and Applications Conference Workshops.

[15]  Sanjeev Khanna,et al.  On provenance and privacy , 2010, ICDT '11.

[16]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[17]  Elisa Bertino,et al.  Assessing the trustworthiness of location data based on provenance , 2009, GIS.

[18]  John Zic,et al.  Accountability as a Service for the Cloud , 2010, 2010 IEEE International Conference on Services Computing.

[19]  Xiaohui Liang,et al.  Secure provenance: the essential of bread and butter of data forensics in cloud computing , 2010, ASIACCS '10.

[20]  Justin Zhijun Zhan,et al.  SUCH: A Cloud Computing Management Tool , 2012, 2012 5th International Conference on New Technologies, Mobility and Security (NTMS).

[21]  Juliana Freire,et al.  Provenance and scientific workflows: challenges and opportunities , 2008, SIGMOD Conference.

[22]  Andreas Haeberlen,et al.  A case for the accountable cloud , 2010, OPSR.

[23]  Rostyslav Slipetskyy Security Issues in OpenStack , 2011 .

[24]  Bu-Sung Lee,et al.  TrustCloud: A Framework for Accountability and Trust in Cloud Computing , 2011, 2011 IEEE World Congress on Services.

[25]  Christopher Krügel,et al.  Limits of Static Analysis for Malware Detection , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[26]  Christopher Krügel,et al.  Effective and Efficient Malware Detection at the End Host , 2009, USENIX Security Symposium.

[27]  Bhavani M. Thuraisingham,et al.  Cloud-based malware detection for evolving data streams , 2011, ACM Trans. Manag. Inf. Syst..

[28]  Imad M. Abbadi A framework for establishing trust in Cloud provenance , 2012, International Journal of Information Security.

[29]  Patrick D. McDaniel,et al.  Hi-Fi: collecting high-fidelity whole-system provenance , 2012, ACSAC '12.

[30]  Sudhir N. Dhage,et al.  Intrusion detection system in cloud computing environment , 2011, ICWET.