An Approach for the Automated Analysis of Network Access Controls in Cloud Computing Infrastructures

This paper describes an approach for automated security analysis of network access controls in operational Infrastructure as a Service (IaaS) cloud computing environments. Our objective is to provide automated and experimental methods to analyze firewall access control mechanisms aiming at protecting cloud architectures. In order to determine the accessibilities in virtual infrastructure networks and detect unforeseen misconfigurations, we present an approach combining static and dynamic analyses, along with the analysis of discrepancies in the compared results. Our approach is sustained by experiments carried out on a VMware-based cloud platform.

[1]  O. K. Sahingoz,et al.  Attack Types and Intrusion Detection Systems in Cloud Computing , .

[2]  Ueman Oktay,et al.  Proxy Network Intrusion Detection System for cloud computing , 2013, 2013 The International Conference on Technological Advances in Electrical, Electronics and Computer Engineering (TAEECE).

[3]  Matthias Schunter,et al.  Automated Information Flow Analysis of Virtualized Infrastructures , 2011, ESORICS.

[4]  Vijay Atluri,et al.  Computer Security – ESORICS 2011 , 2011, Lecture Notes in Computer Science.

[5]  Yves Deswarte,et al.  An Approach for Security Evaluation and Analysis in Cloud Computing , 2013 .

[6]  Jörg Schwenk,et al.  On Technical Security Issues in Cloud Computing , 2009, 2009 IEEE International Conference on Cloud Computing.

[7]  Frank Doelitzscher,et al.  Sun Behind Clouds - On Automatic Cloud Security Audits and a Cloud Audit Policy Language , 2013 .

[8]  Albert G. Greenberg,et al.  On static reachability analysis of IP networks , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[9]  Robert M. Marmorstein,et al.  A Tool for Automated iptables Firewall Analysis , 2005, USENIX Annual Technical Conference, FREENIX Track.

[10]  Sören Bleikertz,et al.  Automated Security Analysis of Infrastructure Clouds , 2010 .

[11]  Yves Deswarte,et al.  Survey of Security Problems in Cloud Computing Virtual Machines , 2012 .

[12]  Amir R. Khakpour,et al.  Quarnet : A Tool for Quantifying Static Network Reachability , 2009 .

[13]  Kathi Fisler,et al.  The Margrave Tool for Firewall Analysis , 2010, LISA.