Connectivity extraction in cloud infrastructures

For management and security purposes, cloud providers should know the connectivity graph between virtual machines. Since traditional methods used in physical networks produce incomplete results and are hardly usable in the Cloud, we propose to use information provided by a Cloud Management Software and an SDN controller, to compute the connectivity graph in those environments. Our approach shows an exact, complete and up-to-date connectivity graphs computation on a representative infrastructure, in reasonable time.

[1]  Mark Crovella,et al.  Efficient algorithms for large-scale topology discovery , 2004, SIGMETRICS '05.

[2]  Thomas R. Gross,et al.  Topology discovery for large ethernet networks , 2001, SIGCOMM 2001.

[3]  Matthias Schunter,et al.  Automated Information Flow Analysis of Virtualized Infrastructures , 2011, ESORICS.

[4]  Anoop Singhal,et al.  Quantitative Security Risk Assessment of Enterprise Networks , 2011, Springer Briefs in Computer Science.

[5]  Rajeev Rastogi,et al.  Topology discovery in heterogeneous IP networks: the NetInventory system , 2004, IEEE/ACM Transactions on Networking.

[6]  Mark Santcroos,et al.  Providing Active Measurements as a Regular Service for ISP's , 2001 .

[7]  Salim Jouili,et al.  An Empirical Comparison of Graph Databases , 2013, 2013 International Conference on Social Computing.

[8]  Richard P. Lippmann,et al.  An Annotated Review of Past Papers on Attack Graphs , 2005 .

[9]  Chase Cotton,et al.  Packet-level traffic measurements from the Sprint IP backbone , 2003, IEEE Netw..

[10]  Sushil Jajodia,et al.  Measuring Security Risk of Networks Using Attack Graphs , 2010, Int. J. Next Gener. Comput..

[11]  Lingyu Wang,et al.  Auditing Security Compliance of the Virtualized Infrastructure in the Cloud: Application to OpenStack , 2016, CODASPY.

[12]  Thomas Groß,et al.  Cloud radar: near real-time detection of security failures in dynamic virtualized infrastructures , 2014, ACSAC.

[13]  Mark Crovella,et al.  Improved Algorithms for Network Topology Discovery , 2005, PAM.

[14]  William Tu,et al.  Automated Service Discovery for Enterprise Network Management , 2009 .

[15]  Paul Barford,et al.  Network discovery from passive measurements , 2008, SIGCOMM '08.