1 Supplemental Material: Scalable Distributed Service Integrity Attestation for Software-as-a-Service Clouds

Software-as-a-service (SaaS) cloud systems enable application service providers to deliver their applications via massive cloud computing infrastructures. However, due to their sharing nature, SaaS clouds are vulnerable to malicious attacks. In this paper, we present IntTest, a scalable and effective service integrity attestation framework for SaaS clouds. IntTest provides a novel integrated attestation graph analysis scheme that can provide stronger attacker pinpointing power than previous schemes. Moreover, IntTest can automatically enhance result quality by replacing bad results produced by malicious attackers with good results produced by benign service providers. We have implemented a prototype of the IntTest system and tested it on a production cloud computing infrastructure using IBM System S stream processing applications. Our experimental results show that IntTest can achieve higher attacker pinpointing accuracy than existing approaches. IntTest does not require any special hardware or secure kernel support and imposes little performance impact to the application, which makes it practical for large-scale cloud systems.

[1]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[2]  Xinwen Zhang,et al.  Behavioral Attestation for Business Processes , 2009, 2009 IEEE International Conference on Web Services.

[3]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[4]  Michel Savoie,et al.  Service-Oriented Virtual Private Networks for Grid Applications , 2007, IEEE International Conference on Web Services (ICWS 2007).

[5]  Hector Garcia-Molina,et al.  The Eigentrust algorithm for reputation management in P2P networks , 2003, WWW '03.

[6]  Radu Sion,et al.  The blind stone tablet: Outsourcing durability , 2009 .

[7]  Yuan Yu,et al.  Dryad: distributed data-parallel programs from sequential building blocks , 2007, EuroSys '07.

[8]  Sanjay Ghemawat,et al.  MapReduce: Simplified Data Processing on Large Clusters , 2004, OSDI.

[9]  Ting Yu,et al.  On verifying stateful dataflow processing services in large-scale cloud systems , 2010, CCS '10.

[10]  Roberto Tamassia,et al.  Dynamic provable data possession , 2009, IACR Cryptol. ePrint Arch..

[11]  Gustavo Alonso,et al.  Web Services: Concepts, Architectures and Applications , 2009 .

[12]  G. Bancerek Konig's Theorem , 1990 .

[13]  Thomas Erl,et al.  Service-Oriented Architecture: Concepts, Technology, and Design , 2005 .

[14]  Ying Xing,et al.  The Design of the Borealis Stream Processing Engine , 2005, CIDR.

[15]  日経BP社,et al.  Amazon Web Services完全ソリューションガイド , 2016 .

[16]  Benjamin Livshits,et al.  Ripley: automatically securing web 2.0 applications through replicated execution , 2009, CCS.

[17]  Elaine Shi,et al.  Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems , 2005, SOSP '05.

[18]  Andreas Haeberlen,et al.  PeerReview: practical accountability for distributed systems , 2007, SOSP.

[19]  E. Schmidt Assistant Professor , 2007 .

[20]  Alptekin Küpçü,et al.  Incentivizing outsourced computation , 2008, NetEcon '08.

[21]  Tracey Ho,et al.  Byzantine modification detection in multicast networks using randomized network coding , 2004, International Symposium onInformation Theory, 2004. ISIT 2004. Proceedings..

[22]  Feng Xiao,et al.  SybilLimit: A Near-Optimal Social Network Defense against Sybil Attacks , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[23]  Klara Nahrstedt,et al.  QoS-assured service composition in managed service overlay networks , 2003, 23rd International Conference on Distributed Computing Systems, 2003. Proceedings..

[24]  Thomas Hess,et al.  Software as a Service , 2008, Wirtschaftsinf..

[25]  Michael Kaminsky,et al.  SybilLimit: A Near-Optimal Social Network Defense against Sybil Attacks , 2008, S&P 2008.

[26]  Xiaofeng Meng,et al.  Integrity Auditing of Outsourced Data , 2007, VLDB.

[27]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[28]  Stefan Berger,et al.  TVDc: managing security in the trusted virtual datacenter , 2008, OPSR.

[29]  Kenneth Steiglitz,et al.  Combinatorial Optimization: Algorithms and Complexity , 1981 .

[30]  Juan Du,et al.  Adaptive data-driven service integrity attestation for multi-tenant cloud systems , 2011, 2011 IEEE Nineteenth IEEE International Workshop on Quality of Service.

[31]  Navendu Jain,et al.  Design, implementation, and evaluation of the linear road bnchmark on the stream processing core , 2006, SIGMOD Conference.

[32]  Lakshminarayanan Subramanian,et al.  Sybil-Resilient Online Content Voting , 2009, NSDI.

[33]  Andreas Haeberlen,et al.  CSAR: A Practical and Provable Technique to Make Randomized Systems Accountable , 2009, NDSS.

[34]  Philip S. Yu,et al.  Challenges and Experience in Prototyping a Multi-Modal Stream Analytic and Monitoring Application on System S , 2007, VLDB.

[35]  Ari Juels,et al.  HAIL: a high-availability and integrity layer for cloud storage , 2009, CCS.

[36]  Mudhakar Srivatsa,et al.  Securing publish-subscribe overlay services with EventGuard , 2005, CCS '05.

[37]  Wu-chang Feng,et al.  Fides: remote anomaly-based cheat detection using client emulation , 2009, CCS.

[38]  Ting Yu,et al.  RunTest: assuring integrity of dataflow processing in cloud computing infrastructures , 2010, ASIACCS '10.

[39]  Glenn Cater,et al.  Service Oriented Architecture (SOA) , 2011, Encyclopedia of Information Assurance.

[40]  Trent Jaeger,et al.  Trusted virtual domains: toward secure distributed services , 2005 .

[41]  I. V. Ramakrishnan,et al.  A Framework for Building Privacy-Conscious Composite Web Services , 2006, 2006 IEEE International Conference on Web Services (ICWS'06).

[42]  Kenneth G. Paterson,et al.  Trust management for secure information flows , 2008, CCS.

[43]  Barbara Carminati,et al.  Towards standardized Web services privacy technologies , 2004, Proceedings. IEEE International Conference on Web Services, 2004..

[44]  Manuel Blum,et al.  Software reliability via run-time result-checking , 1997, JACM.

[45]  Qing Zhang,et al.  A Framework for Identifying Compromised Nodes in Wireless Sensor Networks , 2008, TSEC.

[46]  Craig Gentry,et al.  Non-interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers , 2010, CRYPTO.

[47]  Hari Balakrishnan,et al.  Tolerating byzantine faults in transaction processing systems using commit barrier scheduling , 2007, SOSP.

[48]  Rodrigo Rodrigues,et al.  Tolerating Byzantine Faulty Clients in a Quorum System , 2006, 26th IEEE International Conference on Distributed Computing Systems (ICDCS'06).

[49]  Christos Faloutsos,et al.  Netprobe: a fast and scalable system for fraud detection in online auction networks , 2007, WWW '07.

[50]  Angelos D. Keromytis,et al.  F3ildCrypt: End-to-End Protection of Sensitive Information in Web Services , 2009, ISC.

[51]  Jennifer Widom,et al.  STREAM: The Stanford Stream Data Manager , 2003, IEEE Data Eng. Bull..

[52]  Krishna P. Gummadi,et al.  Ostra: Leveraging Trust to Thwart Unwanted Communication , 2008, NSDI.

[53]  Vincent Roca,et al.  Managing and securing Web services with VPNs , 2004, Proceedings. IEEE International Conference on Web Services, 2004..

[54]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[55]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[56]  Michael Kaminsky,et al.  SybilGuard: Defending Against Sybil Attacks via Social Networks , 2008, IEEE/ACM Transactions on Networking.

[57]  Scott A. Rotondo Trusted Computing Group , 2011, Encyclopedia of Cryptography and Security.

[58]  Fabian Monrose,et al.  Distributed Execution with Remote Audit , 1999, NDSS.

[59]  Juan A. Garay,et al.  Software integrity protection using timed executable agents , 2006, ASIACCS '06.

[60]  Philip S. Yu,et al.  SPADE: the system s declarative stream processing engine , 2008, SIGMOD Conference.

[61]  Pradeep K. Khosla,et al.  SWATT: softWare-based attestation for embedded devices , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[62]  Elaine Shi,et al.  BIND: a fine-grained attestation service for secure distributed systems , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[63]  Shriram K. Vasudevan,et al.  Sybil Guard: Defending Against Sybil Attacks via Social Networks , 2010 .

[64]  Randy H. Katz,et al.  The SAHARA Model for Service Composition across Multiple Providers , 2002, Pervasive.

[65]  Vitaly Shmatikov,et al.  Airavat: Security and Privacy for MapReduce , 2010, NSDI.

[66]  Inseok Hwang,et al.  A Survey of Fault Detection, Isolation, and Reconfiguration Methods , 2010, IEEE Transactions on Control Systems Technology.