Intrusion damage assessment for multi-stage attacks for clouds

Clouds represent a major paradigm shift from contemporary systems, inspiring the contemporary approach to computing. They present fascinating opportunities to address dynamic user requirements with the provision of flexible computing infrastructures that are available on demand. Clouds, however, introducing novel challenges particularly with respect to security that require dedicated efforts to address them. This study is focused at one such challenge, that is, determining the extent of damage caused by an intrusion for a victim virtual machine. It has significant implications especially with respect to effective response to the intrusion. This study presents the efforts to address this challenge for Clouds in the form of a novel scheme for intrusion damage assessment for Clouds. In addition to its context-aware operation, the scheme facilitates protection against multi-stage attacks. The study also includes the formal specification and evaluation of the scheme, which successfully demonstrate its effectiveness to achieve rigorous damage assessment for Clouds.

[1]  Udo W. Pooch,et al.  Cooperating security managers: a peer-based intrusion detection system , 1996, IEEE Netw..

[2]  Robert P. Goldberg,et al.  Survey of virtual machine research , 1974, Computer.

[3]  G. Manimaran,et al.  Vulnerability Assessment of Cybersecurity for SCADA Systems , 2008, IEEE Transactions on Power Systems.

[4]  Frank Ortmeier,et al.  Formal Fault Tree Analysis - Practical Experiences , 2007, Electron. Notes Theor. Comput. Sci..

[5]  D. Pinto Secrets and Lies: Digital Security in a Networked World , 2003 .

[6]  Tal Garfinkel,et al.  When Virtual Is Harder than Real: Security Challenges in Virtual Machine Based Computing Environments , 2005, HotOS.

[7]  Peng Ning,et al.  Learning attack strategies from intrusion alerts , 2003, CCS '03.

[8]  Pin-Han Ho,et al.  Measuring IDS-estimated attack impacts for rational incident response: A decision theoretic approach , 2009, Comput. Secur..

[9]  Xingyuan Chen,et al.  DoS Attack Impact Assessment based on 3GPP QoS Indexes , 2008, 2008 3rd International Conference on Innovative Computing Information and Control.

[10]  Ulf Lindqvist,et al.  Modeling multistep cyber attacks for scenario recognition , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[11]  Qin Li,et al.  CIVIC: a Hypervisor based Virtual Computing Environment , 2007, 2007 International Conference on Parallel Processing Workshops (ICPPW 2007).

[12]  Stephen S. Yau,et al.  Computer network intrusion detection, assessment and prevention based on security dependency relation , 1999, Proceedings. Twenty-Third Annual International Computer Software and Applications Conference (Cat. No.99CB37032).

[13]  Jie Xu,et al.  An Intrusion Diagnosis Perspective on Cloud Computing , 2011, Guide to e-Science.

[14]  Brian Randell,et al.  Dependability and its threats - A taxonomy , 2004, IFIP Congress Topical Sessions.

[15]  Ferenc Szidarovszky,et al.  A game theory based risk and impact analysis method for Intrusion Defense Systems , 2009, 2009 IEEE/ACS International Conference on Computer Systems and Applications.

[16]  Jie Xu,et al.  Assessing the dependability of OGSA middleware by fault injection , 2003, 22nd International Symposium on Reliable Distributed Systems, 2003. Proceedings..

[17]  Monis Akhlaq,et al.  MARS: Multi-stage Attack Recognition System , 2010, 2010 24th IEEE International Conference on Advanced Information Networking and Applications.

[18]  Junaid Arshad An Integrated Intrusion Detection and Diagnosis for Clouds , 2009 .

[19]  Ossama Younis,et al.  Node clustering in wireless sensor networks: recent developments and deployment challenges , 2006, IEEE Network.