2011 5th International DMTF Academic Alliance Workshop on Systems and Virtualization Management: Standards and the Cloud (SVM), 2011
ABSTRACT The erosion of trust boundaries already happening in organizations is amplified and acce... more ABSTRACT The erosion of trust boundaries already happening in organizations is amplified and accelerated by Cloud computing. One of the most important security challenges is to manage and assure a secure Cloud usage over multi-provider Inter-Cloud environments with dedicated communication infrastructures, security mechanisms, processes and policies. This paper focuses on the identification of functions for different roles within future Inter-Cloud environments that belongs to the Cloud Security Management functional spectrum. Therefore, we describe all identified functional aspects and the distribution of these objects in order to define a platform independent model for the Security Management functional spectrum for Inter-Cloud called SMICS. SMICS will assist Cloud providers to analyze the necessary further development for their security management systems in order to support future Inter-Cloud environments. In addition, the better comprehension of the security management spectrum from a functional perspective will enable the Cloud provider community to design more efficient portals and gateways between Inter-Cloud providers itself respective their customer, and facilitate the adoption of this results in scientific and standardization environments.
2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conference on Embedded Software and Systems, 2015
Proceedings of the 7th International Conference on Network and Services Management, 2011
ABSTRACT Especially in the public sector, great efforts can be seen towards the Inter-Cloud (e.g.... more ABSTRACT Especially in the public sector, great efforts can be seen towards the Inter-Cloud (e.g., USA Federal Government's Cloud Computing Initiative). In order to make a contribution towards the challenges of security management in Cloud Computing respectively Inter-Cloud, this paper focuses on the identification of functional components for a Security Manager. Therefore, we present identified functional components (basic function and process components) for a Security Manager architecture. These components together with identified security data artifacts will support the Cloud provider community to implement a security management system, and facilitate the adoption of this results in the private and public sector. As a first step towards this, we present a detailed and comprehensive analysis of the security management functional components within current Cloud approaches, which can serve as a basis for future developments towards Inter-Cloud environments.
2007 10th IFIP/IEEE International Symposium on Integrated Network Management, 2007
ABSTRACT As of today, grids provide the technology, applications, and platforms for a seamless ac... more ABSTRACT As of today, grids provide the technology, applications, and platforms for a seamless access to resources, services, and content in a fully decentralized world of distributed information, computing power, and information technology business. Grid systems have evolved over time from pure computational grids to service grids and therefore provide a sustainable platform for electronic service provisioning in research-oriented and commercial multi-domain environments. Dealing with complex virtual services and virtual resources where service compositions have to take place on-demand, for certain periods of time, and across organizational boundaries imposes new challenging requirements to the underlying accounting system. The paper proposes an accounting system for complex virtual services and resources in grid environments based on (i) a service model for dynamic virtual organizations, overcoming the typically static nature of traditional grids, and (ii) a detailed description of a job workflow, in order to identify accounting relevant components and interfaces within a virtual organization. Based on the insights gained, a concept is proposed to derive accounting records, documenting the usage of virtual services and resources, out of the various data sources. Since virtual services and resources are provided by several providers (real or virtual organizations), the complexity of this task is obvious. An assessment, of the proposed system is done through a prototypical implementation based upon specific data from grid middlewares such as the Globus toolkit.
ABSTRACT In recent years the Internet has evolved into a critical communication infrastructure th... more ABSTRACT In recent years the Internet has evolved into a critical communication infrastructure that is omnipresent in almost all aspects of our daily life. This dependence of modern societies on the Internet has also resulted in more criminals using the Internet for their purposes, causing a steady increase of attacks, both in terms of quantity as well as quality. Although research on the detection of attacks has been performed for several decades, today??s systems are not able to cope with modern attack vectors. One of the reasons is the increasing use of encrypted communication that strongly limits the detection of malicious activities. While encryption provides a number of significant advantages for the end user like, for example, an increased level of privacy, many classical approaches of intrusion detection fail. Since it is typically not possible to decrypt the traffic, performing analysis w.r.t. the presence of certain patterns is almost impossible. To overcome this shortcoming we present a new behavior-based detection architecture that uses similarity measurements to detect intrusions as well as insider activities like data exfiltration in encrypted environments.
2011 5th International DMTF Academic Alliance Workshop on Systems and Virtualization Management: Standards and the Cloud (SVM), 2011
ABSTRACT The erosion of trust boundaries already happening in organizations is amplified and acce... more ABSTRACT The erosion of trust boundaries already happening in organizations is amplified and accelerated by Cloud computing. One of the most important security challenges is to manage and assure a secure Cloud usage over multi-provider Inter-Cloud environments with dedicated communication infrastructures, security mechanisms, processes and policies. This paper focuses on the identification of functions for different roles within future Inter-Cloud environments that belongs to the Cloud Security Management functional spectrum. Therefore, we describe all identified functional aspects and the distribution of these objects in order to define a platform independent model for the Security Management functional spectrum for Inter-Cloud called SMICS. SMICS will assist Cloud providers to analyze the necessary further development for their security management systems in order to support future Inter-Cloud environments. In addition, the better comprehension of the security management spectrum from a functional perspective will enable the Cloud provider community to design more efficient portals and gateways between Inter-Cloud providers itself respective their customer, and facilitate the adoption of this results in scientific and standardization environments.
2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conference on Embedded Software and Systems, 2015
Proceedings of the 7th International Conference on Network and Services Management, 2011
ABSTRACT Especially in the public sector, great efforts can be seen towards the Inter-Cloud (e.g.... more ABSTRACT Especially in the public sector, great efforts can be seen towards the Inter-Cloud (e.g., USA Federal Government's Cloud Computing Initiative). In order to make a contribution towards the challenges of security management in Cloud Computing respectively Inter-Cloud, this paper focuses on the identification of functional components for a Security Manager. Therefore, we present identified functional components (basic function and process components) for a Security Manager architecture. These components together with identified security data artifacts will support the Cloud provider community to implement a security management system, and facilitate the adoption of this results in the private and public sector. As a first step towards this, we present a detailed and comprehensive analysis of the security management functional components within current Cloud approaches, which can serve as a basis for future developments towards Inter-Cloud environments.
2007 10th IFIP/IEEE International Symposium on Integrated Network Management, 2007
ABSTRACT As of today, grids provide the technology, applications, and platforms for a seamless ac... more ABSTRACT As of today, grids provide the technology, applications, and platforms for a seamless access to resources, services, and content in a fully decentralized world of distributed information, computing power, and information technology business. Grid systems have evolved over time from pure computational grids to service grids and therefore provide a sustainable platform for electronic service provisioning in research-oriented and commercial multi-domain environments. Dealing with complex virtual services and virtual resources where service compositions have to take place on-demand, for certain periods of time, and across organizational boundaries imposes new challenging requirements to the underlying accounting system. The paper proposes an accounting system for complex virtual services and resources in grid environments based on (i) a service model for dynamic virtual organizations, overcoming the typically static nature of traditional grids, and (ii) a detailed description of a job workflow, in order to identify accounting relevant components and interfaces within a virtual organization. Based on the insights gained, a concept is proposed to derive accounting records, documenting the usage of virtual services and resources, out of the various data sources. Since virtual services and resources are provided by several providers (real or virtual organizations), the complexity of this task is obvious. An assessment, of the proposed system is done through a prototypical implementation based upon specific data from grid middlewares such as the Globus toolkit.
ABSTRACT In recent years the Internet has evolved into a critical communication infrastructure th... more ABSTRACT In recent years the Internet has evolved into a critical communication infrastructure that is omnipresent in almost all aspects of our daily life. This dependence of modern societies on the Internet has also resulted in more criminals using the Internet for their purposes, causing a steady increase of attacks, both in terms of quantity as well as quality. Although research on the detection of attacks has been performed for several decades, today??s systems are not able to cope with modern attack vectors. One of the reasons is the increasing use of encrypted communication that strongly limits the detection of malicious activities. While encryption provides a number of significant advantages for the end user like, for example, an increased level of privacy, many classical approaches of intrusion detection fail. Since it is typically not possible to decrypt the traffic, performing analysis w.r.t. the presence of certain patterns is almost impossible. To overcome this shortcoming we present a new behavior-based detection architecture that uses similarity measurements to detect intrusions as well as insider activities like data exfiltration in encrypted environments.
Uploads
Papers