Abstract
In this paper we make use of SDN for provisioning of Security as a Service (SECaaS) to the tenant and simplify the security management in cloud. We have developed a Security Application (SA) for the SDN Controller which is used for capturing the tenant security requirements and enforcing the related security policies for securing their virtual machines (VMs). We have developed a security policy specification language for enforcing TPM, Access Control and Intrusion Detection related security policies with the SA. Finally we present the prototype implementation of our approach and some performance results.
References
Amazon, E.: Amazon elastic compute cloud (amazon ec2). Amazon Elastic Compute Cloud (Amazon EC2) (2010)
Bauman, E., et al.: A survey on hypervisor-based monitoring: approaches, applications, and evolutions. ACM Comput. Surv. (CSUR) 48(1), 10 (2015)
Benninger, C., et al.: Maitland: lighter-weight vm introspection to support cyber-security in the cloud. In: 2012 IEEE 5th International Conference on Cloud Computing (CLOUD), pp. 471–478. IEEE (2012)
Blanc, M., et al.: Mandatory access protection within cloud systems. In: Security, Privacy and Trust in Cloud Systems, pp. 145–173. Springer, Heidelberg (2014)
Duan, Y., et al.: Various aas of everything as a service. In: 2015 16th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD), pp. 1–6. IEEE (2015)
Foundation, O.N.: Software-defined networking: the new norm for networks. https://www.opennetworking.org/images/stories/downloads/sdnresources/white-papers/wp-sdn-newnorm.pdf. Accessed 12 Dec 2015
Fu, Y., et al.: Bridging the semantic gap in virtual machine introspection via binary code reuse. Ph.D. thesis, The University of Texas at Dallas (2016)
Garfinkel, T., et al.: A virtual machine introspection based architecture for intrusion detection. NDSS 3, 191–206 (2003)
Hasan, M.M., et al.: Encryption as a service for smart grid advanced metering infrastructure. In: 2015 IEEE Symposium on Computers and Communication (ISCC), pp. 216–221. IEEE (2015)
Hussain, M., et al.: Secaas: security as a service for cloud-based applications. In: Proceedings of the Second Kuwait Conference on e-Services and e-Systems. p. 8. ACM (2011)
Jain, B., et al.: SoK: Introspections on trust and the semantic gap. In: 2014 IEEE Symposium on Security and Privacy (SP), pp. 605–620. IEEE (2014)
Liu, J., et al.: Leveraging software-defined networking for security policy enforcement. Inf. Sci. 327, 288–299 (2016)
Luo, Y., et al.: Modeling, conflict detection, and verification of a new virtualization role-based access control framework. Secur. Commun. Netw. 8(10), 1904–1925 (2015)
Mell, P., et al.: The NIST definition of cloud computing (2011)
Microsoft Corporation: Windows Azure. http://www.windowsazure.com/en-us/ (2011)
Naik, Y.: Xen-Cap: a capability framework for Xen (2013)
Payne, B.D.: Simplifying virtual machine introspection using LibVMI. Sandia report, pp. 43–44 (2012)
Sahay, R., et al.: Adaptive policy-driven attack mitigation in SDN. In: Proceedings of the 1st International Workshop on Security and Dependability of Multi-Domain Infrastructures, p. 4. ACM (2017)
Sailer, R., et al.: Building a MAC-based security architecture for the Xen open-source hypervisor. In: Computer Security Applications Conference, 21st Annual, p. 10. IEEE (2005)
Sfyrakis, I., et al.: Virtuscap: capability-based access control for unikernels. In: 2017 IEEE International Conference on Cloud Engineering (IC2E), pp. 226–237. IEEE (2017)
Sgandurra, D., et al.: Evolution of attacks, threat models, and solutions for virtualized systems. ACM Comput. Surv. (CSUR) 48(3), 46 (2016)
Suneja, S., et al.: Safe inspection of live virtual machines. In: Proceedings of the 13th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, pp. 97–111. ACM (2017)
Tpm, T.: Main part 1 design principles specification version 1.2 (2003)
Yu, S., et al.: A security-awareness virtual machine management scheme based on Chinese wall policy in cloud computing. The Scientific World Journal (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Tupakula, U., Varadharajan, V., Karmakar, K. (2017). SDN-based Dynamic Policy Specification and Enforcement for Provisioning SECaaS in Cloud. In: Bouguettaya, A., et al. Web Information Systems Engineering – WISE 2017. WISE 2017. Lecture Notes in Computer Science(), vol 10570. Springer, Cham. https://doi.org/10.1007/978-3-319-68786-5_44
Download citation
DOI: https://doi.org/10.1007/978-3-319-68786-5_44
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-68785-8
Online ISBN: 978-3-319-68786-5
eBook Packages: Computer ScienceComputer Science (R0)