Skip to main content
SpringerLink
Log in

Diagnosing Vulnerability Patterns in Cloud Audit Logs

  • Chapter
  • First Online:
High Performance Cloud Auditing and Applications

Abstract

A service cloud architecture that allows web service compositions to answer complex requests improves the accessibility and flexibility of web services from different vendors. However, security issues exist in the service cloud, including both vulnerabilities of traditional web service communications and new issues brought by inter-cloud communications. Cloud-wide auditing to uncover security issues is a complex task due to the large scale and decentralized structure of the cloud environment. Existing security standards, protocols and auditing mechanisms can provide audit logs, but in most cases, these logs cannot pinpoint type, location, and impact of threats. Given a cloud architecture that specifies the scope of audit logs and a definition of the expected auditable events in the cloud providing evidence of potential threats, we define Vulnerability Diagnostic Trees (VDTs) to formally manifest vulnerability patterns across several audit trails generated within the service cloud. Our attack examples are based on the allocation of services to a web service composition that answers a client request through end-to-end round trip messaging.

“Approved for Public Release; Distribution Unlimited: 88ABW-2013-0074, 09-Jan-2013”

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Andrekanic, A., Gamble, R.: Architecting web service attack detection handlers. In: Proceedings of the 19th International Conference on Web Services, ICWS’12, Honolulu, pp. 130–137. IEEE Computer Society, Washington, DC (2012). doi:10.1109/ICWS.2012.69

    Google Scholar 

  2. Andrikopoulos, V., Plebani, P.: Retrieving compatible web services. In: Proceedings of the 2011 IEEE International Conference on Web Services, ICWS’11, Washington, DC, pp. 179–186. IEEE Computer Society, Washington, DC (2011). doi:10.1109/ICWS.2011.24

    Google Scholar 

  3. Beaton, J.K., Myers, B.A., Stylos, J., Jeong, S.Y., Xie, Y.: Usability evaluation for enterprise SOA APIs. In: Proceedings of the 2nd International Workshop on Systems Development in SOA Environments, SDSOA’08, Leipzig, pp. 29–34. ACM, New York (2008). doi:10.1145/1370916.1370924

    Google Scholar 

  4. Bell, M.: Service-Oriented Modeling: Service Analysis, Design, and Architecture. Wiley, Hoboken, New Jersey (2008)

    Google Scholar 

  5. Benameur, A., Kadir, F.A., Fenet, S.: XML rewriting attacks: existing solutions and their limitations. In: IADIS Applied Computing, Algarve (2008). doi:abs/0812.4181

    Google Scholar 

  6. Bishop, M.A.: The Art and Science of Computer Security. Addison-Wesley Longman, Boston (2002)

    Google Scholar 

  7. Bistarelli, S., Fioravanti, F., Peretti, P.: Defense trees for economic evaluation of security investments. In: Proceedings of the 1st International Conference on Availability, Reliability and Security, ARES’06, Algarve, pp. 416–423. IEEE Computer Society, Washington, DC (2006). doi:10.1109/ARES.2006.46

    Google Scholar 

  8. Bleikertz, S., Schunter, M., Probst, C.W., Pendarakis, D., Eriksson, K.: Security audits of multi-tier virtual infrastructures in public infrastructure clouds. In: Proceedings of the 2010 ACM Workshop on Cloud Computing Security, CCSW’10, Chicago, pp. 93–102. ACM, New York (2010). doi:10.1145/1866835.1866853

    Google Scholar 

  9. Celesti, A., Tusa, F., Villari, M., Puliafito, A.: How to enhance cloud architectures to enable cross-federation. In: Proceedings of the 3rd IEEE International Conference on Cloud Computing, CLOUD’10, Miami, pp. 337–345. IEEE Computer Society, Washington, DC (2010). doi:10.1109/CLOUD.2010.46

    Google Scholar 

  10. Cellary, W., Strykowski, S.: E-government based on cloud computing and service-oriented architecture. In: Proceedings of the 3rd International Conference on Theory and Practice of Electronic Governance, ICEGOV’09, Bogota, pp. 5–10. ACM, New York (2009). doi:10.1145/1693042.1693045

    Google Scholar 

  11. Chen, Z., Yoon, J.: It auditing to assure a secure cloud computing. In: Proceedings of the 6th World Congress on Services, SERVICES’10, Miami, pp. 253–259. IEEE Computer Society, Washington, DC (2010). doi:10.1109/SERVICES.2010.118

    Google Scholar 

  12. commoncriteriaportal.org: Common criteria for information technology security evaluation 3.1R4. http://goo.gl/IeC55 (2012)

  13. Doelitzscher, F., Fischer, C., Moskal, D., Reich, C., Knahl, M., Clarke, N.: Validating cloud infrastructure changes by cloud audits. In: Proceedings of the 8th IEEE World Congress on Services, SERVICES’12, Honolulu, pp. 377–384. IEEE Computer Society, Washington, DC (2012). doi:10.1109/SERVICES.2012.12

    Google Scholar 

  14. dtic.mil: DoDI 8500.2, information assurance (IA) implementation. http://goo.gl/pwd2p (2003)

  15. Esmaeilsabzali, S., Larson, K.: Service allocation for composite web services based on quality attributes. In: Proceedings of the 7th IEEE International Conference on E-Commerce Technology Workshops, CECW’05, Munich, pp. 71–82. IEEE Computer Society, Washington, DC (2005). doi:10.1109/CECW.2005.19

    Google Scholar 

  16. gictf.jp: Intercloud interface specification draft. http://goo.gl/SW4IS (2009)

  17. Hale, M.L., Gamble, R.: Secagreement: advancing security risk calculations in cloud services. In: Proceedings of the 8th IEEE World Congress on Services, SERVICES’12, Honolulu, pp. 133–140. IEEE Computer Society, Washington, DC (2012). doi:10.1109/SERVICES.2012.31

    Google Scholar 

  18. Hamlen, K., Kantarcioglu, M., Khan, L., Thuraisingham, B.: Security issues for cloud computing. Int. J. Inf. Secur. Priv. 4(2), 36–48 (2010)

    Article  Google Scholar 

  19. Idika, N., Bhargava, B.: Extending attack graph-based security metrics and aggregating their application. IEEE Trans. Dependable Secur. Comput. 9(1), 75–85 (2012). doi:10.1109/TDSC.2010.61

    Article  Google Scholar 

  20. Ion, M., Pop, F., Dobre, C., Cristea, V.: Dynamic resources allocation in grid enviroments. In: Proceedings of the 11th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing, SYNASC’09, Timisoara, pp. 213–220. IEEE Computer Society, Washington, DC (2009). doi:10.1109/SYNASC.2009.20

    Google Scholar 

  21. jboss.org: JBoss application server 7. http://goo.gl/0Hg9z (2011)

  22. Jensen, M., Meyer, C.: Expressiveness considerations of XML signatures. In: Proceedings of 35th IEEE Annual Computer Software and Applications Conference Workshops, COMPSACW’11, Munich, pp. 392–397. IEEE Computer Society, Washington, DC (2011). doi:10.1109/COMPSACW.2011.72

    Google Scholar 

  23. Jensen, M., Gruschka, N., Herkenhoner, R., Luttenberger, N.: SOA and web services: new technologies, new standards – new attacks. In: Proceedings of the 5th European Conference on Web Services, ECOWS’07, Halle, pp. 35–44. IEEE Computer Society, Washington, DC (2007). doi:10.1109/ECOWS.2007.24

    Google Scholar 

  24. Jureta, I., Faulkner, S., Achbany, Y., Saerens, M.: Dynamic web service composition within a service-oriented architecture. In: IEEE International Conference on Web Services, Salt Lake City, pp. 304–311. IEEE Computer Society, Los Alamitos (2007). doi:http://doi.ieeecomputersociety.org/10.1109/ICWS.2007.79

  25. Ko, R.K.L., Jagadpramana, P., Mowbray, M., Pearson, S., Kirchberg, M., Liang, Q., Lee, B.S.: TrustCloud: a framework for accountability and trust in cloud computing. In: Proceedings of the 7th IEEE World Congress on Services, SERVICES’11, Washington, DC, pp. 584–588. IEEE Computer Society, Washington, DC (2011). doi:10.1109/SERVICES.2011.91

    Google Scholar 

  26. Lakshminarayanan, S.: Interoperable security standards for web services. IT Prof. 12(5), 42–47 (2010). doi:10.1109/MITP.2010.98

    Article  Google Scholar 

  27. Lilien, L., Bhargava, B.: A scheme for privacy-preserving data dissemination. IEEE Trans. Syst. Man Cybern. A 36(3), 503–506 (2006). doi:10.1109/TSMCA.2006.871655

    Article  Google Scholar 

  28. Mainka, C., Somorovsky, J., Schwenk, J.: Penetration testing tool for web services security. In: Proceedings of the 2012 IEEE Eighth World Congress on Services, SERVICES’12, Honolulu, pp. 163–170. IEEE Computer Society, Washington, DC (2012). doi:10.1109/SERVICES.2012.7

    Google Scholar 

  29. nist.gov: NIST SP800-53: security and privacy controls for federal information systems and organizations. http://goo.gl/wBWYh (2012)

  30. Noel, S., Jajodia, S.: Managing attack graph complexity through visual hierarchical aggregation. In: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, VizSEC/DMSEC’04, Washington, DC, pp. 109–118. ACM, New York (2004). doi:10.1145/1029208.1029225

    Google Scholar 

  31. oasis-open.org: WS-SecureConversation 1.3. http://goo.gl/90BYS (2007)

  32. oasis-open.org: WS-Trust 1.3. http://goo.gl/Tv5OP (2007)

  33. Phan, K.A., Tari, Z., Bertok, P.: A benchmark on soap’s transport protocols performance for mobile applications. In: Proceedings of the 2006 ACM Symposium on Applied Computing, SAC’06, Dijon, pp. 1139–1144. ACM, New York (2006). doi:10.1145/1141277.1141548

    Google Scholar 

  34. Rahaman, M.A., Schaad, A., Rits, M.: Towards secure SOAP message exchange in a SOA. In: Proceedings of the 3rd ACM Workshop on Secure Web Services, SWS’06, Alexandria, pp. 77–84. ACM, New York (2006). doi:10.1145/1180367.1180382

    Google Scholar 

  35. Saha, D.: Extending logical attack graphs for efficient vulnerability analysis. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, CCS’08, Alexandria, pp. 63–74. ACM, New York (2008). doi:10.1145/1455770.1455780

    Google Scholar 

  36. Schneier, B.: Attack trees – modeling security threats (1999). http://goo.gl/ZKRkz

  37. Sengupta, S., Kaulgud, V., Sharma, V.S.: Cloud computing security–trends and research directions. In: Proceedings of the 7th IEEE World Congress on Services, SERVICES’11, pp. 524–531. IEEE Computer Society, Washington, DC (2011). doi:10.1109/SERVICES.2011.20

    Google Scholar 

  38. She, W., Yen, I.L., Thuraisingham, B., Bertino, E.: The SCIFC model for information flow control in web service composition. In: Proceedings of the 2009 IEEE International Conference on Web Services, ICWS’09, pp. 1–8. IEEE Computer Society, Washington, DC (2009). doi:10.1109/ICWS.2009.13

    Google Scholar 

  39. She, W., Yen, I.L., Thuraisingham, B., Huang, S.Y.: Rule-based run-time information flow control in service cloud. In: Proceedings of the 2011 IEEE International Conference on Web Services, ICWS’11, pp. 524–531. IEEE Computer Society, Washington, DC (2011). doi:10.1109/ICWS.2011.35

    Google Scholar 

  40. Sidharth, N., Liu, J.: Intrusion resistant soap messaging with iapf. In: Proceedings of the 2008 IEEE Asia-Pacific Services Computing Conference, APSCC’08, pp. 856–862. IEEE Computer Society, Washington, DC (2008). doi:10.1109/APSCC.2008.221

    Google Scholar 

  41. Sundareswaran, S., Squicciarini, A., Lin, D., Huang, S.: Promoting distributed accountability in the cloud. In: Proceedings of the 4th IEEE International Conference on Cloud Computing, CLOUD’11, pp. 113–120. IEEE Computer Society, Washington, DC (2011). doi:10.1109/CLOUD.2011.57

    Google Scholar 

  42. Tndel, I.A., Jensen, J., Rstad, L.: Combining misuse cases with attack trees and security activity models. In: Proceedings of the 5th International Conference on Availability, Reliability and Security, ARES’10, pp. 438–445. IEEE Computer Society (2010). doi:10.1109/ARES.2010.101

    Google Scholar 

  43. w3.org: SOAP version 1.2 part 1: messaging framework (second edition). http://goo.gl/A2agX (2007)

  44. Wei, Y., Blake, M.B.: Service-oriented computing and cloud computing: challenges and opportunities. IEEE Internet Comput. 14(6), 72–75 (2010). doi:10.1109/MIC.2010.147

    Article  Google Scholar 

  45. Wilde, N., Simmons, S., Pressel, M., Vandeville, J.: Understanding features in soa: some experiences from distributed systems. In: Proceedings of the 2nd International Workshop on Systems Development in SOA Environments, SDSOA’08, pp. 59–62. ACM, New York (2008). doi:10.1145/1370916.1370931

    Google Scholar 

  46. Xie, R.: Manifesting security issues in a service cloud structure through auditing. M.S. Thesis, Tandy School of Computer Science, University of Tulsa, Tulsa (2012)

    Google Scholar 

  47. Xie, R., Gamble, R.: An architecture for cross-cloud auditing of service cloud. In: Proceedings of the 8th Cyber Security and Information Intelligence Research Workshop (2012)

    Google Scholar 

  48. Xie, R., Gamble, R.: A tiered strategy for auditing in the cloud. In: Proceedings of the 5th IEEE International Conference on Cloud Computing, CLOUD’12, pp. 945–946. IEEE Computer Society, Washington, DC (2012). doi:10.1109/CLOUD.2012.144

    Google Scholar 

Download references

Acknowledgements

This material is based on research sponsored in part by the Air Force Office of Scientific Research (AFOSR) grant FA-9550-09-1-0409, the Air Force Research Laboratory (AFRL) grant FA8750-10-2-0143 and the AFOSR/AFRL LRIR 11RI01COR. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied of the AFOSR, AFRL, or the U.S. Government.

Author information

Authors and Affiliations

  1. University of Tulsa, Tulsa, OK, USA

    Rui Xie & Rose Gamble

  2. Air Force Research Laboratory, Rome, NY, USA

    Norman Ahmed

  3. Purdue University, West Lafayette, IN, USA

    Norman Ahmed

Authors
  1. Rui Xie
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rose Gamble
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Norman Ahmed
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rui Xie .

Editor information

Editors and Affiliations

  1. Air Force Research Laboratory, Rome, New York, USA

    Keesook J. Han

  2. School of Computing and Engineering, University of Missouri - Kansas City, Kansas City, Missouri, USA

    Baek-Young Choi

  3. Department of Engineering Technology The Dwight Look College of Engineering, Texas A&M University, College Station, Texas, USA

    Sejun Song

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer Science+Business Media New York

About this chapter

Cite this chapter

Xie, R., Gamble, R., Ahmed, N. (2014). Diagnosing Vulnerability Patterns in Cloud Audit Logs. In: Han, K., Choi, BY., Song, S. (eds) High Performance Cloud Auditing and Applications. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-3296-8_5

Download citation

  • DOI: https://doi.org/10.1007/978-1-4614-3296-8_5

  • Published:

  • Publisher Name: Springer, New York, NY

  • Print ISBN: 978-1-4614-3295-1

  • Online ISBN: 978-1-4614-3296-8

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation