Skip to main content
SpringerLink
Log in

Proactivizer: Transforming Existing Verification Tools into Efficient Solutions for Runtime Security Enforcement

  • Conference paper
  • First Online:
Computer Security – ESORICS 2019 (ESORICS 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11736))

Included in the following conference series:

Abstract

Security verification plays a vital role in providing users the needed security assurance in many applications. However, applying existing verification tools for runtime security enforcement may suffer from a common limitation, i.e., causing significant delay to user requests. The key reason to this limitation is that these tools are not specifically designed for runtime enforcement, especially in a dynamic and large-scale environment like clouds. In this paper, we address this issue by proposing a proactive framework, namely, Proactivizer, to transform existing verification tools into efficient solutions for runtime security enforcement. Our main idea is to leverage existing verification tools as black boxes and to proactively trigger the verification process based on dependency relationships among the events. As a proof of concept, we apply Proactivizer to several existing verification tools and integrate it with OpenStack, a popular cloud platform. We perform extensive experiments in both simulated and real cloud environments and the results demonstrate the effectiveness of Proactivizer in reducing the response time significantly (e.g., within 9 ms to verify a cloud of 100,000 VMs and up to 99.9% reduction in response time).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://pypi.org/project/pgmpy/.

References

  1. Aikat, J., et al.: Rethinking security in the era of cloud computing. IEEE Secur. Priv. 15(3), 60–69 (2017)

    Article  Google Scholar 

  2. Amazon. Amazon virtual private cloud. https://aws.amazon.com/vpc. Accessed 14 Feb 2018

  3. Bellare, M., Yee, B.: Forward integrity for secure audit logs. Technical report, Citeseer (1997)

    Google Scholar 

  4. Bleikertz, S., Groß, T., Schunter, M., Eriksson, K.: Automated information flow analysis of virtualized infrastructures. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 392–415. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23822-2_22

    Chapter  Google Scholar 

  5. Bleikertz, S., Vogel, C., Groß, T.: Cloud radar: near real-time detection of security failures in dynamic virtualized infrastructures. In: Proceedings of the 30th Annual Computer Security Applications Conference (ACSAC), pp. 26–35. ACM (2014)

    Google Scholar 

  6. Bleikertz, S., Vogel, C., Groß, T., Mödersheim, S.: Proactive security analysis of changes in virtualized infrastructures. In: Proceedings of the 31st Annual Computer Security Applications Conference (ACSAC), pp. 51–60. ACM (2015)

    Google Scholar 

  7. Celik, Z.B., Tan, G., McDaniel, P.: IoTGuard: dynamic enforcement of security and safety policy in commodity IoT. In: Proceedings of 2019 Annual Network and Distributed System Security Symposium (NDSS 2019), February 2019

    Google Scholar 

  8. Doelitzscher, F., Fischer, C., Moskal, D., Reich, C., Knahl, M., Clarke, N.: Validating cloud infrastructure changes by cloud audits. In: Eighth World Congress on Services (SERVICES), pp. 377–384. IEEE (2012)

    Google Scholar 

  9. Dolzhenko, E., Ligatti, J., Reddy, S.: Modeling runtime enforcement with mandatory results automata. Int. J. Inf. Secur. 14(1), 47–60 (2015)

    Article  Google Scholar 

  10. Elasticsearch. Logstash. https://www.elastic.co/products/logstash. Accessed 14 Feb 2018

  11. Foley, S.N., Neville, U.: A firewall algebra for OpenStack. In: Conference on Communications and Network Security (CNS), pp. 541–549. IEEE (2015)

    Google Scholar 

  12. Google. Google cloud platform. https://cloud.google.com. Accessed 14 Feb 2018

  13. Hamed, H., Al-Shaer, E., Marrero, W.: Modeling and verification of IPSEC and VPN security policies. In: 13th IEEE International Conference on Network Protocols (ICNP 2005), pp. 10–pp. IEEE (2005)

    Google Scholar 

  14. Hamilton, J.D.: Time series analysis. Economic Theory. II, pp. 625–630. Princeton University Press, USA (1995)

    Google Scholar 

  15. Hong, S., Xu, L., Wang, H., Gu, G.: Poisoning network visibility in software-defined networks: new attacks and countermeasures. In: Proceedings of 2015 Annual Network and Distributed System Security Symposium (NDSS 2015), February 2015

    Google Scholar 

  16. Li, M., Zang, W., Bai, K., Yu, M., Liu, P.: Mycloud: supporting user-configured privacy protection in cloud computing. In: Proceedings of the 29th Annual Computer Security Applications Conference (ACSAC), pp. 59–68. ACM (2013)

    Google Scholar 

  17. Ligatti, J., Bauer, L., Walker, D.: Run-time enforcement of nonsafety policies. ACM Trans. Inf. Syst. Secur. (TISSEC) 12(3), 19 (2009)

    Article  Google Scholar 

  18. Ligatti, J., Reddy, S.: A theory of runtime enforcement, with results. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 87–100. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15497-3_6

    Chapter  Google Scholar 

  19. Lopes, N.P., Bjørner, N., Godefroid, P., Jayaraman, K., Varghese, G.: Checking beliefs in dynamic networks. In: 12th USENIX Symposium on Networked Systems Design and Implementation (NSDI 2015), pp. 499–512 (2015)

    Google Scholar 

  20. Luo, Y., Luo, W., Puyang, T., Shen, Q., Ruan, A., Wu, Z.: OpenStack security modules: a least-invasive access control framework for the cloud. In: IEEE 9th International Conference on Cloud Computing (CLOUD) (2016)

    Google Scholar 

  21. Madi, T., et al.: ISOTOP: auditing virtual networks isolation across cloud layers in OpenStack. ACM Trans. Priv. Secur. (TOPS) 22(1), 1 (2018)

    Article  MathSciNet  Google Scholar 

  22. Madi, T., Majumdar, S., Wang, Y., Jarraya, Y., Pourzandi, M., Wang, L.: Auditing security compliance of the virtualized infrastructure in the cloud: application to OpenStack. In: Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy (CODASPY), pp. 195–206. ACM (2016)

    Google Scholar 

  23. Majumdar, S., et al.: Proactive verification of security compliance for clouds through pre-computation: application to OpenStack. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9878, pp. 47–66. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45744-4_3

    Chapter  Google Scholar 

  24. Majumdar, S., et al.: LeaPS: learning-based proactive security auditing for clouds. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 265–285. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66399-9_15

    Chapter  Google Scholar 

  25. Majumdar, S., et al.: Security compliance auditing of identity and access management in the cloud: application to OpenStack. In: 7th International Conference on Cloud Computing Technology and Science (CloudCom), pp. 58–65. IEEE (2015)

    Google Scholar 

  26. Majumdar, S., et al.: User-level runtime security auditing for the cloud. IEEE Trans. Inf. Forensics Secur. 13(5), 1185–1199 (2018)

    Article  Google Scholar 

  27. Majumdar, S., et al.: Learning probabilistic dependencies among events for proactive security auditing in clouds. J. Comput. Secur. 27(2), 165–202 (2019)

    Article  Google Scholar 

  28. Microsoft. Microsoft Azure virtual network. https://azure.microsoft.com. Accessed 14 Feb 2018

  29. Nitta, N., Takata, Y., Seki, H.: An efficient security verification method for programs with stack inspection. In: Proceedings of the 8th ACM Conference on Computer and Communications Security, pp. 68–77. ACM (2001)

    Google Scholar 

  30. OpenStack. OpenStack Congress (2015). https://wiki.openstack.org/wiki/Congress. Accessed 14 Feb 2018

  31. OpenStack. OpenStack open source cloud computing software (2015). http://www.openstack.org. Accessed 14 Feb 2018

  32. OpenStack. OpenStack user survey (2018). https://www.openstack.org/user-survey/2018-user-survey-report/. Accessed 24 Apr 2019

  33. Ren, K., Wang, C., Wang, Q.: Security challenges for the public cloud. IEEE Internet Comput. 16(1), 69–73 (2012)

    Article  MathSciNet  Google Scholar 

  34. Schear, N., Cable II, P.T., Moyer, T.M., Richard, B., Rudd, R.: Bootstrapping and maintaining trust in the cloud. In: Proceedings of the 32nd Annual Conference on Computer Security Applications. ACM (2016)

    Google Scholar 

  35. Schneider, F.B.: Enforceable security policies. Trans. Inf. Syst. Secur. (TISSEC) 3(1), 30–50 (2000)

    Article  Google Scholar 

  36. Skowyra, R., et al.: Effective topology tampering attacks and defenses in software-defined networks. In: Proceedings of the 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2018), June 2018

    Google Scholar 

  37. Tabiban, A., Majumdar, S., Wang, L., Debbabi, M.: Permon: an openstack middleware for runtime security policy enforcement in clouds. In: Proceedings of the 4th IEEE Workshop on Security and Privacy in the Cloud (SPC 2018), June 2018

    Google Scholar 

  38. Tamura, N., Banbara, M.: Sugar: a CSP to SAT translator based on order encoding. In: Proceedings of the Second International CSP Solver Competition, pp. 65–69 (2008)

    Google Scholar 

  39. Ullah, K.W., Ahmed, A.S., Ylitalo, J.: Towards building an automated security compliance tool for the cloud. In: 12th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 1587–1593. IEEE (2013)

    Google Scholar 

  40. Wang, C., Chow, S.S., Wang, Q., Ren, K., Lou, W.: Privacy-preserving public auditing for secure cloud storage. IEEE Trans. Comput. 62(2), 362–375 (2013)

    Article  MathSciNet  Google Scholar 

  41. Wang, Y., Wu, Q., Qin, B., Shi, W., Deng, R.H., Hu, J.: Identity-based data outsourcing with comprehensive auditing in clouds. IEEE Trans. Inf. Forensics Secur. 12(4), 940–952 (2017)

    Article  Google Scholar 

  42. Wardell, D.C., Mills, R.F., Peterson, G.L., Oxley, M.E.: A method for revealing and addressing security vulnerabilities in cyber-physical systems by modeling malicious agent interactions with formal verification. Procedia Comput. Sci. 95, 24–31 (2016)

    Article  Google Scholar 

  43. WSGI. Middleware and libraries for WSGI (2016). http://wsgi.readthedocs.io/en/latest/libraries.html. Accessed 15 Feb 2018

  44. Yau, S.S. Buduru, A.B., Nagaraja, V.: Protecting critical cloud infrastructures with predictive capability. In: 8th International Conference on Cloud Computing (CLOUD), pp. 1119–1124. IEEE (2015)

    Google Scholar 

Download references

Acknowledgement

We thank the anonymous reviewers for their insightful comments. This work is partially supported by the Natural Sciences and Engineering Research Council of Canada and Ericsson Canada under CRD Grant N01823 and by PROMPT Quebec.

Author information

Authors and Affiliations

  1. Information Security and Digital Forensics, University at Albany, Albany, USA

    Suryadipta Majumdar

  2. Concordia Institute for Information Systems Engineering, Concordia University, Montreal, Canada

    Azadeh Tabiban, Meisam Mohammady, Alaa Oqaily, Lingyu Wang & Mourad Debbabi

  3. Ericsson Security Research, Ericsson Canada, Montreal, Canada

    Yosr Jarraya & Makan Pourzandi

Authors
  1. Suryadipta Majumdar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Azadeh Tabiban
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Meisam Mohammady
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Alaa Oqaily
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Yosr Jarraya
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Makan Pourzandi
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Lingyu Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Mourad Debbabi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Suryadipta Majumdar .

Editor information

Editors and Affiliations

  1. NEC Corporation, Kawasaki, Japan

    Kazue Sako

  2. University of Surrey, Guildford, UK

    Steve Schneider

  3. University of Luxembourg, Esch-sur-Alzette, Luxembourg

    Peter Y. A. Ryan

Appendices

A Guideline to Adapt to Other Cloud Platforms

Our solution interacts with the cloud platform (e.g., while collecting logs and intercepting runtime events) through two modules: pre-processor and interceptor. These two modules require to interpret implementation- specific event instances, and intercept runtime events. First, to interpret platform-specific event instances to generic event types, we currently maintain a mapping of the APIs from different platforms. Table 4 enlists some examples of such mappings. Second, the interception mechanism may require to be implemented for each cloud platform. In OpenStack, we leverage WSGI middleware to intercept and enforce the proactive auditing results so that compliance can be preserved. Through our preliminary study, we identified that almost all major platforms provide an option to intercept cloud events. In Amazon using AWS Lambda functions, developers can write their own code to intercept and monitor events. Google GCP introduces GCP Metrics to configure charting or alerting different critical situations. Our understanding is that our solution can be integrated to GCP as one of the metrics similarly as the dos_intercept_count metric, which intends to prevent DoS attacks. The Azure Event Grid is an event managing service from Azure to monitor and control event routing which is quite similar as our interception mechanism. Therefore, we believe that our solution can be an extension of the Azure Event Grid to proactively audit cloud events. Tables 4 and 5 represent the necessary mapping to be used for extending our approach from OpenStack to other cloud platforms. The rest modules of our solution deal with the platform-independent data, and hence, the next steps in our solution are platform-agnostic.

Table 4. Mapping event APIs from different cloud platforms to generic event types
Full size table
Table 5. Interception supports to adopt our solution in major cloud platforms
Full size table

B Performance of the Cache Implementation

Figure 12 illustrates the response time in case there is a cache hit (when runtime parameters is found in the implemented cache memory) and the additional delay for a cache miss (when requested parameters is not in the cache memory) for Patron and Congress, respectively. In Fig. 12(a), for different sizes of cache, we observe a quasi constant response time (which is less than one millisecond) for Patron with our framework, and an additional delay for a cache miss of up to four milliseconds. Figure 12(b) shows the results of similar experiment for Congress with our framework; where a cache hit causes further improvement on the response time, but a cache miss may cause up to 137 ms of delay. Overall the results show the response time can be even less than one millisecond at the best case, and at the worst case (when the prediction is incorrect), Proactivizer will have no effect on those applications. However, for most cases (around 85.5% time), Proactivizer can keep their response time within ten milliseconds.

Fig. 12.
figure 12

The average response time for a cache hit and delay for a cache miss for (a) Patron (access control tool) and (b) Congress (Datalog solver), while varying the size of the cache and number of VMs, respectively

Full size image

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Majumdar, S. et al. (2019). Proactivizer: Transforming Existing Verification Tools into Efficient Solutions for Runtime Security Enforcement. In: Sako, K., Schneider, S., Ryan, P. (eds) Computer Security – ESORICS 2019. ESORICS 2019. Lecture Notes in Computer Science(), vol 11736. Springer, Cham. https://doi.org/10.1007/978-3-030-29962-0_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-29962-0_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-29961-3

  • Online ISBN: 978-3-030-29962-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation