A multi-level proactive security auditing framework for clouds through automated dependency building

Abstract

A cloud is very often a subject to diverse security threats directing to its multiple levels (e.g., user, virtual, and physical). Even though there exist several security solutions for a specific cloud level, none of them provides a comprehensive solution that can protect a cloud tenant against the threats rendered from those multiple levels; which is mainly due to the operational complexity and unique nature of each level of cloud (e.g., authentication and access control models in the user level vs. VM migration rules in the virtual level) in a cloud. Furthermore, a simple integration of those existing tools will not be sufficient as all of them are suffering from different practical issues. For instance, most of the existing solutions suffer from slow response time and require significant manual efforts from the cloud tenants. In this paper, we propose a multi-level proactive security auditing framework, which provides a unified platform to plug-in existing security auditing tools for those levels and overcomes their major practical issues. To this end, our main idea is to design a framework to integrate existing auditing solutions and protect the multiple levels of a cloud. Also, we convert those tools (regardless of their original nature, e.g., retroactive and runtime) into a proactive auditing solution by leveraging a predictive model, which captures the dependency relationships between cloud events and helps to predict future events. We integrate our framework with OpenStack, a popular cloud management platform and outline a concrete guideline to adapt our framework to other major cloud platforms, Google GCP, Amazon EC2, and Microsoft Azure. Our experiments using both synthetic and real data show the practicality and effectiveness of this solution (e.g., responding in a few milliseconds to verify each level of the cloud).