ProSAS Proactive Security Auditing System for Clouds

Abstract : The multi-tenancy in a cloud along with its dynamic and self-service nature could cause severe security concerns. To mitigate such concerns and ensure the accountability and transparency of the cloud providers towards their tenants, security auditing is a promising solution. However, the existing security auditing solutions for clouds suffer from several limitations. First, the traditional auditing approach, which is retroactive in nature, can only detect violations after the fact and hence, often becomes ineffective while dealing with the dynamic nature of a cloud. Second, the existing runtime approaches can cause significant delay in the response time while dealing with the sheer size of a cloud. Finally, the current proactive approaches typically rely on prior knowledge about future changes in a cloud and also require significant manual efforts, and thus become less practical for a dynamic environment like cloud. To address those limitations, we present a novel proactive security auditing system, namely, ProSAS, which can prevent violations to security policies at runtime with a practical response time, and yet does not require prior knowledge about future changes. ProSAS is integrated into OpenStack, a popular cloud platform. Our experiment results using both synthetic and real data demonstrate its efficiency and accuracy.

 EXISTING SYSTEM :

 ? Existing interceptand-check approaches perform major verification tasks while holding the event instances blocked, and usually cause significant delay to a user request. ? Moreover, existing dependency models are typically static in nature in the sense that the captured dependencies do not reflect runtime patterns. ? Another critical limitation is that existing dependency models are deterministic in the sense that every event can only lead to a unique subsequent event. ? However, log files generated by the existing cloud platforms are not suitable to be directly fed into the learning engine, as user events are generally mixed up with many other system-initiated events.

 DISADVANTAGE :

 ? This form of auditing is more traditional, however, the fundamental problem with this approach is that it cannot prevent any irreversible damages, e.g., DoS attack and leaking sensitive information. ? The works in have the same general objective, which is cloud auditing, as ours, but they use empirical techniques to perform auditing whereas we use formal techniques to model and solve the auditing problem. ? As a back-end verification mechanism, we formalize verification data and properties as Constraint Satisfaction Problem (CSP) and use a constraint solver, namely, Sugar, to validate the compliance. ? To this end, tracing back log entries to identify the root cause of a problem and subsequent actions, respectively, are natural solutions which motivate the processing of logs.

 PROPOSED SYSTEM :

 • In this paper, we proposed LeaPS, a fully automated system leveraging the learningbased techniques to accelerate the performance of a proactive auditing approach. • We describe our implementation of the proposed system based on OpenStack, and demonstrate how the system may be easily ported to other cloud platforms (e.g., Amazon EC2 and Google GCP). • Therefore, a proactive auditing approach, which starts the auditing ahead of critical events, has recently been proposed as a promising solution for delivering practical response time. • As demonstrated by our implementation and experimental results, the proposed system, LeaPS, provides an automated, efficient, and scalable solution for different cloud platforms to increase their transparency and accountability to tenants.

 ADVANTAGE :

 ? The main contributions of this thesis work are towards security, efficiency and practicality improvements in cloud security auditing. ? LeaPS leverages learning techniques in a different manner so that the false positive/negative rates cannot affect the security of our system directly, and rather affects the performance of our system. ? However, leveraging such big data analytics and memory-efficient methods may enhance the performance of our log processing. ? Also, to demonstrate the applicability, scalability and efficiency of our proposed system, we integrate it to OpenStack, a major cloud platform, and evaluate it using both synthetic and real data. ? We integrate our proposed system into OpenStack , one of the major cloud management platforms, and conduct experiments to measure the efficiency, scalability and applicability of this system.