Abstract
When a client consumes a cloud service, computational liabilities are transferred to the service provider in accordance to the cloud paradigm, and the client loses some control over software components. One way to raise assurance about correctness and dependability of a consumed service and its software components is monitoring. In particular, a monitor is a system that observes the behavior of another system, and observation points that expose the target system’s state and state changes are required. Due to the cloud paradigm, popular techniques for monitoring such as code instrumentation are often not available to the client because of limited visibility, lack of control, and black-box software components. Based on a literature review, we identify potential observation points in today’s cloud services. Furthermore, we investigate two cloud-specific monitoring applications based on our ongoing research. While service level agreement (SLA) monitoring ensures that agreed-upon conditions between clients and providers are met, language-based anomaly detection monitors the interaction between client and cloud for misuse attempts.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity principles, implementations, and applications. ACM Trans. Inf. Syst. Secur. 13(1), 1–40 (2009)
Aceto, G., Botta, A., de Donato, W., Pescapè, A.: Cloud monitoring: a survey. Comput. Netw. 57(9), 2093–2115 (2013)
Ahonen, H.: Generating grammars for structured documents using grammatical inference methods. Tech. Rep. A-1996-4. Department of Computer Science, University of Helsinki (1996)
Alonso, G., Casati, F., Kuno, H.A., Machiraj, V.: Web Services - Concepts, Architectures and Applications. Springer, Heidelberg (2004)
Alpern, B., Schneider, F.B.: Recognizing safety and liveness. Distrib. Comput. 2(3), 117–126 (1987)
Alur, R., Madhusudan, P.: Visibly pushdown languages. In: Proceedings of the 36th Annual ACM Symposium on Theory of Computing, STOC’04, pp. 202–211. ACM, New York (2004)
Alur, R., Madhusudan, P.: Adding nesting structure to words. J. ACM 56(3), 1–43 (2009)
Amazon Elastic Compute Cloud: GPU instances. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using_cluster_computing.html (2014). Accessed 09 Sept 2014
Amazon Web Services: Amazon web services customer agreement. http://aws.amazon.com/agreement/ (2008). Accessed 28 Aug 2013
Amazon Web Services: Amazon ec2 service level agreement. http://aws.amazon.com/de/ec2-sla/ (2013). Accessed 20 Nov 2013
Android Developers: Sensors overview. http://developer.android.com/guide/topics/sensors/sensors_overview.html (2014). Accessed 09 Sept 2014
Apache Commons: BCEL. http://commons.apache.org/proper/commons-bcel/ (2014). Accessed 10 Sept 2014
Ariu, D., Tronci, R., Giacinto, G.: Hmmpayl: an intrusion detection system based on hidden markov models. Comput. Secur. 30(4), 221–241 (2011)
Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., Zaharia, M.: A view of cloud computing. Commun. ACM 53(4), 50–58 (2010)
Avižienis, A., Laprie, J.C.: Dependable computing: from concepts to design diversity. Proc. IEEE 74(5), 629–638 (1986)
Avižienis, A., Laprie, J.C., Randell, B.: Dependability and its threats: a taxonomy. In: Building the Information Society. IFIP International Federation for Information Processing, vol. 156, pp. 91–120. Springer, New York (2004)
Avižienis, A., Laprie, J.C., Randell, B., Landwehr, C.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Dependable Secure Comput. 1(1), 11–33 (2004)
Ayad, A., Dippel, U.: Agent-based monitoring of virtual machines. In: International Symposium in Information Technology (ITSim), pp. 1–6. IEEE, Kuala Lumpur (2010)
Barford, P., Kline, J., Plonka, D., Ron, A.: A signal analysis of network traffic anomalies. In: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurement, IMW’02, pp. 71–82. ACM, New York (2002)
Barreno, M., Nelson, B., Sears, R., Joseph, A.D., Tygar, J.: Can machine learning be secure? In: Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, ASIACCS’06, pp. 16–25. ACM, New York (2006)
Barros, A., Dumas, M., ter Hofstede, A.H.: Service interaction patterns: towards a reference framework for service-based business process interconnection. Tech. Rep. FIT-TR-2005-02. Faculty of IT, Queensland University of Technology (2005)
Bellevue Linux Users Group: The linux information project (linfo). http://www.linfo.org/index.html (2007). Accessed 19 Oct 2013
Bendrath, R., Mueller, M.: The end of the net as we know it? Deep packet inspection and internet governance. New Media Soc. 13(7), 1142–1160 (2011)
Bex, G.J., Neven, F., Van den Bussche, J.: Dtds versus xml schema: a practical study. In: Proceedings of the 7th International Workshop on the Web and Databases, WebDB’04, pp. 79–84. ACM, New York (2004)
Bex, G.J., Neven, F., Vansummeren, S.: Inferring xml schema definitions from xml data. In: Proceedings of the 33rd International Conference on Very Large Data Bases, VLDB’07, pp. 998–1009. VLDB Endowment, Vienna (2007)
Bex, G.J., Gelade, W., Neven, F., Vansummeren, S.: Learning deterministic regular expressions for the inference of schemas from xml data. ACM Trans. Web 4(4), 1–32 (2010)
Bex, G.J., Neven, F., Schwentick, T., Vansummeren, S.: Inference of concise regular expressions and dtds. ACM Trans. Database Syst. 35(2), 1–47 (2010)
Bilge, L., Dumitras, T.: Before we knew it: an empirical study of zero-day attacks in the real world. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS’12, pp. 833–844. ACM, New York (2012)
Binder, W., Hulaas, J., Moret, P.: Advanced java bytecode instrumentation. In: Proceedings of the 5th International Symposium on Principles and Practice of Programming in Java, pp. 135–144. ACM, New York (2007)
Boggs, N., Hiremagalore, S., Stavrou, A., Stolfo, S.J.: Cross-domain collaborative anomaly detection: so far yet so close. In: Recent Advances in Intrusion Detection – RAID’11. Lecture Notes of Computer Science, vol. 6961, pp. 142–160. Springer, Heidelberg (2011)
Bolzoni, D., Etalle, S., Hartel, P., Zambon, E.: Poseidon: a 2-tier anomaly-based network intrusion detection system. In: 4th IEEE International Workshop on Information Assurance, IWIA’06, pp. 144–156. IEEE, London (2006)
Börger, E., Stärk, R.: Abstract State Machines: A Method for High-Level System Design and Analysis. Springer, New York (2003)
Bradley, K.A., Lemler, C., Patel, A.C., Lau, R.M.: Time-based monitoring of service level agreements. Cisco Technology, Inc., United States Patent, No. US007082463 B1 (2006)
Carpenter, B., Brim, S.: Middleboxes: taxonomy and issues. RFC 3234 (Informational). http://www.ietf.org/rfc/rfc3234.txt (2002)
Čeleda, P., Krmíček, V.: Flow data collection in large scale networks. In: Advances in IT Early Warning, pp. 30–40. Fraunhofer, Stuttgart (2013)
Chan-Tin, E., Heorhiadi, V., Hopper, N., Kim, Y.: The frog-boiling attack: limitations of secure network coordinate systems. ACM Trans. Inf. Syst. Secur. 14(3), 1–23 (2011)
Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. 41(3), 1–58 (2009)
Chidlovskii, B.: Schema extraction from xml: a grammatical inference approach. In: Proceedings of the 8th International Workshop on Knowledge Representation Meets Databases, KRDB’01 (2001)
Choon, M., Lin, C.Y.J., Wang, X.: A scalable monitoring approach for service level agreements validation. In: International Conference on Network Protocols, ICNP’00, pp. 37–48. IEEE, Osaka (2000)
Cisco: Netflow. www.cisco.com/go/netflow. Accessed 18 Oct 2013
Comuzzi, M., Kotsokalis, C., Spanoudakis, G., Yahyapour, R.: Establishing and monitoring slas in complex service based systems. In: IEEE International Conference on Web Services, ICWS’09, pp. 783–790. IEEE (2009)
Corona, I., Ariu, D., Giacinto, G.: Hmm-web: a framework for the detection of attacks against web applications. In: IEEE International Conference on Communications, ICC’09, pp. 1–6. IEEE, Los Angeles (2009)
Criscione, C., Salvaneschi, G., Maggi, F., Zanero, S.: Integrated detection of attacks against browsers, web applications and databases. In: European Conference on Computer Network Defense, EC2ND’09, pp. 37–45. IEEE, Milan (2009)
Croll, A., Power, S.: Complete web monitoring: watching your visitors, performance, communities, and competitors. O’Reilly Media, Sebastopol (2009)
Curry, E.: Message-oriented middleware. In: Mahmoud, Q.H. (ed.) Middleware for Communications. Wiley, Chichester (2005)
Dastjerdi, A.V., Tabatabaei, S.G.H., Buyya, R.: A dependency-aware ontology-based approach for deploying service level agreement monitoring services in cloud. Softw. Pract. Exp. 42(4), 501–518 (2012)
de la Higuera, C.: Grammatical Inference: Learning Automata and Grammars. Cambridge University Press, Cambridge (2010)
Debar, H., Dacier, M., Wespi, A.: Towards a taxonomy of intrusion-detection systems. Comput. Netw. 31(8), 805–822 (1999)
Delgado, N., Gates, A., Roach, S.: A taxonomy and catalog of runtime software-fault monitoring tools. IEEE Trans. Softw. Eng. 30(12), 859–872 (2004)
Denning, D.E.: An intrusion-detection model. IEEE Trans. Softw. Eng. SE-13(2), 222–232 (1987)
Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (Proposed Standard). http://www.ietf.org/rfc/rfc5246.txt (2008). Updated by RFCs 5746, 5878, 6176
Dolan-Gavitt, B., Leek, T., Zhivich, M., Giffin, J., Lee, W.: Virtuoso: narrowing the semantic gap in virtual machine introspection. In: IEEE Symposium on Security and Privacy, S&P’11, pp. 297–312. IEEE, Washington (2011)
Düssel, P., Gehl, C., Laskov, P., Rieck, K.: Incorporation of application layer protocol syntax into anomaly detection. In: Information Systems Security – ICISS’08. Lecture Notes of Computer Science, vol. 5352, pp. 188–202. Springer, Heidelberg (2008)
Egele, M., Scholte, T., Kirda, E., Kruegel, C.: A survey on automated dynamic malware-analysis techniques and tools. ACM Comput. Surv. 44(2), 1–42 (2012)
Emeakaroha, V.C., Brandic, I., Maurer, M., Dustdar, S.: Low level metrics to high level slas-lom2his framework: bridging the gap between monitored metrics and sla parameters in cloud environments. In: International Conference on High Performance Computing and Simulation, HPCS’10, pp. 48–54. IEEE, Caen (2010)
Emeakaroha, V.C., Netto, M.A.S., Calheiros, R.N., Brandic, I., Buyya, R., De Rose, C.A.: Towards autonomic detection of sla violations in cloud infrastructures. Futur. Gener. Comput. Syst. 28(7), 1017–1029 (2012)
Endres-Niggemeyer, B.: The mashup ecosystem. In: Semantic Mashups, pp. 1–51. Springer, Heidelberg (2013)
Falkenberg, A., Jensen, M., Schwenk, J.: Welcome to ws-attacks.org. http://www.ws-attacks.org (2011). Accessed 05 Feb 2013
Feng, H.H., Kolesnikov, O.M., Fogla, P., Lee, W., Gong, W.: Anomaly detection using call stack information. In: IEEE Symposium on Security and Privacy, S&P’03, pp. 62–75. IEEE, Washington (2003)
Fernau, H.: Learning xml grammars. In: Machine Learning and Data Mining in Pattern Recognition – MLDM’01. Lecture Notes of Computer Science, vol. 2123, pp. 73–87. Springer, Heidelberg (2001)
Fernau, H.: Identification of function distinguishable languages. Theor. Comput. Sci. 290(3), 1679–1711 (2003)
Fielding, R.T.: Rest: architectural styles and the design of network-based software architectures. Ph.D. thesis, University of California (2000)
Forrest, S., Hofmeyr, S., Somayaji, A., Longstaff, T.: A sense of self for unix processes. In: IEEE Symposium on Security and Privacy, S&P’96, pp. 120–128. IEEE, Washington (1996)
Freier, A., Karlton, P., Kocher, P.: The Secure Sockets Layer (SSL) Protocol Version 3.0. RFC 6101 (Historic) (2011). http://www.ietf.org/rfc/rfc6101.txt
Frossi, A., Maggi, F., Rizzo, G., Zanero, S.: Selecting and improving system call models for anomaly detection. In: Detection of Intrusions and Malware, and Vulnerability Assessment – DIMVA’09. Lecture Notes in Computer Science, vol. 5587, pp. 206–223. Springer, Heidelberg (2009)
Garfinkel, T.: Traps and pitfalls: practical problems in system call interposition based security tools. In: Proceedings of the Network and Distributed Systems Security Symposium, NDSS’03, pp. 163–176 (2003)
Garfinkel, T., Rosenblum, M.: A virtual machine introspection based architecture for intrusion detection. In: Proceedings of the Network and Distributed System Security Symposium, NDSS’03 (2003)
Garofalakis, M., Gionis, A., Rastogi, R., Seshadri, S., Shim, K.: Xtract: learning document type descriptors from xml document collections. Data Min. Knowl. Discov. 7(1), 23–56 (2003)
Garrett, J.J.: Ajax. http://www.adaptivepath.com/ideas/ajax-new-approach-web-applications (2005). Accessed 27 March 2013
Geraci, A., Katki, F., McMonegal, L., Meyer, B., Lane, J., Wilson, P., Radatz, J., Yee, M., Porteous, H., Springsteel, F.: IEEE Standard Computer Dictionary: Compilation of IEEE Standard Computer Glossaries. IEEE, Piscataway (1991)
Gerhards, R.: The Syslog Protocol. RFC 5424 (Proposed Standard) (2009). http://www.ietf.org/rfc/rfc5424.txt
Goodloe, A., Pike, L.: Monitoring distributed real-time systems: a survey and future directions. Tech. Rep. NASA/CR-2010-216724. NASA Langley Research Center (2010)
Google Developers: Geolocation. https://developers.google.com/maps/articles/geolocation (2014). Accessed 09 Sept 2014
Görnitz, N., Kloft, M., Rieck, K., Brefeld, U.: Active learning for network intrusion detection. In: Proceedings of the 2nd ACM Workshop on Security and Artificial Intelligence, AISec’09, pp. 47–54. ACM, New York (2009)
Gottschalk, K., Graham, S., Kreger, H., Snell, J.: Introduction to web services architecture. IBM Syst. J. 41(2), 170–177 (2002)
Grijzenhout, S., Marx, M.: The quality of the xml web. In: Proceedings of the 20th ACM International Conference on Information and Knowledge Management, CIKM’11, pp. 1719–1724. ACM, New York (2011)
Hadžiosmanović, D., Simionato, L., Bolzoni, D., Zambon, E., Etalle, S.: N-gram against the machine: on the feasibility of the n-gram network analysis for binary protocols. In: Research in Attacks, Intrusions, and Defenses – RAID’12. Lecture Notes in Computer Science, vol. 7462, pp. 354–373. Springer, Heidelberg (2012)
Handley, M., Paxson, V., Kreibich, C.: Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics. In: Proceedings of the USENIX Security Symposium, SECURITY’01. USENIX Association (2001)
Harrington, D., Presuhn, R., Wijnen, B.: An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks. RFC 3411 (INTERNET STANDARD). http://www.ietf.org/rfc/rfc3411.txt (2002). Updated by RFCs 5343, 5590
Hauck, R., Reiser, H.: Monitoring of service level agreements with exible and extensible agents. In: Workshop of the OpenView University Association, OVUA’99. Citeseer (1999)
Hegewald, J., Naumann, F., Weis, M.: Xstruct: efficient schema extraction from multiple and large xml documents. In: 22nd International Conference on Data Engineering Workshops, ICDEW’06, pp. 81–81. IEEE, Atlanta (2006)
Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. J. Comput. Secur. 6(3), 151–180 (1998)
Hofstede, R., Drago, I., Sperotto, A., Pras, A.: Flow monitoring experiences at the ethernet-layer. In: Energy-Aware Communications – EUNICE’11. Lecture Notes in Computer Science, vol. 6955, pp. 134–145. Springer, Heidelberg (2011)
Huang, L., Joseph, A.D., Nelson, B., Rubinstein, B.I., Tygar, J.D.: Adversarial machine learning. In: Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence, AISec’11, pp. 43–58. ACM, New York (2011)
Ingham, K.L., Somayaji, A., Burge, J., Forrest, S.: Learning dfa representations of http for protecting web applications. Comput. Netw. 51(5), 1239–1255 (2007)
Internet Explorer Dev Center: Introduction to the Geolocation API. http://msdn.microsoft.com/en-us/library/ie/gg589513.aspx (2014). Accessed 09 Sept 2014
iOS Developer Library: CMMotionManager Class Reference. https://developer.apple.com/library/ios/documentation/coremotion/reference/cmmotionmanager_class/Reference/Reference.html (2013). Accessed 09 Sept 2014
Jaakkola, H., Thalheim, B.: Exception-aware (information) systems. In: Information Modelling and Knowledge Bases XXIV. Frontiers in Artificial Intelligence and Applications, vol. 251, pp. 300–313. IOS Press, Amsterdam (2013)
Jayashree, K., Anand, S.: Web service diagnoser model for managing faults in web services. Comput. Stand. Interfaces 36(1), 154–164 (2013)
Jensen, M., Gruschka, N., Herkenhöner, R.: A survey of attacks on web services. Comput. Sci. Res. Dev. 24(4), 185–197 (2009)
Joshi, K.R., Bunker, G., Jahanian, F., van Moorsel, A., Weinman, J.: Dependability in the cloud: challenges and opportunities. In: IEEE/IFIP International Conference on Dependable Systems & Networks, 2009, DSN’09, pp. 103–104. IEEE, Lisbon (2009)
Keller, A., Ludwig, H.: IBM research report the WSLA framework: specifying and monitoring service level agreements for web services the WSLA framework: specifying and monitoring. J. Netw. Syst. Manag. 11(1), 57–81 (2003)
Kirchner, M.: A framework for detecting anomalies in http traffic using instance-based learning and k-nearest neighbor classification. In: 2nd International Workshop on Security and Communication Networks, IWSCN’10, pp. 1–8. IEEE, Karlstad (2010)
Ko, C., Fink, G., Levitt, K.: Automated detection of vulnerabilities in privileged programs by execution monitoring. In: 10th Annual Computer Security Applications Conference, ACSAC’94, pp. 134–144. IEEE, Orlando (1994)
Ko, C., Ruschitzka, M., Levitt, K.: Execution monitoring of security-critical programs in distributed systems: a specification-based approach. In: IEEE Symposium on Security and Privacy, S&P’97, pp. 175–187. IEEE, Oakland (1997)
Kosala, R., Blockeel, H., Bruynooghe, M., Van den Bussche, J.: Information extraction from structured documents using k-testable tree automaton inference. Data Knowl. Eng. 58(2), 129–158 (2006)
Kruegel, C., Vigna, G.: Anomaly detection of web-based attacks. In: Proceedings of the 10th ACM Conference on Computer and Communication Security, CCS’03, pp. 251–261. ACM, New York (2003)
Krüger, T., Gehl, C., Rieck, K., Laskov, P.: Tokdoc: a self-healing web application firewall. In: Proceedings of the 2010 ACM Symposium on Applied Computing, SAC’10, pp. 1846–1853. ACM, New York (2010)
Krüger, T., Krämer, N., Rieck, K.: Asap: automatic semantics-aware analysis of network payloads. In: Privacy and Security Issues in Data Mining and Machine Learning – PSDML’10. Lecture Notes of Computer Science, vol. 6549, pp. 50–63. Springer, Heidelberg (2011)
Kumar, V., Madhusudan, P., Viswanathan, M.: Minimization, learning, and conformance testing of boolean programs. In: CONCUR 2006 – Concurrency Theory. Lecture Notes of Computer Science, vol. 4137, pp. 203–217. Springer, Heidelberg (2006)
Kumar, V., Madhusudan, P., Viswanathan, M.: Visibly pushdown automata for streaming xml. In: Proceedings of the 16th International Conference on World Wide Web, WWW’07, pp. 1053–1062. ACM, New York (2007)
Lamanna, D.D., Skene, J., Emmerich, W.: Slang: a language for service level agreements. In: Proceedings of the 9th IEEE Workshop on Future Trends of Distributed Computing Systems, FTDCS’03, pp. 100–106. IEEE, Washington (2003)
Lampesberger, H.: A grammatical inference approach to language-based anomaly detection in xml. In: 2013 International Conference on Availability, Reliability and Security, ECTCM’13 Workshop, pp. 685–693. IEEE, Washington (2013)
Lampesberger, H.: Technologies for Web and cloud service interaction: a survey. Serv. Oriented Comput. Appl. (2015) doi: 10.1007/s11761-015-0174-12015
Lampesberger, H., Winter, P., Zeilinger, M., Hermann, E.: An on-line learning statistical model to detect malicious web requests. In: Security and Privacy in Communication Networks. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol. 96, pp. 19–38. Springer, Heidelberg (2012)
Lampesberger, H., Zeilinger, M., Hermann, E.: Statistical modeling of web requests for anomaly detection in web applications. In: Advances in IT Early Warning, pp. 91–101. Fraunhofer AISEC, Garching (2013)
Lamport, L.: Proving the correctness of multiprocess programs. IEEE Trans. Softw. Eng. SE-3(2), 125–143 (1977)
Lazarevic, A., Kumar, V., Srivastava, J.: Intrusion detection: a survey. In: Managing Cyber Threats. Massive Computing, vol. 5, pp. 19–78. Springer, New York (2005)
ldv_alt: Project page: strace. Online. http://freecode.com/projects/strace. Accessed 18 Oct 2013
Leech, M., Ganis, M., Lee, Y., Kuris, R., Koblas, D., Jones, L.: SOCKS Protocol Version 5. RFC 1928 (Proposed Standard) (1996). http://www.ietf.org/rfc/rfc1928.txt
Leucker, M., Schallhart, C.: A brief account of runtime verification. J. Logic Algebraic Program. 78(5), 293–303 (2009)
Ludwig, H., Keller, A., Dan, A., King, R.P., Franck, R.: Web Service Level Agreement WSLA Language Specification. IBM Corporation, pp. 815–824 (2003)
Lynch, N.A.: Distributed Algorithms. Morgan Kaufmann, San Francisco (1996)
Magazinius, J., Russo, A., Sabelfeld, A.: On-the-fly inlining of dynamic security monitors. Comput. Secur. 31(7), 827–843 (2012)
Magazinius, J., Hedlin, D., Sabelfeld, A.: Architectures for inlining security monitors in web applications. In: International Symposium on Engineering Secure Software and Systems, ESSoS’14. Springer, Heidelberg (2014)
Maggi, F., Robertson, W., Kruegel, C., Vigna, G.: Protecting a moving target: addressing web application concept drift. In: Recent Advances in Intrusion Detection – RAID’09. Lecture Notes of Computer Science, vol. 5758, pp. 21–40. Springer, Heidelberg (2009)
Maggi, F., Matteucci, M., Zanero, S.: Detecting intrusions through system call sequence and argument analysis. IEEE Trans. Dependable Secure Comput. 7(4), 381–395 (2010)
Maggi, F., Zanero, S.: Is the future web more insecure? Distractions and solutions of new-old security issues and measures. In: 2nd Worldwide Cybersecurity Summit, WCS’11, pp. 1–9. IEEE, London (2011)
Mahoney, M.V.: Network traffic anomaly detection based on packet bytes. In: Proceedings of the 2003 ACM Symposium on Applied computing, SAC’03, pp. 346–350. ACM, New York (2003)
Mahoney, M.V., Chan, P.K.: Learning nonstationary models of normal network traffic for detecting novel attacks. In: Proceedings of the 8th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD’02, pp. 376–385. ACM, New York (2002)
Martens, W., Neven, F., Schwentick, T., Bex, G.J.: Expressiveness and complexity of XML schema. ACM Trans. Database Syst. 31(3), 770–813 (2006)
Michael, C.C., Ghosh, A.: Simple, state-based approaches to program-based anomaly detection. ACM Trans. Inf. Syst. Secur. 5(3), 203–237 (2002)
Mlýnková, I.: An analysis of approaches to XML schema inference. In: IEEE International Conference on Signal Image Technology and Internet Based Systems, SITIS’08, pp. 16–23. IEEE, Bali (2008)
Mlýnková, I., Nečaský, M.: Towards inference of more realistic xsds. In: Proceedings of the 2009 ACM Symposium on Applied Computing, SAC’09, pp. 639–646. ACM, New York (2009)
Molina-Jimenez, C., Shrivastava, S., Crowcroft, J., Gevros, P.: On the monitoring of contractual service level agreements. In: 1st IEEE International Workshop on Electronic Contracting, WEC’04, pp. 1–8. IEEE, San Diego (2004)
Mooney, J.D.: Bringing portability to the software process. Department of Statistics and Computer Science, West Virginia University, Morgantown (1997)
Murata, M.: Relax ng. http://relaxng.org/ (2013). Accessed 01 Feb 2013
Murata, M., Lee, D., Mani, M., Kawaguchi, K.: Taxonomy of xml schema languages using formal language theory. ACM Trans. Internet Technol. 5(4), 660–704 (2005)
Mutz, D., Valeur, F., Vigna, G., Kruegel, C.: Anomalous system call detection. ACM Trans. Inf. Syst. Secur. 9(1), 61–93 (2006)
Nance, K., Bishop, M., Hay, B.: Virtual machine introspection: observation or interference? IEEE Secur. Privacy Mag. 6(5), 32–37 (2008)
Necula, G.C., McPeak, S., Rahul, S., Weimer, W.: Cil: Intermediate language and tools for analysis and transformation of c programs. In: Compiler Construction. Lecture Notes in Computer Science, vol. 2304, pp. 213–228. Springer, Heidelberg (2002)
Nethercote, N., Seward, J.: Valgrind: a framework for heavyweight dynamic binary instrumentation. SIGPLAN Not. 42(6), 89–100 (2007)
Niemi, O.P., Levomäki, A., Manner, J.: Dismantling intrusion prevention systems. ACM SIGCOMM Comput. Commun. Rev. 42(4), 285–286 (2012)
Nusayr, A., Cook, J.: Extending AOP to support broad runtime monitoring needs. In: Conference on Software Engineering and Knowledge Engineering, pp. 438–441 (2009)
Nusayr, A., Cook, J.: Using aop for detailed runtime monitoring instrumentation. In: Proceedings of the Seventh International Workshop on Dynamic Analysis, WODA’09, pp. 8–14. ACM, New York (2009)
OpenSuSe Documentation: Understanding linux audit. http://doc.opensuse.org/products/draft/SLES/SLES-security_sd_draft/cha.audit.comp.html. Accessed 18 Oct 2013
Oracle: Solaris dynamic tracing guide. http://docs.oracle.com/cd/E19253-01/817-6223/. Accessed 18 Oct 2013
Parameswaran, A., Chaddha, A.: Cloud interoperability and standardization. SETLabs Brief. 7(7), 19–26 (2009)
Pautasso, C., Zimmermann, O., Leymann, F.: Restful web services vs. “big”’ web services: making the right architectural decision. In: Proceedings of the 17th International Conference on World Wide Web, WWW’08, pp. 805–814. ACM, New York (2008)
Paxson, V.: Bro: A system for detecting network intruders in real-time. Comput. Netw. 31(23–24), 2435–2463 (1999)
Perdisci, R., Ariu, D., Fogla, P., Giacinto, G., Lee, W.: Mcpad: a multiple classifier system for accurate payload-based anomaly detection. Comput. Netw. 53(6), 864–881 (2009)
Picalausa, F., Servais, F., Zimányi, E.: Xevolve: an XML schema evolution framework. In: Proceedings of the 2011 ACM Symposium on Applied Computing, SAC’11, pp. 1645–1650. ACM, New York (2011)
Plattner, B., Nievergelt, J.: Monitoring program execution: a survey. Computer 14(11), 76–93 (1981)
Ptacek, T.H., Newsham, T.N.: Insertion, evasion, and denial of service: eluding network intrusion detection. Tech. rep., Secure Networks, Inc. http://insecure.org/stf/secnet_ids/secnet_ids.html (1998). Accessed 13 Oct 2013
Rady, M.: Parameters for service level agreements generation in cloud computing a client-centric vision. In: Advances in Conceptual Modeling – CMS’12. Lecture Notes of Computer Science, vol. 7518, pp. 13–22. Springer, Heidelberg (2012)
Rady, M.: Generating an excerpt of a service level agreement from a formal definition of non-functional aspects using owl. J. Univers. Comput. Sci. 20(3), 366–384 (2014)
Raeymaekers, S., Bruynooghe, M., den Bussche, J.: Learning (k, l)-contextual tree languages for information extraction from web pages. Mach. Learn. 71(2), 155–183 (2008)
Rescorla, E., Modadugu, N.: Datagram Transport Layer Security Version 1.2. RFC 6347 (Proposed Standard). http://www.ietf.org/rfc/rfc6347.txt (2012)
Richters, M., Gogolla, M.: Aspect-oriented monitoring of uml and ocl constraints. In: AOSD Modeling With UML Workshop, 6th International Conference on the Unified Modeling Language (UML) (2003)
Rieck, K.: Machine learning for application-layer intrusion detection. Ph.D. thesis, Berlin Institute of Technology, TU Berlin (2009)
Robertson, W., Vigna, G., Kruegel, C., Kemmerer, R.: Using generalization and characterization techniques in the anomaly-based detection of web attacks. In: Proceedings of the Network and Distributed System Security Symposium, NDSS’06 (2006)
Robertson, W., Maggi, F., Kruegel, C., Vigna, G.: Effective anomaly detection with scarce training data. In: Proceedings of the Network and Distributed System Security Symposium, NDSS’10 (2010)
Roesch, M.: Snort - lightweight intrusion detection for networks. In: Proceedings of the 13th USENIX Conference on System Administration, LISA’99, pp. 229–238. USENIX Association, Seattle (1999)
Romano, L., De Mari, D., Jerzak, Z., Fetzer, C.: A novel approach to qos monitoring in the cloud. In: 1st International Conference on Data Compression, Communications and Processing, CCP’11, pp. 45–51. IEEE, Palinuro (2011)
Rosenberg, F., Platzer, C., Dustdar, S.: Bootstrapping performance and dependability attributes of web services. In: International Conference on Web Services, ICWS’06, pp. 205–212. IEEE, Chicago (2006)
Rubinstein, B.I., Nelson, B., Huang, L., Joseph, A.D., Lau, S.h., Rao, S., Taft, N., Tygar, J.D.: Antidote: understanding and defending against poisoning of anomaly detectors. In: Proceedings of the 9th ACM SIGCOMM Conference on Internet Measurement, IMC’09, pp. 1–14. ACM, New York (2009)
Sabelfeld, A., Myers, A.: Language-based information-flow security. IEEE J. Select. Areas Commun. 21(1), 5–19 (2003)
Sahai, A., Machiraju, V., Sayal, M., Moorsel, A., Casati, F.: Automated sla monitoring for web services. In: Management Technologies for E-Commerce and E-Business Applications – DSOM’02. Lecture Notes in Computer Science, vol. 2506, pp. 28–41. Springer, Heidelberg (2002)
Salfner, F., Lenk, M., Malek, M.: A survey of online failure prediction methods. ACM Comput. Surv. 42(3), 1–42 (2010)
Sandhu, R., Samarati, P.: Access control: principle and practice. IEEE Commun. Mag. 32(9), 40–48 (1994)
SAP: Message Flow Monitoring. http://docs.oracle.com/cd/E21764_01/core.1111/e10043/audintro.htm (2011). Accessed 11 Sept 2014
Sassaman, L., Patterson, M., Bratus, S., Locasto, M.: Security applications of formal language theory. IEEE Syst. J. 7(3), 489–500 (2013)
Schewe, K.D., Bósa, K., Lampesberger, H., Ma, J., Rady, M., Vleju, M.B.: Challenges in cloud computing. Scalable Comput. Pract. Exp. 12(4), 385–390 (2011)
Schewe, K.D., Thalheim, B., Wang, Q.: Updates, schema updates and validation of xml documents - using abstract state machines with automata-defined states. J. Univers. Comput. Sci. 15(10), 2028–2057 (2009)
Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30–50 (2000)
Schroeder, B.: On-line monitoring: a tutorial. Computer 28(6), 72–78 (1995)
Segoufin, L., Vianu, V.: Validating streaming XML documents. In: Proceedings of the 21st ACM Symposium on Principles of Database Systems, PODS’02, pp. 53–64. ACM, New York (2002)
Sekar, R., Bendre, M., Dhurjati, D., Bollineni, P.: A fast automaton-based method for detecting anomalous program behaviors. In: IEEE Symposium on Security and Privacy, S&P’01, pp. 144–155. IEEE, Washington (2001)
Shackel, B.: Usability-context, framework, definition, design and evaluation. In: Human Factors for Informatics Usability, pp. 21–37. Cambridge University Press, Cambridge (1991)
Somayaji, A., Forrest, S.: Automated response using system-call delays. In: Proceedings of the 9th USENIX Security Symposium, SECURITY’00 (2000)
Sommer, R., Paxson, V.: Outside the closed world: on using machine learning for network intrusion detection. In: IEEE Symposium on Security and Privacy, pp. 305–316 (2010)
Song, Y., Locasto, M.E., Stavrou, A., Keromytis, A.D., Stolfo, S.J.: On the infeasibility of modeling polymorphic shellcode. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS’07, pp. 541–551. ACM, New York (2007)
Song, Y., Keromytis, A., Stolfo, S.J.: Spectrogram: a mixture-of-markov-chains model for anomaly detection in web traffic. In: Proceedings of the Network and Distributed System Security Symposium, NDSS’09 (2009)
Soylu, A., Mödritscher, F., Wild, F., Causmaecker, P.D., Desmet, P.: Mashups by orchestration and widget-based personal environments: key challenges, solution strategies, and an application. Program Electron. Libr. Inf. Syst. 46(4), 383–428 (2012)
Spring, J.: Monitoring cloud computing by layer, part 1. IEEE Secur. Privacy Mag. 9(2), 66–68 (2011)
Spring, J.: Monitoring cloud computing by layer, part 2. IEEE Secur. Privacy Mag. 9(3), 52–55 (2011)
Stevens, W.R.: TCP/IP Illustrated: The Protocols, vol. 1. Addison-Wesley, Boston (1993)
Thalheim, B.: Towards a theory of conceptual modelling. J. Univers. Comput. Sci. 16(20), 3102–3137 (2010)
The Apache Software Foundation: Apache module mod_proxy. http://httpd.apache.org/docs/2.0/mod/mod_proxy.html (2013). Accessed 18 Nov 2013
The Network Encyclopedia: Circuit level gateway. http://www.thenetworkencyclopedia.com/entry/circuit-level-gateway/ (2013). Accessed 15 Sept 2014
The SAX Project: Simple api for xml (sax). http://www.saxproject.org/ (2004). Accessed 24 Jan 2013
Thottan, M., Ji, C.: Anomaly detection in ip networks. IEEE Trans. Signal Process. 51(8), 2191–2204 (2003)
TrustedBSD Project: Openbsm: Open source basic security module (bsm) audit implementation. http://www.trustedbsd.org/openbsm.html. Accessed 18 Oct 2013
Valdes, A., Skinner, K.: Adaptive, model-based monitoring for cyber attack detection. In: Recent Advances in Intrusion Detection – RAID’00. Lecture Notes in Computer Science, vol. 1907, pp. 80–93. Springer, Heidelberg (2000)
W3C: Web Services Addressing (WS-Addressing). http://www.w3.org/Submission/ws-addressing/ (2004). Accessed 03 March 2014
W3C: Document object model (dom). http://www.w3.org/DOM/ (2005). Accessed 24 Jan 2013
W3C: SOAP Version 1.2 Part 1: Messaging Framework, 2nd edn. http://www.w3.org/TR/soap12-part1/ (2007). Accessed 20 Feb 2014
W3C: XML Schema. http://www.w3.org/XML/Schema.html (2010). Accessed 11 Feb 2013
W3C: XML Schema Part 2: Datatypes, 2nd edn. http://www.w3.org/TR/xmlschema11-2/ (2012). Accessed 22 March 2013
Wagner, D., Dean, R.: Intrusion detection via static analysis. In: IEEE Symposium on Security and Privacy, S&P’01, pp. 156–168. IEEE, Washington (2001)
Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS’02, pp. 255–264. ACM, New York (2002)
Wang, J., Bigham, J.: Anomaly detection in the case of message oriented middleware. In: Proceedings of the 2008 Workshop on Middleware Security, MidSec’08, pp. 40–42. ACM, New York (2008)
Wang, K., Stolfo, S.J.: Anomalous payload-based network intrusion detection. In: Recent Advances in Intrusion Detection – RAID’04. Lecture Notes of Computer Science, vol. 3224, pp. 203–222. Springer, Heidelberg (2004)
Wang, K., Parekh, J., Stolfo, S.J.: Anagram: A content anomaly detector resistant to mimicry attack. In: Recent Advances in Intrusion Detection – RAID’06. Lecture Notes of Computer Science, vol. 4219, pp. 226–248. Springer, Heidelberg (2006)
Wang, C., Ren, K., Lou, W., Li, J.: Toward publicly auditable secure cloud data storage services. IEEE Netw. 24(4), 19–24 (2010)
WebSphere Software: Introduction to Oracle Fusion Middleware Audit Framework. http://docs.oracle.com/cd/E21764_01/core.1111/e10043/audintro.htm (2011). Accessed 11 Sept 2014
WebSphere Software: Using WebSphere Message Broker log and trace files. http://publib.boulder.ibm.com/infocenter/wtxdoc/v8r2m0/index.jsp?topic=/com.ibm.websphere.dtx.wtx4wmb.doc/references/r_wtx4wmb_using_wmb_log_and_trace_files.htm (2014). Accessed 11 Sept 2014
Wieder, P., Butler, J.M., Theilmann, W., Yahyapour, R.: Service Level Agreements for Cloud Computing. Springer, New York (2011)
Winter, P., Lampesberger, H., Zeilinger, M., Hermann, E.: On detecting abrupt changes in network entropy time series. In: Communications and Multimedia Security – CMS’11. Lecture Notes of Computer Science, vol. 7025, pp. 194–205. Springer, Heidelberg (2011)
Wojtczuk, R.: Libnids. http://libnids.sourceforge.net/ (2010). Accessed 01 Nov 2013
Xie, Y., Yu, S.Z.: A dynamic anomaly detection model for web user behavior based on hsmm. In: 10th International Conference on Computer Supported Cooperative Work in Design, CSCWD’06, pp. 1–6. IEEE, Nanjing (2006)
Xie, Y., Yu, S.Z.: A large-scale hidden semi-markov model for anomaly detection on user browsing behaviors. IEEE/ACM Trans. Netw. 17(1), 54–65 (2009)
Zanero, S., Savaresi, S.M.: Unsupervised learning techniques for an intrusion detection system. In: Proceedings of the 2004 ACM Symposium on Applied Computing, SAC’04, pp. 412–419. ACM, New York (2004)
Zhou, J., Gollman, D.: A fair non-repudiation protocol. In: IEEE Symposium on Security and Privacy, S&P’96, pp. 55–61. IEEE, Washington (1996)
Acknowledgements
We would like to thank the Christian Doppler Society for supporting this research.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Lampesberger, H., Rady, M. (2015). Monitoring of Client-Cloud Interaction. In: Thalheim, B., Schewe, KD., Prinz, A., Buchberger, B. (eds) Correct Software in Web Applications and Web Services. Texts & Monographs in Symbolic Computation. Springer, Cham. https://doi.org/10.1007/978-3-319-17112-8_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-17112-8_6
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-17111-1
Online ISBN: 978-3-319-17112-8
eBook Packages: Computer ScienceComputer Science (R0)