Skip to main content
SpringerLink
Log in

Monitoring of Client-Cloud Interaction

  • Chapter
Correct Software in Web Applications and Web Services

Part of the book series: Texts & Monographs in Symbolic Computation ((TEXTSMONOGR))

Abstract

When a client consumes a cloud service, computational liabilities are transferred to the service provider in accordance to the cloud paradigm, and the client loses some control over software components. One way to raise assurance about correctness and dependability of a consumed service and its software components is monitoring. In particular, a monitor is a system that observes the behavior of another system, and observation points that expose the target system’s state and state changes are required. Due to the cloud paradigm, popular techniques for monitoring such as code instrumentation are often not available to the client because of limited visibility, lack of control, and black-box software components. Based on a literature review, we identify potential observation points in today’s cloud services. Furthermore, we investigate two cloud-specific monitoring applications based on our ongoing research. While service level agreement (SLA) monitoring ensures that agreed-upon conditions between clients and providers are met, language-based anomaly detection monitors the interaction between client and cloud for misuse attempts.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 54.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity principles, implementations, and applications. ACM Trans. Inf. Syst. Secur. 13(1), 1–40 (2009)

    Article  Google Scholar 

  2. Aceto, G., Botta, A., de Donato, W., Pescapè, A.: Cloud monitoring: a survey. Comput. Netw. 57(9), 2093–2115 (2013)

    Article  Google Scholar 

  3. Ahonen, H.: Generating grammars for structured documents using grammatical inference methods. Tech. Rep. A-1996-4. Department of Computer Science, University of Helsinki (1996)

    Google Scholar 

  4. Alonso, G., Casati, F., Kuno, H.A., Machiraj, V.: Web Services - Concepts, Architectures and Applications. Springer, Heidelberg (2004)

    MATH  Google Scholar 

  5. Alpern, B., Schneider, F.B.: Recognizing safety and liveness. Distrib. Comput. 2(3), 117–126 (1987)

    Article  MATH  Google Scholar 

  6. Alur, R., Madhusudan, P.: Visibly pushdown languages. In: Proceedings of the 36th Annual ACM Symposium on Theory of Computing, STOC’04, pp. 202–211. ACM, New York (2004)

    Google Scholar 

  7. Alur, R., Madhusudan, P.: Adding nesting structure to words. J. ACM 56(3), 1–43 (2009)

    Article  MathSciNet  Google Scholar 

  8. Amazon Elastic Compute Cloud: GPU instances. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using_cluster_computing.html (2014). Accessed 09 Sept 2014

  9. Amazon Web Services: Amazon web services customer agreement. http://aws.amazon.com/agreement/ (2008). Accessed 28 Aug 2013

  10. Amazon Web Services: Amazon ec2 service level agreement. http://aws.amazon.com/de/ec2-sla/ (2013). Accessed 20 Nov 2013

  11. Android Developers: Sensors overview. http://developer.android.com/guide/topics/sensors/sensors_overview.html (2014). Accessed 09 Sept 2014

  12. Apache Commons: BCEL. http://commons.apache.org/proper/commons-bcel/ (2014). Accessed 10 Sept 2014

  13. Ariu, D., Tronci, R., Giacinto, G.: Hmmpayl: an intrusion detection system based on hidden markov models. Comput. Secur. 30(4), 221–241 (2011)

    Article  Google Scholar 

  14. Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., Zaharia, M.: A view of cloud computing. Commun. ACM 53(4), 50–58 (2010)

    Article  Google Scholar 

  15. Avižienis, A., Laprie, J.C.: Dependable computing: from concepts to design diversity. Proc. IEEE 74(5), 629–638 (1986)

    Article  Google Scholar 

  16. Avižienis, A., Laprie, J.C., Randell, B.: Dependability and its threats: a taxonomy. In: Building the Information Society. IFIP International Federation for Information Processing, vol. 156, pp. 91–120. Springer, New York (2004)

    Google Scholar 

  17. Avižienis, A., Laprie, J.C., Randell, B., Landwehr, C.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Dependable Secure Comput. 1(1), 11–33 (2004)

    Article  Google Scholar 

  18. Ayad, A., Dippel, U.: Agent-based monitoring of virtual machines. In: International Symposium in Information Technology (ITSim), pp. 1–6. IEEE, Kuala Lumpur (2010)

    Google Scholar 

  19. Barford, P., Kline, J., Plonka, D., Ron, A.: A signal analysis of network traffic anomalies. In: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurement, IMW’02, pp. 71–82. ACM, New York (2002)

    Google Scholar 

  20. Barreno, M., Nelson, B., Sears, R., Joseph, A.D., Tygar, J.: Can machine learning be secure? In: Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, ASIACCS’06, pp. 16–25. ACM, New York (2006)

    Google Scholar 

  21. Barros, A., Dumas, M., ter Hofstede, A.H.: Service interaction patterns: towards a reference framework for service-based business process interconnection. Tech. Rep. FIT-TR-2005-02. Faculty of IT, Queensland University of Technology (2005)

    Google Scholar 

  22. Bellevue Linux Users Group: The linux information project (linfo). http://www.linfo.org/index.html (2007). Accessed 19 Oct 2013

  23. Bendrath, R., Mueller, M.: The end of the net as we know it? Deep packet inspection and internet governance. New Media Soc. 13(7), 1142–1160 (2011)

    Google Scholar 

  24. Bex, G.J., Neven, F., Van den Bussche, J.: Dtds versus xml schema: a practical study. In: Proceedings of the 7th International Workshop on the Web and Databases, WebDB’04, pp. 79–84. ACM, New York (2004)

    Google Scholar 

  25. Bex, G.J., Neven, F., Vansummeren, S.: Inferring xml schema definitions from xml data. In: Proceedings of the 33rd International Conference on Very Large Data Bases, VLDB’07, pp. 998–1009. VLDB Endowment, Vienna (2007)

    Google Scholar 

  26. Bex, G.J., Gelade, W., Neven, F., Vansummeren, S.: Learning deterministic regular expressions for the inference of schemas from xml data. ACM Trans. Web 4(4), 1–32 (2010)

    Article  Google Scholar 

  27. Bex, G.J., Neven, F., Schwentick, T., Vansummeren, S.: Inference of concise regular expressions and dtds. ACM Trans. Database Syst. 35(2), 1–47 (2010)

    Article  Google Scholar 

  28. Bilge, L., Dumitras, T.: Before we knew it: an empirical study of zero-day attacks in the real world. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS’12, pp. 833–844. ACM, New York (2012)

    Google Scholar 

  29. Binder, W., Hulaas, J., Moret, P.: Advanced java bytecode instrumentation. In: Proceedings of the 5th International Symposium on Principles and Practice of Programming in Java, pp. 135–144. ACM, New York (2007)

    Google Scholar 

  30. Boggs, N., Hiremagalore, S., Stavrou, A., Stolfo, S.J.: Cross-domain collaborative anomaly detection: so far yet so close. In: Recent Advances in Intrusion Detection – RAID’11. Lecture Notes of Computer Science, vol. 6961, pp. 142–160. Springer, Heidelberg (2011)

    Google Scholar 

  31. Bolzoni, D., Etalle, S., Hartel, P., Zambon, E.: Poseidon: a 2-tier anomaly-based network intrusion detection system. In: 4th IEEE International Workshop on Information Assurance, IWIA’06, pp. 144–156. IEEE, London (2006)

    Google Scholar 

  32. Börger, E., Stärk, R.: Abstract State Machines: A Method for High-Level System Design and Analysis. Springer, New York (2003)

    Book  Google Scholar 

  33. Bradley, K.A., Lemler, C., Patel, A.C., Lau, R.M.: Time-based monitoring of service level agreements. Cisco Technology, Inc., United States Patent, No. US007082463 B1 (2006)

    Google Scholar 

  34. Carpenter, B., Brim, S.: Middleboxes: taxonomy and issues. RFC 3234 (Informational). http://www.ietf.org/rfc/rfc3234.txt (2002)

  35. Čeleda, P., Krmíček, V.: Flow data collection in large scale networks. In: Advances in IT Early Warning, pp. 30–40. Fraunhofer, Stuttgart (2013)

    Google Scholar 

  36. Chan-Tin, E., Heorhiadi, V., Hopper, N., Kim, Y.: The frog-boiling attack: limitations of secure network coordinate systems. ACM Trans. Inf. Syst. Secur. 14(3), 1–23 (2011)

    Article  Google Scholar 

  37. Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. 41(3), 1–58 (2009)

    Article  Google Scholar 

  38. Chidlovskii, B.: Schema extraction from xml: a grammatical inference approach. In: Proceedings of the 8th International Workshop on Knowledge Representation Meets Databases, KRDB’01 (2001)

    Google Scholar 

  39. Choon, M., Lin, C.Y.J., Wang, X.: A scalable monitoring approach for service level agreements validation. In: International Conference on Network Protocols, ICNP’00, pp. 37–48. IEEE, Osaka (2000)

    Google Scholar 

  40. Cisco: Netflow. www.cisco.com/go/netflow. Accessed 18 Oct 2013

  41. Comuzzi, M., Kotsokalis, C., Spanoudakis, G., Yahyapour, R.: Establishing and monitoring slas in complex service based systems. In: IEEE International Conference on Web Services, ICWS’09, pp. 783–790. IEEE (2009)

    Google Scholar 

  42. Corona, I., Ariu, D., Giacinto, G.: Hmm-web: a framework for the detection of attacks against web applications. In: IEEE International Conference on Communications, ICC’09, pp. 1–6. IEEE, Los Angeles (2009)

    Google Scholar 

  43. Criscione, C., Salvaneschi, G., Maggi, F., Zanero, S.: Integrated detection of attacks against browsers, web applications and databases. In: European Conference on Computer Network Defense, EC2ND’09, pp. 37–45. IEEE, Milan (2009)

    Google Scholar 

  44. Croll, A., Power, S.: Complete web monitoring: watching your visitors, performance, communities, and competitors. O’Reilly Media, Sebastopol (2009)

    Google Scholar 

  45. Curry, E.: Message-oriented middleware. In: Mahmoud, Q.H. (ed.) Middleware for Communications. Wiley, Chichester (2005)

    Google Scholar 

  46. Dastjerdi, A.V., Tabatabaei, S.G.H., Buyya, R.: A dependency-aware ontology-based approach for deploying service level agreement monitoring services in cloud. Softw. Pract. Exp. 42(4), 501–518 (2012)

    Article  Google Scholar 

  47. de la Higuera, C.: Grammatical Inference: Learning Automata and Grammars. Cambridge University Press, Cambridge (2010)

    Google Scholar 

  48. Debar, H., Dacier, M., Wespi, A.: Towards a taxonomy of intrusion-detection systems. Comput. Netw. 31(8), 805–822 (1999)

    Article  Google Scholar 

  49. Delgado, N., Gates, A., Roach, S.: A taxonomy and catalog of runtime software-fault monitoring tools. IEEE Trans. Softw. Eng. 30(12), 859–872 (2004)

    Article  Google Scholar 

  50. Denning, D.E.: An intrusion-detection model. IEEE Trans. Softw. Eng. SE-13(2), 222–232 (1987)

    Article  Google Scholar 

  51. Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (Proposed Standard). http://www.ietf.org/rfc/rfc5246.txt (2008). Updated by RFCs 5746, 5878, 6176

  52. Dolan-Gavitt, B., Leek, T., Zhivich, M., Giffin, J., Lee, W.: Virtuoso: narrowing the semantic gap in virtual machine introspection. In: IEEE Symposium on Security and Privacy, S&P’11, pp. 297–312. IEEE, Washington (2011)

    Google Scholar 

  53. Düssel, P., Gehl, C., Laskov, P., Rieck, K.: Incorporation of application layer protocol syntax into anomaly detection. In: Information Systems Security – ICISS’08. Lecture Notes of Computer Science, vol. 5352, pp. 188–202. Springer, Heidelberg (2008)

    Google Scholar 

  54. Egele, M., Scholte, T., Kirda, E., Kruegel, C.: A survey on automated dynamic malware-analysis techniques and tools. ACM Comput. Surv. 44(2), 1–42 (2012)

    Article  Google Scholar 

  55. Emeakaroha, V.C., Brandic, I., Maurer, M., Dustdar, S.: Low level metrics to high level slas-lom2his framework: bridging the gap between monitored metrics and sla parameters in cloud environments. In: International Conference on High Performance Computing and Simulation, HPCS’10, pp. 48–54. IEEE, Caen (2010)

    Google Scholar 

  56. Emeakaroha, V.C., Netto, M.A.S., Calheiros, R.N., Brandic, I., Buyya, R., De Rose, C.A.: Towards autonomic detection of sla violations in cloud infrastructures. Futur. Gener. Comput. Syst. 28(7), 1017–1029 (2012)

    Article  Google Scholar 

  57. Endres-Niggemeyer, B.: The mashup ecosystem. In: Semantic Mashups, pp. 1–51. Springer, Heidelberg (2013)

    Google Scholar 

  58. Falkenberg, A., Jensen, M., Schwenk, J.: Welcome to ws-attacks.org. http://www.ws-attacks.org (2011). Accessed 05 Feb 2013

  59. Feng, H.H., Kolesnikov, O.M., Fogla, P., Lee, W., Gong, W.: Anomaly detection using call stack information. In: IEEE Symposium on Security and Privacy, S&P’03, pp. 62–75. IEEE, Washington (2003)

    Google Scholar 

  60. Fernau, H.: Learning xml grammars. In: Machine Learning and Data Mining in Pattern Recognition – MLDM’01. Lecture Notes of Computer Science, vol. 2123, pp. 73–87. Springer, Heidelberg (2001)

    Google Scholar 

  61. Fernau, H.: Identification of function distinguishable languages. Theor. Comput. Sci. 290(3), 1679–1711 (2003)

    Article  MATH  MathSciNet  Google Scholar 

  62. Fielding, R.T.: Rest: architectural styles and the design of network-based software architectures. Ph.D. thesis, University of California (2000)

    Google Scholar 

  63. Forrest, S., Hofmeyr, S., Somayaji, A., Longstaff, T.: A sense of self for unix processes. In: IEEE Symposium on Security and Privacy, S&P’96, pp. 120–128. IEEE, Washington (1996)

    Google Scholar 

  64. Freier, A., Karlton, P., Kocher, P.: The Secure Sockets Layer (SSL) Protocol Version 3.0. RFC 6101 (Historic) (2011). http://www.ietf.org/rfc/rfc6101.txt

  65. Frossi, A., Maggi, F., Rizzo, G., Zanero, S.: Selecting and improving system call models for anomaly detection. In: Detection of Intrusions and Malware, and Vulnerability Assessment – DIMVA’09. Lecture Notes in Computer Science, vol. 5587, pp. 206–223. Springer, Heidelberg (2009)

    Google Scholar 

  66. Garfinkel, T.: Traps and pitfalls: practical problems in system call interposition based security tools. In: Proceedings of the Network and Distributed Systems Security Symposium, NDSS’03, pp. 163–176 (2003)

    Google Scholar 

  67. Garfinkel, T., Rosenblum, M.: A virtual machine introspection based architecture for intrusion detection. In: Proceedings of the Network and Distributed System Security Symposium, NDSS’03 (2003)

    Google Scholar 

  68. Garofalakis, M., Gionis, A., Rastogi, R., Seshadri, S., Shim, K.: Xtract: learning document type descriptors from xml document collections. Data Min. Knowl. Discov. 7(1), 23–56 (2003)

    Article  MathSciNet  Google Scholar 

  69. Garrett, J.J.: Ajax. http://www.adaptivepath.com/ideas/ajax-new-approach-web-applications (2005). Accessed 27 March 2013

  70. Geraci, A., Katki, F., McMonegal, L., Meyer, B., Lane, J., Wilson, P., Radatz, J., Yee, M., Porteous, H., Springsteel, F.: IEEE Standard Computer Dictionary: Compilation of IEEE Standard Computer Glossaries. IEEE, Piscataway (1991)

    Google Scholar 

  71. Gerhards, R.: The Syslog Protocol. RFC 5424 (Proposed Standard) (2009). http://www.ietf.org/rfc/rfc5424.txt

  72. Goodloe, A., Pike, L.: Monitoring distributed real-time systems: a survey and future directions. Tech. Rep. NASA/CR-2010-216724. NASA Langley Research Center (2010)

    Google Scholar 

  73. Google Developers: Geolocation. https://developers.google.com/maps/articles/geolocation (2014). Accessed 09 Sept 2014

  74. Görnitz, N., Kloft, M., Rieck, K., Brefeld, U.: Active learning for network intrusion detection. In: Proceedings of the 2nd ACM Workshop on Security and Artificial Intelligence, AISec’09, pp. 47–54. ACM, New York (2009)

    Google Scholar 

  75. Gottschalk, K., Graham, S., Kreger, H., Snell, J.: Introduction to web services architecture. IBM Syst. J. 41(2), 170–177 (2002)

    Article  Google Scholar 

  76. Grijzenhout, S., Marx, M.: The quality of the xml web. In: Proceedings of the 20th ACM International Conference on Information and Knowledge Management, CIKM’11, pp. 1719–1724. ACM, New York (2011)

    Google Scholar 

  77. Hadžiosmanović, D., Simionato, L., Bolzoni, D., Zambon, E., Etalle, S.: N-gram against the machine: on the feasibility of the n-gram network analysis for binary protocols. In: Research in Attacks, Intrusions, and Defenses – RAID’12. Lecture Notes in Computer Science, vol. 7462, pp. 354–373. Springer, Heidelberg (2012)

    Google Scholar 

  78. Handley, M., Paxson, V., Kreibich, C.: Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics. In: Proceedings of the USENIX Security Symposium, SECURITY’01. USENIX Association (2001)

    Google Scholar 

  79. Harrington, D., Presuhn, R., Wijnen, B.: An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks. RFC 3411 (INTERNET STANDARD). http://www.ietf.org/rfc/rfc3411.txt (2002). Updated by RFCs 5343, 5590

  80. Hauck, R., Reiser, H.: Monitoring of service level agreements with exible and extensible agents. In: Workshop of the OpenView University Association, OVUA’99. Citeseer (1999)

    Google Scholar 

  81. Hegewald, J., Naumann, F., Weis, M.: Xstruct: efficient schema extraction from multiple and large xml documents. In: 22nd International Conference on Data Engineering Workshops, ICDEW’06, pp. 81–81. IEEE, Atlanta (2006)

    Google Scholar 

  82. Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. J. Comput. Secur. 6(3), 151–180 (1998)

    Google Scholar 

  83. Hofstede, R., Drago, I., Sperotto, A., Pras, A.: Flow monitoring experiences at the ethernet-layer. In: Energy-Aware Communications – EUNICE’11. Lecture Notes in Computer Science, vol. 6955, pp. 134–145. Springer, Heidelberg (2011)

    Google Scholar 

  84. Huang, L., Joseph, A.D., Nelson, B., Rubinstein, B.I., Tygar, J.D.: Adversarial machine learning. In: Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence, AISec’11, pp. 43–58. ACM, New York (2011)

    Google Scholar 

  85. Ingham, K.L., Somayaji, A., Burge, J., Forrest, S.: Learning dfa representations of http for protecting web applications. Comput. Netw. 51(5), 1239–1255 (2007)

    Article  MATH  Google Scholar 

  86. Internet Explorer Dev Center: Introduction to the Geolocation API. http://msdn.microsoft.com/en-us/library/ie/gg589513.aspx (2014). Accessed 09 Sept 2014

  87. iOS Developer Library: CMMotionManager Class Reference. https://developer.apple.com/library/ios/documentation/coremotion/reference/cmmotionmanager_class/Reference/Reference.html (2013). Accessed 09 Sept 2014

  88. Jaakkola, H., Thalheim, B.: Exception-aware (information) systems. In: Information Modelling and Knowledge Bases XXIV. Frontiers in Artificial Intelligence and Applications, vol. 251, pp. 300–313. IOS Press, Amsterdam (2013)

    Google Scholar 

  89. Jayashree, K., Anand, S.: Web service diagnoser model for managing faults in web services. Comput. Stand. Interfaces 36(1), 154–164 (2013)

    Article  Google Scholar 

  90. Jensen, M., Gruschka, N., Herkenhöner, R.: A survey of attacks on web services. Comput. Sci. Res. Dev. 24(4), 185–197 (2009)

    Article  Google Scholar 

  91. Joshi, K.R., Bunker, G., Jahanian, F., van Moorsel, A., Weinman, J.: Dependability in the cloud: challenges and opportunities. In: IEEE/IFIP International Conference on Dependable Systems & Networks, 2009, DSN’09, pp. 103–104. IEEE, Lisbon (2009)

    Google Scholar 

  92. Keller, A., Ludwig, H.: IBM research report the WSLA framework: specifying and monitoring service level agreements for web services the WSLA framework: specifying and monitoring. J. Netw. Syst. Manag. 11(1), 57–81 (2003)

    Article  Google Scholar 

  93. Kirchner, M.: A framework for detecting anomalies in http traffic using instance-based learning and k-nearest neighbor classification. In: 2nd International Workshop on Security and Communication Networks, IWSCN’10, pp. 1–8. IEEE, Karlstad (2010)

    Google Scholar 

  94. Ko, C., Fink, G., Levitt, K.: Automated detection of vulnerabilities in privileged programs by execution monitoring. In: 10th Annual Computer Security Applications Conference, ACSAC’94, pp. 134–144. IEEE, Orlando (1994)

    Google Scholar 

  95. Ko, C., Ruschitzka, M., Levitt, K.: Execution monitoring of security-critical programs in distributed systems: a specification-based approach. In: IEEE Symposium on Security and Privacy, S&P’97, pp. 175–187. IEEE, Oakland (1997)

    Google Scholar 

  96. Kosala, R., Blockeel, H., Bruynooghe, M., Van den Bussche, J.: Information extraction from structured documents using k-testable tree automaton inference. Data Knowl. Eng. 58(2), 129–158 (2006)

    Article  Google Scholar 

  97. Kruegel, C., Vigna, G.: Anomaly detection of web-based attacks. In: Proceedings of the 10th ACM Conference on Computer and Communication Security, CCS’03, pp. 251–261. ACM, New York (2003)

    Google Scholar 

  98. Krüger, T., Gehl, C., Rieck, K., Laskov, P.: Tokdoc: a self-healing web application firewall. In: Proceedings of the 2010 ACM Symposium on Applied Computing, SAC’10, pp. 1846–1853. ACM, New York (2010)

    Google Scholar 

  99. Krüger, T., Krämer, N., Rieck, K.: Asap: automatic semantics-aware analysis of network payloads. In: Privacy and Security Issues in Data Mining and Machine Learning – PSDML’10. Lecture Notes of Computer Science, vol. 6549, pp. 50–63. Springer, Heidelberg (2011)

    Google Scholar 

  100. Kumar, V., Madhusudan, P., Viswanathan, M.: Minimization, learning, and conformance testing of boolean programs. In: CONCUR 2006 – Concurrency Theory. Lecture Notes of Computer Science, vol. 4137, pp. 203–217. Springer, Heidelberg (2006)

    Google Scholar 

  101. Kumar, V., Madhusudan, P., Viswanathan, M.: Visibly pushdown automata for streaming xml. In: Proceedings of the 16th International Conference on World Wide Web, WWW’07, pp. 1053–1062. ACM, New York (2007)

    Google Scholar 

  102. Lamanna, D.D., Skene, J., Emmerich, W.: Slang: a language for service level agreements. In: Proceedings of the 9th IEEE Workshop on Future Trends of Distributed Computing Systems, FTDCS’03, pp. 100–106. IEEE, Washington (2003)

    Google Scholar 

  103. Lampesberger, H.: A grammatical inference approach to language-based anomaly detection in xml. In: 2013 International Conference on Availability, Reliability and Security, ECTCM’13 Workshop, pp. 685–693. IEEE, Washington (2013)

    Google Scholar 

  104. Lampesberger, H.: Technologies for Web and cloud service interaction: a survey. Serv. Oriented Comput. Appl. (2015) doi: 10.1007/s11761-015-0174-12015

    Google Scholar 

  105. Lampesberger, H., Winter, P., Zeilinger, M., Hermann, E.: An on-line learning statistical model to detect malicious web requests. In: Security and Privacy in Communication Networks. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol. 96, pp. 19–38. Springer, Heidelberg (2012)

    Google Scholar 

  106. Lampesberger, H., Zeilinger, M., Hermann, E.: Statistical modeling of web requests for anomaly detection in web applications. In: Advances in IT Early Warning, pp. 91–101. Fraunhofer AISEC, Garching (2013)

    Google Scholar 

  107. Lamport, L.: Proving the correctness of multiprocess programs. IEEE Trans. Softw. Eng. SE-3(2), 125–143 (1977)

    Article  MathSciNet  Google Scholar 

  108. Lazarevic, A., Kumar, V., Srivastava, J.: Intrusion detection: a survey. In: Managing Cyber Threats. Massive Computing, vol. 5, pp. 19–78. Springer, New York (2005)

    Google Scholar 

  109. ldv_alt: Project page: strace. Online. http://freecode.com/projects/strace. Accessed 18 Oct 2013

  110. Leech, M., Ganis, M., Lee, Y., Kuris, R., Koblas, D., Jones, L.: SOCKS Protocol Version 5. RFC 1928 (Proposed Standard) (1996). http://www.ietf.org/rfc/rfc1928.txt

  111. Leucker, M., Schallhart, C.: A brief account of runtime verification. J. Logic Algebraic Program. 78(5), 293–303 (2009)

    Article  MATH  Google Scholar 

  112. Ludwig, H., Keller, A., Dan, A., King, R.P., Franck, R.: Web Service Level Agreement WSLA Language Specification. IBM Corporation, pp. 815–824 (2003)

    Google Scholar 

  113. Lynch, N.A.: Distributed Algorithms. Morgan Kaufmann, San Francisco (1996)

    MATH  Google Scholar 

  114. Magazinius, J., Russo, A., Sabelfeld, A.: On-the-fly inlining of dynamic security monitors. Comput. Secur. 31(7), 827–843 (2012)

    Article  Google Scholar 

  115. Magazinius, J., Hedlin, D., Sabelfeld, A.: Architectures for inlining security monitors in web applications. In: International Symposium on Engineering Secure Software and Systems, ESSoS’14. Springer, Heidelberg (2014)

    Google Scholar 

  116. Maggi, F., Robertson, W., Kruegel, C., Vigna, G.: Protecting a moving target: addressing web application concept drift. In: Recent Advances in Intrusion Detection – RAID’09. Lecture Notes of Computer Science, vol. 5758, pp. 21–40. Springer, Heidelberg (2009)

    Google Scholar 

  117. Maggi, F., Matteucci, M., Zanero, S.: Detecting intrusions through system call sequence and argument analysis. IEEE Trans. Dependable Secure Comput. 7(4), 381–395 (2010)

    Article  Google Scholar 

  118. Maggi, F., Zanero, S.: Is the future web more insecure? Distractions and solutions of new-old security issues and measures. In: 2nd Worldwide Cybersecurity Summit, WCS’11, pp. 1–9. IEEE, London (2011)

    Google Scholar 

  119. Mahoney, M.V.: Network traffic anomaly detection based on packet bytes. In: Proceedings of the 2003 ACM Symposium on Applied computing, SAC’03, pp. 346–350. ACM, New York (2003)

    Google Scholar 

  120. Mahoney, M.V., Chan, P.K.: Learning nonstationary models of normal network traffic for detecting novel attacks. In: Proceedings of the 8th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD’02, pp. 376–385. ACM, New York (2002)

    Google Scholar 

  121. Martens, W., Neven, F., Schwentick, T., Bex, G.J.: Expressiveness and complexity of XML schema. ACM Trans. Database Syst. 31(3), 770–813 (2006)

    Article  Google Scholar 

  122. Michael, C.C., Ghosh, A.: Simple, state-based approaches to program-based anomaly detection. ACM Trans. Inf. Syst. Secur. 5(3), 203–237 (2002)

    Article  Google Scholar 

  123. Mlýnková, I.: An analysis of approaches to XML schema inference. In: IEEE International Conference on Signal Image Technology and Internet Based Systems, SITIS’08, pp. 16–23. IEEE, Bali (2008)

    Google Scholar 

  124. Mlýnková, I., Nečaský, M.: Towards inference of more realistic xsds. In: Proceedings of the 2009 ACM Symposium on Applied Computing, SAC’09, pp. 639–646. ACM, New York (2009)

    Google Scholar 

  125. Molina-Jimenez, C., Shrivastava, S., Crowcroft, J., Gevros, P.: On the monitoring of contractual service level agreements. In: 1st IEEE International Workshop on Electronic Contracting, WEC’04, pp. 1–8. IEEE, San Diego (2004)

    Google Scholar 

  126. Mooney, J.D.: Bringing portability to the software process. Department of Statistics and Computer Science, West Virginia University, Morgantown (1997)

    Google Scholar 

  127. Murata, M.: Relax ng. http://relaxng.org/ (2013). Accessed 01 Feb 2013

  128. Murata, M., Lee, D., Mani, M., Kawaguchi, K.: Taxonomy of xml schema languages using formal language theory. ACM Trans. Internet Technol. 5(4), 660–704 (2005)

    Article  Google Scholar 

  129. Mutz, D., Valeur, F., Vigna, G., Kruegel, C.: Anomalous system call detection. ACM Trans. Inf. Syst. Secur. 9(1), 61–93 (2006)

    Article  Google Scholar 

  130. Nance, K., Bishop, M., Hay, B.: Virtual machine introspection: observation or interference? IEEE Secur. Privacy Mag. 6(5), 32–37 (2008)

    Article  Google Scholar 

  131. Necula, G.C., McPeak, S., Rahul, S., Weimer, W.: Cil: Intermediate language and tools for analysis and transformation of c programs. In: Compiler Construction. Lecture Notes in Computer Science, vol. 2304, pp. 213–228. Springer, Heidelberg (2002)

    Google Scholar 

  132. Nethercote, N., Seward, J.: Valgrind: a framework for heavyweight dynamic binary instrumentation. SIGPLAN Not. 42(6), 89–100 (2007)

    Article  Google Scholar 

  133. Niemi, O.P., Levomäki, A., Manner, J.: Dismantling intrusion prevention systems. ACM SIGCOMM Comput. Commun. Rev. 42(4), 285–286 (2012)

    Article  Google Scholar 

  134. Nusayr, A., Cook, J.: Extending AOP to support broad runtime monitoring needs. In: Conference on Software Engineering and Knowledge Engineering, pp. 438–441 (2009)

    Google Scholar 

  135. Nusayr, A., Cook, J.: Using aop for detailed runtime monitoring instrumentation. In: Proceedings of the Seventh International Workshop on Dynamic Analysis, WODA’09, pp. 8–14. ACM, New York (2009)

    Google Scholar 

  136. OpenSuSe Documentation: Understanding linux audit. http://doc.opensuse.org/products/draft/SLES/SLES-security_sd_draft/cha.audit.comp.html. Accessed 18 Oct 2013

  137. Oracle: Solaris dynamic tracing guide. http://docs.oracle.com/cd/E19253-01/817-6223/. Accessed 18 Oct 2013

  138. Parameswaran, A., Chaddha, A.: Cloud interoperability and standardization. SETLabs Brief. 7(7), 19–26 (2009)

    Google Scholar 

  139. Pautasso, C., Zimmermann, O., Leymann, F.: Restful web services vs. “big”’ web services: making the right architectural decision. In: Proceedings of the 17th International Conference on World Wide Web, WWW’08, pp. 805–814. ACM, New York (2008)

    Google Scholar 

  140. Paxson, V.: Bro: A system for detecting network intruders in real-time. Comput. Netw. 31(23–24), 2435–2463 (1999)

    Article  Google Scholar 

  141. Perdisci, R., Ariu, D., Fogla, P., Giacinto, G., Lee, W.: Mcpad: a multiple classifier system for accurate payload-based anomaly detection. Comput. Netw. 53(6), 864–881 (2009)

    Article  MATH  Google Scholar 

  142. Picalausa, F., Servais, F., Zimányi, E.: Xevolve: an XML schema evolution framework. In: Proceedings of the 2011 ACM Symposium on Applied Computing, SAC’11, pp. 1645–1650. ACM, New York (2011)

    Google Scholar 

  143. Plattner, B., Nievergelt, J.: Monitoring program execution: a survey. Computer 14(11), 76–93 (1981)

    Article  Google Scholar 

  144. Ptacek, T.H., Newsham, T.N.: Insertion, evasion, and denial of service: eluding network intrusion detection. Tech. rep., Secure Networks, Inc. http://insecure.org/stf/secnet_ids/secnet_ids.html (1998). Accessed 13 Oct 2013

  145. Rady, M.: Parameters for service level agreements generation in cloud computing a client-centric vision. In: Advances in Conceptual Modeling – CMS’12. Lecture Notes of Computer Science, vol. 7518, pp. 13–22. Springer, Heidelberg (2012)

    Google Scholar 

  146. Rady, M.: Generating an excerpt of a service level agreement from a formal definition of non-functional aspects using owl. J. Univers. Comput. Sci. 20(3), 366–384 (2014)

    MathSciNet  Google Scholar 

  147. Raeymaekers, S., Bruynooghe, M., den Bussche, J.: Learning (k, l)-contextual tree languages for information extraction from web pages. Mach. Learn. 71(2), 155–183 (2008)

    Article  Google Scholar 

  148. Rescorla, E., Modadugu, N.: Datagram Transport Layer Security Version 1.2. RFC 6347 (Proposed Standard). http://www.ietf.org/rfc/rfc6347.txt (2012)

  149. Richters, M., Gogolla, M.: Aspect-oriented monitoring of uml and ocl constraints. In: AOSD Modeling With UML Workshop, 6th International Conference on the Unified Modeling Language (UML) (2003)

    Google Scholar 

  150. Rieck, K.: Machine learning for application-layer intrusion detection. Ph.D. thesis, Berlin Institute of Technology, TU Berlin (2009)

    Google Scholar 

  151. Robertson, W., Vigna, G., Kruegel, C., Kemmerer, R.: Using generalization and characterization techniques in the anomaly-based detection of web attacks. In: Proceedings of the Network and Distributed System Security Symposium, NDSS’06 (2006)

    Google Scholar 

  152. Robertson, W., Maggi, F., Kruegel, C., Vigna, G.: Effective anomaly detection with scarce training data. In: Proceedings of the Network and Distributed System Security Symposium, NDSS’10 (2010)

    Google Scholar 

  153. Roesch, M.: Snort - lightweight intrusion detection for networks. In: Proceedings of the 13th USENIX Conference on System Administration, LISA’99, pp. 229–238. USENIX Association, Seattle (1999)

    Google Scholar 

  154. Romano, L., De Mari, D., Jerzak, Z., Fetzer, C.: A novel approach to qos monitoring in the cloud. In: 1st International Conference on Data Compression, Communications and Processing, CCP’11, pp. 45–51. IEEE, Palinuro (2011)

    Google Scholar 

  155. Rosenberg, F., Platzer, C., Dustdar, S.: Bootstrapping performance and dependability attributes of web services. In: International Conference on Web Services, ICWS’06, pp. 205–212. IEEE, Chicago (2006)

    Google Scholar 

  156. Rubinstein, B.I., Nelson, B., Huang, L., Joseph, A.D., Lau, S.h., Rao, S., Taft, N., Tygar, J.D.: Antidote: understanding and defending against poisoning of anomaly detectors. In: Proceedings of the 9th ACM SIGCOMM Conference on Internet Measurement, IMC’09, pp. 1–14. ACM, New York (2009)

    Google Scholar 

  157. Sabelfeld, A., Myers, A.: Language-based information-flow security. IEEE J. Select. Areas Commun. 21(1), 5–19 (2003)

    Article  Google Scholar 

  158. Sahai, A., Machiraju, V., Sayal, M., Moorsel, A., Casati, F.: Automated sla monitoring for web services. In: Management Technologies for E-Commerce and E-Business Applications – DSOM’02. Lecture Notes in Computer Science, vol. 2506, pp. 28–41. Springer, Heidelberg (2002)

    Google Scholar 

  159. Salfner, F., Lenk, M., Malek, M.: A survey of online failure prediction methods. ACM Comput. Surv. 42(3), 1–42 (2010)

    Article  Google Scholar 

  160. Sandhu, R., Samarati, P.: Access control: principle and practice. IEEE Commun. Mag. 32(9), 40–48 (1994)

    Article  Google Scholar 

  161. SAP: Message Flow Monitoring. http://docs.oracle.com/cd/E21764_01/core.1111/e10043/audintro.htm (2011). Accessed 11 Sept 2014

  162. Sassaman, L., Patterson, M., Bratus, S., Locasto, M.: Security applications of formal language theory. IEEE Syst. J. 7(3), 489–500 (2013)

    Article  Google Scholar 

  163. Schewe, K.D., Bósa, K., Lampesberger, H., Ma, J., Rady, M., Vleju, M.B.: Challenges in cloud computing. Scalable Comput. Pract. Exp. 12(4), 385–390 (2011)

    Google Scholar 

  164. Schewe, K.D., Thalheim, B., Wang, Q.: Updates, schema updates and validation of xml documents - using abstract state machines with automata-defined states. J. Univers. Comput. Sci. 15(10), 2028–2057 (2009)

    MATH  MathSciNet  Google Scholar 

  165. Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30–50 (2000)

    Article  Google Scholar 

  166. Schroeder, B.: On-line monitoring: a tutorial. Computer 28(6), 72–78 (1995)

    Article  Google Scholar 

  167. Segoufin, L., Vianu, V.: Validating streaming XML documents. In: Proceedings of the 21st ACM Symposium on Principles of Database Systems, PODS’02, pp. 53–64. ACM, New York (2002)

    Google Scholar 

  168. Sekar, R., Bendre, M., Dhurjati, D., Bollineni, P.: A fast automaton-based method for detecting anomalous program behaviors. In: IEEE Symposium on Security and Privacy, S&P’01, pp. 144–155. IEEE, Washington (2001)

    Google Scholar 

  169. Shackel, B.: Usability-context, framework, definition, design and evaluation. In: Human Factors for Informatics Usability, pp. 21–37. Cambridge University Press, Cambridge (1991)

    Google Scholar 

  170. Somayaji, A., Forrest, S.: Automated response using system-call delays. In: Proceedings of the 9th USENIX Security Symposium, SECURITY’00 (2000)

    Google Scholar 

  171. Sommer, R., Paxson, V.: Outside the closed world: on using machine learning for network intrusion detection. In: IEEE Symposium on Security and Privacy, pp. 305–316 (2010)

    Google Scholar 

  172. Song, Y., Locasto, M.E., Stavrou, A., Keromytis, A.D., Stolfo, S.J.: On the infeasibility of modeling polymorphic shellcode. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS’07, pp. 541–551. ACM, New York (2007)

    Google Scholar 

  173. Song, Y., Keromytis, A., Stolfo, S.J.: Spectrogram: a mixture-of-markov-chains model for anomaly detection in web traffic. In: Proceedings of the Network and Distributed System Security Symposium, NDSS’09 (2009)

    Google Scholar 

  174. Soylu, A., Mödritscher, F., Wild, F., Causmaecker, P.D., Desmet, P.: Mashups by orchestration and widget-based personal environments: key challenges, solution strategies, and an application. Program Electron. Libr. Inf. Syst. 46(4), 383–428 (2012)

    Article  Google Scholar 

  175. Spring, J.: Monitoring cloud computing by layer, part 1. IEEE Secur. Privacy Mag. 9(2), 66–68 (2011)

    Article  Google Scholar 

  176. Spring, J.: Monitoring cloud computing by layer, part 2. IEEE Secur. Privacy Mag. 9(3), 52–55 (2011)

    Article  Google Scholar 

  177. Stevens, W.R.: TCP/IP Illustrated: The Protocols, vol. 1. Addison-Wesley, Boston (1993)

    MATH  Google Scholar 

  178. Thalheim, B.: Towards a theory of conceptual modelling. J. Univers. Comput. Sci. 16(20), 3102–3137 (2010)

    MATH  Google Scholar 

  179. The Apache Software Foundation: Apache module mod_proxy. http://httpd.apache.org/docs/2.0/mod/mod_proxy.html (2013). Accessed 18 Nov 2013

  180. The Network Encyclopedia: Circuit level gateway. http://www.thenetworkencyclopedia.com/entry/circuit-level-gateway/ (2013). Accessed 15 Sept 2014

  181. The SAX Project: Simple api for xml (sax). http://www.saxproject.org/ (2004). Accessed 24 Jan 2013

  182. Thottan, M., Ji, C.: Anomaly detection in ip networks. IEEE Trans. Signal Process. 51(8), 2191–2204 (2003)

    Article  Google Scholar 

  183. TrustedBSD Project: Openbsm: Open source basic security module (bsm) audit implementation. http://www.trustedbsd.org/openbsm.html. Accessed 18 Oct 2013

  184. Valdes, A., Skinner, K.: Adaptive, model-based monitoring for cyber attack detection. In: Recent Advances in Intrusion Detection – RAID’00. Lecture Notes in Computer Science, vol. 1907, pp. 80–93. Springer, Heidelberg (2000)

    Google Scholar 

  185. W3C: Web Services Addressing (WS-Addressing). http://www.w3.org/Submission/ws-addressing/ (2004). Accessed 03 March 2014

  186. W3C: Document object model (dom). http://www.w3.org/DOM/ (2005). Accessed 24 Jan 2013

  187. W3C: SOAP Version 1.2 Part 1: Messaging Framework, 2nd edn. http://www.w3.org/TR/soap12-part1/ (2007). Accessed 20 Feb 2014

  188. W3C: XML Schema. http://www.w3.org/XML/Schema.html (2010). Accessed 11 Feb 2013

  189. W3C: XML Schema Part 2: Datatypes, 2nd edn. http://www.w3.org/TR/xmlschema11-2/ (2012). Accessed 22 March 2013

  190. Wagner, D., Dean, R.: Intrusion detection via static analysis. In: IEEE Symposium on Security and Privacy, S&P’01, pp. 156–168. IEEE, Washington (2001)

    Google Scholar 

  191. Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS’02, pp. 255–264. ACM, New York (2002)

    Google Scholar 

  192. Wang, J., Bigham, J.: Anomaly detection in the case of message oriented middleware. In: Proceedings of the 2008 Workshop on Middleware Security, MidSec’08, pp. 40–42. ACM, New York (2008)

    Google Scholar 

  193. Wang, K., Stolfo, S.J.: Anomalous payload-based network intrusion detection. In: Recent Advances in Intrusion Detection – RAID’04. Lecture Notes of Computer Science, vol. 3224, pp. 203–222. Springer, Heidelberg (2004)

    Google Scholar 

  194. Wang, K., Parekh, J., Stolfo, S.J.: Anagram: A content anomaly detector resistant to mimicry attack. In: Recent Advances in Intrusion Detection – RAID’06. Lecture Notes of Computer Science, vol. 4219, pp. 226–248. Springer, Heidelberg (2006)

    Google Scholar 

  195. Wang, C., Ren, K., Lou, W., Li, J.: Toward publicly auditable secure cloud data storage services. IEEE Netw. 24(4), 19–24 (2010)

    Article  Google Scholar 

  196. WebSphere Software: Introduction to Oracle Fusion Middleware Audit Framework. http://docs.oracle.com/cd/E21764_01/core.1111/e10043/audintro.htm (2011). Accessed 11 Sept 2014

  197. WebSphere Software: Using WebSphere Message Broker log and trace files. http://publib.boulder.ibm.com/infocenter/wtxdoc/v8r2m0/index.jsp?topic=/com.ibm.websphere.dtx.wtx4wmb.doc/references/r_wtx4wmb_using_wmb_log_and_trace_files.htm (2014). Accessed 11 Sept 2014

  198. Wieder, P., Butler, J.M., Theilmann, W., Yahyapour, R.: Service Level Agreements for Cloud Computing. Springer, New York (2011)

    Book  Google Scholar 

  199. Winter, P., Lampesberger, H., Zeilinger, M., Hermann, E.: On detecting abrupt changes in network entropy time series. In: Communications and Multimedia Security – CMS’11. Lecture Notes of Computer Science, vol. 7025, pp. 194–205. Springer, Heidelberg (2011)

    Google Scholar 

  200. Wojtczuk, R.: Libnids. http://libnids.sourceforge.net/ (2010). Accessed 01 Nov 2013

  201. Xie, Y., Yu, S.Z.: A dynamic anomaly detection model for web user behavior based on hsmm. In: 10th International Conference on Computer Supported Cooperative Work in Design, CSCWD’06, pp. 1–6. IEEE, Nanjing (2006)

    Google Scholar 

  202. Xie, Y., Yu, S.Z.: A large-scale hidden semi-markov model for anomaly detection on user browsing behaviors. IEEE/ACM Trans. Netw. 17(1), 54–65 (2009)

    Article  Google Scholar 

  203. Zanero, S., Savaresi, S.M.: Unsupervised learning techniques for an intrusion detection system. In: Proceedings of the 2004 ACM Symposium on Applied Computing, SAC’04, pp. 412–419. ACM, New York (2004)

    Google Scholar 

  204. Zhou, J., Gollman, D.: A fair non-repudiation protocol. In: IEEE Symposium on Security and Privacy, S&P’96, pp. 55–61. IEEE, Washington (1996)

    Google Scholar 

Download references

Acknowledgements

We would like to thank the Christian Doppler Society for supporting this research.

Author information

Authors and Affiliations

  1. Christian Doppler Laboratory for Client-Centric Cloud Computing, Johannes Kepler University Linz, Softwarepark 21, 4232, Hagenberg, Austria

    Harald Lampesberger & Mariam Rady

Authors
  1. Harald Lampesberger
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mariam Rady
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Harald Lampesberger .

Editor information

Editors and Affiliations

  1. Institut für Informatik, Christian-Albrechts-Universität, Kiel, Germany

    Bernhard Thalheim

  2. Software Competence Center, Hagenberg, Austria

    Klaus-Dieter Schewe

  3. ICT Department, University of Agder, Kristiansand, Norway

    Andreas Prinz

  4. RISC, Johannes Kepler University, Hagenberg, Austria

    Bruno Buchberger

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Lampesberger, H., Rady, M. (2015). Monitoring of Client-Cloud Interaction. In: Thalheim, B., Schewe, KD., Prinz, A., Buchberger, B. (eds) Correct Software in Web Applications and Web Services. Texts & Monographs in Symbolic Computation. Springer, Cham. https://doi.org/10.1007/978-3-319-17112-8_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-17112-8_6

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-17111-1

  • Online ISBN: 978-3-319-17112-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation