Skip to main content
Springer Nature Link
Log in

Inferring the Stealthy Bridges Between Enterprise Network Islands in Cloud Using Cross-Layer Bayesian Networks

  • Conference paper
  • First Online:
International Conference on Security and Privacy in Communication Networks (SecureComm 2014)

  • 1336 Accesses

Abstract

Enterprise networks are migrating to the public cloud to acquire computing resources for promising benefits in terms of efficiency, expense, and flexibility. Except for some public services, the enterprise network islands in cloud are expected to be absolutely isolated from each other. However, some “stealthy bridges” may be created to break such isolation due to two features of the public cloud: virtual machine image sharing and virtual machine co-residency. This paper proposes to use cross-layer Bayesian networks to infer the stealthy bridges existing between enterprise network islands. Prior to constructing cross-layer Bayesian networks, cloud-level attack graphs are built to capture the potential attacks enabled by stealthy bridges and reveal hidden possible attack paths. The result of the experiment justifies the cross-layer Bayesian network’s capability of inferring the existence of stealthy bridges given supporting evidence from other intrusion steps in a multi-step attack.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    In our trust model, we assume cloud providers are fully trusted by cloud customers. In addition to security alerts generated at cloud level, such as alerts from hypervisors or cache monitors, the cloud providers also have the privilege of accessing alerts generated by customers’ virtual machines.

  2. 2.

    The assumption here is that a capable vulnerability scanner is able to scan out all the known vulnerabilities.

  3. 3.

    The enterprise networks in Step 7 are not key players, so we do not analyze the stealthy bridges established in this step, but still use the raised alerts as evidence.

  4. 4.

    Aws,Bws,Cws,Cnfs,Cworkstation denote A’s web server, B’s web server, C’s web server, C’s NFS server, C’s workstation respectively.

References

  1. Amazon Elastic Compute Cloud (EC2). http://aws.amazon.com/ec2/

  2. Rackspace. http://www.rackspace.com/

  3. Windows Azure: Microsoft’s Cloud. https://www.windowsazure.com/en-us/

  4. Varadarajan, V., Kooburat, T., Farley, B., Ristenpart, T., Swift, M.M.: Resource-freeing attacks: improve your cloud performance (at your neighbors expense). In: Proceedings of the 2012 ACM conference on Computer and communications security (CCS) (2012)

    Google Scholar 

  5. Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 2009 ACM CCS (2009)

    Google Scholar 

  6. Song, D.X., Wagner, D., Tian, X.: Timing analysis of keystrokes and timing attacks on SSH. In: USENIX Security Symposium (2001)

    Google Scholar 

  7. Szefer, J., Keller, E., Lee, R.B., Rexford, J.: Eliminating the hypervisor attack surface for a more secure cloud. In: Proceedings of the 2011 ACM CCS (2011)

    Google Scholar 

  8. Bates, A., Mood, B., Pletcher, J., Pruse, H., Valafar, M., Butler, K.: Detecting co-residency with active traffic analysis techniques. In: Proceedings of the 2012 ACM Workshop on Cloud computing security workshop (CCSW) (2012)

    Google Scholar 

  9. Dai, J., Sun, X., Liu, P.: Patrol: revealing zero-day attack paths through network-wide system object dependencies. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 536–555. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  10. Zhang, Y., Juels, A., Oprea, A., Reiter, M.K.: HomeAlone: co-residency detection in the cloud via side-channel analysis. In: 2011 Symposium on Security and Privacy (S&P) (2011)

    Google Scholar 

  11. Chen, Y., Paxson, V., Katz, R.H.: What’s new about cloud computing security. University of California, Berkeley Report No. UCB/EECS-2010-5, January 2010

    Google Scholar 

  12. Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: 2002 Symposium on Security and Privacy (S&P) (2002)

    Google Scholar 

  13. Ramakrishnan, C.R., Sekar, R.: Model-based analysis of configuration vulnerabilities. J. Comput. Secur. 10(1/2), 189–209 (2002)

    Article  Google Scholar 

  14. Phillips C., Swiler, L.P.: A graph-based system for network-vulnerability analysis. In: Proceedings of the 1998 Workshop on New security paradigms (1998)

    Google Scholar 

  15. Jajodia, S., Noel, S., O’Berry, B.: Topological analysis of network attack vulnerability. In: Kumar, V., Srivastava, J., Lazarevic, A. (eds.) Managing Cyber Threats, vol. 5, pp. 247–266. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  16. Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the 2002 ACM CCS (2002)

    Google Scholar 

  17. Ingols, K., Lippmann, R., Piwowarski, K.: Practical attack graph generation for network defense. In: 22nd Annual Computer Security Applications Conference (ACSAC) (2006)

    Google Scholar 

  18. Ou, X., Boyer, W.F., McQueen, M.A.: A scalable approach to attack graph generation. In: Proceedings of the 2006 ACM Conference on Computer and Communications Security (2006)

    Google Scholar 

  19. Ou, X., Govindavajhala, S., Appel, A.W.: MulVAL: A logic-based network security analyzer. In: USENIX Security Symposium (2005)

    Google Scholar 

  20. Balduzzi, M., Zaddach, J., Balzarotti, D., Kirda, E., Loureiro, S.: A security analysis of Amazon’s elastic compute cloud service. In: Proceedings of the 27th ACM SAC (2012)

    Google Scholar 

  21. Lazri, K., Laniepce, S., Ben-Othman, J.: Reconsidering intrusion monitoring requirements in shared cloud platforms. In: Availability, Reliability, and Security (ARES). IEEE (2013)

    Google Scholar 

  22. http://www.snort.org/

  23. Xie, P., Li, J., Ou, X., Liu, P., Levy, R.: Using Bayesian networks for cyber security analysis. In: Dependable Systems and Networks (DSN). IEEE/IFIP (2010)

    Google Scholar 

  24. http://www.tenable.com/products/nessus

  25. http://nvd.nist.gov/

  26. http://nvd.nist.gov/cvss.cfm

  27. http://cve.mitre.org/

  28. http://www.tripwire.com/

  29. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446

  30. https://www.samba.org

  31. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5423

  32. https://info.tiki.org/

  33. http://reasoning.cs.ucla.edu/samiam/

  34. Bugiel, S., Nrnberger, S., Pppelmann, T., Sadeghi, A.-R., Schneider, T.: AmazonIA: when elasticity snaps back. In: Proceedings of the 2011 ACM CCS (2011)

    Google Scholar 

  35. Kruegel, C., Mutz, D., Robertson, W., Valeur, F.: Bayesian event classification for intrusion detection. In:19th Annual Computer Security Applications Conference (ACSAC) (2003)

    Google Scholar 

Download references

Acknowledgements

This work was supported by ARO W911NF-09-1-0525 (MURI), NSF CNS-1223710, NSF CNS-1422594, ARO W911NF-13-1-0421 (MURI), and AFOSR W911NF1210055.

Author information

Authors and Affiliations

  1. The Pennsylvania State University, University Park, State College, PA, 16802, USA

    Xiaoyan Sun & Peng Liu

  2. California State University, Sacramento, CA, 95819, USA

    Jun Dai

  3. National Institute of Standards and Technology, Gaithersburg, MD, 20899, USA

    Anoop Singhal

Authors
  1. Xiaoyan Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jun Dai
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Anoop Singhal
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Peng Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xiaoyan Sun .

Editor information

Editors and Affiliations

  1. CAS, Institute of Information Engineering CAS, Beijing, China

    Jing Tian

  2. Institute of Information Engineering, CAS, Beijing, China

    Jiwu Jing

  3. IBM Thomas J. Watson Research Center, New York, New York, USA

    Mudhakar Srivatsa

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Sun, X., Dai, J., Singhal, A., Liu, P. (2015). Inferring the Stealthy Bridges Between Enterprise Network Islands in Cloud Using Cross-Layer Bayesian Networks. In: Tian, J., Jing, J., Srivatsa, M. (eds) International Conference on Security and Privacy in Communication Networks. SecureComm 2014. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 152. Springer, Cham. https://doi.org/10.1007/978-3-319-23829-6_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-23829-6_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-23828-9

  • Online ISBN: 978-3-319-23829-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics