Abstract:
The ever-evolving nature of the threat landscape in clouds means that hackers and infrastructure defenders are constantly playing a game of cat and mouse. As newer and mo...View moreMetadata
Abstract:
The ever-evolving nature of the threat landscape in clouds means that hackers and infrastructure defenders are constantly playing a game of cat and mouse. As newer and more dangerous vulnerabilities surface each day, software developers and IT security specialists find it increasingly more difficult to keep attackers at bay. This is particularly true in cases where the Window of Vulnerability (WoV) spans multiple days or requires a developer patch or a major vendor update. Making matters worse are tenants with poor security hygiene due to lack of awareness or plain laziness. To remedy these and other similar security woes in multi-tenant clouds, we propose that wherever possible, Cloud Service Providers deploy virtual defenses based on individual tenant needs. The proposed fabric clones the entire deployment and scans the copy for any and all vulnerabilities. The discovered flaws are assessed in a machine learning engine and corresponding defenses are instantiated to prevent attackers from exploiting the vulnerabilities. For, newly announced bugs and flaws, a virtual patch is deployed inside a proxy appliance (till the time an official solution is published). The goal is to make the pipeline fully automated and the defenses completely oblivious to the users. The proposed fabric has the potential to minimize security concerns of customers and can be offered as a service on a pay-per use basis.
Published in: IEEE INFOCOM 2019 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)
Date of Conference: 29 April 2019 - 02 May 2019
Date Added to IEEE Xplore: 23 September 2019
ISBN Information: