skip to main content
10.1145/2590296.2590310acmconferencesArticle/Chapter ViewAbstractPublication Pagesasia-ccsConference Proceedingsconference-collections
short-paper

Cyber defenses for physical attacks and insider threats in cloud computing

Published: 04 June 2014 Publication History

Abstract

In cloud computing, most of the computations and data in the data center do not belong to the cloud provider. This leaves owners of applications and data concerned about cyber and physical attacks which may compromise the confidentiality, integrity or availability of their applications or data. While much work has looked at protection from software (cyber) threats, very few have looked at physical attacks and physical security in data centers. In this work, we present a novel set of cyber defense strategies for physical attacks in data centers. We capitalize on the fact that physical attackers are constrained by the physical layout and other features of a data center which provide a time delay before an attacker can reach a server to launch a physical attack, even by an insider. We describe how a number of cyber defense strategies can be activated when an attack is detected, some of which can even take effect before the actual attack occurs. The defense strategies provide improved security and are more cost-effective than always-on protections in the light of the fact that on average physical attacks will not happen often -- but can be very damaging when they do occur.

References

[1]
Amazon EC2 Instance Types. http://aws.amazon.com/ec2/instance-types/.
[2]
The Apache HTTP Server Project. http://httpd.apache.org/.
[3]
D. Champagne and R. B. Lee. Scalable architectural support for trusted software. In Proceedings of the International Symposium on High Performance Computer Architecture, HPCA, pages 1 --12, January 2010.
[4]
W. Dawoud, I. Takouna, and C. Meinel. Infrastructure as a Service Security: Challenges and Solutions. In Proceedings of the International Conference on Informatics and Systems, INFOS, March 2010.
[5]
Dbench filesystem benchmark. http://dbench.samba.org/.
[6]
J. S. Dwoskin and R. B. Lee. Hardware-rooted trust for secure key management and transient trust. In Proceedings of the ACM Conference on Computer and Communications Security, CCS, pages 389--400, October 2007.
[7]
Faban Harness and Benchmark Framework. http://java.net/projects/faban/.
[8]
L. J. Fennelly. Effective Physical Security. Butterworth-Heinemann, 3rd edition, 2003.
[9]
GlassFish - Open Source Application Server. http://glassfish.java.net/.
[10]
J. A. Halderman, S. D. Schoen, N. Heninger, W. Clarkson, W. Paul, J. A. Calandrino, A. J. Feldman, J. Appelbaum, and E. W. Felten. Lest we remember: cold-boot attacks on encryption keys. Communications of ACM, 52(5):91--98, May 2009.
[11]
S. Heare. Data Center Physical Security Checklist. Technical report, SANS Institute, December 2001. http://www.sans.org/.
[12]
K. J. Higgins. The 10 Most Overlooked Aspects of Security, November 2006. http://www.darkreading.com/security/application-security/208808177/the-10-most-overlooked-aspects-of-security.html.
[13]
D. Huang, D. Ye, Q. He, J. Chen, and K. Ye. Virt-lm: a benchmark for live migration of virtual machine. In Proceedings of the International Conference on Performance Engineering, ICPE, pages 307--316, March 2011.
[14]
S. Jajodia, A. K. Ghosh, V. Swarup, C. Wang, and X. S. Wang, editors. Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats. Springer, 2011.
[15]
R. B. Lee, P. Kwan, J. P. McGregor, J. Dwoskin, and Z. Wang. Architecture for protecting critical secrets in microprocessors. In Proceedings of the International Symposium on Computer Architecture, ISCA, pages 2--13, June 2005.
[16]
mstone multi-protocol testing system. http://sourceforge.net/projects/mstone/.
[17]
OpenStack. OpenStack Compute: An Overview.
[18]
D. Perez-Botero. Pwnetizer: Improving Availability in Cloud Computing Through Fast Cloning and I/O Randomization. Master's Thesis, Princeton University, Princeton, NJ, 2013.
[19]
S. D. Scalet. 19 Ways to Build Physical Security into a Data Center. http://www.csoonline.com/.
[20]
J. S. Schultz. Should you trust mint.com? From New York Times http://bucks.blogs.nytimes.com/2010/07/06/should-you-trust-mint-com/?_r=0.
[21]
smtp-sink(1) - Linux man page. http://linux.die.net/man/1/smtp-sink.
[22]
G. E. Suh, D. Clarke, B. Gassend, M. van Dijk, and S. Devadas. Aegis: architecture for tamper-evident and tamper-resistant processing. In Proceedings of the Annual International Conference on Supercomputing, ICS, pages 160--171, June 2003.
[23]
SysBench: a system performance benchmark. http://sysbench.sourceforge.net/.
[24]
J. Szefer, P. Jamkhedkar, Y.-Y. Chen, and R. B. Lee. Physical Attack Protection with Human-Secure Virtualization in Data Centers. In Workshop on Open Resilient human-aware Cyber-physical Systems, WORCS, June 2012.
[25]
TrueCrypt - Free Open-Source On-The-Fly Disk Encryption Software. http://www.truecrypt.org/.
[26]
VLC media player. http://www.videolan.org.
[27]
M. E. Whitman and H. J. Mattord. Principles of Information Security. Cengage Learning, 2011.
[28]
Wireshark: the world's foremost network protocol analyzer. http://www.wireshark.org/.

Cited By

View all
  • (2022)A Cognitive Deception Model for Generating Fake Documents to Curb Data Exfiltration in Networks During Cyber-AttacksIEEE Access10.1109/ACCESS.2022.316662810(41457-41476)Online publication date: 2022
  • (2019)Supporting security sensitive tenants in a bare-metal cloudProceedings of the 2019 USENIX Conference on Usenix Annual Technical Conference10.5555/3358807.3358856(587-602)Online publication date: 10-Jul-2019
  • (2019)Hacking and Countermeasures in the CloudSecurity, Privacy, and Digital Forensics in the Cloud10.1002/9781119053385.ch6(129-141)Online publication date: 8-Feb-2019
  • Show More Cited By

Index Terms

  1. Cyber defenses for physical attacks and insider threats in cloud computing

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      ASIA CCS '14: Proceedings of the 9th ACM symposium on Information, computer and communications security
      June 2014
      556 pages
      ISBN:9781450328005
      DOI:10.1145/2590296
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Sponsors

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 04 June 2014

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. cloning
      2. cloud computing
      3. data center security
      4. insider threats
      5. migration
      6. physical attacks

      Qualifiers

      • Short-paper

      Conference

      ASIA CCS '14
      Sponsor:

      Acceptance Rates

      ASIA CCS '14 Paper Acceptance Rate 50 of 255 submissions, 20%;
      Overall Acceptance Rate 418 of 2,322 submissions, 18%

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)40
      • Downloads (Last 6 weeks)1
      Reflects downloads up to 19 Feb 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2022)A Cognitive Deception Model for Generating Fake Documents to Curb Data Exfiltration in Networks During Cyber-AttacksIEEE Access10.1109/ACCESS.2022.316662810(41457-41476)Online publication date: 2022
      • (2019)Supporting security sensitive tenants in a bare-metal cloudProceedings of the 2019 USENIX Conference on Usenix Annual Technical Conference10.5555/3358807.3358856(587-602)Online publication date: 10-Jul-2019
      • (2019)Hacking and Countermeasures in the CloudSecurity, Privacy, and Digital Forensics in the Cloud10.1002/9781119053385.ch6(129-141)Online publication date: 8-Feb-2019
      • (2017)MITIS - An Insider Threats Mitigation Framework for Information SystemsFuture Data and Security Engineering10.1007/978-3-319-70004-5_29(407-415)Online publication date: 1-Nov-2017
      • (2016)Optimal response to computer network threats2016 8th International Symposium on Telecommunications (IST)10.1109/ISTEL.2016.7881919(729-734)Online publication date: Sep-2016
      • (2015)Security Aspects of SDMNSoftware Defined Mobile Networks (SDMN)10.1002/9781118900253.ch18(331-357)Online publication date: 19-Jun-2015

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media