skip to main content
10.1145/3368235.3368875acmconferencesArticle/Chapter ViewAbstractPublication PagesuccConference Proceedingsconference-collections
research-article

Techniques for Mutual Auditability in a Cloud Environment

Published: 02 December 2019 Publication History

Abstract

Mutual auditability offers visibility between a cloud service provider (CSP) and cloud service customer (CSC), informing both of the risks posed by their association with the other. In this work, we develop and experiment with two systems designed to enable such auditability: a specialized network-based intrusion detection system (NIDS) implementation, traditional-based intrusion system (TBIS), that gives CSPs insight into the malicious activity by clients' virtual machines (VMs) without undermining the CSC's privacy, and a complementary system, hypervisor-based intrusion system (HBIS), that provides visibility into malicious activities of co-resident CSCs by detecting side channel attacks. In order to ensure that our design does not introduce new vulnerabilities into the cloud environment, we examine the potential of using these auditing tools as attack vectors themselves and potential mitigations if such vulnerabilities are found.

References

[1]
Giuseppe Ateniese, Randal Burns, Reza Curtmola, Joseph Herring, Lea Kissner, Zachary Peterson, and Dawn Song. 2007. Provable Data Possession at Untrusted Stores. In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS '07). ACM, New York, NY, 598--609. https://doi.org/10.1145/1315245.1315318
[2]
Stefan Axelsson. 1999. The Base-Rate Fallacy and its Implications for the Difficulty of Intrusion Detection. In Proceedings of the 6th ACM Conference on Computer and Communications Security (CCS '99). ACM, New York, NY, 1--7. https://doi.org/10.1145/319709.319710
[3]
Antonio Barresi, Kaveh Razavi, Mathias Payer, and Thomas R. Gross. 2015. CAIN: Silently Breaking ASLR in the Cloud. In 9th USENIX Workshop on Offensive Technologies (WOOT '15). USENIX Association, Washington, DC.
[4]
Sak Bhamornsiri, Robert Guinn, and Richard G Schroeder. 2009. International Implications of the Cost of Compliance with the External Audit Requirements of Section 404 of Sarbanes--Oxley. International Advances in Economic Research, Vol. 15, 1 (2009), 17--29.
[5]
Yanpei Chen, Vern Paxson, and Randy H. Katz. 2010. What's New About Cloud Computing Security? Technical Report UCB/EECS-2010--5. University of California at Berkeley.
[6]
Marco Chiappetta, Erkay Savas, and Cemal Yilmaz. 2016. Real Time Detection of Cache-Based Side-Channel Attacks Using Hardware Performance Counters . Applied Soft Computing, Vol. 49 (2016), 1162--1174. https://doi.org/10.1016/j.asoc.2016.09.014
[7]
Akash Garg and Prachi Maheshwari. 2016. Performance Analysis of Snort-Based Intrusion Detection System. In 2016 3rd International Conference on Advanced Computing and Communication Systems (ICACCS), Vol. 1. IEEE, 1--5. https://doi.org/10.1109/ICACCS.2016.7586351
[8]
Daniel Gruss, Clémentine Maurice, Klaus Wagner, and Stefan Mangard. 2016. Flush
[9]
Flush: a Fast and Stealthy Cache Attack . Proceedings of the 13th Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA '16). Springer International Publishing, 279--299. https://doi.org/10.1007/978--3--319--40667--1_14
[10]
HCPro. 2016. How is your HIPAA Auditing and Compliance Government Entity Doing? Briefings on HIPAA, Vol. 16, 1 (2016), 1--4.
[11]
Taylor Hornby. 2017. Side-Channel Attacks on Everyday Applications: Distinguishing Inputs with FLUSH and RELOAD. (2017).
[12]
Yoongu Kim, Ross Daly, Jeremie Kim, Chris Fallin, Ji Hye Lee, Donghyuk Lee, Chris Wilkerson, Konrad Lai, and Onur Mutlu. 2014. Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors. In Proceeding of the 41st Annual International Symposium on Computer Architecture (ISCA '14). IEEE Press, Piscataway, NJ, 361--372. https://doi.org/10.1145/2678373.2665726
[13]
Mihir Nanavati, Patrick Colp, Bill Aiello, and Andrew Warfield. 2014. Cloud Security: A Gathering Storm . Communications of the ACM, Vol. 57, 5 (May 2014), 70--79. https://doi.org/10.1145/2593686
[14]
Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage. 2009. Hey, You, Get Off Of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS '09). ACM, New York, NY, 199--212. https://doi.org/10.1145/1653662.1653687
[15]
Jungwoo Ryoo, Syed Rizvi, William Aiken, and John Kissell. 2014. Cloud security Auditing: Challenges and Emerging Approaches . IEEE Security & Privacy, Vol. 12, 6 (November 2014), 68--74. https://doi.org/10.1109/MSP.2013.132
[16]
Dave Shackleford. 2015. Orchestrating Security in the Cloud. SANS Institute, InfoSec Reading Room (2015).
[17]
Laura Taylor. 2014. FedRAMP: History and Future Direction . IEEE Cloud Computing, Vol. 1, 3 (September 2014), 10--14. https://doi.org/10.1109/MCC.2014.54
[18]
Eran Tromer, Dag Arne Osvik, and Adi Shamir. 2010. Efficient Cache Attacks on AES, and Countermeasures . Journal of Cryptology, Vol. 23, 1 (January 2010), 37--71. https://doi.org/10.1007/s00145-009--9049-y
[19]
Steve Wright. 2011. PCI DSS A Practical Guide to Implementing and Maintaining Compliance .It Governance Ltd.
[20]
Yuan Xiao, Xiaokuan Zhang, Yinqian Zhang, and Radu Teodorescu. 2016. One Bit Flips, One Cloud Flops: Cross-VM Rowhammer Attacks and Privilege Escalation. In Proceedings of the 25th USENIX Security Symposium (USENIX Security '16). 19--35.
[21]
Yuval Yarom and Katrina Falkner. 2014. FLUSH
[22]
RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack. In 23rd USENIX Security Symposium (USENIX Security '14). 719--732.
[23]
Younis A. Younis, Kashif Kifayat, and Abir Hussain. 2017. Preventing and Detecting Cache Side-Channel Attacks in Cloud Computing. In Proceedings of the Second International Conference on Internet of Things, Data and Cloud Computing (ICC '17). ACM, New York, NY, 83:1--83:8. https://doi.org/10.1145/3018896.3065843
[24]
Tianwei Zhang, Yinqian Zhang, and Ruby B Lee. 2016. CloudRadar: A Real-Time Side-Channel Attack Detection System in Clouds. In International Symposium on Research in Attacks, Intrusions, and Defenses (RAID '16). Springer International Publishing, 118--140. https://doi.org/10.1007/978--3--319--45719--2_6

Cited By

View all
  • (2023)Cloud Security FrameworksProceedings of the IEEE/ACM 16th International Conference on Utility and Cloud Computing10.1145/3603166.3632553(1-6)Online publication date: 4-Dec-2023

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
UCC '19 Companion: Proceedings of the 12th IEEE/ACM International Conference on Utility and Cloud Computing Companion
December 2019
193 pages
ISBN:9781450370448
DOI:10.1145/3368235
© 2019 Association for Computing Machinery. ACM acknowledges that this contribution was authored or co-authored by an employee, contractor or affiliate of the United States government. As such, the United States Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only.

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 December 2019

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. cloud computing
  2. intrusion detection
  3. mutual auditability

Qualifiers

  • Research-article

Conference

UCC '19
Sponsor:

Acceptance Rates

Overall Acceptance Rate 38 of 125 submissions, 30%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)5
  • Downloads (Last 6 weeks)1
Reflects downloads up to 12 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2023)Cloud Security FrameworksProceedings of the IEEE/ACM 16th International Conference on Utility and Cloud Computing10.1145/3603166.3632553(1-6)Online publication date: 4-Dec-2023

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media