Abstract
The ever-increasing number and gravity of cyberattacks against the cloud's assets, together with the introduction of new technologies, have brought about many severe cloud security issues. The main challenge is finding effective mechanisms for constructing dynamic isolation boundaries for securing cloud assets at different cloud infrastructure levels. Our security architecture tackles these issues by introducing a policy-driven interaction model. The model is governed by cloud system security policies and constrained by cloud interacting entities' locations and levels. Security policies are used to construct security boundaries between cloud objects at their interaction level. The novel interaction model relies on its unique parameters to develop an agile detection and prediction mechanism of security threats against cloud resources. The proposed policy-based interaction model and its interaction security algorithms are developed to protect cloud resources. The model deals with external and internal interactions among entities representing diverse participating elements of different complexity levels in a cloud environment. We build a security controller and simulate various scenarios for testing the proposed interaction model and security algorithms.
Introduction
Security issues in a virtual cloud environment are more complex and challenging than in traditional infrastructures since resources are both virtualised and shared among numerous users. As a result, virtual boundaries among components or participants are not well defined and often undefined, and hence they not visible or controllable by the providers. In a multi-tenant cloud architecture, isolations are a crucial concept for both security and infrastructure management. They should be considered at functional entity levels and appropriate abstraction levels of the infrastructure. Physical isolation is relatively simple in traditional environments, as the boundaries between physical elements are well-defined and visible. The situation is not clear-cut in virtual environments unless one can keep track of all perimeters of all virtual objects created. Defining object boundaries is extremely difficult because virtual objects are dynamic in both characteristics and functionality. The task is resource-expensive due to the sheer number of virtual objects and the complexity of their dynamics. Building security boundaries is critical not only for recognising security violations but also in creating security solutions.
Practically, a security breach is defined in terms of the policies that define the interactions related to the breach. An event is considered a security breach either when it violates a defined security policy or violates the Confidentiality, Integrity, and Availability of security principles that could have been avoided if a relevant security policy had been in place. According to Kosiur (2001), a policy (or policy rule) is a simple declarative statement associating a policy object with a value and a policy rule. In general, a policy is not easy to work with as, at one extreme, a policy applies to the overall behaviour of a complex organisation (or entity) and, at the other extreme, it applies to a particular action on an element of the organisation, or a specific firewall rule on a network connection. To work with policy, one needs to clearly define the appropriate context in both scope and level; otherwise, it is not very useful or realisable.
In this paper, the policy context is on the interaction between entities with a defined set of interaction parameters. Security breaches primarily result from violations of the rule of interaction (or policy that governs the interaction) between objects when they interact. Unless one has a formal interaction model between objects, it is difficult to detect, predict, or prevent security incidents. The policy-based interaction model defines a security breach as when a security policy is violated over an interaction parameter. It has been recognised that security policies play a crucial role in all secured systems because they define what constitutes a security breach. In other words, security policies define the rules for secure interaction between objects of an environment. Security policies define the desired behaviour of the heterogenous application, systems, networks, and any type of object within the system.
Policies are complex in terms of definition and implementation in a distributed cloud infrastructure where resources are shared and dynamically changed. Different policies are often constructed for different architectural levels of a system, together with enforcement mechanisms. The ever-increasing number of virtual functions and the dynamic nature of cloud resources introduce more complexity in defining and enforcing security policies. Enforcing security policies at the interaction level enables system agility in detecting security breaches in cloud infrastructure. The policy-based interaction model is appropriate to impose and enforce dynamic, secure interactions among entities.
In this paper, we construct security boundaries dynamically at the interaction level between entities using the security policies or rules over a proposed interaction model parameter and the constraints imposed on the interacting entities. The construction of security boundaries in a cloud system is related to the characteristics of the interacting entities in the environment and the policies and constraints that govern their interaction. Our design focuses on building a robust, dynamic, and automated security boundary to protect cloud assets relying on a solid and innovative interaction model and security policy expressions that govern the interactions. A security boundary is thus a function or an expression that defines valid interactions among cloud entities.
The paper focuses on constructing security boundaries according to the interaction model and its parameters, object constraints, and dynamic security rules related to interaction parameters. We introduce a policy-driven interaction model that governs the relationship among entities in the cloud environment and develops algorithms to detect and predict security breaches. The interaction model is defined by parameters that control activities among components or entities in a cloud system. The model provides a framework for incorporating system security policies and entity constraints in constructing interaction boundaries and defining a security dictionary of expected/unexpected behaviour of cloud entities while accessing resources in the cloud environment. The main contributions of this research are:
-
We propose a novel policy-driven interaction model that governs the interactions among entities in a cloud environment. According to our best knowledge, this is the first approach to use interaction parameters for building dynamic and automated security boundaries.
-
We deploy an automatic detection and prediction algorithm called interaction security violation detection and prediction (ISVDP) to identify security breaches related to interaction parameters. The algorithm also maps out possible future attacks based on expected violations of the currently defined interaction parameters.
-
We evaluate the proposed model and algorithms by implementing and simulating various interaction scenarios among cloud entities.
The paper is organised as follows. We first describe related work. We then briefly introduce the cloud object model and components used for the interaction model. After that, we describe the proposed general interaction model and its parameters. Building on the general interaction model, we then describe the security policy-based interaction model. We can then introduce our ISVDP algorithms, which we evaluate by simulating various interaction scenarios. Finally, we provide a conclusion.
Please refer to PDF download for full paper.