Practical Byzantine fault tolerance
OSDI '99 Proceedings of the third symposium on Operating systems design and implementation
The Byzantine Generals Problem
ACM Transactions on Programming Languages and Systems (TOPLAS)
The SAHARA Model for Service Composition across Multiple Providers
Pervasive '02 Proceedings of the First International Conference on Pervasive Computing
The Eigentrust algorithm for reputation management in P2P networks
WWW '03 Proceedings of the 12th international conference on World Wide Web
QoS-Assured Service Composition in Managed Service Overlay Networks
ICDCS '03 Proceedings of the 23rd International Conference on Distributed Computing Systems
Towards Standardized Web Services Privacy Technologies
ICWS '04 Proceedings of the IEEE International Conference on Web Services
BIND: A Fine-Grained Attestation Service for Secure Distributed Systems
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems
Proceedings of the twentieth ACM symposium on Operating systems principles
Securing publish-subscribe overlay services with EventGuard
Proceedings of the 12th ACM conference on Computer and communications security
A Framework for Building Privacy-Conscious Composite Web Services
ICWS '06 Proceedings of the IEEE International Conference on Web Services
Netprobe: a fast and scalable system for fraud detection in online auction networks
Proceedings of the 16th international conference on World Wide Web
MapReduce: simplified data processing on large clusters
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Dryad: distributed data-parallel programs from sequential building blocks
Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007
Zyzzyva: speculative byzantine fault tolerance
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
PeerReview: practical accountability for distributed systems
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Integrity auditing of outsourced data
VLDB '07 Proceedings of the 33rd international conference on Very large data bases
TVDc: managing security in the trusted virtual datacenter
ACM SIGOPS Operating Systems Review
SPADE: the system s declarative stream processing engine
Proceedings of the 2008 ACM SIGMOD international conference on Management of data
HAIL: a high-availability and integrity layer for cloud storage
Proceedings of the 16th ACM conference on Computer and communications security
Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds
Proceedings of the 16th ACM conference on Computer and communications security
Dynamic provable data possession
Proceedings of the 16th ACM conference on Computer and communications security
Fides: remote anomaly-based cheat detection using client emulation
Proceedings of the 16th ACM conference on Computer and communications security
Towards secure dataflow processing in open distributed systems
Proceedings of the 2009 ACM workshop on Scalable trusted computing
RunTest: assuring integrity of dataflow processing in cloud computing infrastructures
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Computer meteorology: monitoring compute clouds
HotOS'09 Proceedings of the 12th conference on Hot topics in operating systems
HyperSentry: enabling stealthy in-context measurement of hypervisor integrity
Proceedings of the 17th ACM conference on Computer and communications security
On verifying stateful dataflow processing services in large-scale cloud systems
Proceedings of the 17th ACM conference on Computer and communications security
Byzantine Modification Detection in Multicast Networks With Random Network Coding
IEEE Transactions on Information Theory
Hi-index | 0.00 |
Cloud systems provide a cost-effective service hosting infrastructure for application service providers (ASPs). However, cloud systems are often shared by multiple tenants from different security domains, which makes them vulnerable to various malicious attacks. Moreover, cloud systems often host long-running applications such as massive data processing, which provides more opportunities for attackers to exploit the system vulnerability and perform strategic attacks. In this paper, we present AdapTest, a novel adaptive data-driven runtime service integrity attestation framework for multi-tenant cloud systems. AdapTest can significantly reduce attestation overhead and shorten detection delay by adaptively selecting attested nodes based on dynamically derived trust scores. Our scheme treats attested services as black-boxes and does not impose any special hardware or software requirements on the cloud system or ASPs. We have implemented AdapTest on top of the IBM System S stream processing system and tested it within a virtualized computing cluster. Our experimental results show that AdapTest can reduce attestation overhead by up to 60% and shorten the detection delay by up to 40% compared to previous approaches.