The Ponder Policy Specification Language
POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
An Artificial Intelligence Perspective on Autonomic Computing Policies
POLICY '04 Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks
Detecting Stealth Software with Strider GhostBuster
DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Policy-Based Network Management: Solutions for the Next Generation (The Morgan Kaufmann Series in Networking)
Guest Editorial: From intrusion detection to self-protection
Computer Networks: The International Journal of Computer and Telecommunications Networking
iKernel: Isolating Buggy and Malicious Device Drivers Using Hardware Virtualization Support
DASC '07 Proceedings of the Third IEEE International Symposium on Dependable, Autonomic and Secure Computing
The design and implementation of microdrivers
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
The Design of a New Context-Aware Policy Model for Autonomic Networking
ICAC '08 Proceedings of the 2008 International Conference on Autonomic Computing
Multi-Level Intrusion Detection System (ML-IDS)
ICAC '08 Proceedings of the 2008 International Conference on Autonomic Computing
Anatomy of a Real-Time Intrusion Prevention System
ICAC '08 Proceedings of the 2008 International Conference on Autonomic Computing
Virtual Machine Introspection: Observation or Interference?
IEEE Security and Privacy
ACM Transactions on Information and System Security (TISSEC)
HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
HyperSentry: enabling stealthy in-context measurement of hypervisor integrity
Proceedings of the 17th ACM conference on Computer and communications security
Self-Protection in a Clustered Distributed System
IEEE Transactions on Parallel and Distributed Systems
Flying over Mobile Clouds with Security Planes: Select Your Class of SLA for End-to-End Security
UCC '13 Proceedings of the 2013 IEEE/ACM 6th International Conference on Utility and Cloud Computing
Hi-index | 0.00 |
Self-protection has recently raised growing interest as possible element of answer to the cloud computing infrastructure protection challenge. Faced with multiple threats and heterogeneous defense mechanisms, the autonomic approach proposes simpler, stronger, and more efficient cloud security management. Yet, previous solutions fall at the last hurdle as they overlook key features of the cloud, by lack of flexible security policies, cross-layered defense, multiple control granularities, and open security architectures. This paper presents VESPA, a self-protection architecture for cloud infrastructures overcoming such limitations. VESPA is policy-based, and regulates security at two levels, both within and across infrastructure layers. Flexible coordination between self-protection loops allows enforcing a rich spectrum of security strategies such as cross-layer detection and reaction. A multi-plane extensible architecture also enables simple integration of commodity detection and reaction components. Evaluation of a VESPA implementation shows that the design is applicable for effective and flexible self-protection of cloud infrastructures.