An Approach for Adaptive Security of Cloud Applications within the ATMOSPHERE Platform
Resumo
Self-protecting systems can reduce response time to known attacks by automating decision-making processes in security operations. This paper briefly describes the ATMOSPHERE platform for monitoring and enforcement of trustworthiness in cloud systems, as well as proposes a way to enhance its Trustworthiness Monitoring & Assessment framework (responsible for analyzing and planning adaptation actions) in order to instantiate the concept of adaptive security for self-protecting cloud infrastructures and applications. The paper approaches adaptive security based upon adaptive Web Application Firewalls, and enhances a software-based, feedback control loop (named MAPE-K) for monitoring and analysis of security events, as well as the planning and execution of adaptation actions for securing cloud applications. This is a work in progress, currently under development, to be integrated to ATMOSPHERE's framework.Referências
Arnautov, S., Trach, B., Gregor, F., Knauth, T., Martin, A., Priebe, C., Lind, J., Muthukumaran, D., O'keeffe, D., Stillwell, M., et al. (2016). Scone: Secure linux containers with intel sgx. In OSDI, volume 16, pages 689–703.
ATMOSPHERE (2018a). Adaptive, trustworthy, manageable, orchestrated, secure, privacy-assuring hybrid, ecosystem for resilient cloud computing. URL: https://www.atmosphere-eubrazil.eu/project.
ATMOSPHERE (2018b). Trustworthiness monitoring & assessment framework. URL: https://github.com/eubr-atmosphere/tma-framework.
Brun, Y., Serugendo, G. D. M., Gacek, C., Giese, H., Kienle, H., Litoiu, M., Müller, H., Pezzé, M., and Shaw, M. (2009). Engineering self-adaptive systems through feedback loops. In Software engineering for self-adaptive systems, pages 48–70. Springer.
Folini, C. and Ristiíc, I. (2017). ModSecurity Handbook. Feisty Duck.
IBM (2006). An architectural blueprint for autonomic computing. Technical report, IBM.
Kephart, J. (2011). Autonomic Computing: The First Decade. Proceedings of the 8th ACM International Conference on Autonomic Computing, pages 1–2.
Kephart, J. and Chess, D. (2003). The vision of autonomic computing. Computer, 36(1):41–50.
Lalanda, P., McCann, J., and Diaconescu, A. (2013). Autonomic Comp. Springer.
Pearson, S. and Yee, G. (2013). Priv. and Sec. for Cloud Comp. Springer.
Project, O. M. C. (2019). Owasp modsecurity core rule set. URL: https://coreruleset.org.
Ristic, I. (2005). Apache security. O'Reilly Media.
Trustwave and contributors (2019). Open source web application firewall. URL: http://www.modsecurity.org.
Tziakouris, G., Bahsoon, R., and Babar, M. A. (2018). A survey on self-adaptive security for large-scale open environments. ACM Computing Surveys, 51(5):100:1–100:42.
Vacca, J. (2017). Security in the Private Cloud. CRC press.
Wang, T., Xu, J., Zhang, W., Gu, Z., and Zhong, H. (2018). Self-adaptive cloud monitoring with online anomaly detection. Future Generation Computer Systems, 80:89–101.
ATMOSPHERE (2018a). Adaptive, trustworthy, manageable, orchestrated, secure, privacy-assuring hybrid, ecosystem for resilient cloud computing. URL: https://www.atmosphere-eubrazil.eu/project.
ATMOSPHERE (2018b). Trustworthiness monitoring & assessment framework. URL: https://github.com/eubr-atmosphere/tma-framework.
Brun, Y., Serugendo, G. D. M., Gacek, C., Giese, H., Kienle, H., Litoiu, M., Müller, H., Pezzé, M., and Shaw, M. (2009). Engineering self-adaptive systems through feedback loops. In Software engineering for self-adaptive systems, pages 48–70. Springer.
Folini, C. and Ristiíc, I. (2017). ModSecurity Handbook. Feisty Duck.
IBM (2006). An architectural blueprint for autonomic computing. Technical report, IBM.
Kephart, J. (2011). Autonomic Computing: The First Decade. Proceedings of the 8th ACM International Conference on Autonomic Computing, pages 1–2.
Kephart, J. and Chess, D. (2003). The vision of autonomic computing. Computer, 36(1):41–50.
Lalanda, P., McCann, J., and Diaconescu, A. (2013). Autonomic Comp. Springer.
Pearson, S. and Yee, G. (2013). Priv. and Sec. for Cloud Comp. Springer.
Project, O. M. C. (2019). Owasp modsecurity core rule set. URL: https://coreruleset.org.
Ristic, I. (2005). Apache security. O'Reilly Media.
Trustwave and contributors (2019). Open source web application firewall. URL: http://www.modsecurity.org.
Tziakouris, G., Bahsoon, R., and Babar, M. A. (2018). A survey on self-adaptive security for large-scale open environments. ACM Computing Surveys, 51(5):100:1–100:42.
Vacca, J. (2017). Security in the Private Cloud. CRC press.
Wang, T., Xu, J., Zhang, W., Gu, Z., and Zhong, H. (2018). Self-adaptive cloud monitoring with online anomaly detection. Future Generation Computer Systems, 80:89–101.
Publicado
02/09/2019
Como Citar
DA SILVA, Jorge; BRAGA, Alexandre; RUBIRA, Cecília; DAHAB, Ricardo.
An Approach for Adaptive Security of Cloud Applications within the ATMOSPHERE Platform. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 19. , 2019, São Paulo.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2019
.
p. 397-402.
DOI: https://doi.org/10.5753/sbseg.2019.13988.