Monitoramento Seguro de Métricas de Nível de Serviço em Nuvem
Resumo
A computação em nuvem é amplamente adotada pelas empresas devido à escalabilidade, disponibilidade e flexibilidade que oferece, porém, a gestão de custos e a segurança dos dados são preocupações relevantes nesse contexto. Os Acordos de Nível de Serviço (SLA Service Level Agreement) unem o tema de gestão de custos e confidencialidade de dados. O monitoramento do nível do serviço oferecido, contudo, é realizado pelo próprio provedor de nuvem, e ao cliente não há garantia da integridade dos dados coletados. Este trabalho propõe um sistema de monitoramento em nuvem de métricas de qualidade de serviço que garante que os dados coletados não foram manipulados durante o monitoramento. Para tal, é sugerido um modelo de ameaças, uma arquitetura de monitoramento que usa tecnologias de hardware para execução segura. Foi construído um protótipo da arquitetura proposta, para estimar sua viabilidade para garantir o monitoramento íntegro e confidencial de métricas de SLA na nuvem. Os resultados deste estudo mostram que, a despeito da sobrecarga imposta pelo ambiente de execução segura ao desempenho do sistema, ele ainda é viável no que foi proposto.
Referências
Alhamad, M., Dillon, T., and Chang, E. (2011). A survey on SLA and performance measurement in cloud computing. In Confederated Intl Conferences: CoopIS, DOA-SVI, and ODBASE, pages 469–477. Springer.
Alhamazani, K., Ranjan, R., Mitra, K., Jayaraman, P., Huang, Z., Wang, L., and Rabhi, F. (2014). Clams: Cross-layer multi-cloud application monitoring-as-a-service framework. In Intl Conference on Services Computing, pages 283–290. IEEE.
Arnautov, S., Trach, B., Gregor, F., Knauth, et al. (2016). SCONE: Secure linux containers with Intel SGX. In 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI), pages 689–703.
Badshah, A., Jalal, A., Farooq, U., Rehman, G.-U., Band, S. S., and Iwendi, C. (2023). Service level agreement monitoring as a service: an independent monitoring service for service level agreements in clouds. Big Data, 11(5):339–354.
Birje, M. N. and Bulla, C. (2019). Cloud monitoring system: basics, phases and challenges. Intl Journal of Recent Technology Engineering (IJRTE), 8(3):4732–4746.
Brito, A., Souza, C., Silva, F., Cavalcante, L., and Silva, M. (2020). Processamento confidencial de dados de sensores na nuvem. In Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg).
Costan, V. and Devadas, S. (2016). Intel SGX explained. Cryptology ePrint Archive.
Curvelo, J. P. (2025). Monitoramento Seguro de Métricas de Nível de Serviço em Nuvem. [link].
De Carvalho, C., de Castro Andrade, R., de Castro, M., Coutinho, E., and Agoulmine, N. (2017). State of the art and challenges of security SLA for cloud computing. Computers & Electrical Engineering, 59:141–152.
Docker (2024). REDIS oficial images. [link].
Dong, C., Shen, Q., Ding, X., Yu, D., Luo, W., Wu, P., and Wu, Z. (2023). T-counter: Trustworthy and efficient CPU resource measurement using SGX in the cloud. IEEE Transactions on Dependable and Secure Computing.
Jain, P., Desai, S., Shih, M.-W., Kim, T., Kim, S., Lee, J.-H., Choi, C., Shin, Y., Kang, B., and Han, D. (2016). OpenSGX: An open platform for SGX research. In Network and Distributed System Security Symposium (NDSS), volume 16, pages 21–24.
Jamous, N., Volk, M., Barouqa, H., Ghnaim, F., and Turk, T. (2020). Towards smart service level agreement (SSLA) using blockchain. In Pacific Asia Conf. on Information Systems.
Leach, P., Mealling, M., and Salz, R. (2005). RFC 4122: A universally unique identifier (UUID) URN namespace.
Liu, H. (2011). A measurement study of server utilization in public clouds. In 9th Intl Conference on Dependable, Autonomic and Secure Computing, pages 435–442. IEEE.
Loch, W., Koslovski, G., Pillon, M., Miers, C., and Pasin, M. (2021). A novel blockchain protocol for selecting microservices providers and auditing contracts. The Journal of Systems & Software.
Lucas, P., Chappuis, K., Paolino, M., Dagieu, N., and Raho, D. (2017). Vosysmonitor, a low latency monitor layer for mixed-criticality systems on ARMv8-A. In 29th Euromicro Conference on Real-Time Systems (ECRTS).
Nguyen, H. and Ganapathy, V. (2017). Engarde: mutually-trusted inspection of SGX enclaves. In 37th Intl Conference on Distributed Computing Systems (ICDCS), pages 2458–2465. IEEE.
Oleksenko, O., Trach, B., Krahn, R., Silberstein, M., and Fetzer, C. (2018). Varys: Protecting SGX enclaves from practical Side-Channel attacks. In USENIX Annual Technical Conference, pages 227–240, Boston, MA. USENIX Association.
Park, J., Kang, S., Lee, S., Kim, T., Park, J., Kwon, Y., and Huh, J. (2024). Hardware-hardened sandbox enclaves for trusted serverless computing. ACM Transactions on Architecture and Code Optimization, 21(1):1–25.
Robin, J. S. and Irvine, C. E. (2000). Analysis of the Intel Pentium’s ability to support a secure virtual machine monitor. In 9th USENIX Security Symposium.
Scontain (2024a). Installing intel SGX Driver - determine SGX device. [link].
Scontain (2024b). Scone file protection. [link].
Siriwardena, P. (2014). Mutual authentication with TLS. Advanced API Security: Securing APIs with OAuth 2.0, OpenID Connect, JWS, and JWE, pages 47–58.
Solis, T. (2022). Adicionando segurança, proveniência e gerenciamento de dados demográficos ao OpenEHR. Dissertação de mestrado, Universidade Federal do Paraná.
Tharunya, S., Divya, M., and Shunmuganathan, K. (2016). A multi-agent based query processing system using RETSINA with intelligent agents in cloud environment. In Intl Conference on Computing Technologies and Intelligent Data Engineering (ICCTIDE), pages 1–6. IEEE.
Zhan, D., Tan, K., Ye, L., Yu, H., and Liu, H. (2021). Container introspection: using external management containers to monitor containers in cloud computing. Computers, Materials & Continua, 69(3):3783–3794.
Zhao, W., Lu, K., Qi, Y., and Qi, S. (2020). MPTEE: bringing flexible and efficient memory protection to Intel SGX. In 5th European Conference on Computer Systems (EuroSys), New York, NY, USA. ACM.
Alhamazani, K., Ranjan, R., Mitra, K., Jayaraman, P., Huang, Z., Wang, L., and Rabhi, F. (2014). Clams: Cross-layer multi-cloud application monitoring-as-a-service framework. In Intl Conference on Services Computing, pages 283–290. IEEE.
Arnautov, S., Trach, B., Gregor, F., Knauth, et al. (2016). SCONE: Secure linux containers with Intel SGX. In 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI), pages 689–703.
Badshah, A., Jalal, A., Farooq, U., Rehman, G.-U., Band, S. S., and Iwendi, C. (2023). Service level agreement monitoring as a service: an independent monitoring service for service level agreements in clouds. Big Data, 11(5):339–354.
Birje, M. N. and Bulla, C. (2019). Cloud monitoring system: basics, phases and challenges. Intl Journal of Recent Technology Engineering (IJRTE), 8(3):4732–4746.
Brito, A., Souza, C., Silva, F., Cavalcante, L., and Silva, M. (2020). Processamento confidencial de dados de sensores na nuvem. In Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg).
Costan, V. and Devadas, S. (2016). Intel SGX explained. Cryptology ePrint Archive.
Curvelo, J. P. (2025). Monitoramento Seguro de Métricas de Nível de Serviço em Nuvem. [link].
De Carvalho, C., de Castro Andrade, R., de Castro, M., Coutinho, E., and Agoulmine, N. (2017). State of the art and challenges of security SLA for cloud computing. Computers & Electrical Engineering, 59:141–152.
Docker (2024). REDIS oficial images. [link].
Dong, C., Shen, Q., Ding, X., Yu, D., Luo, W., Wu, P., and Wu, Z. (2023). T-counter: Trustworthy and efficient CPU resource measurement using SGX in the cloud. IEEE Transactions on Dependable and Secure Computing.
Jain, P., Desai, S., Shih, M.-W., Kim, T., Kim, S., Lee, J.-H., Choi, C., Shin, Y., Kang, B., and Han, D. (2016). OpenSGX: An open platform for SGX research. In Network and Distributed System Security Symposium (NDSS), volume 16, pages 21–24.
Jamous, N., Volk, M., Barouqa, H., Ghnaim, F., and Turk, T. (2020). Towards smart service level agreement (SSLA) using blockchain. In Pacific Asia Conf. on Information Systems.
Leach, P., Mealling, M., and Salz, R. (2005). RFC 4122: A universally unique identifier (UUID) URN namespace.
Liu, H. (2011). A measurement study of server utilization in public clouds. In 9th Intl Conference on Dependable, Autonomic and Secure Computing, pages 435–442. IEEE.
Loch, W., Koslovski, G., Pillon, M., Miers, C., and Pasin, M. (2021). A novel blockchain protocol for selecting microservices providers and auditing contracts. The Journal of Systems & Software.
Lucas, P., Chappuis, K., Paolino, M., Dagieu, N., and Raho, D. (2017). Vosysmonitor, a low latency monitor layer for mixed-criticality systems on ARMv8-A. In 29th Euromicro Conference on Real-Time Systems (ECRTS).
Nguyen, H. and Ganapathy, V. (2017). Engarde: mutually-trusted inspection of SGX enclaves. In 37th Intl Conference on Distributed Computing Systems (ICDCS), pages 2458–2465. IEEE.
Oleksenko, O., Trach, B., Krahn, R., Silberstein, M., and Fetzer, C. (2018). Varys: Protecting SGX enclaves from practical Side-Channel attacks. In USENIX Annual Technical Conference, pages 227–240, Boston, MA. USENIX Association.
Park, J., Kang, S., Lee, S., Kim, T., Park, J., Kwon, Y., and Huh, J. (2024). Hardware-hardened sandbox enclaves for trusted serverless computing. ACM Transactions on Architecture and Code Optimization, 21(1):1–25.
Robin, J. S. and Irvine, C. E. (2000). Analysis of the Intel Pentium’s ability to support a secure virtual machine monitor. In 9th USENIX Security Symposium.
Scontain (2024a). Installing intel SGX Driver - determine SGX device. [link].
Scontain (2024b). Scone file protection. [link].
Siriwardena, P. (2014). Mutual authentication with TLS. Advanced API Security: Securing APIs with OAuth 2.0, OpenID Connect, JWS, and JWE, pages 47–58.
Solis, T. (2022). Adicionando segurança, proveniência e gerenciamento de dados demográficos ao OpenEHR. Dissertação de mestrado, Universidade Federal do Paraná.
Tharunya, S., Divya, M., and Shunmuganathan, K. (2016). A multi-agent based query processing system using RETSINA with intelligent agents in cloud environment. In Intl Conference on Computing Technologies and Intelligent Data Engineering (ICCTIDE), pages 1–6. IEEE.
Zhan, D., Tan, K., Ye, L., Yu, H., and Liu, H. (2021). Container introspection: using external management containers to monitor containers in cloud computing. Computers, Materials & Continua, 69(3):3783–3794.
Zhao, W., Lu, K., Qi, Y., and Qi, S. (2020). MPTEE: bringing flexible and efficient memory protection to Intel SGX. In 5th European Conference on Computer Systems (EuroSys), New York, NY, USA. ACM.
Publicado
01/09/2025
Como Citar
CURVELO, João Pedro; MAZIERO, Carlos Alberto.
Monitoramento Seguro de Métricas de Nível de Serviço em Nuvem. In: SIMPÓSIO BRASILEIRO DE CIBERSEGURANÇA (SBSEG), 25. , 2025, Foz do Iguaçu/PR.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 643-658.
DOI: https://doi.org/10.5753/sbseg.2025.9683.
