Kirill Belyaev

Secure Logging as a Service—Delegating Log Management to the Cloud

Securely maintaining log records over extended periods of time is very important to the proper functioning of any organization. Integrity of the log files and that of the logging process need to be ensured at all times. In addition, as log files often contain sensitive information, confidentiality and privacy of log records are equally important. However, deploying a secure logging infrastructure involves substantial capital expenses that many organizations may find overwhelming. Delegating log management to the cloud appears to be a viable cost saving measure. In this paper, we identify the challenges for a secure cloud-based log management service and propose a framework for doing the same.

Towards Efficient Dissemination and Filtering of XML Data Streams

The vast amounts of data generated in near real-time due to prolific use of sensors, pervasive usage of mobile Internet, and popularity of social media platforms, necessitates the efficient dissemination of the semi-structured streaming data to the consuming applications. Towards this end, we introduce the subscriber-centric XML filtering approach for seamless and efficient XML stream replication/distribution mechanism. The subscriber-centric filtering architecture can be configured to support different topologies in order to support efficient message filtering for a large number of concurrent subscribers. It allows selective filtering on the various nodes that improves efficiency and provides applications with data on a need-to-know basis. Moreover, it supports inter-operability and allows semi-structured streams generated from multiple sources to be filtered. Our XML filtering network consists of decoupled data producers, message transformation agents and XML brokers that can be deployed in conventional data centers as well as in the public cloud environment. We provide detailed performance results of processing filtering queries in several use case scenarios with varying XML message loads and number of nodes involved in the replication/dissemination process. Our results indicate that the subscriber-centric XML filtering architecture is a viable approach for disseminating semi-structured data streams to the various consuming applications.

Towards Access Control for Isolated Applications

With the advancements in contemporary multi-core CPU architectures, it is now possible for a server operating system (OS), such as Linux, to handle a large number of concurrent application services on a single server instance. Individual application components of such services may run in different isolated runtime environments, such as chrooted jails or application containers, and may need access to system resources and the ability to collaborate and coordinate with each other in a regulated and secure manner. We propose an access control framework for policy formulation, management, and enforcement that allows access to OS resources and also permits controlled collaboration and coordination for service components running in disjoint containerized environments under a single Linux OS server instance. The framework consists of two models and the policy formulation is based on the concept of policy classes for ease of administration and enforcement. The policy classes are managed and enforced through a Linux Policy Machine (LPM) that acts as the centralized reference monitor and provides a uniform interface for accessing system resources and requesting application data and control objects. We present the details of our framework and also discuss the preliminary implementation to demonstrate the feasibility of our approach.

Enhancing applications with filtering of XML message streams

Modern applications often have to process and filter information in XML format for reasons of interoperability. Often times those XML messages arrive from publisher at unpredictable rates and must be processed in near real-time to answer complex filtering queries. Towards this end, we introduce Seshat -- the content-based Domain Specific XML stream processing engine for meeting the needs of different subscribing applications. Seshat provides the full support for Boolean logic operators including negation and also supports supplemental operators, such as substring search. Its simple query framework enables filtering queries with variable substitution predicates. We describe the query processing engine and also the implementation details. Seshat engine can be potentially deployed in publish-subscribe brokers for selective message filtering and replication as well as in subscribing applications that need to process the arriving XML messages independently for the purpose of validation. We provide preliminary performance results of the filtering engine and its simple Domain Specific Language processing queries on several real-world XML datasets.

Component-oriented access control—Application servers meet tuple spaces for the masses

Abstract With the advancements in contemporary multi-core CPU architectures and increase in main memory capacity, it is now possible for a server operating system (OS), such as Linux, to handle a large number of concurrent application services on a single server instance. Individual application components of such services may run in different isolated runtime environments, such as chrooted jails or application containers, and may need access to system resources and the ability to collaborate and coordinate with each other in a regulated and secure manner. We implemented an access control framework for policy formulation, management, and enforcement that allows access to OS resources and also permits controlled collaboration and coordination for service components running in disjoint containerized environments under a single Linux OS server instance. The framework consists of two models and the policy formulation is based on the concept of policy classes for ease of administration and enforcement. The policy classes are managed and enforced through a Linux Policy Machine (LPM) that acts as the centralized reference monitor and provides a uniform interface for accessing system resources and requesting application data and control objects. We present the details of our framework and also discuss the preliminary implementation to demonstrate the feasibility of our approach.

Component-Oriented Access Control for Deployment of Application Services in Containerized Environments

With the advancements in multi-core CPU architectures, it is now possible for a server operating system (OS) such as Linux to handle a large number of concurrent application services on a single server instance. Individual service components of such services may run in different isolated environments, such as chrooted jails or application containers, and may need controlled access to system resources and the ability to collaborate and coordinate with each other in a regulated and secure manner. In an earlier work, we motivated the need for an access control framework that is based on the principle of least privilege for formulation, management, and enforcement of policies that allows controlled access to system resources and also permits controlled collaboration and coordination for service components deployed in disjoint containerized environments under a single OS instance. The current work provides a more in-depth treatment of secure inter-component communication in such environments. We show the policies needed for such communication and demonstrate how they can be enforced through a Linux Policy Machine that acts as the centralized reference monitor. The inter-component interaction occurs through the persistent layer using a tuple space abstraction. We implemented a tuple space library that provides operations on the tuple space. We present preliminary experimental results of its implementation that discuss the resource usage and performance.

On the design and analysis of protocols for Personal Health Record storage on Personal Data Server devices

Abstract The electronic Personal Health Records (PHRs) such as medical history, lab reports, and insurance are stored in systems such as Microsoft Health Vault where a medical care provider or a patient is responsible for uploading and managing the health information. Storing PHRs in such a manner prohibits the patients from having complete control over their data and also may make the PHR system the target of security attacks. Towards this end, we proposed a new architecture, namely Personal Data Server overlay, where the data is stored on a set of Secure Portable Tokens (SPTs) that are under the control of individual users. SPTs are cheap, portable, and secure devices that combine the computing power and tamper-resistant properties of the smart cards and the storage capacity of NAND flash memory chips and they can act as a Personal Data Server (PDS). We need formal assurance of data availability when information is stored in PDS overlays. Thus, data must be replicated at multiple PDSs. We propose a data replication protocol that ensures that the PHRs for each user have replicas in the PDS overlay. It is crucial to ensure correctness of the data replication protocol. Consequently, we formalize the protocol using the Unified Modeling Language (UML) and specify a number of desirable properties. We need to provide formal assurance of these properties in an automated manner. We demonstrate how the UML model can be transformed into Alloy using the UML-to-Alloy transformations. This obviates the need for the protocol designer to know Alloy. The analysis uncovers a significant error in the protocol. Uncovering such errors help refine the protocol and ensures its correctness before deployment.

Towards Service Orchestration in XML Filtering Overlays

Various types of applications and services generate vast amounts of XML data feeds that may be streamed in near real time to different subscribing endpoints in order to take actions in a timely manner. In an earlier work we proposed an XML overlay network comprised of brokers that can be configured for efficient XML message filtering and replication with concurrent subscribers. The selective filtering reduces the bandwidth consumption of the network and also provides applications with data on a need-to-know basis. In our current work we propose the improvement upon original architecture through addition of service orchestration features to individual broker nodes. The filtering overlay network can be orchestrated to update service properties on individual filtering nodes. We provide a preliminary implementation to demonstrate the feasibility of our approach.

On the formalization, design, and implementation of component-oriented access control in lightweight virtualized server environments

Abstract In modern day operating systems, such as Linux, it is now possible to handle a large number of concurrent application services on a single server instance. Individual application components of such services may run in different isolated runtime environments, such as chrooted jails or application containers, and may need access to system resources and the ability to collaborate and coordinate with each other. We formalize the access control requirements of such components; our model allows access to OS resources on a need-to-know basis and also controls collaboration and coordination among service components running in disjoint containerized environments under a single Linux OS server instance. Such access control is managed and enforced through a Linux Policy Machine (LPM) that acts as the centralized reference monitor and provides a uniform interface for accessing system resources and requesting application data and control objects. We present the design of the LPM and provide an implementation to demonstrate the feasibility of our approach.