Martin Knahl

An agent based business aware incident detection system for cloud environments

AbstractClassic intrusion detection mechanisms are not flexible enough to cope with cloud specific characteristics such as frequent infrastructure changes. This makes them unable to address new cloud specific security issues. In this paper we introduce the cloud incident detection system Security Audit as a Service (SAaaS). It is built upon intelligent autonomous agents, which are aware of underlying business driven intercommunication of cloud services. This enables the presented SAaaS architecture to be flexible and to supported cross customer event monitoring within a cloud infrastructure. A contribution of this paper it to provide a high-level design of the SAaaS architecture, an introduction into the proposed Security Business Flow Language (SBFL), a first prototype of an autonomous agent and an evaluation about, which cloud specific security problems are addressed by the presented architecture. It is shown that autonomous agents and behaviour analysis are fertile approaches to detect cloud specific security problems and can create a cloud audit system.

Validating Cloud Infrastructure Changes by Cloud Audits

One characteristic of a cloud computing infrastructure are their frequently changing virtual infrastructure. New Virtual Machines (VMs) get deployed, existing VMs migrate to a different host or network segment and VMs vanish since they get deleted by their user. Classic incidence monitoring mechanisms are not flexible enough to cope with cloud specific characteristics such as frequent infrastructure changes. In this paper we present a prototype demonstration of the Security Audit as a Service (SAaaS) architecture, a cloud audit system which aims to increase trust in cloud infrastructures by introducing more transparency to user and cloud provider on what is happening in the cloud. Especially in the event of a changing infrastructure the demonstration shows, how autonomous agents detect this change, automatically reevaluate the security status of the cloud and inform the user through an audit report.

An Autonomous Agent Based Incident Detection System for Cloud Environments

Classic intrusion detection mechanisms are not flexible enough to cope with cloud specific characteristics such as frequent infrastructure changes. This makes them unable to address new cloud specific security issues. In this paper we introduce the cloud incident detection system Security Audit as a Service (SAaaS). It is build upon intelligent autonomous agents, which are aware of underlying business flows of deployed cloud instances. Business flows are modelled in form of Security Service Level Agreements, which enable the SAaaS architecture to be flexible and to supported cross customer event monitoring of a cloud infrastructure. As contribution of this paper we provide a high-level design of the SAaaS architecture, an introduction into the concept of Security Service Level Agreements, a first prototype of an autonomous agent and an evaluation about, which cloud specific security problems are addressed by the presented architecture.

Understanding Cloud Audits

Audits of IT infrastructures can mitigate security problems and establish trust in a provider’s infrastructure and processes. Cloud environments especially lack trust due to non-transparent architectures and missing security and privacy measures taken by a provider. But traditional audits do not cover cloud computing-specific security. To provide a secure and trustable cloud environment, audit tasks need to have knowledge about their environment and cloud-specific characteristics. Furthermore, they need to be automated whenever possible to be able to run on a regular basis and immediately if a certain infrastructure event takes place, like deployment of a new cloud instance. In this chapter, research about cloud-specific security problems and cloud audits gets presented. An analysis about how traditional audits need to change to address cloud-specific attributes is given. Additionally, the agent-based “Security Audit as a Service” architecture gets presented as a solution to the identified problems.

Sicherheitsprobleme für IT-Outsourcing durch Cloud Computing

ZusammenfassungenSowohl fehlende Standards aufseiten der Cloud-Provider als auch unklare Sicherheitsbestimmungen machen eine Risikoanalyse von Services, die in der Cloud angeboten werden, schwierig. Eine Lösung hierfür ist die Analyse Cloud-spezifischer Sicherheitsprobleme und der Vergleich mit Problemen des klassischen IT-Outsourcings. Die identifizierten Probleme werden hinsichtlich der bedrohten Schutzziele nach BSI IT-Grundschutz eingeordnet und es werden Maßnahmen zur Linderung der Probleme vorgeschlagen. Cloud-Einsteiger profitieren von den vorgestellten Leitfäden zum Thema Cloud-Sicherheit, Cloud-Anwender können durch die aufgeführten Sicherheitsvorfälle bei Cloud-Providern ihre Cloud-Ressourcen besser evaluieren.

Evidence Collection in Cloud Provider Chains

With the increasing importance of cloud computing, compliance concerns get into the focus of businesses more often. Furthermore, businesses still consider security and privacy related issues to be the most prominent inhibitors for an even more widespread adoption of cloud computing services. Several frameworks try to address these concerns by building comprehensive guidelines for security controls for the use of cloud services. However, assurance of the correct and effective implementation of such controls is required by businesses to attenuate the loss of control that is inherently associated with using cloud services. Giving this kind of assurance is traditionally the task of audits and certification. Cloud auditing becomes increasingly challenging for the auditor the more complex the cloud service provision chain becomes. There are many examples for Software as a Service (SaaS) providers that do not own dedicated hardware anymore for operating their services, but rely solely on other cloud providers of the lower layers, such as platform as a service (PaaS) or infrastructure as a service (IaaS) providers. The collection of data (evidence) for the assessment of policy compliance during a technical audit is aggravated the more complex the combination of cloud providers becomes. Nevertheless, the collection at all participating providers is required to assess policy compliance in the whole chain. The main contribution of this paper is an analysis of potential ways of collecting evidence in an automated way across cloud provider boundaries to facilitate cloud audits. Furthermore, a way of integrating the most suitable approaches in the system for automated evidence collection and auditing is proposed.

A Scalable Architecture for Distributed OSGi in the Cloud

Elasticity is one of the essential characteristics for cloud computing. The presented use case is a Software as a Service for Ambient Assisted Living that is configurable and extensible by the user. By adding or deleting functionality to the application, the environment has to support the increase or decrease of computational demand by scaling. This is achieved by customizing the auto scaling components of a PaaS management platform and introducing new components to scale a distributed OSGi environment across virtual machines. We present different scaling and load balancing scenarios to show the mechanics of the involved components.

Providing Security in Container-Based HPC Runtime Environments

Virtualization at the operating system level utilizing container technologies provides reduced performance overhead over Type-1 hypervisors for HPC and also adds many possibilities to significantly improve the often demanded flexibility of such an installation. This paper discusses technologies and concepts on several layers that can be applied to securely integrate container-based virtualization in a multitenant HPC environment, requiring both security and high performance.

Ermittlung der Prozessreife für IT-Servicemanagementprozesse

ZusammenfassungSteigende interne und externe Anforderungen zwingen Unternehmen, ihre Komplexität niedrig zu halten. Oftmals spielen neben Primärprozessen auch Sekundärprozesse eine Rolle. Da Primärprozesse in hoher Güte vorliegen, bieten Sekundärprozesse einen weiteren Ansatz für eine Ablaufoptimierung. Das vorgestellte Modell MAPIT (Maturity Assessment for Processes in IT) zur standardisierten Ermittlung der IT-Prozessreife ermöglichtes im Rahmen von validierungsnahen IT-Assessments, IT-Servicemanagementprozesse zu analysieren und ihren Reifegrad zu bestimmen. Das Vorgehensmodell erlaubt so eine Standortbestimmung für notwendige Entscheidungen.

Globale Supportkonzepte für den kontinuierlichen Betrieb heterogener Systemlandschaften

ZusammenfassungGlobale Märkte erfordern globale Strategien. Unternehmen prüfen ihre vorhandenen IT-Strategien, um diese an Herausforderungen der Globalisierung auszurichten [Houssem 2011, S. 1]. Auf diesem Weg spielt das IT-Supportkonzept eine entscheidende Rolle, um auf dem hart umkämpften Weltmarkt bestehen zu können. In einer heterogenen Systemlandschaft ist aufgrund der Komplexität ein ununterbrochener Betrieb nur durch flexible Supportkonzepte zu gewährleisten. Eine Kombination aus Zentralisierung des IT-Betriebs sowie dem Follow-the-Sun-Supportkon-zept stellt eine Basis dar, um den globalen Support und Betrieb zu optimieren.