Article: Cloud security auditing based on behavioural modelling Journal: International Journal of Business Process Integration and Management (IJBPIM) 2014 Vol.7 No.2 pp.137 - 152 Abstract: Multi-tenancy is one of the most attractive features of cloud computing, which provides significant benefits to both clients and service providers by supporting elastic, efficient and on-demand resource provisioning and allocation. Multi-tenancy also introduces additional security auditing opportunities. Security auditing can be consolidated and offloaded onto a dedicated and well-protected service. The timely prevention of intrusive behaviour and malicious processes using signature-based intrusion detection technologies or system call level anomaly analysis is a very challenging task due to a high rate of false alarms. In this work, a behavioural modelling scheme is proposed to audit the behaviours of client virtual machine and detect suspicious processes on the level of functionality. The proposed scheme can be used as a community security auditing service. The scheme can also be used by cloud providers to offer automatic identification and auditing of the tenant's services. Our preliminary results have validated the effectiveness and efficiency of this novel approach. Inderscience Publishers - linking academia, business and industry through research

Title: Cloud security auditing based on behavioural modelling

Authors: Andrey Dolgikh; Zachary Birnbaum; Bingwei Liu; Yu Chen; Victor Skormin

Addresses: Department of Electrical and Computer Engineering, Binghamton University, Binghamton, NY, USA ' Department of Electrical and Computer Engineering, Binghamton University, Binghamton, NY, USA ' Department of Electrical and Computer Engineering, Binghamton University, Binghamton, NY, USA ' Department of Electrical and Computer Engineering, Binghamton University, Binghamton, NY, USA ' Department of Electrical and Computer Engineering, Binghamton University, Binghamton, NY, USA

Abstract: Multi-tenancy is one of the most attractive features of cloud computing, which provides significant benefits to both clients and service providers by supporting elastic, efficient and on-demand resource provisioning and allocation. Multi-tenancy also introduces additional security auditing opportunities. Security auditing can be consolidated and offloaded onto a dedicated and well-protected service. The timely prevention of intrusive behaviour and malicious processes using signature-based intrusion detection technologies or system call level anomaly analysis is a very challenging task due to a high rate of false alarms. In this work, a behavioural modelling scheme is proposed to audit the behaviours of client virtual machine and detect suspicious processes on the level of functionality. The proposed scheme can be used as a community security auditing service. The scheme can also be used by cloud providers to offer automatic identification and auditing of the tenant's services. Our preliminary results have validated the effectiveness and efficiency of this novel approach.

Keywords: CSA; cloud security auditing; multi-tenancy; behavioural modelling; suspicious process detection; cloud computing; automatic identification.

DOI: 10.1504/IJBPIM.2014.063518

International Journal of Business Process Integration and Management, 2014 Vol.7 No.2, pp.137 - 152

Published online: 21 Oct 2014 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: Cloud security auditing based on behavioural modelling

Keep up-to-date