Final published version
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
}
TY - GEN
T1 - Flashlight
T2 - A novel monitoring path identification schema for securing cloud services
AU - Zhang, H.
AU - Luna, J.
AU - Suri, Neeraj
AU - Trapero, R.
PY - 2018/8/27
Y1 - 2018/8/27
N2 - Cloud monitoring is an essential mechanism for helping secure cloud services. Thus, a plethora of monitoring schemas have been proposed in recent years. Particularly, a newly proposed indirect monitoring mechanism outperforms others with the unique merit of addressing scenarios where the information of the monitoring target is not directly accessible. To conduct indirect cloud security monitoring, a key prerequisite is to obtain a special set of monitoring data termed “monitoring path”. However, how to ascertain the monitoring path is still an open issue. In this paper, we propose Flashlight as a novel monitoring path identification mechanism to address the gap where the information of monitoring targets is inaccessible. For this purpose, Flashlight first introduces a novel data reduction technique to filter unnecessary monitoring information. Second, Flashlight develops a data association approach to identify the monitoring path by utilizing data relations and data attributes. Third, Flashlight devises a monitoring property graph to support fine-grain monitoring path identification as well as represent identified monitoring paths. In addition, the efficacy of our proposed approach is demonstrated by the case studies where Flashlight successfully identifies the monitoring paths for underpinning indirect cloud monitoring. © 2018 Association for Computing Machinery.
AB - Cloud monitoring is an essential mechanism for helping secure cloud services. Thus, a plethora of monitoring schemas have been proposed in recent years. Particularly, a newly proposed indirect monitoring mechanism outperforms others with the unique merit of addressing scenarios where the information of the monitoring target is not directly accessible. To conduct indirect cloud security monitoring, a key prerequisite is to obtain a special set of monitoring data termed “monitoring path”. However, how to ascertain the monitoring path is still an open issue. In this paper, we propose Flashlight as a novel monitoring path identification mechanism to address the gap where the information of monitoring targets is inaccessible. For this purpose, Flashlight first introduces a novel data reduction technique to filter unnecessary monitoring information. Second, Flashlight develops a data association approach to identify the monitoring path by utilizing data relations and data attributes. Third, Flashlight devises a monitoring property graph to support fine-grain monitoring path identification as well as represent identified monitoring paths. In addition, the efficacy of our proposed approach is demonstrated by the case studies where Flashlight successfully identifies the monitoring paths for underpinning indirect cloud monitoring. © 2018 Association for Computing Machinery.
KW - Cloud security
KW - Dependency
KW - Indirect monitoring
KW - Monitoring path
KW - Service monitoring
KW - Distributed database systems
KW - Flashlights
KW - Web services
KW - Cloud monitoring
KW - Cloud securities
KW - Monitoring information
KW - Monitoring mechanisms
KW - Path identifications
KW - Reduction techniques
KW - Monitoring
U2 - 10.1145/3230833.3230860
DO - 10.1145/3230833.3230860
M3 - Conference contribution/Paper
SN - 9781450364485
BT - ARES 2018 Proceedings of the 13th International Conference on Availability, Reliability and Security
PB - ACM
ER -