Securing services in networked cloud infrastructures

Abstract

<p>In this paper, we propose techniques and architecture for securing services that are hosted in a multi-tenant networked cloud infrastructures. Our architecture is based on trusted virtual domains and takes into account both security policies of the tenant domains as well as specific security policies of the virtual machines in the tenant domains. We describe techniques for detecting a range of attacks such as attacks between the virtual machines within a trusted virtual domain, attacks between the virtual machines in different domains, malicious insider attacks and attacks against specific services such as DNS, database and web servers within a domain. We address security policies for trusted virtual domain management such as secure addition and deletion of a virtual machine and the revocation of privileges associated with a virtual machine in a domain. We also discuss forensic analysis of attacks and fine granular detection of malicious entities and mechanisms for restoration of services. Furthermore the proposed architecture provides mechanisms for enhancing the assurance of communications between the virtual machines in different domains. Finally, we present the implementation of our security architecture using Xen and illustrate how our architecture is able to secure services in networked cloud infrastructures.</p>