TY - GEN
T1 - Cloud Armor
T2 - 8th IEEE International Conference on Cloud Computing, CLOUD 2015
AU - Sun, Yuqiong
AU - Petracca, Giuseppe
AU - Jaeger, Trent
AU - Vijayakumar, Hayawardh
AU - Schiffman, Joshua
N1 - Publisher Copyright:
© 2015 IEEE.
PY - 2015/8/19
Y1 - 2015/8/19
N2 - Infrastructure-as-a-Service (IaaS) clouds can be viewed as distributed systems of cloud services that are entrusted to execute users' cloud commands to provision and manage clouds computing resources (e.g., VM). However, recent vulnerabilities found in cloud services show that this trust is often misplaced. By exploiting a vulnerability in a cloud service, an adversary can hijack or forge commands to modify user VMs, exfiltrate sensitive information, and even modify other service hosts. This paper introduces Cloud Armor, a system that detects and blocks the tampering of user commands without the need for modifications to cloud services. Our insight is that we can construct state machine models to limit the system call sequences executed by cloud services. By applying constraints over system call arguments, we can restrict the way user commands are executed, blocking unauthorized operations from compromised cloud services. We implemented a prototype Cloud Armor system for Open Stack, a widely adopted open source cloud platform. Results show that Cloud Armor can greatly limit attack options available for adversaries while imposing less than 1% overhead for user VMs. As a result, cloud users can leverage Cloud Armor to execute user commands safely even in presence of compromised cloud services.
AB - Infrastructure-as-a-Service (IaaS) clouds can be viewed as distributed systems of cloud services that are entrusted to execute users' cloud commands to provision and manage clouds computing resources (e.g., VM). However, recent vulnerabilities found in cloud services show that this trust is often misplaced. By exploiting a vulnerability in a cloud service, an adversary can hijack or forge commands to modify user VMs, exfiltrate sensitive information, and even modify other service hosts. This paper introduces Cloud Armor, a system that detects and blocks the tampering of user commands without the need for modifications to cloud services. Our insight is that we can construct state machine models to limit the system call sequences executed by cloud services. By applying constraints over system call arguments, we can restrict the way user commands are executed, blocking unauthorized operations from compromised cloud services. We implemented a prototype Cloud Armor system for Open Stack, a widely adopted open source cloud platform. Results show that Cloud Armor can greatly limit attack options available for adversaries while imposing less than 1% overhead for user VMs. As a result, cloud users can leverage Cloud Armor to execute user commands safely even in presence of compromised cloud services.
UR - http://www.scopus.com/inward/record.url?scp=84960120504&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84960120504&partnerID=8YFLogxK
U2 - 10.1109/CLOUD.2015.42
DO - 10.1109/CLOUD.2015.42
M3 - Conference contribution
AN - SCOPUS:84960120504
T3 - Proceedings - 2015 IEEE 8th International Conference on Cloud Computing, CLOUD 2015
SP - 253
EP - 260
BT - Proceedings - 2015 IEEE 8th International Conference on Cloud Computing, CLOUD 2015
A2 - Pu, Calton
A2 - Mohindra, Ajay
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 27 June 2015 through 2 July 2015
ER -