Abstract
Cloud computing security is a fundamental concern. One of the key problems is how one can test, monitor or measure the underlying Cloud infrastructure from user/customer space. Our aim is to build up tools and solutions to measure and assess quantitative and qualitative security parameter values of a generic IaaS cloud system. We have created a measurement framework (Cloudscope), which is capable to measure the targeted IaaS cloud system from security point-of-view automatically. Furthermore, we have built an easy-to-extend framework to assess the examined cloud infrastructure. Our solution can be used by potential tenants/end-users and governmental organizations to evaluate and assess IaaS type cloud systems. In this paper we present our virtualized cloud security monitor and assessment solution, we describe its main functionalities.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
http://www.eucalyptus.com. Accessed 10 Feb 2014
Bresnahan, J., LaBissoniere, D., Freeman, T., Keahey, K.: Cumulus: An Open Source Storage Cloud for Science, ScienceCloud 2011, San Jose, CA. June 2011
Sotomayor, B., Montero, R.S., Llorente, I.M., Foster, I.: Virtual infrastructure management in private and hybrid clouds. IEEE Internet Comput. 13(5), 14–22 (2009)
http://www.openstack.org. Accessed 10 Feb 2014
Ács, S., Kozlovszky, M.: Advanced Vulnerability Assessment Tool for Distributed Systems; HP-SEE User Forum 2012, BoA. pp. 46. Belgrade, Serbia, 17–19 Oct 2012
Bogan, C.E., English, M.J.: Benchmarking for Best Practices: Winning Through Innovative Adaptation. McGraw-Hill, New York, NY
Martin, R.A.: Managing Vulnerabilities in Networked Systems. IEEE Computer Society COMPUTER Magazine, pp. 32–38 (2001). http://cve.mitre.org/
Mell, P., Scarfone, K., Romanosky, S.: A complete guide to the common vulnerability scoring system, version 2.0. Forum of Incident Response and Security Teams, June 2007
http://aws.amazon.com/cloudwatch/. Accessed 10 Feb 2014 February
Acs, S., Kozlovszky, M., Balaton, Z.: Automation of security analysis for service grid systems. In: Topping, B.H.V., Iványi, P. (eds.) Proceedings of the First International Conference on Parallel, Distributed and Grid Computing for Engineering, Civil-Comp Press, Stirlingshire, UK, Paper 25, 2009. doi:10.4203/ccp.90.25, ISSN 1759-3433
http://pakiti.sourceforge.net/. Feb 2013
The OpenVAS website, http://www.openvas.org. Accessed 10 Feb
http://www.tenable.com/products/nessus. Accessed 10 Feb 2014
http://www.rapid7.com/products/nexpose/. Accessed 10 Feb 2014
http://www.rapid7.com/company/news/press-releases/2012/usgcb-cyberscope.jsp. Accessed 10 Feb 2014
http://www.metasploit.com/. Accessed 10 Feb 2014
http://en.wikipedia.org/wiki/Microsoft_Baseline_Security_Analyzer. Accessed 10 Feb 2014
http://www.qualys.com/enterprises/security-compliance-cloud-platform/. Accessed 10 Feb 2014
https://www.netiq.com/products/sentinel/. Accessed 10 Feb 2014
Kozlovszky, M.; Trocsik, M.; Schubert, T.; Poserne, V.: IaaS type cloud infrastructure assessment and monitoring. In: 2013 36th International Convention on Information & Communication Technology Electronics & Microelectronics (MIPRO), pp. 249,252, 20–24 May 2013
Cloud Security Alliance—CSA: https://cloudsecurityalliance.org/. Accessed 10 Feb 2014
European Network and Information Security Agency—ENISA: http://www.enisa.europa.eu/. Accessed 10 Feb 2014
The Opengroup Jericho Forum: http://www.opengroup.org/getinvolved/forums/jericho. Accessed 10 Feb 2014
The Federal Risk and Authorization Management Program (FedRAMP): www.fedramp.gov. Accessed 10 Feb 2014
http://sas70.com/. Accessed 10 Feb 2014
http://ssae16.com/SSAE16_overview.html. Accessed 10 Feb 2014
http://www.aicpa.org/InterestAreas/FRC/AssuranceAdvisoryServices/Pages/SORHome.aspx. Accessed 10 Feb 2014
https://cloudsecurityalliance.org/download/security-guidance-for-critical-areas-of-focus-in-cloud-computing-v3/. Accessed 10 Feb 2014
Acknowledgment
The research leading to these results has received funding from the European Social Fund and the Hungarian TÁMOP-4.2.1.B-11/2/KMR-2011-0001 “Kritikus infrastruktúra védelmi kutatások” project. Authors would like to thank for the helpful technical support of the Laboratory of Parallel and Distributed Systems (LPDS) at MTA SZTAKI.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Kozlovszky, M. (2016). Cloud Security Monitoring and Vulnerability Management. In: Nádai, L., Padányi, J. (eds) Critical Infrastructure Protection Research. Topics in Intelligent Engineering and Informatics, vol 12. Springer, Cham. https://doi.org/10.1007/978-3-319-28091-2_11
Download citation
DOI: https://doi.org/10.1007/978-3-319-28091-2_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-28090-5
Online ISBN: 978-3-319-28091-2
eBook Packages: EngineeringEngineering (R0)