An Abstract Model for Integrated Intrusion Detection and Severity Analysis for Clouds

An Abstract Model for Integrated Intrusion Detection and Severity Analysis for Clouds

Junaid Arshad (University of Leeds, UK), Paul Townend (University of Leeds, UK) and Jie Xu (University of Leeds, UK)
DOI: 10.4018/978-1-4666-1879-4.ch001
OnDemand PDF Download:
No Current Special Offers


Cloud computing is an emerging computing paradigm which introduces novel opportunities to establish large scale, flexible computing infrastructures. However, security underpins extensive adoption of Cloud computing. This paper presents efforts to address one of the significant issues with respect to security of Clouds i.e. intrusion detection and severity analysis. An abstract model for integrated intrusion detection and severity analysis for Clouds is proposed to facilitate minimal intrusion response time while preserving the overall security of the Cloud infrastructures. In order to assess the effectiveness of the proposed model, detailed architectural evaluation using Architectural Trade-off Analysis Model (ATAM) is used. A set of recommendations which can be used as a set of best practice guidelines while implementing the proposed architecture is discussed.
Chapter Preview

1. Introduction

The advent of internet technologies has significantly changed the methods used in e-Science along with the emergence of new computing paradigms to facilitate e-Science research. Cloud computing is one of such emerging paradigms which makes use of the contemporary virtual machine technology. The collaboration between internet and virtual machine technologies enable Cloud computing to emerge as a paradigm with promising prospects to facilitate the development of large scale, flexible computing infrastructures, available on-demand to meet the computational requirements of e-Science applications. Cloud computing has witnessed widespread acceptance mainly due to compelling characteristics such as; Live Migration, Isolation, Customization and Portability, thereby increasing the value attached with such infrastructures. The virtual machine technology has profound role in it. Amazon, Google and GoGrid (2010) represent some of commercial Cloud computing initiatives whereas Nimbus and OpenNebula represent academic efforts to establish a Cloud.

Cloud computing has been defined in different ways by different sources however, for the purpose of research described in this paper, we define Clouds as a high performance computing infrastructure based on system virtual machines to provide on-demand resource provision according to the service level agreements established between a consumer and a resource provider.

A Cloud computing system representing the above definition has been presented in Figure 1. A system virtual machine, as described in this definition, serves as the fundamental unit for the realization of a Cloud infrastructure and emulates a complete and independent operating environment. Within the scope of this paper, we define the cloud platforms focused at satisfying computation requirements of compute intensive workloads as Compute Clouds whereas those facilitating large scale data storage as Storage or Data Clouds. For the rest of this paper, we use terms Cloud computing and Clouds interchangeably to refer to our definition of compute clouds. As described in the above definition, Cloud computing involves on-demand provision of virtualized resources based on Service Level Agreements (SLA) thereby facilitating the user to acquire resources at runtime by defining the specifications of the resource required (Burchard, Hovestadt, Kao, Keller, & Linnert, 2004). The user and the resource provider are expected to negotiate the terms and conditions of the resource usage through SLAs so as to protect the quality of service being committed at resource acquisition stage.

Figure 1.

A Cloud computing system


As with any other technology, different models of Cloud computing have been proposed to harvest its benefits. These are Infrastructure as a Service (IaaS), Software as a Service (SaaS) and Platform as a Service (PaaS). Each of these models is focused at achieving specific objectives by introducing novel mechanisms at respective layers of the modern software architecture (Arshad, Townend, Xu, & Wei, 2010). With regards to these models, the Cloud computing system presented in Figure 1 resembles IaaS and therefore, inherits the characteristics of this model of Clouds. In the remaining sections of this paper, we use the term Cloud computing to refer to this model of Cloud computing.

However, as with any other emerging paradigm, security underpins extensive adoption of Cloud computing. Specifically, we highlight the importance of intrusion detection and severity analysis for Clouds in this paper. We also summarize our efforts to address this problem whilst taking into account unique characteristics of Clouds. Furthermore, specific requirements of Clouds for intrusion severity analysis have been summarized with a detailed description provided in Arshad, Townend, and Xu (2010b). In this paper, we focus on the requirement of minimizing overall response time for an intrusion by proposing an abstract model for integrated intrusion detection and severity analysis for Clouds. We also present the architectural evaluation for the proposed solution with the objective to evaluate the effectiveness of the proposed model. To the best of our knowledge, we believe that we are the first to conduct this research for Clouds.

Complete Chapter List

Search this Book: