Detection and Security: Achieving Resiliency by Dynamic and Passive System Monitoring and Smart Access Control

Zbigniew Kalbarczyk; Rakesh Bobba; Domenico Cotroneo; Fei Deng; Zachary Estrada; Jingwei Huang; Jun Ho Huh; Ravishankar K. Iyer; David M. Nicol; Cuong Pham; Antonio Pecchia; Aashish Sharma; Gary Wang; Lok Yan

doi:10.1002/9781119428497.ch4

Detection and Security: Achieving Resiliency by Dynamic and Passive System Monitoring and Smart Access Control

Zbigniew Kalbarczyk, Rakesh Bobba, Domenico Cotroneo, Fei Deng, Zachary Estrada, Jingwei Huang, Jun Ho Huh, Ravishankar K. Iyer, David M. Nicol, Cuong Pham, Antonio Pecchia, Aashish Sharma, Gary Wang, Lok Yan

Research output: Chapter in Book/Report/Conference proceeding › Chapter

Abstract

In this chapter, we discuss methods to address some of the challenges in achieving resilient cloud computing. The issues and potential solutions are brought about by examples of (i) active and passive monitoring as a way to provide situational awareness about a system and users' state and behavior; (ii) automated reasoning about system/application state based on observations from monitoring tools; (iii) coordination of monitoring and system activities to provide a robust response to accidental failures and malicious attacks; and (iv) use of smart access control methods to reduce the attack surface and limit the likelihood of an unauthorized access to the system. Case studies covering different application domains, for example, cloud computing, large computing infrastructure for scientific applications, and industrial control systems, are used to show both the practicality of the proposed approaches and their capabilities, for example, in terms of detection coverage and performance cost.

Original language	English (US)
Title of host publication	Assured Cloud Computing
Editors	Roy H. Campbell, Charles A. Kamhoua, Kevin A. Kwiat
Publisher	Wiley-IEEE Press
Pages	81-132
ISBN (Electronic)	9781119428497
ISBN (Print)	9781119428633
DOIs	https://doi.org/10.1002/9781119428497.ch4
State	Published - Dec 20 2018

Keywords

attribute-based access control
system reliability
shared computing infrastructure
role-based access control
resilient cloud computing
passive system monitoring
hypervisor probes
dynamic system monitoring

Online availability

10.1002/9781119428497.ch4

Library availability

Discover UIUC Full Text

Cite this

Kalbarczyk, Z., Bobba, R., Cotroneo, D., Deng, F., Estrada, Z., Huang, J., Huh, J. H., Iyer, R. K., Nicol, D. M., Pham, C., Pecchia, A., Sharma, A., Wang, G., & Yan, L. (2018). Detection and Security: Achieving Resiliency by Dynamic and Passive System Monitoring and Smart Access Control. In R. H. Campbell, C. A. Kamhoua, & K. A. Kwiat (Eds.), Assured Cloud Computing (pp. 81-132). Wiley-IEEE Press. https://doi.org/10.1002/9781119428497.ch4

Kalbarczyk, Z, Bobba, R, Cotroneo, D, Deng, F, Estrada, Z, Huang, J, Huh, JH, Iyer, RK , Nicol, DM, Pham, C, Pecchia, A, Sharma, A, Wang, G & Yan, L 2018, Detection and Security: Achieving Resiliency by Dynamic and Passive System Monitoring and Smart Access Control. in RH Campbell, CA Kamhoua & KA Kwiat (eds), Assured Cloud Computing. Wiley-IEEE Press, pp. 81-132. https://doi.org/10.1002/9781119428497.ch4

@inbook{37bd351f3f10401b85bd8c5affa2218d,

title = "Detection and Security: Achieving Resiliency by Dynamic and Passive System Monitoring and Smart Access Control",

abstract = "In this chapter, we discuss methods to address some of the challenges in achieving resilient cloud computing. The issues and potential solutions are brought about by examples of (i) active and passive monitoring as a way to provide situational awareness about a system and users' state and behavior; (ii) automated reasoning about system/application state based on observations from monitoring tools; (iii) coordination of monitoring and system activities to provide a robust response to accidental failures and malicious attacks; and (iv) use of smart access control methods to reduce the attack surface and limit the likelihood of an unauthorized access to the system. Case studies covering different application domains, for example, cloud computing, large computing infrastructure for scientific applications, and industrial control systems, are used to show both the practicality of the proposed approaches and their capabilities, for example, in terms of detection coverage and performance cost.",

keywords = "attribute-based access control, system reliability, shared computing infrastructure, role-based access control, resilient cloud computing, passive system monitoring, hypervisor probes, dynamic system monitoring",

author = "Zbigniew Kalbarczyk and Rakesh Bobba and Domenico Cotroneo and Fei Deng and Zachary Estrada and Jingwei Huang and Huh, {Jun Ho} and Iyer, {Ravishankar K.} and Nicol, {David M.} and Cuong Pham and Antonio Pecchia and Aashish Sharma and Gary Wang and Lok Yan",

year = "2018",

month = dec,

day = "20",

doi = "10.1002/9781119428497.ch4",

language = "English (US)",

isbn = "9781119428633",

pages = "81--132",

editor = "Campbell, {Roy H.} and Kamhoua, {Charles A.} and Kwiat, {Kevin A.}",

booktitle = "Assured Cloud Computing",

publisher = "Wiley-IEEE Press",

}

TY - CHAP

T1 - Detection and Security: Achieving Resiliency by Dynamic and Passive System Monitoring and Smart Access Control

AU - Kalbarczyk, Zbigniew

AU - Bobba, Rakesh

AU - Cotroneo, Domenico

AU - Deng, Fei

AU - Estrada, Zachary

AU - Huang, Jingwei

AU - Huh, Jun Ho

AU - Iyer, Ravishankar K.

AU - Nicol, David M.

AU - Pham, Cuong

AU - Pecchia, Antonio

AU - Sharma, Aashish

AU - Wang, Gary

AU - Yan, Lok

PY - 2018/12/20

Y1 - 2018/12/20

N2 - In this chapter, we discuss methods to address some of the challenges in achieving resilient cloud computing. The issues and potential solutions are brought about by examples of (i) active and passive monitoring as a way to provide situational awareness about a system and users' state and behavior; (ii) automated reasoning about system/application state based on observations from monitoring tools; (iii) coordination of monitoring and system activities to provide a robust response to accidental failures and malicious attacks; and (iv) use of smart access control methods to reduce the attack surface and limit the likelihood of an unauthorized access to the system. Case studies covering different application domains, for example, cloud computing, large computing infrastructure for scientific applications, and industrial control systems, are used to show both the practicality of the proposed approaches and their capabilities, for example, in terms of detection coverage and performance cost.

AB - In this chapter, we discuss methods to address some of the challenges in achieving resilient cloud computing. The issues and potential solutions are brought about by examples of (i) active and passive monitoring as a way to provide situational awareness about a system and users' state and behavior; (ii) automated reasoning about system/application state based on observations from monitoring tools; (iii) coordination of monitoring and system activities to provide a robust response to accidental failures and malicious attacks; and (iv) use of smart access control methods to reduce the attack surface and limit the likelihood of an unauthorized access to the system. Case studies covering different application domains, for example, cloud computing, large computing infrastructure for scientific applications, and industrial control systems, are used to show both the practicality of the proposed approaches and their capabilities, for example, in terms of detection coverage and performance cost.

KW - attribute-based access control

KW - system reliability

KW - shared computing infrastructure

KW - role-based access control

KW - resilient cloud computing

KW - passive system monitoring

KW - hypervisor probes

KW - dynamic system monitoring

U2 - 10.1002/9781119428497.ch4

DO - 10.1002/9781119428497.ch4

M3 - Chapter

SN - 9781119428633

SP - 81

EP - 132

BT - Assured Cloud Computing

A2 - Campbell, Roy H.

A2 - Kamhoua, Charles A.

A2 - Kwiat, Kevin A.

PB - Wiley-IEEE Press

ER -

Detection and Security: Achieving Resiliency by Dynamic and Passive System Monitoring and Smart Access Control

Abstract

Keywords

Online availability

Library availability

Fingerprint

Cite this