Home // CLOUD COMPUTING 2018, The Ninth International Conference on Cloud Computing, GRIDs, and Virtualization // View article
Authors:
Nane Kratzke
Keywords: cloud computing; node regeneration; container platform; append-only log; forensic trail;
Abstract:
There is no such thing as an impenetrable system, although the penetration of systems does get harder from year to year. The median days that intruders remained undetected on victim systems dropped from 416 days in 2010 down to 99 in 2016. Perhaps because of that, a new trend in security breaches is to compromise the forensic trail to allow the intruder to remain undetected for longer in victim systems and to retain valuable footholds for as long as possible. This paper proposes an immune system inspired solution, which uses a more frequent regeneration of cloud application nodes to ensure that undetected compromised nodes can be purged. This makes it much harder for intruders to maintain a presence on victim systems. Basically, the biological concept of cell-regeneration is combined with the information systems concept of append-only logs. Evaluation experiments performed on popular cloud service infrastructures (Amazon Web Services, Google Compute Engine, Azure and OpenStack) have shown that between 6 and 40 nodes of elastic container platforms can be regenerated per hour. Even a large cluster of 400 nodes could be regenerated in somewhere between 9 and 66 hours. So, regeneration shows the potential to reduce the foothold of undetected intruders from months to just hours.
Pages: 31 to 38
Copyright: Copyright (c) IARIA, 2018
Publication date: February 18, 2018
Published in: conference
ISSN: 2308-4294
ISBN: 978-1-61208-607-1
Location: Barcelona, Spain
Dates: from February 18, 2018 to February 22, 2018