ABSTRACT: Virtual machines have attracted significant attention especially within the high performance computing community. However,
there remain problems with respect to security in general and intrusion detection and diagnosis in particular which underpin
the realization of the potential offered by this emerging technology. In this paper, one such problem has been highlighted,
i.e., intrusion severity analysis for large-scale virtual machine based systems, such as clouds. Furthermore, the paper proposes
a solution to this problem for the first time for clouds. The proposed solution achieves virtual machine specific intrusion
severity analysis while preserving isolation between the security module and the monitored virtual machine. Furthermore, an
automated approach is adopted to significantly reduce the overall intrusion response time. The paper includes a detailed description
of the solution and an evaluation of our approach with the objective to determine the effectiveness and potential of this
approach. The evaluation includes both architectural and experimental evaluation thereby enabling us to strengthen our approach
at an architectural level as well. Finally, open problems and challenges that need to be addressed in order to make further
improvements to the proposed approach have been highlighted.
KeywordsIntrusion severity–virtualization–cloud computing–intrusion diagnosis–intrusion tolerance
International Journal of Automation and Computing 04/2012; 8(3):286-296.
IJGHPC. 01/2012; 4:52-66.
IJCAC. 01/2011; 1:1-16.
ACM Comput. Surv. 01/2011; 43:12.
E-Technologies: Transformation in a Connected World - 5th International Conference, MCETECH 2011, Les Diablerets, Switzerland, January 23-26, 2011, Revised Selected Papers; 01/2011
ABSTRACT: Cloud computing is an emerging paradigm with virtual machine as its enabling technology. As with any other Internet-based
technology, security underpins widespread success of Cloud computing. However, Cloud computing introduces new challenges with
respect to security mainly due to the unique characteristics inherited via virtual machine technology. In this chapter, we
focus on the challenges imposed on intrusion diagnosis for Clouds due to these characteristics. In particular, we identify
the importance of intrusion diagnosis problem for Clouds and the novel challenges for intrusion diagnosis for Clouds. Also,
we propose a solution to address these challenges and demonstrate the effectiveness of the proposed solution with empirical
12/2010: pages 299-319;
The Journal of Supercomputing. 01/2010; 52:82-96.
IEEE 15th International Conference on Parallel and Distributed Systems, ICPADS 2009, 8-11 December 2009, Shenzhen, China; 01/2009
Workshops Proceedings of the 12th International IEEE Enterprise Distributed Object Computing Conference, ECOCW 2008, 16 September 2008, Munich, Germany; 01/2008
ABSTRACT: An e-Social Science infrastructure generally has security requirements to protect their restricted resources or services. As a widely accepted authentication and authorization technology, Shibboleth supports the sharing of resources on inter-institutional federation. Guanxi is an open source implementation of the Shibboleth protocol and architecture. In this paper, we propose a security infrastructure for e-social science based on the Guanxi Shibboleth. This security infrastructure presents two main features. Firstly, Guanxi Shibboleth is integrated into the user-friendly Sakai collaborative and learning environment which provides an ideal place for users to access a variety of federation resources in line with the Shibboleth authentication model. Secondly, PERMIS technology is used to enhance the authorization mechanisms thus enabling a policy-driven, role-based, fine-grained access control. As a result, the security infrastructure presents the advantages of Guanxi Shibboleth, PERMIS and Sakai, and it has been applied to e-Social Science application. We believe this security infrastructure provides a promising authentication and authorization solution for e-social science applications as well as applications in other domains.