TY - GEN
T1 - VESPA
T2 - 9th ACM International Conference on Autonomic Computing, ICAC'12
AU - Wailly, Aurélien
AU - Lacoste, Marc
AU - Debar, Hervé
PY - 2012/10/26
Y1 - 2012/10/26
N2 - Self-protection has recently raised growing interest as possible element of answer to the cloud computing infrastructure protection challenge. Faced with multiple threats and heterogeneous defense mechanisms, the autonomic approach proposes simpler, stronger, and more efficient cloud security management. Yet, previous solutions fall at the last hurdle as they overlook key features of the cloud, by lack of flexible security policies, cross-layered defense, multiple control granularities, and open security architectures. This paper presents VESPA, a self-protection architecture for cloud infrastructures overcoming such limitations. VESPA is policy-based, and regulates security at two levels, both within and across infrastructure layers. Flexible coordination between self-protection loops allows enforcing a rich spectrum of security strategies such as crosslayer detection and reaction. A multi-plane extensible architecture also enables simple integration of commodity detection and reaction components. Evaluation of a VESPA implementation shows that the design is applicable for effective and flexible self-protection of cloud infrastructures.
AB - Self-protection has recently raised growing interest as possible element of answer to the cloud computing infrastructure protection challenge. Faced with multiple threats and heterogeneous defense mechanisms, the autonomic approach proposes simpler, stronger, and more efficient cloud security management. Yet, previous solutions fall at the last hurdle as they overlook key features of the cloud, by lack of flexible security policies, cross-layered defense, multiple control granularities, and open security architectures. This paper presents VESPA, a self-protection architecture for cloud infrastructures overcoming such limitations. VESPA is policy-based, and regulates security at two levels, both within and across infrastructure layers. Flexible coordination between self-protection loops allows enforcing a rich spectrum of security strategies such as crosslayer detection and reaction. A multi-plane extensible architecture also enables simple integration of commodity detection and reaction components. Evaluation of a VESPA implementation shows that the design is applicable for effective and flexible self-protection of cloud infrastructures.
KW - Autonomic computing
KW - Cloud security
KW - IaaS
KW - Self-protection
UR - https://www.scopus.com/pages/publications/84867703999
U2 - 10.1145/2371536.2371564
DO - 10.1145/2371536.2371564
M3 - Conference contribution
AN - SCOPUS:84867703999
SN - 9781450315203
T3 - ICAC'12 - Proceedings of the 9th ACM International Conference on Autonomic Computing
SP - 155
EP - 159
BT - ICAC'12 - Proceedings of the 9th ACM International Conference on Autonomic Computing
Y2 - 18 September 2012 through 20 September 2012
ER -