Visible to the public PERMON: An OpenStack Middleware for Runtime Security Policy Enforcement in Clouds

TitlePERMON: An OpenStack Middleware for Runtime Security Policy Enforcement in Clouds
Publication TypeConference Paper
Year of Publication2018
AuthorsTabiban, Azadeh, Majumdar, Suryadipta, Wang, Lingyu, Debbabi, Mourad
Conference Name2018 IEEE Conference on Communications and Network Security (CNS)
KeywordsAccess Control, cloud computing, cloud environment accountability, cloud providers, cloud runtime security policy enforcement, Cloud Security, composability, Conferences, Event Interception, Metrics, middleware, middleware security, Monitoring, network accountability, openstack, openstack middleware, PERMON, pluggable interface, policy-based governance, privacy, proactive security verification, pubcrawl, Resiliency, Runtime, security, security of data, security policies, user interfaces

To ensure the accountability of a cloud environment, security policies may be provided as a set of properties to be enforced by cloud providers. However, due to the sheer size of clouds, it can be challenging to provide timely responses to all the requests coming from cloud users at runtime. In this paper, we design and implement a middleware, PERMON, as a pluggable interface to OpenStack for intercepting and verifying the legitimacy of user requests at runtime, while leveraging our previous work on proactive security verification to improve the efficiency. We describe detailed implementation of the middleware and demonstrate its usefulness through a use case.

Citation Keytabiban_permon_2018