Visible to the public Catching Falling Dominoes: Cloud Management-Level Provenance Analysis with Application to OpenStack

TitleCatching Falling Dominoes: Cloud Management-Level Provenance Analysis with Application to OpenStack
Publication TypeConference Paper
Year of Publication2020
AuthorsTabiban, Azadeh, Jarraya, Yosr, Zhang, Mengyuan, Pourzandi, Makan, Wang, Lingyu, Debbabi, Mourad
Conference Name2020 IEEE Conference on Communications and Network Security (CNS)
Date PublishedJuly 2020
ISBN Number978-1-7281-4760-4
Keywordscloud computing, Communication networks, Complexity theory, composability, Conferences, Forensics, Human Behavior, metadata, Metrics, Provenance, pubcrawl, Resiliency, Scalability, Scalable Security, security

The dynamicity and complexity of clouds highlight the importance of automated root cause analysis solutions for explaining what might have caused a security incident. Most existing works focus on either locating malfunctioning clouds components, e.g., switches, or tracing changes at lower abstraction levels, e.g., system calls. On the other hand, a management-level solution can provide a big picture about the root cause in a more scalable manner. In this paper, we propose DOMINOCATCHER, a novel provenance-based solution for explaining the root cause of security incidents in terms of management operations in clouds. Specifically, we first define our provenance model to capture the interdependencies between cloud management operations, virtual resources and inputs. Based on this model, we design a framework to intercept cloud management operations and to extract and prune provenance metadata. We implement DOMINOCATCHER on OpenStack platform as an attached middleware and validate its effectiveness using security incidents based on real-world attacks. We also evaluate the performance through experiments on our testbed, and the results demonstrate that DOMINOCATCHER incurs insignificant overhead and is scalable for clouds.

Citation Keytabiban_catching_2020