Presentation is loading. Please wait.

Presentation is loading. Please wait.

Facultatea de Automatica si Calculatoare Universitatea “Politehnica“ din Bucuresti Security in Clouds Building a Malicious Client Detection module for.

Published byJemimah Thompson Modified over 7 years ago

Similar presentations

Presentation on theme: "Facultatea de Automatica si Calculatoare Universitatea “Politehnica“ din Bucuresti Security in Clouds Building a Malicious Client Detection module for."— Presentation transcript:

1 Facultatea de Automatica si Calculatoare Universitatea “Politehnica“ din Bucuresti Security in Clouds Building a Malicious Client Detection module for BlobSeer Catalin Leordeanu catalin.leordanu@cs.pub.ro

2 Outline Introduction Secure access to Web Services over BlobSeer Malicious Client detection Policy enforcement Trust level Conclusions and future work

3 Introduction This work was done as part of the KerData-PUB associated team project. Coordinated projects: BlobSeer Policy Enforcement – Cristina Basescu (Master internship, Rennes) BlobSeer Trust Level – Ana-Maria Lepar (Bachelor project, Bucharest) Secure Access to Cloud Services over BlobSeer – Dumbrava Maria (Bachelor project, Bucharest)

4 Secure access to web services over BlobSeer Goals: To use BlobSeer as a backend for web services with Axis2. To provide a secure environment to access and deploy web services

5 Security aspects: For each deployed service we have its owner and a list of users with access rights to it The administrator is the only one with complete access to all deployed services Each client can access the web services deployed by him and request access to other services. The actual blobs are hidden from the user and can only be accessed through service invocations. Secure access to web services over BlobSeer

6 Service invocation patterns

7 Conclusions and future work Conclusions: We demonstrated that we can use BlobSeer for data management for web services using Axis2. We integrated simple authentication and authorization mechanisms to manage the users access rights. Future work: Test this framework for more complex services and orchestration Implement the delegation of access rights from one user to another

8 Malicious Client Detection Types of malicious activity: Protocol Breach Heavy writing without the creation of a new version (WriteNoPublish) Publish the version and create the metadata tree, but write nothing actually(PublishNoWrite). Policy enforcement – matching of predefined policies Denial of Service Detection of suspicious activity Crawling Repeated reading of the same data Abnormal client activity

9 Challenges: BlobSeer has no authentication mechanism or any way to distinguish the users each client accesses the information in the same way there is no way of certifying the users Malicious Client Detection

10 Anomaly Engine - Analyses the client behavior and looks for changes in access patterns Matching Engine, Pattern Storage, Policy Enforcement – Reads the user history and looks for policy violations or malicious activity, based on a set of predefined patterns Trust Level – Computes a Trust Level for each client based on the user history and feedback from the policy enforcement.

11 Policy enforcement Advantages: Simple to use and easy to customize XML patterns that describe malicious activity It can take complex actions in the case of policy violations Directly Through the TL Disadvantages: Unable to adapt to unknown malicious activity Possible large delay due to the monitoring infrastructure and storage of user history.

12 Policy example - -

13 Policy example - fd - 100" /> - - -

14 Trust Level Each event has an effect on the Trust Level of the user Also uses the system state of the providers to determine the gravity of the malicious activity The Trust level can be between 0 and 100. If a user has a high Trust Level he may be rewarded with relaxed security policies for a period of time. A low Trust level may be punished by more restrictive policies.

15 Conclusions and future work Conclusions: We designed a malicious client detection architecture Right now, the Policy Enforcement and Trust Level modules are functional Future work: Build a complete, functional security framework for BlobSeer Finish the implementation of the other modules Connect the modules with each other Test with large scenarios with many users

16 Questions ? Thank you !

Download ppt "Facultatea de Automatica si Calculatoare Universitatea “Politehnica“ din Bucuresti Security in Clouds Building a Malicious Client Detection module for."

Similar presentations

The Challenges of CORBA Security It is important to understand that [CORBAsecurity] is only a (powerful) security toolbox and not the solution to all security.

The Challenges of CORBA Security It is important to understand that [CORBAsecurity] is only a (powerful) security toolbox and not the solution to all security.
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.

Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
8.

8.
CoreGRID Workpackage 5 Virtual Institute on Grid Information and Monitoring Services Authorizing Grid Resource Access and Consumption Erik Elmroth, Michał.

CoreGRID Workpackage 5 Virtual Institute on Grid Information and Monitoring Services Authorizing Grid Resource Access and Consumption Erik Elmroth, Michał.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Chapter 9: Moving to Design

Chapter 9: Moving to Design
seminar on Intrusion detection system

seminar on Intrusion detection system
INTERACT : M OTION S ENSOR D RIVEN G ESTURE R ECOGNITION C LOUD S ERVICE School of Electronic & Computer Engineering Technical University of Crete, Greece.

INTERACT : M OTION S ENSOR D RIVEN G ESTURE R ECOGNITION C LOUD S ERVICE School of Electronic & Computer Engineering Technical University of Crete, Greece.
Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.
Extended Role Based Access Control – Based Design and Implementation for a Secure Data Warehouse Dr. Bhavani Thuraisingham Srinivasan Iyer.

Extended Role Based Access Control – Based Design and Implementation for a Secure Data Warehouse Dr. Bhavani Thuraisingham Srinivasan Iyer.
Security Framework For Cloud Computing -Sharath Reddy Gajjala.

Security Framework For Cloud Computing -Sharath Reddy Gajjala.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel 434920317 1.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal.

Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal.
Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.

Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.
Adaptive Trust Negotiation and Access Control Tatyana Ryutov, et.al. Presented by: Carlos Caicedo.

Adaptive Trust Negotiation and Access Control Tatyana Ryutov, et.al. Presented by: Carlos Caicedo.
Enhancing the Security of Corporate Wi-Fi Networks using DAIR PRESENTED BY SRAVANI KAMBAM 1.

Enhancing the Security of Corporate Wi-Fi Networks using DAIR PRESENTED BY SRAVANI KAMBAM 1.
Computer Science and Engineering 1 Service-Oriented Architecture Security 2.

Computer Science and Engineering 1 Service-Oriented Architecture Security 2.
GT Components. Globus Toolkit A “toolkit” of services and packages for creating the basic grid computing infrastructure Higher level tools added to this.

GT Components. Globus Toolkit A “toolkit” of services and packages for creating the basic grid computing infrastructure Higher level tools added to this.
23-aug-05Intrusion detection system1. 23-aug-05Intrusion detection system2 Overview of intrusion detection system What is intrusion? What is intrusion.

23-aug-05Intrusion detection system1. 23-aug-05Intrusion detection system2 Overview of intrusion detection system What is intrusion? What is intrusion.
A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.

A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.

Similar presentations

Ads by Google