A Proposed Framework for the Active Detection of Security Vulnerabilities in Multi-tenancy Cloud Systems

A Proposed Framework for the Active Detection of Security Vulnerabilities in Multi-tenancy Cloud Systems

The detection of cyber attacks before they are successful represents an essential stage in the evolution of an attack vector centric security framework. Anti-virus, Malware and Firewalls detection & protection ideologies are proving to be ineffective and they were never designed with multi-tenan...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Flood, J., Keane, A.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Companies
cybercrime
forensics
Informatics
multi-tenancy security
Security
Training
Vectors
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 235
container_issue
container_start_page 231
container_title
container_volume
creator Flood, J.
Keane, A.
description The detection of cyber attacks before they are successful represents an essential stage in the evolution of an attack vector centric security framework. Anti-virus, Malware and Firewalls detection & protection ideologies are proving to be ineffective and they were never designed with multi-tenant cloud environments in mind. The current security solution development is driven by the complexity of the gap analysis performed by hacker groups and multi-tenant cloud solutions represent a significant target to hacker groups so it is important for Cloud providers to take pre-emptive steps to ensure the total security of their services. A multi-tenant environment irrespective of the number of users is still an individual system and multi-tenant cloud solutions require active protection as the individual system components can still be compromised with a previously unknown attack vector. One possible solution to this growing security concern is an approach that continuously validates user interactions within a system and takes automated preemptive steps to promote the protection of the system users. By gathering information on the attack vector and the attacker themselves it is possible to predict the aim of the attack, gauging the risk and making assumptions. The ultimate goal is to identify and close the attack vector during the attackers gap analysis while ensuring at all time that the information gathered can be isolated to a legal forensic standard. With the ultimate goal being the ability to share malicious user activity information with authorities without the risk of accidental data leakage of other tenants data. This paper describes a possible system and methodology that would prevent the gap analysis phase of a cyber-attack.
doi_str_mv 10.1109/EIDWT.2012.43
format Conference Proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_6354747</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>6354747</ieee_id><sourcerecordid>6354747</sourcerecordid><originalsourceid>FETCH-LOGICAL-i90t-5a3bc4c88c7cb8cb0c8bc59f68977ac9859401f869a5c6a75a4ae64cc3bba8083</originalsourceid><addsrcrecordid>eNotkMtKAzEYRiMiqLVLV27yAlOT5r4svWihotCiy5Kk_9DodFKSjDJv74CezXdW3-IgdE_JhFJiHpfrxcduMiV0OuHsAt0SJY3ginF5iW4pl4pRoyW_RuOcP8mAppoKeYOOM_yW4jlmOOBVsif4iekL1zHhcgQ88yV8A15AgcFii2ONt-C7FEqP37umhWRdaEIJkHFo8UvXlFAVaG3rezxvYnfA2z4XOOU7dFXbJsP4f0dot1ru5s_V5vVpPZ9tqmBIqYRlznOvtVfeae-I184LU0ttlLLeaGE4obWWxgovrRKWW5Dce-ac1USzEXr4uw0AsD-ncLKp30s2xBhy_ALGTVhJ</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>A Proposed Framework for the Active Detection of Security Vulnerabilities in Multi-tenancy Cloud Systems</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Flood, J. ; Keane, A.</creator><creatorcontrib>Flood, J. ; Keane, A.</creatorcontrib><description>The detection of cyber attacks before they are successful represents an essential stage in the evolution of an attack vector centric security framework. Anti-virus, Malware and Firewalls detection &amp; protection ideologies are proving to be ineffective and they were never designed with multi-tenant cloud environments in mind. The current security solution development is driven by the complexity of the gap analysis performed by hacker groups and multi-tenant cloud solutions represent a significant target to hacker groups so it is important for Cloud providers to take pre-emptive steps to ensure the total security of their services. A multi-tenant environment irrespective of the number of users is still an individual system and multi-tenant cloud solutions require active protection as the individual system components can still be compromised with a previously unknown attack vector. One possible solution to this growing security concern is an approach that continuously validates user interactions within a system and takes automated preemptive steps to promote the protection of the system users. By gathering information on the attack vector and the attacker themselves it is possible to predict the aim of the attack, gauging the risk and making assumptions. The ultimate goal is to identify and close the attack vector during the attackers gap analysis while ensuring at all time that the information gathered can be isolated to a legal forensic standard. With the ultimate goal being the ability to share malicious user activity information with authorities without the risk of accidental data leakage of other tenants data. This paper describes a possible system and methodology that would prevent the gap analysis phase of a cyber-attack.</description><identifier>ISBN: 1467319864</identifier><identifier>ISBN: 9781467319867</identifier><identifier>EISBN: 0769547346</identifier><identifier>EISBN: 9780769547343</identifier><identifier>DOI: 10.1109/EIDWT.2012.43</identifier><identifier>CODEN: IEEPAD</identifier><language>eng</language><publisher>IEEE</publisher><subject>Companies ; cybercrime ; forensics ; Informatics ; multi-tenancy security ; Security ; Training ; Vectors</subject><ispartof>2012 Third International Conference on Emerging Intelligent Data and Web Technologies, 2012, p.231-235</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/6354747$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,777,781,786,787,2052,27906,54901</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/6354747$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Flood, J.</creatorcontrib><creatorcontrib>Keane, A.</creatorcontrib><title>A Proposed Framework for the Active Detection of Security Vulnerabilities in Multi-tenancy Cloud Systems</title><title>2012 Third International Conference on Emerging Intelligent Data and Web Technologies</title><addtitle>eidwt</addtitle><description>The detection of cyber attacks before they are successful represents an essential stage in the evolution of an attack vector centric security framework. Anti-virus, Malware and Firewalls detection &amp; protection ideologies are proving to be ineffective and they were never designed with multi-tenant cloud environments in mind. The current security solution development is driven by the complexity of the gap analysis performed by hacker groups and multi-tenant cloud solutions represent a significant target to hacker groups so it is important for Cloud providers to take pre-emptive steps to ensure the total security of their services. A multi-tenant environment irrespective of the number of users is still an individual system and multi-tenant cloud solutions require active protection as the individual system components can still be compromised with a previously unknown attack vector. One possible solution to this growing security concern is an approach that continuously validates user interactions within a system and takes automated preemptive steps to promote the protection of the system users. By gathering information on the attack vector and the attacker themselves it is possible to predict the aim of the attack, gauging the risk and making assumptions. The ultimate goal is to identify and close the attack vector during the attackers gap analysis while ensuring at all time that the information gathered can be isolated to a legal forensic standard. With the ultimate goal being the ability to share malicious user activity information with authorities without the risk of accidental data leakage of other tenants data. This paper describes a possible system and methodology that would prevent the gap analysis phase of a cyber-attack.</description><subject>Companies</subject><subject>cybercrime</subject><subject>forensics</subject><subject>Informatics</subject><subject>multi-tenancy security</subject><subject>Security</subject><subject>Training</subject><subject>Vectors</subject><isbn>1467319864</isbn><isbn>9781467319867</isbn><isbn>0769547346</isbn><isbn>9780769547343</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2012</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNotkMtKAzEYRiMiqLVLV27yAlOT5r4svWihotCiy5Kk_9DodFKSjDJv74CezXdW3-IgdE_JhFJiHpfrxcduMiV0OuHsAt0SJY3ginF5iW4pl4pRoyW_RuOcP8mAppoKeYOOM_yW4jlmOOBVsif4iekL1zHhcgQ88yV8A15AgcFii2ONt-C7FEqP37umhWRdaEIJkHFo8UvXlFAVaG3rezxvYnfA2z4XOOU7dFXbJsP4f0dot1ru5s_V5vVpPZ9tqmBIqYRlznOvtVfeae-I184LU0ttlLLeaGE4obWWxgovrRKWW5Dce-ac1USzEXr4uw0AsD-ncLKp30s2xBhy_ALGTVhJ</recordid><startdate>201209</startdate><enddate>201209</enddate><creator>Flood, J.</creator><creator>Keane, A.</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>201209</creationdate><title>A Proposed Framework for the Active Detection of Security Vulnerabilities in Multi-tenancy Cloud Systems</title><author>Flood, J. ; Keane, A.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i90t-5a3bc4c88c7cb8cb0c8bc59f68977ac9859401f869a5c6a75a4ae64cc3bba8083</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2012</creationdate><topic>Companies</topic><topic>cybercrime</topic><topic>forensics</topic><topic>Informatics</topic><topic>multi-tenancy security</topic><topic>Security</topic><topic>Training</topic><topic>Vectors</topic><toplevel>online_resources</toplevel><creatorcontrib>Flood, J.</creatorcontrib><creatorcontrib>Keane, A.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Flood, J.</au><au>Keane, A.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>A Proposed Framework for the Active Detection of Security Vulnerabilities in Multi-tenancy Cloud Systems</atitle><btitle>2012 Third International Conference on Emerging Intelligent Data and Web Technologies</btitle><stitle>eidwt</stitle><date>2012-09</date><risdate>2012</risdate><spage>231</spage><epage>235</epage><pages>231-235</pages><isbn>1467319864</isbn><isbn>9781467319867</isbn><eisbn>0769547346</eisbn><eisbn>9780769547343</eisbn><coden>IEEPAD</coden><abstract>The detection of cyber attacks before they are successful represents an essential stage in the evolution of an attack vector centric security framework. Anti-virus, Malware and Firewalls detection &amp; protection ideologies are proving to be ineffective and they were never designed with multi-tenant cloud environments in mind. The current security solution development is driven by the complexity of the gap analysis performed by hacker groups and multi-tenant cloud solutions represent a significant target to hacker groups so it is important for Cloud providers to take pre-emptive steps to ensure the total security of their services. A multi-tenant environment irrespective of the number of users is still an individual system and multi-tenant cloud solutions require active protection as the individual system components can still be compromised with a previously unknown attack vector. One possible solution to this growing security concern is an approach that continuously validates user interactions within a system and takes automated preemptive steps to promote the protection of the system users. By gathering information on the attack vector and the attacker themselves it is possible to predict the aim of the attack, gauging the risk and making assumptions. The ultimate goal is to identify and close the attack vector during the attackers gap analysis while ensuring at all time that the information gathered can be isolated to a legal forensic standard. With the ultimate goal being the ability to share malicious user activity information with authorities without the risk of accidental data leakage of other tenants data. This paper describes a possible system and methodology that would prevent the gap analysis phase of a cyber-attack.</abstract><pub>IEEE</pub><doi>10.1109/EIDWT.2012.43</doi><tpages>5</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISBN: 1467319864
ispartof 2012 Third International Conference on Emerging Intelligent Data and Web Technologies, 2012, p.231-235
issn
language eng
recordid cdi_ieee_primary_6354747
source IEEE Electronic Library (IEL) Conference Proceedings
subjects Companies
cybercrime
forensics
Informatics
multi-tenancy security
Security
Training
Vectors
title A Proposed Framework for the Active Detection of Security Vulnerabilities in Multi-tenancy Cloud Systems
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-21T02%3A33%3A57IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=A%20Proposed%20Framework%20for%20the%20Active%20Detection%20of%20Security%20Vulnerabilities%20in%20Multi-tenancy%20Cloud%20Systems&rft.btitle=2012%20Third%20International%20Conference%20on%20Emerging%20Intelligent%20Data%20and%20Web%20Technologies&rft.au=Flood,%20J.&rft.date=2012-09&rft.spage=231&rft.epage=235&rft.pages=231-235&rft.isbn=1467319864&rft.isbn_list=9781467319867&rft.coden=IEEPAD&rft_id=info:doi/10.1109/EIDWT.2012.43&rft_dat=%3Cieee_6IE%3E6354747%3C/ieee_6IE%3E%3Curl%3E%3C/url%3E&rft.eisbn=0769547346&rft.eisbn_list=9780769547343&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=6354747&rfr_iscdi=true