Improving attack graph scalability for the cloud through SDN-based decomposition and parallel processing

Oussama Mjihil, Dijiang Huang, Abdelkrim Haqiq

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Scopus citations

Abstract

Due to its fast growth, Cloud computing is a quick evolving research area. Security, which is among the most required Cloud features, is a very hard and challenging task when it’s addressed for large networked systems. To automate security assessment, one should use an Attack Representation Model (ARM), such as Attack Graph (AG) or Attack Tree, to represent and analyze multi-host multi-stage attacks. In order to improve AG analysis for large-scale networked systems, our framework uses Software-defined Networking (SDN) to build a detailed and dynamic knowledge about the network configuration and the host access control list. Altogether with machine configuration information, our framework will be able to construct loosely connected sub-groups of virtual machines and perform a parallel security analysis. We have performed experimental validation using a real networked system to show the performance improvement in comparison with MULVAL network security analyzer.

Original languageEnglish (US)
Title of host publicationUbiquitous Networking -3rd International Symposium, UNet 2017, Revised Selected Papers
EditorsAna Garcia Armada, Mounir Ghogho, Essaid Sabir, Mounir Ghogho, Merouane Debbah
PublisherSpringer Verlag
Pages193-205
Number of pages13
ISBN (Print)9783319681788
DOIs
StatePublished - 2017
Event3rd International Symposium on Ubiquitous Networking, UNet 2017 - Casablance, Morocco
Duration: May 9 2017May 12 2017

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10542 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other3rd International Symposium on Ubiquitous Networking, UNet 2017
CountryMorocco
CityCasablance
Period5/9/175/12/17

Keywords

  • Attack representation models
  • Graph theory
  • Scalability

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'Improving attack graph scalability for the cloud through SDN-based decomposition and parallel processing'. Together they form a unique fingerprint.

Cite this