Article Preview
TopIntroduction
IaaS (Infrastructure as a Service) has become a prominent service delivery model of modern day cloud infrastructures. Many businesses, especially the MSMEs (Micro, Small and Medium Enterprises) have adopted to use these services from public service providers for their business needs. Virtualization is the key technology enabler behind these massive public cloud infrastructures that can offer commodity virtual servers for business clients over the internet.
However security tops the areas of concern among the users of the cloud services. The inherent nature of virtualization which makes it possible for multiple tenants to share the same physical hardware, brings in a host of challenges related to VM isolation. This would also raise data confidentiality and privacy concerns. In addition to these new security threats unique to virtualized platforms, the cloud infrastructures are also susceptible to the traditional attacks on cyber infrastructures in the Internet world. Thus addressing security in cloud infrastructures becomes a challenge.
In this paper, we present a model for analyzing security threats unique to IaaS virtualized environments. Based on the concept of Bayesian networks, we formulate the threats with the help of an attack graph. Using the principles of sensitivity analysis, we demonstrate the usage of this model to analyze the impact of various threats and thus implement an optimal security defenses against these threats.
Security analysis is challenging, as the analysts have to deal with the inherent uncertainty with the attack process. The success rate of the attacks varies significantly depending on various factors including the actual targeted setup, the components involved, the strategies employed and the prior defense mechanisms put in place in the infrastructure. A great deal of uncertainty exists regarding the attacker behavior. There are also variations among the different vulnerabilities listed at the corresponding layers. Thus a probabilistic model presents a best approach to capture this inherent uncertainty and carry out analysis to design the security framework for large, critical infrastructures. Bayesian approach can be used effectively to carry out probabilistic reasoning and draw inferences for hypothetical scenarios.
An attack graph is a graphical representation of the security threats in a system with nodes representing the system components and the edges representing the vulnerabilities / the exploits that can be used to reach a specific node. Bayesian Attack Graphs (BAG) are an extension of the attack graphs that employ the Bayesian approach to model the identified security threats in an infrastructure and to draw statistical inferences to various queries, such as the probabilities of attackers reaching particular security conditions by exploiting specific vulnerabilities. The model can also be used to set evidences of particular security violations hypothetically and then evaluate the probable explanations for the same. Specifically, consider an attack graph with n nodes. Let us consider 
, which indicates one of the nodes of the attack graph under consideration. If 
represents a particular system component or a specific security condition of the system, then the BAG can be used to calculate the unconditional probability distribution 
, which indicates the probability of that particular component getting compromised or the probability of reaching a particular security violation state.