User-Level Runtime Security Auditing for the Cloud

Cloud computing is emerging as a promising IT solution for enabling ubiquitous, convenient, and on-demand accesses to a shared pool of configurable computing resources. However, the widespread adoption of cloud is still being hindered by the lack of transparency and accountability, which has traditionally been ensured through security auditing techniques. Auditing in cloud poses many unique challenges in data collection and processing (e.g., data format inconsistency and lack of correlation due to the heterogeneity of cloud infrastructures), and in verification (e.g., prohibitive performance overhead due to the sheer scale of cloud infrastructures and need of runtime verification for the dynamic nature of cloud). To this end, existing runtime auditing techniques do not offer a practical response time to verify a wide-range of user-level security properties for a large cloud. In this paper, we propose a runtime security auditing framework for the cloud with special focus on the user-level including common access control and authentication mechanisms e.g., RBAC, ABAC, SSO, and we implement and evaluate the framework based on OpenStack, a widely deployed cloud management system. The main idea towards reducing the response time to a practical level is to perform the costly operations only once, which is followed by significantly more efficient incremental runtime verification. Our experimental results show that runtime security auditing in a large cloud environment is realistic under our approach (e.g., our solution performs runtime auditing of 100,000 users within 500 milliseconds).