The MEERKATS cloud security architecture

Angelos D. Keromytis, Roxana Geambasu, Simha Sethumadhavan, Salvatore J. Stolfo, Junfeng Yang, Azzedine Benameur, Marc Dacier, Matthew Elder, Darrell Kienzle, Angelos Stavrou

Research output: Chapter in Book/Report/Conference proceedingConference contribution

14 Citations (Scopus)

Abstract

MEERKATS is a novel architecture for cloud environments that elevates continuous system evolution and change as first-rate design principles. Our goal is to enable an environment for cloud services that constantly changes along several dimensions, toward creating an unpredictable target for an adversary. This unpredictability will both impede the adversary's ability to achieve an initial system compromise and, if a compromise occurs, to detect, disrupt, and/or otherwise impede his ability to exploit this success. Thus, we envision an environment where cloud services and data are constantly in flux, using adaptive (both proactive and reactive) protection mechanisms and distributed monitoring at various levels of abstraction. A key element of MEERKATS is the focus on both the software and the data in the cloud, not just protecting but leveraging both to improve mission resilience. MEERKATS seeks to effectively exploit "economies of scale" (in resources available) to provide higher flexibility and effectiveness in the deployment and use of protection mechanisms as and where needed, focusing on current and anticipated application and mission needs instead of an inefficient, "blanket" approach to protecting "everything the same way, all the time". We outline our vision for MEERKATS and describe our approach toward prototyping it.

Original languageEnglish
Title of host publicationProceedings - 32nd IEEE International Conference on Distributed Computing Systems Workshops, ICDCSW 2012
Pages446-450
Number of pages5
DOIs
Publication statusPublished - 2012
Externally publishedYes
Event32nd IEEE International Conference on Distributed Computing Systems Workshops, ICDCSW 2012 - Macau
Duration: 18 Jun 201221 Jun 2012

Other

Other32nd IEEE International Conference on Distributed Computing Systems Workshops, ICDCSW 2012
CityMacau
Period18/6/1221/6/12

Fingerprint

Fluxes
Monitoring

Keywords

  • cloud security
  • deception
  • decoys
  • resource management

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Control and Systems Engineering

Cite this

Keromytis, A. D., Geambasu, R., Sethumadhavan, S., Stolfo, S. J., Yang, J., Benameur, A., ... Stavrou, A. (2012). The MEERKATS cloud security architecture. In Proceedings - 32nd IEEE International Conference on Distributed Computing Systems Workshops, ICDCSW 2012 (pp. 446-450). [6258191] https://doi.org/10.1109/ICDCSW.2012.42

The MEERKATS cloud security architecture. / Keromytis, Angelos D.; Geambasu, Roxana; Sethumadhavan, Simha; Stolfo, Salvatore J.; Yang, Junfeng; Benameur, Azzedine; Dacier, Marc; Elder, Matthew; Kienzle, Darrell; Stavrou, Angelos.

Proceedings - 32nd IEEE International Conference on Distributed Computing Systems Workshops, ICDCSW 2012. 2012. p. 446-450 6258191.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Keromytis, AD, Geambasu, R, Sethumadhavan, S, Stolfo, SJ, Yang, J, Benameur, A, Dacier, M, Elder, M, Kienzle, D & Stavrou, A 2012, The MEERKATS cloud security architecture. in Proceedings - 32nd IEEE International Conference on Distributed Computing Systems Workshops, ICDCSW 2012., 6258191, pp. 446-450, 32nd IEEE International Conference on Distributed Computing Systems Workshops, ICDCSW 2012, Macau, 18/6/12. https://doi.org/10.1109/ICDCSW.2012.42
Keromytis AD, Geambasu R, Sethumadhavan S, Stolfo SJ, Yang J, Benameur A et al. The MEERKATS cloud security architecture. In Proceedings - 32nd IEEE International Conference on Distributed Computing Systems Workshops, ICDCSW 2012. 2012. p. 446-450. 6258191 https://doi.org/10.1109/ICDCSW.2012.42
Keromytis, Angelos D. ; Geambasu, Roxana ; Sethumadhavan, Simha ; Stolfo, Salvatore J. ; Yang, Junfeng ; Benameur, Azzedine ; Dacier, Marc ; Elder, Matthew ; Kienzle, Darrell ; Stavrou, Angelos. / The MEERKATS cloud security architecture. Proceedings - 32nd IEEE International Conference on Distributed Computing Systems Workshops, ICDCSW 2012. 2012. pp. 446-450
@inproceedings{df1021c2bae14fa2b68121d4e74ec285,
title = "The MEERKATS cloud security architecture",
abstract = "MEERKATS is a novel architecture for cloud environments that elevates continuous system evolution and change as first-rate design principles. Our goal is to enable an environment for cloud services that constantly changes along several dimensions, toward creating an unpredictable target for an adversary. This unpredictability will both impede the adversary's ability to achieve an initial system compromise and, if a compromise occurs, to detect, disrupt, and/or otherwise impede his ability to exploit this success. Thus, we envision an environment where cloud services and data are constantly in flux, using adaptive (both proactive and reactive) protection mechanisms and distributed monitoring at various levels of abstraction. A key element of MEERKATS is the focus on both the software and the data in the cloud, not just protecting but leveraging both to improve mission resilience. MEERKATS seeks to effectively exploit {"}economies of scale{"} (in resources available) to provide higher flexibility and effectiveness in the deployment and use of protection mechanisms as and where needed, focusing on current and anticipated application and mission needs instead of an inefficient, {"}blanket{"} approach to protecting {"}everything the same way, all the time{"}. We outline our vision for MEERKATS and describe our approach toward prototyping it.",
keywords = "cloud security, deception, decoys, resource management",
author = "Keromytis, {Angelos D.} and Roxana Geambasu and Simha Sethumadhavan and Stolfo, {Salvatore J.} and Junfeng Yang and Azzedine Benameur and Marc Dacier and Matthew Elder and Darrell Kienzle and Angelos Stavrou",
year = "2012",
doi = "10.1109/ICDCSW.2012.42",
language = "English",
pages = "446--450",
booktitle = "Proceedings - 32nd IEEE International Conference on Distributed Computing Systems Workshops, ICDCSW 2012",

}

TY - GEN

T1 - The MEERKATS cloud security architecture

AU - Keromytis, Angelos D.

AU - Geambasu, Roxana

AU - Sethumadhavan, Simha

AU - Stolfo, Salvatore J.

AU - Yang, Junfeng

AU - Benameur, Azzedine

AU - Dacier, Marc

AU - Elder, Matthew

AU - Kienzle, Darrell

AU - Stavrou, Angelos

PY - 2012

Y1 - 2012

N2 - MEERKATS is a novel architecture for cloud environments that elevates continuous system evolution and change as first-rate design principles. Our goal is to enable an environment for cloud services that constantly changes along several dimensions, toward creating an unpredictable target for an adversary. This unpredictability will both impede the adversary's ability to achieve an initial system compromise and, if a compromise occurs, to detect, disrupt, and/or otherwise impede his ability to exploit this success. Thus, we envision an environment where cloud services and data are constantly in flux, using adaptive (both proactive and reactive) protection mechanisms and distributed monitoring at various levels of abstraction. A key element of MEERKATS is the focus on both the software and the data in the cloud, not just protecting but leveraging both to improve mission resilience. MEERKATS seeks to effectively exploit "economies of scale" (in resources available) to provide higher flexibility and effectiveness in the deployment and use of protection mechanisms as and where needed, focusing on current and anticipated application and mission needs instead of an inefficient, "blanket" approach to protecting "everything the same way, all the time". We outline our vision for MEERKATS and describe our approach toward prototyping it.

AB - MEERKATS is a novel architecture for cloud environments that elevates continuous system evolution and change as first-rate design principles. Our goal is to enable an environment for cloud services that constantly changes along several dimensions, toward creating an unpredictable target for an adversary. This unpredictability will both impede the adversary's ability to achieve an initial system compromise and, if a compromise occurs, to detect, disrupt, and/or otherwise impede his ability to exploit this success. Thus, we envision an environment where cloud services and data are constantly in flux, using adaptive (both proactive and reactive) protection mechanisms and distributed monitoring at various levels of abstraction. A key element of MEERKATS is the focus on both the software and the data in the cloud, not just protecting but leveraging both to improve mission resilience. MEERKATS seeks to effectively exploit "economies of scale" (in resources available) to provide higher flexibility and effectiveness in the deployment and use of protection mechanisms as and where needed, focusing on current and anticipated application and mission needs instead of an inefficient, "blanket" approach to protecting "everything the same way, all the time". We outline our vision for MEERKATS and describe our approach toward prototyping it.

KW - cloud security

KW - deception

KW - decoys

KW - resource management

UR - http://www.scopus.com/inward/record.url?scp=84866390219&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84866390219&partnerID=8YFLogxK

U2 - 10.1109/ICDCSW.2012.42

DO - 10.1109/ICDCSW.2012.42

M3 - Conference contribution

AN - SCOPUS:84866390219

SP - 446

EP - 450

BT - Proceedings - 32nd IEEE International Conference on Distributed Computing Systems Workshops, ICDCSW 2012

ER -