Pileus: Protecting user resources from vulnerable cloud services

Yuqiong Sun, Giuseppe Petracca, Xinyang Ge, Trent Jaeger

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Scopus citations

Abstract

Cloud computing platforms are now constructed as distributed, modular systems of cloud services, which enable cloud users to manage their cloud resources. However, in current cloud platforms, cloud services fully trust each other, so a malicious user may exploit a vulnerability in a cloud service to obtain unauthorized access to another user's data. To date, over 150 vulnerabilities have been reported in cloud services in the OpenStack cloud. Research efforts in cloud security have focused primarily on attacks originating from user VMs or compromised operating systems rather than threats caused by the compromise of distributed cloud services, leaving cloud users open to attacks from these vulnerable cloud services. In this paper, we propose the Pileus cloud service architecture, which isolates each user's cloud operations to prevent vulnerabilities in cloud services from enabling malicious users to gain unauthorized access. Pileus deploys stateless cloud services "on demand" to service each user's cloud operations, limiting cloud services to the permissions of individual users. Pileus leverages the decentralized information flow control (DIFC) model for permission management, but the Pileus design addresses special challenges in the cloud environment to: (1) restrict how cloud services may be allowed to make security decisions; (2) select trustworthy nodes for access enforcement in a dynamic, distributed environment; and (3) limit the set of nodes a user must trust to service each operation. We have ported the OpenStack cloud platform to Pileus, finding that we can systematically prevent compromised cloud services from attacking other users' cloud operations with less than 3% additional latency for the operation. Application of the Pileus architecture to Open- Stack shows that confined cloud services can service users' cloud operations effectively for a modest overhead.

Original languageEnglish (US)
Title of host publicationProceedings - 32nd Annual Computer Security Applications Conference, ACSAC 2016
PublisherAssociation for Computing Machinery
Pages52-64
Number of pages13
ISBN (Electronic)9781450347716
DOIs
StatePublished - Dec 5 2016
Event32nd Annual Computer Security Applications Conference, ACSAC 2016 - Los Angeles, United States
Duration: Dec 5 2016Dec 9 2016

Publication series

NameACM International Conference Proceeding Series
Volume5-9-December-2016

Other

Other32nd Annual Computer Security Applications Conference, ACSAC 2016
CountryUnited States
CityLos Angeles
Period12/5/1612/9/16

All Science Journal Classification (ASJC) codes

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Pileus: Protecting user resources from vulnerable cloud services'. Together they form a unique fingerprint.

  • Cite this

    Sun, Y., Petracca, G., Ge, X., & Jaeger, T. (2016). Pileus: Protecting user resources from vulnerable cloud services. In Proceedings - 32nd Annual Computer Security Applications Conference, ACSAC 2016 (pp. 52-64). (ACM International Conference Proceeding Series; Vol. 5-9-December-2016). Association for Computing Machinery. https://doi.org/10.1145/2991079.2991109