Security Audit as a Service (SAaaS)
Security Audit as a Service (SAaaS) is a project funded by the German Ministry for Education and Research (BMBF) and investigates how audits of cloud infrastructure can enhance trust in cloud environments.
SAaaS is based on a cloud intrusion detection system with distributed agents deployed at logical key locations (e.g. VMs, VM hosts, cloud management) of a cloud infrastructure monitoring occurrences. An occurrence can be anything describable like a simple successfully login event, a series of unsuccessful login attempts, network connections between VMs or increasing CPU consumption of a certain VM. In the event of an identified occurrence the agent generates an event feeding a complex event processing engine which draws the cloud's security state. Thus, distributed attacks on a cloud computing environment or misuse of cloud resource will be detected early.
SAaaS Use Cases
The Security Audit as a Service Infrastructure aims to support the following use cases:
A) Automated security audit of a customer IT infrastructure
This service can be used on-demand targeting an infrastructure not necessarily running in a cloud computing environment. Based on a toolbox available
a customer can schedule security audits of its IT infrastructure. Tools like a vulnerability scanner of all internet exposed systems are possible and can be scheduled in a repetitive manner. Results will be user friendly conditioned to an audit security report.
B) Audit and monitoring of cloud instances
Cloud user are running special monitored cloud instances, virtual machines (VMs), within a provider's cloud infrastructure. Monitoring is done via audit agents which are
positioned within a customers VMs as well as in the cloud infrastructure of the provider. The user defines Security Service Level Agreements (SSLA) defining what to monitor and how to alert in case of system deviation from the dened manner.
C. Cloud infrastructure audit and monitoring
A Security Audit Service is used by the cloud provider as well as a 3rd party (e.g. security service provider) to audit and monitor the cloud infrastructure. Results of external security audits like penetration test results of the cloud management infrastructure combined with internal information from the a cloud centralized Security Audit Service creates a comprehensive view of the security status.
Official project deliverables
Scientific project publications
- Journal Publication: F. Doelitzscher, Ch. Reich, M. Knahl, A. Passfall and N. Clarke, An agent based business aware incident detection system for cloud environments, Journal of Cloud Computing: Advances, Systems and Applications 2012, Volume 1, DOI:10.1186/2192-113X-1-9, 2012
- Conference Publication: F. Doelitzscher, C. Fischer, D. Moskal, Ch. Reich, M. Knahl, and N. Clarke,Validating Cloud Infrastructure Changes by Cloud Audits, Proceedings of the 8th IEEE World Congress on Services (SERVICES2012), 24th - 29th June, Honolulu, Hawaii, DOI 10.1109/SERVICES.2012.12, 2012,Winner of Second Place of IEEE SERVICES CUP 2012
- Conference Publication: F. Doelitzscher, Ch. Reich, M. Knahl and N. Clarke, An autonomous agent based incident detection system for cloud environments, Proceedings of the 3rd IEEE International Conference on Cloud Computing Technology and Science (CloudCom2011), 29th Nov. - Dec.1st, Athens.
- Conference Publication: F. Doelitzscher, C. Reich, M. Knahl and N. Clarke, Incident detection for cloud environments, Proceedings of the Third International Conference on Emerging Network Intelligence (EMERGING 2011), Nov. 20-25, 2011, Lisbon, Portugal, Winner of Best Paper Award
- Publication: F. Doelitzscher, M. Ardelt, C. Reich and M. Knahl, Sicherheitsprobleme für IT-Outsourcing durch Cloud Computing, HMD Magazine Volume 281: IT-Sicherheit und Datenschutz, 26th October 2011,ISSN 1436-3011, Winner of Best Paper Award