Presentation is loading. Please wait.

Presentation is loading. Please wait.

Towards Self Adaptable Security Monitoring in IaaS clouds Anna Giannakou Advisors: Christine Morin, Jean-Louis Pazat, Louis Rilling.

Published byBeverley Norris Modified over 8 years ago

Similar presentations

Presentation on theme: "Towards Self Adaptable Security Monitoring in IaaS clouds Anna Giannakou Advisors: Christine Morin, Jean-Louis Pazat, Louis Rilling."— Presentation transcript:

1 Towards Self Adaptable Security Monitoring in IaaS clouds Anna Giannakou Advisors: Christine Morin, Jean-Louis Pazat, Louis Rilling

2 Presentation outline  Security monitoring in clouds  Self-adaptable Intrusion Detection System  Preliminary Results  Technical aspects 2

3 Security monitoring in clouds

4 Infrastructure as a Service clouds 4

5 5

6 6

7 7

8 8

9 9

10 Network Intrusion Detection Systems 10 Passively inspect traffic (monitor & notify) Out of band placement Rule based configuration http://sanketrjain.com/intrusion-detection-and-prevention-system/

11 The need for adaptable security monitoring  IaaS cloud environments are very dynamic  Topology-related changes (VM creation, deletion, migration)  Traffic load fluctuation  Service addition/removal  Traditional security monitoring is ineffective  Reconfiguration of monitoring system should be automated  Several actors with different security requirements  Tenants express their requirements through SLA 11

12 Self-Adaptable Intrusion Detection System

13 Self-adaptable security monitoring engine-SAIDS (1) 13

14 Self-adaptable security monitoring engine-SAIDS (2) 14

15 Self-adaptable security monitoring engine-SAIDS (3) 15

16 Self-adaptable security monitoring engine-SAIDS (4) 16

17 Self-adaptable security monitoring engine-SAIDS (5) 17

18 Preliminary results

19 19 4

20 Technical aspects

21 OpenStack deployment  Version 2014.2 -Juno  3 nodes (1 controller - 2 compute )  DevStack multi-node installation  https://git.openstack.org/openstack-dev/devstack  OpenvSwitch on every node – (for kernel 3.2 version 2.0.0 )  https://github.com/openvswitch/ovs/tarball/master  GRE tunnels for inter-VM communication

22 Deployment steps 1. Reserve nodes & vlan  (oarsub, …) 2. Deploy environment (Trusty 12.04)  Kadeploy3, … 3. Run custom deployment script  (Automatic update of local.conf &./stack.sh) 4. Reconfigure external connectivity due to openvSwitch setup 1. br-ex as the main interface on controller node 5. Repeat step 3 for compute nodes

23 Deployment issues  Overall deployment time ~ 25-30 min  Additional time for:  registering VMs with glance  Injecting OpenFlow rules  Further automation for not deploying OpenStack everytime :  Reconfigure.conf files for all services (nova, glance,…)  Restart services  Limitations: VM image size (environment file gets too big)

Download ppt "Towards Self Adaptable Security Monitoring in IaaS clouds Anna Giannakou Advisors: Christine Morin, Jean-Louis Pazat, Louis Rilling."

Similar presentations

© 2012 IBM Corporation Architecture of Quantum Folsom Release Yong Sheng Gong ( 龚永生 ) gongysh #openstack-dev Quantum Core developer.

© 2012 IBM Corporation Architecture of Quantum Folsom Release Yong Sheng Gong ( 龚永生 ) gongysh #openstack-dev Quantum Core developer.
CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks or: How to Provide Security Monitoring as a Service in Clouds? Seungwon.

CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks or: How to Provide Security Monitoring as a Service in Clouds? Seungwon.
Seamless migration from Nova-network to Neutron in eBay production Chengyuan Li, Han Zhou.

Seamless migration from Nova-network to Neutron in eBay production Chengyuan Li, Han Zhou.
1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.

1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.
FI-WARE – Future Internet Core Platform FI-WARE Cloud Hosting July 2011 High-level description.

FI-WARE – Future Internet Core Platform FI-WARE Cloud Hosting July 2011 High-level description.
24 February 2015 Ryota Mibu, NEC

24 February 2015 Ryota Mibu, NEC
OpenContrail Quickstart

OpenContrail Quickstart
Undergraduate Poster Presentation Match 31, 2015 Department of CSE, BUET, Dhaka, Bangladesh Wireless Sensor Network Integretion With Cloud Computing H.M.A.

Undergraduate Poster Presentation Match 31, 2015 Department of CSE, BUET, Dhaka, Bangladesh Wireless Sensor Network Integretion With Cloud Computing H.M.A.
Microsoft Virtual Academy Module 4 Creating and Configuring Virtual Machine Networks.

Microsoft Virtual Academy Module 4 Creating and Configuring Virtual Machine Networks.
SDN Problem Statement and Use Cases for Data Center Applications Ping Pan Thomas Nadeau November 2011.

SDN Problem Statement and Use Cases for Data Center Applications Ping Pan Thomas Nadeau November 2011.
CTS Private Cloud Status Quarterly Customer Meeting October 22, 2014.

CTS Private Cloud Status Quarterly Customer Meeting October 22, 2014.
Data Center Network Redesign using SDN

Data Center Network Redesign using SDN
Presented by: Sanketh Beerabbi University of Central Florida COP6087 - Cloud Computing.

Presented by: Sanketh Beerabbi University of Central Florida COP Cloud Computing.
Vic Liu Liang Xia Zu Qiang Speaker: Vic Liu China Mobile Network as a Service Architecture draft-liu-nvo3-naas-arch-01.

Vic Liu Liang Xia Zu Qiang Speaker: Vic Liu China Mobile Network as a Service Architecture draft-liu-nvo3-naas-arch-01.
Openstack on Openstack how to bootstrap a cloud Paul Voccio Director, Infrastructure Engineering Rackspace.

Openstack on Openstack how to bootstrap a cloud Paul Voccio Director, Infrastructure Engineering Rackspace.
Ph No: 0891 2728543. Mob: +91-7386622889. 37-12-14,plot No-27,NGGO's Colony, Pattabhi reddy gardens,Visakhapatnam-07 Open.

Ph No: Mob: ,plot No-27,NGGO's Colony, Pattabhi reddy gardens,Visakhapatnam-07 Open.
Synchronized Co-migration of Virtual Machines for IDS Offloading in Clouds Kenichi Kourai and Hisato Utsunomiya Kyushu Institute of Technology, Japan.

Synchronized Co-migration of Virtual Machines for IDS Offloading in Clouds Kenichi Kourai and Hisato Utsunomiya Kyushu Institute of Technology, Japan.
20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.

20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.
User-driven Networking in IaaS Clouds Daniel Kouril, Tomas Rebok, Michal Prochazka Masaryk University/CESNET EGI-Geant Symposium, 27th September 2014.

User-driven Networking in IaaS Clouds Daniel Kouril, Tomas Rebok, Michal Prochazka Masaryk University/CESNET EGI-Geant Symposium, 27th September 2014.
Www.egi.eu EGI-InSPIRE RI-261323 EGI Webinar www.egi.eu EGI-InSPIRE RI-261323 Porting your application to the EGI Federated Cloud 17 Feb 2014 1.

EGI-InSPIRE RI EGI Webinar EGI-InSPIRE RI Porting your application to the EGI Federated Cloud 17 Feb

Similar presentations

Ads by Google