.

Friday, November 15, 2019

Pinpoint Colluding Attackers for Software-as-a-Service Cloud

Pinpoint Colluding Attackers for Software-as-a-Service Cloud Abstract- Software as a Service (SaaS) is a distribution model of software in which service provider or vendor develops applications and these are accessible by the customers over a network. SaaS clouds are vulnerable to malicious attacks because of their sharing nature. IntTest, service integrity attestation framework has been anticipated and it uses a novel integrated attestation graph analysis scheme to pinpoint attackers. But IntTest has still a limitation that attackers can still escape the detection if they have less inconsistency links than benign service providers. In this paper, we present Function Combination Generator along with the IntTest in order to detect the attackers more in number. Also, Result Auto Correction is provided to correct the incorrect results provided by the attackers. Our experimental results shows that our scheme is effective and can achieve higher accuracy in pinpointing the attackers more in number than the existing approaches. Index Terms- Cloud Computing, Integrity Attestation, Multitenant, SaaS, Function Combination Generator 1 INTRODUCTION Cloud computing depends on resource sharing over a network. Cloud computing mainly relies on improving the efficiency of shared resources. Cloud provides services like Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). This paper mainly deals with Software-as-a-service. Software as a Service depicts any cloud service where providers deploy their applications and consumers use those applications through a client interface such as web browser. Software as a Service and Service Oriented Architecture (SOA) [4] provides certain concepts for the evolution of Software as a Service clouds [1] (e.g., Amazon Web Service (AWS) [2] and Google App Engine [3]). SaaS clouds provide a way for application service providers (ASPs)[5], [6] to transport their applications through the huge cloud computing infrastructure [7]. Figure 1 shows the origin of Software as a Service deployed on either public, private or hybrid cloud and its relation with the end u ser. As ASPs from different security domains shares Cloud Computing infrastructures, they are vulnerable to attacks. As Cloud Computing attracts many providers due to its cost-effective concept, it has become very popular at recent. This paper concentrates on service integrity attacks on SaaS clouds. The user gets the bad results due to these integrity attacks when requested for a service. Figure 2 shows the integrity attacks in SaaS clouds. Multitenant architecture is one that is responsible for most of the SaaS cloud solutions. In the previous research, only privacy protection and confidentiality problems have been widely stated, but the service integrity attestation was not clearly addressed. Service integrity is one of the main problems that need to be solved despite whether the public or private clouds process the data. Various researchers have presented certain service integrity attestation schemes but the problem is that they require secure kernel or trusted hardware support. Because of these problems, Multitenant cloud computing does not carry those schemes. Later, Juan Du has proposed IntT est, an efficient framework for large scale cloud systems. A novel integrated attestation graph analysis scheme has been provided by the IntTest that detects the attackers more when compared to the existing schemes. But the problem here is that the attackers can still escape the detection if they have less inconsistency links than benign service providers. i.e., If only one order of service functions is given by the providers for a service, the attacker acts as genuine and colludes with other attackers and provides fake results. With this, all the inconsistent results caused by the attackers are not detected completely and the fake results are assumed as good one and provided to the users. With this, we can say that that IntTest cannot detect the colluding attackers. In this Paper, Function Combination Generator is provided for the IntTest to overcome the limitation. Function Combination Generator along with IntTest can attain more attacker identifying accuracy than existing schemes like Run Test and AdapTest. In particular, AdapTest and RunTest with the other conventional voting schemes wants to believe that benevolent service providers take bulk in every service function. Figure 1: Software-as-a Service To make the targeted service functions as malicious, several attackers may launch on colluding attacks in large scale multitenant cloud systems. In order to overcome this problem, IntTest with FCG adopts a systematic method by exploring the both consistency and inconsistency relationships between various service providers in the whole cloud system. The per-function consistency graphs and global inconsistency graphs have been validated by the IntTest. The attackers can be detected more effectively, it does not allow the attackers to escape as well as reduces the scope of damage caused by the attackers by using Function Combination Generator with IntTest. With the scalable IntTest along with Function Combination Generator, the burden provided with attestation can be reduced to an extent than any other schemes. This paper provides the below implementations: IntTest, an efficient and scalable service integrity attestation framework for broad cloud computing infrastructures. Function Combination Generator that generates different set of orders for a particular set of functions for the given service. Baseline and Integrated attestation schemes that attains more attackers pinpointing than the existing schemes. Result auto correction method that eventually replaces the fake results provided by the colluding attackers with the correct results. The rest of this paper is organized as follows. Section 2 presents the related work. Section 3 presents the proposed Work in detail. Section 4 presents the design. Finally, the paper concludes in section 5. Figure 2: Integrity attacks in cloud based data processing Where, Sn= different service components n= {1, 2, 3, 4, 5, 6, 7} VM= Virtual Machines 2 RELATED WORK SaaS clouds are given with various integrity attestation schemes in recent years. The BIND scheme, TEAS, RunTest and AdapTest are some of the schemes but these in turn have some issues that are to be dealt with. Some of them want trusted hardware and support of secure kernel. BIND [10] (Binding Information and Data) is one that requires secure kernel or a third party support. To verify the service integrity for SaaS clouds, BIND exhibits the fine grained attestation framework. This BIND scheme follows these steps. 1) Attestation annotation mechanism. 2) Sandbox mechanism. 3) Verification of authenticator through hash. In order to address the service integrity attestation, Diffee-Hellman key has been used by the BIND scheme. TEAS [11] (Timed Executable Agent System) is another provided scheme that address the integrity for SaaS clouds. It uses Agent generation and verification algorithm. But the problem is that it is not scalable and does require trusted hardware. RunTest [8] has been proposed later with further corrections. RunTest, a scalable runtime integrity attestation framework attains the data flow processing integrity in cloud. It promotes light-weight application level attestation mechanism. With this, it identifies the attackers when inconsistent results are detected and also integrity of data processing results is examined. This RunTest gives the information on who are benign service providers and also the attackers’ stealthy behaviour. The disadvantage that RunTest has is its low performance. The AdapTest [9] is another existing scheme that presents a novel adaptive data driven runtime service integrity attestation framework to verify the service integrity in SaaS clouds. It reduces the detection delay and also the attestation overhead. It treats all the service components as black boxes so any special hardware support is not needed by the AdapTest. The disadvantage is that detection rate is low. So later, to overcome all th e limitations of the existing schemes, IntTest has been proposed. Any secure kernel or hardware support is not needed by IntTest as it also treats the components as black boxes. IntTest provides more detecting accuracy than above all the existing schemes. But still the IntTest has a limitation that attackers try to escape the detection by colluding with the other attackers. So, we proposed Function Combination Generator technique to be used with IntTest to overcome the limitation. With this Function Combination Generator with IntTest, there is no chance for the attackers to escape. 3 PROPOSED WORK Software as a Service clouds are evolved from the basic concepts of Software as a Service and Service Oriented Architecture. It provides a way for the application service providers to build their applications and transport them through cloud computing infrastructure. Here, we are proposing a new technique called Function Combination Generator for IntTest. To pinpoint all the colluding attackers is the main goal of IntTest with Function Combination Generator. And it should not make attackers to escape from detection. Various service providers are negotiated by a single attacker in multitenant cloud systems. Here, certain assumptions are made by the IntTest. First, in the entire cloud system the total number of benign service providers is greater than the malicious service providers. Without this assumption, the IntTest scheme does not work properly. Second, the data processing services are input deterministic. Whatever input is given by the benign service component, it should produce the similar output. Third, the hardware and software faults that grounds the result inconsistency are marked by fault detection schemes [12] and can be removed them as malicious attacks. Figure 3 depicts the overall architecture of our proposed work. The architecture flows like this. At first the user requests the cloud for a particular service, and that requested service is deployed in the cloud and promotes that request to SaaS. SaaS cloud process the request and generates the result to the cloud. Next, Function Combination Generator regulates different set of orders for service functions and then IntTest checks the consistency and inconsistency relationships and then identify the malicious attackers. Result autocorrection corrects the bad results produced by the attackers and stores the corrected data and finally corresponding good results are sent to the user. Figure 3: Architecture 4 DESIGN In this section we present the design of the proposed system. First, we present the Function Combination Generator. We then describe baseline and integrated attestation schemes and next, we present the result autocorrection scheme. 4.1 Function Combination Generator Service is one that consists of several components that in turn consists of different number of functions. Service may contain any number of functions like f1, f2, f3, f4 etc. When the SaaS cloud generates the service as per requested by the user, then the Function Combination Generator generates different set of patterns for the functions such as f1, f3, f2, f4 and f2, f3, f4, f1 and soon. By generating like this, there we can see that the attackers can’t escape from detection. Function Combination Generator is an efficient technique provided with the IntTest to detect the colluding attackers in large number. 4.2 Baseline Attestation Scheme IntTest is mainly used to detect the service integrity attack in SaaS clouds and also pinpoint malicious service providers. In Cloud Computing, several providers develop the same function as they are popular. Function Combination Generator after generating patterns sends the results to the IntTest. IntTest then obtains the consistency and inconsistency relationships among the different service providers for a particular set of service function generated. Figure 4 depicts the consistency check mechanism. As shown in the figure 4, the service providers are p1, p2 and p3. The same function f is developed by all the providers. Portal node is one that has global information like number of ASPs etc., It acts as a gateway to use the services. Provider p1 first receives the original data input p1 from the portal node and generates the result f(d1). Again provider p3 receives the duplicate of d1 and generates the result f(d1’). Next the relationship between the providers is derived. If both the providers generate the same result, they are said to be consistent with each other. If not they are inconsistent with each other, then we can say that one of them is malicious. Like this, we derive the relationships among various service providers. Figure 4: Consistency Check 4.3 Integrated Attestation Scheme Now, an integrated attestation graph analysis algorithm is given here. Step 1: Consistency analysis: Based on the consistency relationships derived by the Baseline attestation scheme, we derive per-function consistency graph as shown in figure 4(a).. With this, the distrustful service providers can be identified. The consistency graph presents certain consistency links among a set of service providers. Those service providers give same results for every specific service function. Like if service providers p1, p2 give consistent results for a function f1, they give the same consistent results for all functions like f2, f3, f4 and so on. The benign service providers who give consistent results for a particular function will form a clique in terms of consistency links. With this per-function consistency graph, we cannot clearly identify who the attacker is. So, we must also consider inconsistency graph too. Figure 4: Attestation Graphs Step 2: Inconsistency analysis: The global inconsistency graph as shown in figure 4(b) is derived from the inconsistency relationships drawn by Baseline attestation scheme. This graph contains only inconsistency links, there may involve various possible combinations of benign node set and malicious node set. Here, we have to believe that total number of malicious service providers is not greater than max number of malicious service. Function Combination Generator generated different set of patterns for a particular service. By generating like this, there is no chance for the attackers to escape as they give inconsistent results with all the patterns when consistency check is done. If any provider gives only incorrect results with all the patterns, we confirm that provider as a corrupted one. Like this, we will find the attackers more in number. 4.4 Result Auto Correction To regularly correct the bad results provided by the attackers, Result Autocorrection is provided. IntTest with Function Combination Generator can not only pinpoint malicious service providers and even autocorrects the bad results with good results and thus improving the result quality of the cloud data processing service. With the absence of attestation scheme, any malicious attacker can change original input data and with this the processing result of that input will be corrupted which will result in degraded result quality. IntTest presents attestation data and correct compromised data processing results. Function Combination Generator given with IntTest, it can achieve higher detection accuracy than any other techniques when malicious service providers attack more nodes. This method will identify the attackers even though they attack a very low percentage of services. This technique can achieve higher detection rate than any other existing scheme and will have low false alarm rate than others. Comparison Study Below is the table that compares various parameters like detection rate, time and attestation overhead among various approaches like AdapTest, RunTest, and IntTest with no Function Combination Generator and IntTest with Function Combination Generator. 5 CONCLUSION In this paper we introduced a technique called Function Combination Generator for IntTest, a novel integrated service integrity attestation graph analysis scheme for multitenant software-as-a-service cloud system. Function Combination Generator generates diffsaerent set of patterns for service functions and then IntTest uses a reply based consistency check to verify the service providers. IntTest with Function Combination Generator analyses both the consistency and inconsistency graphs to find the malicious attackers efficiently than any other existing techniques. And also it provides a result auto correction to improve result quality.

No comments:

Post a Comment