nach oben

Erschienen in:

2015 | OriginalPaper | Buchkapitel

Monitoring of Client-Cloud Interaction

verfasst von : Harald Lampesberger, Mariam Rady

Erschienen in: Correct Software in Web Applications and Web Services

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

When a client consumes a cloud service, computational liabilities are transferred to the service provider in accordance to the cloud paradigm, and the client loses some control over software components. One way to raise assurance about correctness and dependability of a consumed service and its software components is monitoring. In particular, a monitor is a system that observes the behavior of another system, and observation points that expose the target system’s state and state changes are required. Due to the cloud paradigm, popular techniques for monitoring such as code instrumentation are often not available to the client because of limited visibility, lack of control, and black-box software components. Based on a literature review, we identify potential observation points in today’s cloud services. Furthermore, we investigate two cloud-specific monitoring applications based on our ongoing research. While service level agreement (SLA) monitoring ensures that agreed-upon conditions between clients and providers are met, language-based anomaly detection monitors the interaction between client and cloud for misuse attempts.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel W∗H: The Conceptual Model for Services

Nächstes Kapitel Formal Reliability Models for Web Services

Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity principles, implementations, and applications. ACM Trans. Inf. Syst. Secur. 13(1), 1–40 (2009)CrossRef

Aceto, G., Botta, A., de Donato, W., Pescapè, A.: Cloud monitoring: a survey. Comput. Netw. 57(9), 2093–2115 (2013)CrossRef

Ahonen, H.: Generating grammars for structured documents using grammatical inference methods. Tech. Rep. A-1996-4. Department of Computer Science, University of Helsinki (1996)

Alonso, G., Casati, F., Kuno, H.A., Machiraj, V.: Web Services - Concepts, Architectures and Applications. Springer, Heidelberg (2004)MATH

Alpern, B., Schneider, F.B.: Recognizing safety and liveness. Distrib. Comput. 2(3), 117–126 (1987)MATHCrossRef

Alur, R., Madhusudan, P.: Visibly pushdown languages. In: Proceedings of the 36th Annual ACM Symposium on Theory of Computing, STOC’04, pp. 202–211. ACM, New York (2004)

Alur, R., Madhusudan, P.: Adding nesting structure to words. J. ACM 56(3), 1–43 (2009)MathSciNetCrossRef

Amazon Elastic Compute Cloud: GPU instances. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using_cluster_computing.html (2014). Accessed 09 Sept 2014

Amazon Web Services: Amazon web services customer agreement. http://aws.amazon.com/agreement/ (2008). Accessed 28 Aug 2013

10.

Amazon Web Services: Amazon ec2 service level agreement. http://aws.amazon.com/de/ec2-sla/ (2013). Accessed 20 Nov 2013

11.

Android Developers: Sensors overview. http://developer.android.com/guide/topics/sensors/sensors_overview.html (2014). Accessed 09 Sept 2014

12.

Apache Commons: BCEL. http://commons.apache.org/proper/commons-bcel/ (2014). Accessed 10 Sept 2014

13.

Ariu, D., Tronci, R., Giacinto, G.: Hmmpayl: an intrusion detection system based on hidden markov models. Comput. Secur. 30(4), 221–241 (2011)CrossRef

14.

Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., Zaharia, M.: A view of cloud computing. Commun. ACM 53(4), 50–58 (2010)CrossRef

15.

Avižienis, A., Laprie, J.C.: Dependable computing: from concepts to design diversity. Proc. IEEE 74(5), 629–638 (1986)CrossRef

16.

Avižienis, A., Laprie, J.C., Randell, B.: Dependability and its threats: a taxonomy. In: Building the Information Society. IFIP International Federation for Information Processing, vol. 156, pp. 91–120. Springer, New York (2004)

17.

Avižienis, A., Laprie, J.C., Randell, B., Landwehr, C.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Dependable Secure Comput. 1(1), 11–33 (2004)CrossRef

18.

Ayad, A., Dippel, U.: Agent-based monitoring of virtual machines. In: International Symposium in Information Technology (ITSim), pp. 1–6. IEEE, Kuala Lumpur (2010)

19.

Barford, P., Kline, J., Plonka, D., Ron, A.: A signal analysis of network traffic anomalies. In: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurement, IMW’02, pp. 71–82. ACM, New York (2002)

20.

Barreno, M., Nelson, B., Sears, R., Joseph, A.D., Tygar, J.: Can machine learning be secure? In: Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, ASIACCS’06, pp. 16–25. ACM, New York (2006)

21.

Barros, A., Dumas, M., ter Hofstede, A.H.: Service interaction patterns: towards a reference framework for service-based business process interconnection. Tech. Rep. FIT-TR-2005-02. Faculty of IT, Queensland University of Technology (2005)

22.

Bellevue Linux Users Group: The linux information project (linfo). http://www.linfo.org/index.html (2007). Accessed 19 Oct 2013

23.

Bendrath, R., Mueller, M.: The end of the net as we know it? Deep packet inspection and internet governance. New Media Soc. 13(7), 1142–1160 (2011)

24.

Bex, G.J., Neven, F., Van den Bussche, J.: Dtds versus xml schema: a practical study. In: Proceedings of the 7th International Workshop on the Web and Databases, WebDB’04, pp. 79–84. ACM, New York (2004)

25.

Bex, G.J., Neven, F., Vansummeren, S.: Inferring xml schema definitions from xml data. In: Proceedings of the 33rd International Conference on Very Large Data Bases, VLDB’07, pp. 998–1009. VLDB Endowment, Vienna (2007)

26.

Bex, G.J., Gelade, W., Neven, F., Vansummeren, S.: Learning deterministic regular expressions for the inference of schemas from xml data. ACM Trans. Web 4(4), 1–32 (2010)CrossRef

27.

Bex, G.J., Neven, F., Schwentick, T., Vansummeren, S.: Inference of concise regular expressions and dtds. ACM Trans. Database Syst. 35(2), 1–47 (2010)CrossRef

28.

Bilge, L., Dumitras, T.: Before we knew it: an empirical study of zero-day attacks in the real world. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS’12, pp. 833–844. ACM, New York (2012)

29.

Binder, W., Hulaas, J., Moret, P.: Advanced java bytecode instrumentation. In: Proceedings of the 5th International Symposium on Principles and Practice of Programming in Java, pp. 135–144. ACM, New York (2007)

30.

Boggs, N., Hiremagalore, S., Stavrou, A., Stolfo, S.J.: Cross-domain collaborative anomaly detection: so far yet so close. In: Recent Advances in Intrusion Detection – RAID’11. Lecture Notes of Computer Science, vol. 6961, pp. 142–160. Springer, Heidelberg (2011)

31.

Bolzoni, D., Etalle, S., Hartel, P., Zambon, E.: Poseidon: a 2-tier anomaly-based network intrusion detection system. In: 4th IEEE International Workshop on Information Assurance, IWIA’06, pp. 144–156. IEEE, London (2006)

32.

Börger, E., Stärk, R.: Abstract State Machines: A Method for High-Level System Design and Analysis. Springer, New York (2003)CrossRef

33.

Bradley, K.A., Lemler, C., Patel, A.C., Lau, R.M.: Time-based monitoring of service level agreements. Cisco Technology, Inc., United States Patent, No. US007082463 B1 (2006)

34.

Carpenter, B., Brim, S.: Middleboxes: taxonomy and issues. RFC 3234 (Informational). http://www.ietf.org/rfc/rfc3234.txt (2002)

35.

Čeleda, P., Krmíček, V.: Flow data collection in large scale networks. In: Advances in IT Early Warning, pp. 30–40. Fraunhofer, Stuttgart (2013)

36.

Chan-Tin, E., Heorhiadi, V., Hopper, N., Kim, Y.: The frog-boiling attack: limitations of secure network coordinate systems. ACM Trans. Inf. Syst. Secur. 14(3), 1–23 (2011)CrossRef

37.

Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. 41(3), 1–58 (2009)CrossRef

38.

Chidlovskii, B.: Schema extraction from xml: a grammatical inference approach. In: Proceedings of the 8th International Workshop on Knowledge Representation Meets Databases, KRDB’01 (2001)

39.

Choon, M., Lin, C.Y.J., Wang, X.: A scalable monitoring approach for service level agreements validation. In: International Conference on Network Protocols, ICNP’00, pp. 37–48. IEEE, Osaka (2000)

40.

Cisco: Netflow. www.cisco.com/go/netflow. Accessed 18 Oct 2013

41.

Comuzzi, M., Kotsokalis, C., Spanoudakis, G., Yahyapour, R.: Establishing and monitoring slas in complex service based systems. In: IEEE International Conference on Web Services, ICWS’09, pp. 783–790. IEEE (2009)

42.

Corona, I., Ariu, D., Giacinto, G.: Hmm-web: a framework for the detection of attacks against web applications. In: IEEE International Conference on Communications, ICC’09, pp. 1–6. IEEE, Los Angeles (2009)

43.

Criscione, C., Salvaneschi, G., Maggi, F., Zanero, S.: Integrated detection of attacks against browsers, web applications and databases. In: European Conference on Computer Network Defense, EC2ND’09, pp. 37–45. IEEE, Milan (2009)

44.

Croll, A., Power, S.: Complete web monitoring: watching your visitors, performance, communities, and competitors. O’Reilly Media, Sebastopol (2009)

45.

Curry, E.: Message-oriented middleware. In: Mahmoud, Q.H. (ed.) Middleware for Communications. Wiley, Chichester (2005)

46.

Dastjerdi, A.V., Tabatabaei, S.G.H., Buyya, R.: A dependency-aware ontology-based approach for deploying service level agreement monitoring services in cloud. Softw. Pract. Exp. 42(4), 501–518 (2012)CrossRef

47.

de la Higuera, C.: Grammatical Inference: Learning Automata and Grammars. Cambridge University Press, Cambridge (2010)

48.

Debar, H., Dacier, M., Wespi, A.: Towards a taxonomy of intrusion-detection systems. Comput. Netw. 31(8), 805–822 (1999)CrossRef

49.

Delgado, N., Gates, A., Roach, S.: A taxonomy and catalog of runtime software-fault monitoring tools. IEEE Trans. Softw. Eng. 30(12), 859–872 (2004)CrossRef

50.

Denning, D.E.: An intrusion-detection model. IEEE Trans. Softw. Eng. SE-13(2), 222–232 (1987)CrossRef

51.

Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (Proposed Standard). http://www.ietf.org/rfc/rfc5246.txt (2008). Updated by RFCs 5746, 5878, 6176

52.

Dolan-Gavitt, B., Leek, T., Zhivich, M., Giffin, J., Lee, W.: Virtuoso: narrowing the semantic gap in virtual machine introspection. In: IEEE Symposium on Security and Privacy, S&P’11, pp. 297–312. IEEE, Washington (2011)

53.

Düssel, P., Gehl, C., Laskov, P., Rieck, K.: Incorporation of application layer protocol syntax into anomaly detection. In: Information Systems Security – ICISS’08. Lecture Notes of Computer Science, vol. 5352, pp. 188–202. Springer, Heidelberg (2008)

54.

Egele, M., Scholte, T., Kirda, E., Kruegel, C.: A survey on automated dynamic malware-analysis techniques and tools. ACM Comput. Surv. 44(2), 1–42 (2012)CrossRef

55.

Emeakaroha, V.C., Brandic, I., Maurer, M., Dustdar, S.: Low level metrics to high level slas-lom2his framework: bridging the gap between monitored metrics and sla parameters in cloud environments. In: International Conference on High Performance Computing and Simulation, HPCS’10, pp. 48–54. IEEE, Caen (2010)

56.

Emeakaroha, V.C., Netto, M.A.S., Calheiros, R.N., Brandic, I., Buyya, R., De Rose, C.A.: Towards autonomic detection of sla violations in cloud infrastructures. Futur. Gener. Comput. Syst. 28(7), 1017–1029 (2012)CrossRef

57.

Endres-Niggemeyer, B.: The mashup ecosystem. In: Semantic Mashups, pp. 1–51. Springer, Heidelberg (2013)

58.

Falkenberg, A., Jensen, M., Schwenk, J.: Welcome to ws-attacks.org. http://www.ws-attacks.org (2011). Accessed 05 Feb 2013

59.

Feng, H.H., Kolesnikov, O.M., Fogla, P., Lee, W., Gong, W.: Anomaly detection using call stack information. In: IEEE Symposium on Security and Privacy, S&P’03, pp. 62–75. IEEE, Washington (2003)

60.

Fernau, H.: Learning xml grammars. In: Machine Learning and Data Mining in Pattern Recognition – MLDM’01. Lecture Notes of Computer Science, vol. 2123, pp. 73–87. Springer, Heidelberg (2001)

61.

Fernau, H.: Identification of function distinguishable languages. Theor. Comput. Sci. 290(3), 1679–1711 (2003)MATHMathSciNetCrossRef

62.

Fielding, R.T.: Rest: architectural styles and the design of network-based software architectures. Ph.D. thesis, University of California (2000)

63.

Forrest, S., Hofmeyr, S., Somayaji, A., Longstaff, T.: A sense of self for unix processes. In: IEEE Symposium on Security and Privacy, S&P’96, pp. 120–128. IEEE, Washington (1996)

64.

Freier, A., Karlton, P., Kocher, P.: The Secure Sockets Layer (SSL) Protocol Version 3.0. RFC 6101 (Historic) (2011). http://www.ietf.org/rfc/rfc6101.txt

65.

Frossi, A., Maggi, F., Rizzo, G., Zanero, S.: Selecting and improving system call models for anomaly detection. In: Detection of Intrusions and Malware, and Vulnerability Assessment – DIMVA’09. Lecture Notes in Computer Science, vol. 5587, pp. 206–223. Springer, Heidelberg (2009)

66.

Garfinkel, T.: Traps and pitfalls: practical problems in system call interposition based security tools. In: Proceedings of the Network and Distributed Systems Security Symposium, NDSS’03, pp. 163–176 (2003)

67.

Garfinkel, T., Rosenblum, M.: A virtual machine introspection based architecture for intrusion detection. In: Proceedings of the Network and Distributed System Security Symposium, NDSS’03 (2003)

68.

Garofalakis, M., Gionis, A., Rastogi, R., Seshadri, S., Shim, K.: Xtract: learning document type descriptors from xml document collections. Data Min. Knowl. Discov. 7(1), 23–56 (2003)MathSciNetCrossRef

69.

Garrett, J.J.: Ajax. http://www.adaptivepath.com/ideas/ajax-new-approach-web-applications (2005). Accessed 27 March 2013

70.

Geraci, A., Katki, F., McMonegal, L., Meyer, B., Lane, J., Wilson, P., Radatz, J., Yee, M., Porteous, H., Springsteel, F.: IEEE Standard Computer Dictionary: Compilation of IEEE Standard Computer Glossaries. IEEE, Piscataway (1991)

71.

Gerhards, R.: The Syslog Protocol. RFC 5424 (Proposed Standard) (2009). http://www.ietf.org/rfc/rfc5424.txt

72.

Goodloe, A., Pike, L.: Monitoring distributed real-time systems: a survey and future directions. Tech. Rep. NASA/CR-2010-216724. NASA Langley Research Center (2010)

73.

Google Developers: Geolocation. https://developers.google.com/maps/articles/geolocation (2014). Accessed 09 Sept 2014

74.

Görnitz, N., Kloft, M., Rieck, K., Brefeld, U.: Active learning for network intrusion detection. In: Proceedings of the 2nd ACM Workshop on Security and Artificial Intelligence, AISec’09, pp. 47–54. ACM, New York (2009)

75.

Gottschalk, K., Graham, S., Kreger, H., Snell, J.: Introduction to web services architecture. IBM Syst. J. 41(2), 170–177 (2002)CrossRef

76.

Grijzenhout, S., Marx, M.: The quality of the xml web. In: Proceedings of the 20th ACM International Conference on Information and Knowledge Management, CIKM’11, pp. 1719–1724. ACM, New York (2011)

77.

Hadžiosmanović, D., Simionato, L., Bolzoni, D., Zambon, E., Etalle, S.: N-gram against the machine: on the feasibility of the n-gram network analysis for binary protocols. In: Research in Attacks, Intrusions, and Defenses – RAID’12. Lecture Notes in Computer Science, vol. 7462, pp. 354–373. Springer, Heidelberg (2012)

78.

Handley, M., Paxson, V., Kreibich, C.: Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics. In: Proceedings of the USENIX Security Symposium, SECURITY’01. USENIX Association (2001)

79.

Harrington, D., Presuhn, R., Wijnen, B.: An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks. RFC 3411 (INTERNET STANDARD). http://www.ietf.org/rfc/rfc3411.txt (2002). Updated by RFCs 5343, 5590

80.

Hauck, R., Reiser, H.: Monitoring of service level agreements with exible and extensible agents. In: Workshop of the OpenView University Association, OVUA’99. Citeseer (1999)

81.

Hegewald, J., Naumann, F., Weis, M.: Xstruct: efficient schema extraction from multiple and large xml documents. In: 22nd International Conference on Data Engineering Workshops, ICDEW’06, pp. 81–81. IEEE, Atlanta (2006)

82.

Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. J. Comput. Secur. 6(3), 151–180 (1998)

83.

Hofstede, R., Drago, I., Sperotto, A., Pras, A.: Flow monitoring experiences at the ethernet-layer. In: Energy-Aware Communications – EUNICE’11. Lecture Notes in Computer Science, vol. 6955, pp. 134–145. Springer, Heidelberg (2011)

84.

Huang, L., Joseph, A.D., Nelson, B., Rubinstein, B.I., Tygar, J.D.: Adversarial machine learning. In: Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence, AISec’11, pp. 43–58. ACM, New York (2011)

85.

Ingham, K.L., Somayaji, A., Burge, J., Forrest, S.: Learning dfa representations of http for protecting web applications. Comput. Netw. 51(5), 1239–1255 (2007)MATHCrossRef

86.

Internet Explorer Dev Center: Introduction to the Geolocation API. http://msdn.microsoft.com/en-us/library/ie/gg589513.aspx (2014). Accessed 09 Sept 2014

87.

iOS Developer Library: CMMotionManager Class Reference. https://developer.apple.com/library/ios/documentation/coremotion/reference/cmmotionmanager_class/Reference/Reference.html (2013). Accessed 09 Sept 2014

88.

Jaakkola, H., Thalheim, B.: Exception-aware (information) systems. In: Information Modelling and Knowledge Bases XXIV. Frontiers in Artificial Intelligence and Applications, vol. 251, pp. 300–313. IOS Press, Amsterdam (2013)

89.

Jayashree, K., Anand, S.: Web service diagnoser model for managing faults in web services. Comput. Stand. Interfaces 36(1), 154–164 (2013)CrossRef

90.

Jensen, M., Gruschka, N., Herkenhöner, R.: A survey of attacks on web services. Comput. Sci. Res. Dev. 24(4), 185–197 (2009)CrossRef

91.

Joshi, K.R., Bunker, G., Jahanian, F., van Moorsel, A., Weinman, J.: Dependability in the cloud: challenges and opportunities. In: IEEE/IFIP International Conference on Dependable Systems & Networks, 2009, DSN’09, pp. 103–104. IEEE, Lisbon (2009)

92.

Keller, A., Ludwig, H.: IBM research report the WSLA framework: specifying and monitoring service level agreements for web services the WSLA framework: specifying and monitoring. J. Netw. Syst. Manag. 11(1), 57–81 (2003)CrossRef

93.

Kirchner, M.: A framework for detecting anomalies in http traffic using instance-based learning and k-nearest neighbor classification. In: 2nd International Workshop on Security and Communication Networks, IWSCN’10, pp. 1–8. IEEE, Karlstad (2010)

94.

Ko, C., Fink, G., Levitt, K.: Automated detection of vulnerabilities in privileged programs by execution monitoring. In: 10th Annual Computer Security Applications Conference, ACSAC’94, pp. 134–144. IEEE, Orlando (1994)

95.

Ko, C., Ruschitzka, M., Levitt, K.: Execution monitoring of security-critical programs in distributed systems: a specification-based approach. In: IEEE Symposium on Security and Privacy, S&P’97, pp. 175–187. IEEE, Oakland (1997)

96.

Kosala, R., Blockeel, H., Bruynooghe, M., Van den Bussche, J.: Information extraction from structured documents using k-testable tree automaton inference. Data Knowl. Eng. 58(2), 129–158 (2006)CrossRef

97.

Kruegel, C., Vigna, G.: Anomaly detection of web-based attacks. In: Proceedings of the 10th ACM Conference on Computer and Communication Security, CCS’03, pp. 251–261. ACM, New York (2003)

98.

Krüger, T., Gehl, C., Rieck, K., Laskov, P.: Tokdoc: a self-healing web application firewall. In: Proceedings of the 2010 ACM Symposium on Applied Computing, SAC’10, pp. 1846–1853. ACM, New York (2010)

99.

Krüger, T., Krämer, N., Rieck, K.: Asap: automatic semantics-aware analysis of network payloads. In: Privacy and Security Issues in Data Mining and Machine Learning – PSDML’10. Lecture Notes of Computer Science, vol. 6549, pp. 50–63. Springer, Heidelberg (2011)

100.

Kumar, V., Madhusudan, P., Viswanathan, M.: Minimization, learning, and conformance testing of boolean programs. In: CONCUR 2006 – Concurrency Theory. Lecture Notes of Computer Science, vol. 4137, pp. 203–217. Springer, Heidelberg (2006)

101.

Kumar, V., Madhusudan, P., Viswanathan, M.: Visibly pushdown automata for streaming xml. In: Proceedings of the 16th International Conference on World Wide Web, WWW’07, pp. 1053–1062. ACM, New York (2007)

102.

Lamanna, D.D., Skene, J., Emmerich, W.: Slang: a language for service level agreements. In: Proceedings of the 9th IEEE Workshop on Future Trends of Distributed Computing Systems, FTDCS’03, pp. 100–106. IEEE, Washington (2003)

103.

Lampesberger, H.: A grammatical inference approach to language-based anomaly detection in xml. In: 2013 International Conference on Availability, Reliability and Security, ECTCM’13 Workshop, pp. 685–693. IEEE, Washington (2013)

104.

Lampesberger, H.: Technologies for Web and cloud service interaction: a survey. Serv. Oriented Comput. Appl. (2015) doi: 10.1007/s11761-015-0174-12015

105.

Lampesberger, H., Winter, P., Zeilinger, M., Hermann, E.: An on-line learning statistical model to detect malicious web requests. In: Security and Privacy in Communication Networks. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol. 96, pp. 19–38. Springer, Heidelberg (2012)

106.

Lampesberger, H., Zeilinger, M., Hermann, E.: Statistical modeling of web requests for anomaly detection in web applications. In: Advances in IT Early Warning, pp. 91–101. Fraunhofer AISEC, Garching (2013)

107.

Lamport, L.: Proving the correctness of multiprocess programs. IEEE Trans. Softw. Eng. SE-3(2), 125–143 (1977)MathSciNetCrossRef

108.

Lazarevic, A., Kumar, V., Srivastava, J.: Intrusion detection: a survey. In: Managing Cyber Threats. Massive Computing, vol. 5, pp. 19–78. Springer, New York (2005)

109.

ldv_alt: Project page: strace. Online. http://freecode.com/projects/strace. Accessed 18 Oct 2013

110.

Leech, M., Ganis, M., Lee, Y., Kuris, R., Koblas, D., Jones, L.: SOCKS Protocol Version 5. RFC 1928 (Proposed Standard) (1996). http://www.ietf.org/rfc/rfc1928.txt

111.

Leucker, M., Schallhart, C.: A brief account of runtime verification. J. Logic Algebraic Program. 78(5), 293–303 (2009)MATHCrossRef

112.

Ludwig, H., Keller, A., Dan, A., King, R.P., Franck, R.: Web Service Level Agreement WSLA Language Specification. IBM Corporation, pp. 815–824 (2003)

113.

Lynch, N.A.: Distributed Algorithms. Morgan Kaufmann, San Francisco (1996)MATH

114.

Magazinius, J., Russo, A., Sabelfeld, A.: On-the-fly inlining of dynamic security monitors. Comput. Secur. 31(7), 827–843 (2012)CrossRef

115.

Magazinius, J., Hedlin, D., Sabelfeld, A.: Architectures for inlining security monitors in web applications. In: International Symposium on Engineering Secure Software and Systems, ESSoS’14. Springer, Heidelberg (2014)

116.

Maggi, F., Robertson, W., Kruegel, C., Vigna, G.: Protecting a moving target: addressing web application concept drift. In: Recent Advances in Intrusion Detection – RAID’09. Lecture Notes of Computer Science, vol. 5758, pp. 21–40. Springer, Heidelberg (2009)

117.

Maggi, F., Matteucci, M., Zanero, S.: Detecting intrusions through system call sequence and argument analysis. IEEE Trans. Dependable Secure Comput. 7(4), 381–395 (2010)CrossRef

118.

Maggi, F., Zanero, S.: Is the future web more insecure? Distractions and solutions of new-old security issues and measures. In: 2nd Worldwide Cybersecurity Summit, WCS’11, pp. 1–9. IEEE, London (2011)

119.

Mahoney, M.V.: Network traffic anomaly detection based on packet bytes. In: Proceedings of the 2003 ACM Symposium on Applied computing, SAC’03, pp. 346–350. ACM, New York (2003)

120.

Mahoney, M.V., Chan, P.K.: Learning nonstationary models of normal network traffic for detecting novel attacks. In: Proceedings of the 8th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD’02, pp. 376–385. ACM, New York (2002)

121.

Martens, W., Neven, F., Schwentick, T., Bex, G.J.: Expressiveness and complexity of XML schema. ACM Trans. Database Syst. 31(3), 770–813 (2006)CrossRef

122.

Michael, C.C., Ghosh, A.: Simple, state-based approaches to program-based anomaly detection. ACM Trans. Inf. Syst. Secur. 5(3), 203–237 (2002)CrossRef

123.

Mlýnková, I.: An analysis of approaches to XML schema inference. In: IEEE International Conference on Signal Image Technology and Internet Based Systems, SITIS’08, pp. 16–23. IEEE, Bali (2008)

124.

Mlýnková, I., Nečaský, M.: Towards inference of more realistic xsds. In: Proceedings of the 2009 ACM Symposium on Applied Computing, SAC’09, pp. 639–646. ACM, New York (2009)

125.

Molina-Jimenez, C., Shrivastava, S., Crowcroft, J., Gevros, P.: On the monitoring of contractual service level agreements. In: 1st IEEE International Workshop on Electronic Contracting, WEC’04, pp. 1–8. IEEE, San Diego (2004)

126.

Mooney, J.D.: Bringing portability to the software process. Department of Statistics and Computer Science, West Virginia University, Morgantown (1997)

127.

Murata, M.: Relax ng. http://relaxng.org/ (2013). Accessed 01 Feb 2013

128.

Murata, M., Lee, D., Mani, M., Kawaguchi, K.: Taxonomy of xml schema languages using formal language theory. ACM Trans. Internet Technol. 5(4), 660–704 (2005)CrossRef

129.

Mutz, D., Valeur, F., Vigna, G., Kruegel, C.: Anomalous system call detection. ACM Trans. Inf. Syst. Secur. 9(1), 61–93 (2006)CrossRef

130.

Nance, K., Bishop, M., Hay, B.: Virtual machine introspection: observation or interference? IEEE Secur. Privacy Mag. 6(5), 32–37 (2008)CrossRef

131.

Necula, G.C., McPeak, S., Rahul, S., Weimer, W.: Cil: Intermediate language and tools for analysis and transformation of c programs. In: Compiler Construction. Lecture Notes in Computer Science, vol. 2304, pp. 213–228. Springer, Heidelberg (2002)

132.

Nethercote, N., Seward, J.: Valgrind: a framework for heavyweight dynamic binary instrumentation. SIGPLAN Not. 42(6), 89–100 (2007)CrossRef

133.

Niemi, O.P., Levomäki, A., Manner, J.: Dismantling intrusion prevention systems. ACM SIGCOMM Comput. Commun. Rev. 42(4), 285–286 (2012)CrossRef

134.

Nusayr, A., Cook, J.: Extending AOP to support broad runtime monitoring needs. In: Conference on Software Engineering and Knowledge Engineering, pp. 438–441 (2009)

135.

Nusayr, A., Cook, J.: Using aop for detailed runtime monitoring instrumentation. In: Proceedings of the Seventh International Workshop on Dynamic Analysis, WODA’09, pp. 8–14. ACM, New York (2009)

136.

OpenSuSe Documentation: Understanding linux audit. http://doc.opensuse.org/products/draft/SLES/SLES-security_sd_draft/cha.audit.comp.html. Accessed 18 Oct 2013

137.

Oracle: Solaris dynamic tracing guide. http://docs.oracle.com/cd/E19253-01/817-6223/. Accessed 18 Oct 2013

138.

Parameswaran, A., Chaddha, A.: Cloud interoperability and standardization. SETLabs Brief. 7(7), 19–26 (2009)

139.

Pautasso, C., Zimmermann, O., Leymann, F.: Restful web services vs. “big”’ web services: making the right architectural decision. In: Proceedings of the 17th International Conference on World Wide Web, WWW’08, pp. 805–814. ACM, New York (2008)

140.

Paxson, V.: Bro: A system for detecting network intruders in real-time. Comput. Netw. 31(23–24), 2435–2463 (1999)CrossRef

141.

Perdisci, R., Ariu, D., Fogla, P., Giacinto, G., Lee, W.: Mcpad: a multiple classifier system for accurate payload-based anomaly detection. Comput. Netw. 53(6), 864–881 (2009)MATHCrossRef

142.

Picalausa, F., Servais, F., Zimányi, E.: Xevolve: an XML schema evolution framework. In: Proceedings of the 2011 ACM Symposium on Applied Computing, SAC’11, pp. 1645–1650. ACM, New York (2011)

143.

Plattner, B., Nievergelt, J.: Monitoring program execution: a survey. Computer 14(11), 76–93 (1981)CrossRef

144.

Ptacek, T.H., Newsham, T.N.: Insertion, evasion, and denial of service: eluding network intrusion detection. Tech. rep., Secure Networks, Inc. http://insecure.org/stf/secnet_ids/secnet_ids.html (1998). Accessed 13 Oct 2013

145.

Rady, M.: Parameters for service level agreements generation in cloud computing a client-centric vision. In: Advances in Conceptual Modeling – CMS’12. Lecture Notes of Computer Science, vol. 7518, pp. 13–22. Springer, Heidelberg (2012)

146.

Rady, M.: Generating an excerpt of a service level agreement from a formal definition of non-functional aspects using owl. J. Univers. Comput. Sci. 20(3), 366–384 (2014)MathSciNet

147.

Raeymaekers, S., Bruynooghe, M., den Bussche, J.: Learning (k, l)-contextual tree languages for information extraction from web pages. Mach. Learn. 71(2), 155–183 (2008)CrossRef

148.

Rescorla, E., Modadugu, N.: Datagram Transport Layer Security Version 1.2. RFC 6347 (Proposed Standard). http://www.ietf.org/rfc/rfc6347.txt (2012)

149.

Richters, M., Gogolla, M.: Aspect-oriented monitoring of uml and ocl constraints. In: AOSD Modeling With UML Workshop, 6th International Conference on the Unified Modeling Language (UML) (2003)

150.

Rieck, K.: Machine learning for application-layer intrusion detection. Ph.D. thesis, Berlin Institute of Technology, TU Berlin (2009)

151.

Robertson, W., Vigna, G., Kruegel, C., Kemmerer, R.: Using generalization and characterization techniques in the anomaly-based detection of web attacks. In: Proceedings of the Network and Distributed System Security Symposium, NDSS’06 (2006)

152.

Robertson, W., Maggi, F., Kruegel, C., Vigna, G.: Effective anomaly detection with scarce training data. In: Proceedings of the Network and Distributed System Security Symposium, NDSS’10 (2010)

153.

Roesch, M.: Snort - lightweight intrusion detection for networks. In: Proceedings of the 13th USENIX Conference on System Administration, LISA’99, pp. 229–238. USENIX Association, Seattle (1999)

154.

Romano, L., De Mari, D., Jerzak, Z., Fetzer, C.: A novel approach to qos monitoring in the cloud. In: 1st International Conference on Data Compression, Communications and Processing, CCP’11, pp. 45–51. IEEE, Palinuro (2011)

155.

Rosenberg, F., Platzer, C., Dustdar, S.: Bootstrapping performance and dependability attributes of web services. In: International Conference on Web Services, ICWS’06, pp. 205–212. IEEE, Chicago (2006)

156.

Rubinstein, B.I., Nelson, B., Huang, L., Joseph, A.D., Lau, S.h., Rao, S., Taft, N., Tygar, J.D.: Antidote: understanding and defending against poisoning of anomaly detectors. In: Proceedings of the 9th ACM SIGCOMM Conference on Internet Measurement, IMC’09, pp. 1–14. ACM, New York (2009)

157.

Sabelfeld, A., Myers, A.: Language-based information-flow security. IEEE J. Select. Areas Commun. 21(1), 5–19 (2003)CrossRef

158.

Sahai, A., Machiraju, V., Sayal, M., Moorsel, A., Casati, F.: Automated sla monitoring for web services. In: Management Technologies for E-Commerce and E-Business Applications – DSOM’02. Lecture Notes in Computer Science, vol. 2506, pp. 28–41. Springer, Heidelberg (2002)

159.

Salfner, F., Lenk, M., Malek, M.: A survey of online failure prediction methods. ACM Comput. Surv. 42(3), 1–42 (2010)CrossRef

160.

Sandhu, R., Samarati, P.: Access control: principle and practice. IEEE Commun. Mag. 32(9), 40–48 (1994)CrossRef

161.

SAP: Message Flow Monitoring. http://docs.oracle.com/cd/E21764_01/core.1111/e10043/audintro.htm (2011). Accessed 11 Sept 2014

162.

Sassaman, L., Patterson, M., Bratus, S., Locasto, M.: Security applications of formal language theory. IEEE Syst. J. 7(3), 489–500 (2013)CrossRef

163.

Schewe, K.D., Bósa, K., Lampesberger, H., Ma, J., Rady, M., Vleju, M.B.: Challenges in cloud computing. Scalable Comput. Pract. Exp. 12(4), 385–390 (2011)

164.

Schewe, K.D., Thalheim, B., Wang, Q.: Updates, schema updates and validation of xml documents - using abstract state machines with automata-defined states. J. Univers. Comput. Sci. 15(10), 2028–2057 (2009)MATHMathSciNet

165.

Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30–50 (2000)CrossRef

166.

Schroeder, B.: On-line monitoring: a tutorial. Computer 28(6), 72–78 (1995)CrossRef

167.

Segoufin, L., Vianu, V.: Validating streaming XML documents. In: Proceedings of the 21st ACM Symposium on Principles of Database Systems, PODS’02, pp. 53–64. ACM, New York (2002)

168.

Sekar, R., Bendre, M., Dhurjati, D., Bollineni, P.: A fast automaton-based method for detecting anomalous program behaviors. In: IEEE Symposium on Security and Privacy, S&P’01, pp. 144–155. IEEE, Washington (2001)

169.

Shackel, B.: Usability-context, framework, definition, design and evaluation. In: Human Factors for Informatics Usability, pp. 21–37. Cambridge University Press, Cambridge (1991)

170.

Somayaji, A., Forrest, S.: Automated response using system-call delays. In: Proceedings of the 9th USENIX Security Symposium, SECURITY’00 (2000)

171.

Sommer, R., Paxson, V.: Outside the closed world: on using machine learning for network intrusion detection. In: IEEE Symposium on Security and Privacy, pp. 305–316 (2010)

172.

Song, Y., Locasto, M.E., Stavrou, A., Keromytis, A.D., Stolfo, S.J.: On the infeasibility of modeling polymorphic shellcode. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS’07, pp. 541–551. ACM, New York (2007)

173.

Song, Y., Keromytis, A., Stolfo, S.J.: Spectrogram: a mixture-of-markov-chains model for anomaly detection in web traffic. In: Proceedings of the Network and Distributed System Security Symposium, NDSS’09 (2009)

174.

Soylu, A., Mödritscher, F., Wild, F., Causmaecker, P.D., Desmet, P.: Mashups by orchestration and widget-based personal environments: key challenges, solution strategies, and an application. Program Electron. Libr. Inf. Syst. 46(4), 383–428 (2012)CrossRef

175.

Spring, J.: Monitoring cloud computing by layer, part 1. IEEE Secur. Privacy Mag. 9(2), 66–68 (2011)CrossRef

176.

Spring, J.: Monitoring cloud computing by layer, part 2. IEEE Secur. Privacy Mag. 9(3), 52–55 (2011)CrossRef

177.

Stevens, W.R.: TCP/IP Illustrated: The Protocols, vol. 1. Addison-Wesley, Boston (1993)MATH

178.

Thalheim, B.: Towards a theory of conceptual modelling. J. Univers. Comput. Sci. 16(20), 3102–3137 (2010)MATH

179.

The Apache Software Foundation: Apache module mod_proxy. http://httpd.apache.org/docs/2.0/mod/mod_proxy.html (2013). Accessed 18 Nov 2013

180.

The Network Encyclopedia: Circuit level gateway. http://www.thenetworkencyclopedia.com/entry/circuit-level-gateway/ (2013). Accessed 15 Sept 2014

181.

The SAX Project: Simple api for xml (sax). http://www.saxproject.org/ (2004). Accessed 24 Jan 2013

182.

Thottan, M., Ji, C.: Anomaly detection in ip networks. IEEE Trans. Signal Process. 51(8), 2191–2204 (2003)CrossRef

183.

TrustedBSD Project: Openbsm: Open source basic security module (bsm) audit implementation. http://www.trustedbsd.org/openbsm.html. Accessed 18 Oct 2013

184.

Valdes, A., Skinner, K.: Adaptive, model-based monitoring for cyber attack detection. In: Recent Advances in Intrusion Detection – RAID’00. Lecture Notes in Computer Science, vol. 1907, pp. 80–93. Springer, Heidelberg (2000)

185.

W3C: Web Services Addressing (WS-Addressing). http://www.w3.org/Submission/ws-addressing/ (2004). Accessed 03 March 2014

186.

W3C: Document object model (dom). http://www.w3.org/DOM/ (2005). Accessed 24 Jan 2013

187.

W3C: SOAP Version 1.2 Part 1: Messaging Framework, 2nd edn. http://www.w3.org/TR/soap12-part1/ (2007). Accessed 20 Feb 2014

188.

W3C: XML Schema. http://www.w3.org/XML/Schema.html (2010). Accessed 11 Feb 2013

189.

W3C: XML Schema Part 2: Datatypes, 2nd edn. http://www.w3.org/TR/xmlschema11-2/ (2012). Accessed 22 March 2013

190.

Wagner, D., Dean, R.: Intrusion detection via static analysis. In: IEEE Symposium on Security and Privacy, S&P’01, pp. 156–168. IEEE, Washington (2001)

191.

Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS’02, pp. 255–264. ACM, New York (2002)

192.

Wang, J., Bigham, J.: Anomaly detection in the case of message oriented middleware. In: Proceedings of the 2008 Workshop on Middleware Security, MidSec’08, pp. 40–42. ACM, New York (2008)

193.

Wang, K., Stolfo, S.J.: Anomalous payload-based network intrusion detection. In: Recent Advances in Intrusion Detection – RAID’04. Lecture Notes of Computer Science, vol. 3224, pp. 203–222. Springer, Heidelberg (2004)

194.

Wang, K., Parekh, J., Stolfo, S.J.: Anagram: A content anomaly detector resistant to mimicry attack. In: Recent Advances in Intrusion Detection – RAID’06. Lecture Notes of Computer Science, vol. 4219, pp. 226–248. Springer, Heidelberg (2006)

195.

Wang, C., Ren, K., Lou, W., Li, J.: Toward publicly auditable secure cloud data storage services. IEEE Netw. 24(4), 19–24 (2010)CrossRef

196.

WebSphere Software: Introduction to Oracle Fusion Middleware Audit Framework. http://docs.oracle.com/cd/E21764_01/core.1111/e10043/audintro.htm (2011). Accessed 11 Sept 2014

197.

WebSphere Software: Using WebSphere Message Broker log and trace files. http://publib.boulder.ibm.com/infocenter/wtxdoc/v8r2m0/index.jsp?topic=/com.ibm.websphere.dtx.wtx4wmb.doc/references/r_wtx4wmb_using_wmb_log_and_trace_files.htm (2014). Accessed 11 Sept 2014

198.

Wieder, P., Butler, J.M., Theilmann, W., Yahyapour, R.: Service Level Agreements for Cloud Computing. Springer, New York (2011)CrossRef

199.

Winter, P., Lampesberger, H., Zeilinger, M., Hermann, E.: On detecting abrupt changes in network entropy time series. In: Communications and Multimedia Security – CMS’11. Lecture Notes of Computer Science, vol. 7025, pp. 194–205. Springer, Heidelberg (2011)

200.

Wojtczuk, R.: Libnids. http://libnids.sourceforge.net/ (2010). Accessed 01 Nov 2013

201.

Xie, Y., Yu, S.Z.: A dynamic anomaly detection model for web user behavior based on hsmm. In: 10th International Conference on Computer Supported Cooperative Work in Design, CSCWD’06, pp. 1–6. IEEE, Nanjing (2006)

202.

Xie, Y., Yu, S.Z.: A large-scale hidden semi-markov model for anomaly detection on user browsing behaviors. IEEE/ACM Trans. Netw. 17(1), 54–65 (2009)CrossRef

203.

Zanero, S., Savaresi, S.M.: Unsupervised learning techniques for an intrusion detection system. In: Proceedings of the 2004 ACM Symposium on Applied Computing, SAC’04, pp. 412–419. ACM, New York (2004)

204.

Zhou, J., Gollman, D.: A fair non-repudiation protocol. In: IEEE Symposium on Security and Privacy, S&P’96, pp. 55–61. IEEE, Washington (1996)

Titel: Monitoring of Client-Cloud Interaction
verfasst von: Harald Lampesberger
Mariam Rady
Verlag: Springer International Publishing
Buch: Correct Software in Web Applications and Web Services
Print ISBN: 978-3-319-17111-1

Electronic ISBN: 978-3-319-17112-8

Copyright-Jahr: 2015
DOI: https://doi.org/10.1007/978-3-319-17112-8_6

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"