Secgras: Security group analysis as a cloud service

Cheng Jin; Abhinav Srivastava; Yu Jin; Zhi-Li Zhang

doi:10.1109/ICNP.2014.42

Secgras: Security group analysis as a cloud service

Cheng Jin, Abhinav Srivastava, Yu Jin, Zhi-Li Zhang

Computer Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

2 Scopus citations

Abstract

To ensure security, cloud service providers employ security groups as a key tool for cloud tenants to protect their virtual machines from unwanted traffic. However, security groups can be complex and often hard to configure, which may result in security vulnerabilities that impact the entire cloud platform. To assist tenants in designing better security groups, in this paper, we propose and develop a system called Secgras. Secgras enables tenants to visualize and hence to understand the static and dynamic access relations among virtual machine (VM) instances. Secgras also helps diagnose potential misconfigurations and provides suggestions to refine security group configurations based on real traffic traversing tenants VMs.

Original language	English (US)
Title of host publication	Proceedings - IEEE 22nd International
Publisher	IEEE Computer Society
Pages	215-220
Number of pages	6
ISBN (Electronic)	9781479962044
DOIs	https://doi.org/10.1109/ICNP.2014.42
State	Published - Dec 9 2014
Event	22nd IEEE International Conference on Network Protocols, ICNP 2014 - Research Triangle, United States Duration: Oct 21 2014 → Oct 24 2014

Publication series

Name	Proceedings - International Conference on Network Protocols, ICNP
ISSN (Print)	1092-1648

Other

Other	22nd IEEE International Conference on Network Protocols, ICNP 2014
Country/Territory	United States
City	Research Triangle
Period	10/21/14 → 10/24/14

Bibliographical note

Publisher Copyright:
© 2014 IEEE.

Access

10.1109/ICNP.2014.42

OpenUrl availability

Full text

Cite this

Jin, C, Srivastava, A, Jin, Y & Zhang, Z-L 2014, Secgras: Security group analysis as a cloud service. in Proceedings - IEEE 22nd International., 6980381, Proceedings - International Conference on Network Protocols, ICNP, IEEE Computer Society, pp. 215-220, 22nd IEEE International Conference on Network Protocols, ICNP 2014, Research Triangle, United States, 10/21/14. https://doi.org/10.1109/ICNP.2014.42

@inproceedings{d4fa7aa104c4440db1249e2b532d9d34,

title = "Secgras: Security group analysis as a cloud service",

abstract = "To ensure security, cloud service providers employ security groups as a key tool for cloud tenants to protect their virtual machines from unwanted traffic. However, security groups can be complex and often hard to configure, which may result in security vulnerabilities that impact the entire cloud platform. To assist tenants in designing better security groups, in this paper, we propose and develop a system called Secgras. Secgras enables tenants to visualize and hence to understand the static and dynamic access relations among virtual machine (VM) instances. Secgras also helps diagnose potential misconfigurations and provides suggestions to refine security group configurations based on real traffic traversing tenants VMs.",

author = "Cheng Jin and Abhinav Srivastava and Yu Jin and Zhi-Li Zhang",

note = "Publisher Copyright: {\textcopyright} 2014 IEEE.; 22nd IEEE International Conference on Network Protocols, ICNP 2014 ; Conference date: 21-10-2014 Through 24-10-2014",

year = "2014",

month = dec,

day = "9",

doi = "10.1109/ICNP.2014.42",

language = "English (US)",

series = "Proceedings - International Conference on Network Protocols, ICNP",

publisher = "IEEE Computer Society",

pages = "215--220",

booktitle = "Proceedings - IEEE 22nd International",

}

TY - GEN

T1 - Secgras

T2 - 22nd IEEE International Conference on Network Protocols, ICNP 2014

AU - Jin, Cheng

AU - Srivastava, Abhinav

AU - Jin, Yu

AU - Zhang, Zhi-Li

PY - 2014/12/9

Y1 - 2014/12/9

N2 - To ensure security, cloud service providers employ security groups as a key tool for cloud tenants to protect their virtual machines from unwanted traffic. However, security groups can be complex and often hard to configure, which may result in security vulnerabilities that impact the entire cloud platform. To assist tenants in designing better security groups, in this paper, we propose and develop a system called Secgras. Secgras enables tenants to visualize and hence to understand the static and dynamic access relations among virtual machine (VM) instances. Secgras also helps diagnose potential misconfigurations and provides suggestions to refine security group configurations based on real traffic traversing tenants VMs.

AB - To ensure security, cloud service providers employ security groups as a key tool for cloud tenants to protect their virtual machines from unwanted traffic. However, security groups can be complex and often hard to configure, which may result in security vulnerabilities that impact the entire cloud platform. To assist tenants in designing better security groups, in this paper, we propose and develop a system called Secgras. Secgras enables tenants to visualize and hence to understand the static and dynamic access relations among virtual machine (VM) instances. Secgras also helps diagnose potential misconfigurations and provides suggestions to refine security group configurations based on real traffic traversing tenants VMs.

UR - http://www.scopus.com/inward/record.url?scp=84919958610&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84919958610&partnerID=8YFLogxK

U2 - 10.1109/ICNP.2014.42

DO - 10.1109/ICNP.2014.42

M3 - Conference contribution

AN - SCOPUS:84919958610

T3 - Proceedings - International Conference on Network Protocols, ICNP

SP - 215

EP - 220

BT - Proceedings - IEEE 22nd International

PB - IEEE Computer Society

Y2 - 21 October 2014 through 24 October 2014

ER -

Secgras: Security group analysis as a cloud service

Abstract

Publication series

Other

Bibliographical note

Access

OpenUrl availability

Other files and links

Fingerprint

Cite this