Secgras: Security group analysis as a cloud service

Cheng Jin, Abhinav Srivastava, Yu Jin, Zhi-Li Zhang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Scopus citations

Abstract

To ensure security, cloud service providers employ security groups as a key tool for cloud tenants to protect their virtual machines from unwanted traffic. However, security groups can be complex and often hard to configure, which may result in security vulnerabilities that impact the entire cloud platform. To assist tenants in designing better security groups, in this paper, we propose and develop a system called Secgras. Secgras enables tenants to visualize and hence to understand the static and dynamic access relations among virtual machine (VM) instances. Secgras also helps diagnose potential misconfigurations and provides suggestions to refine security group configurations based on real traffic traversing tenants VMs.

Original languageEnglish (US)
Title of host publicationProceedings - IEEE 22nd International
PublisherIEEE Computer Society
Pages215-220
Number of pages6
ISBN (Electronic)9781479962044
DOIs
StatePublished - Dec 9 2014
Event22nd IEEE International Conference on Network Protocols, ICNP 2014 - Research Triangle, United States
Duration: Oct 21 2014Oct 24 2014

Publication series

NameProceedings - International Conference on Network Protocols, ICNP
ISSN (Print)1092-1648

Other

Other22nd IEEE International Conference on Network Protocols, ICNP 2014
Country/TerritoryUnited States
CityResearch Triangle
Period10/21/1410/24/14

Fingerprint

Dive into the research topics of 'Secgras: Security group analysis as a cloud service'. Together they form a unique fingerprint.

Cite this