Experiments‎ > ‎

Experimenting Scalability of Continuous Security Monitoring

CETIC

The ExSec experiment aims to determine an empirically validated elasticity function for security monitoring. Besides verifying the scalability of the security monitoring on different application loads for a number of virtual machines, another important aspect of the experiment is to verify scalability behaviour on different Cloud technologies such as different types of hypervisors and different types of Cloud environment managers. ExSec is studying the impact of scalability and heterogeneity on performance of security solutions. The test scenarios are designed to reflect real-life situations where, in a routine business context, organizations forming a virtual organization (VO) are most likely to run heterogeneous Cloud managers; and hence the situation often arises where hypervisors of different types using different virtual execution environment managers are required to collaborate to form a VO. The bottom line of this work is to develop a mean of quantifying the impact of security functions under various operating conditions and parameters of Cloud deployments.

The ExSec experiment is designed to leverage the results of two previous European funded projects where CETIC contributed in the area of security. They are FP6 project GridTrust and FP7 project RESERVOIR. A framework to perform continuous security monitoring on Grid technologies was developed in the FP6 project GridTrust. A portion of this framework for the policy-based access control was adapted to Cloud technologies in the FP7 project RESERVOIR. However, only small-scale security tests with a handful of virtual machines (and grid nodes) were performed during GridTrust and RESERVOIR. The ExSec experiment aims to perform a much more rigorous scalability test for applications requiring continuous security monitoring in the cloud.

Added-value of the BonFIRE Infrastructure

ExSec hypothesis can only be tested and validated on a real large-scale heterogeneous Cloud infrastructure as otherwise it is not possible to extrapolate the experimentation results of such a complex domain. The BonFIRE infrastructure provides a large-scale heterogeneous Cloud environment to perform tests on a real infrastructure of scale rather than the simulated ones. Moreover, a private Cloud at an enterprise level does not require full functionalities of security architecture. That’s why it is absolutely necessary for the ExSec experiment to use BonFIRE federated Cloud infrastructure. Moreover, technical solutions provided by the BonFIRE infrastructure together with the level of support provided by the BonFIRE team are truly the lifeline of the ExSec experiment. Without these technical and human supports, it will be extremely difficult to carry out daily operations starting from the deployment of experiment scripts to their executions and monitoring.

Impact on CETIC R&D Activities

The results of ExSec will contribute to CETIC’s research and consulting activities in Cloud computing. Technology transfer, towards SMEs in particular, is at the heart of CETIC missions. From consultancy to training, from project requirements to development process, CETIC helps companies to adopt new IT technologies. ExSec is an opportunity for CETIC to increase its skills in Cloud computing by taking into account the impact of scalability on the security performance. CETIC will also use the results of ExSec to extend its consulting services in distributed systems security, essentially based on Cloud computing. The consulting services are mainly offered to SMEs and administrations based in Belgium. Based on ExSec experiment results, CETIC will be able to advise a company deploying a Cloud solution about the best security architecture that will fit its Cloud architecture and performance requirements.

Impact on the BonFIRE Project

The results of ExSec experiment will facilitate the achievement of BonFIRE project objectives by providing a way of testing and validating the much-needed tools for monitoring the security properties of heterogeneous federated Cloud deployments. The added-value that ExSec brings to BonFIRE project is not only in the area of security but also in terms of its infrastructural improvements (security policy enforcement and monitoring); feedback through hands-on testing (sharing of security related know-how); use of the BonFIRE facility for security testing (settings for monitoring tool and other technologies), requested mechanisms (management and allocation of sufficient number of resources to carry out scalability load testing), etc.