Skip to main content

Advances, Systems and Applications

Table 2 Containment strategies

From: Handling compromised components in an IaaS cloud installation

NIST recommended action Brief description
“Identifying and Isolating Other Infected Hosts” Extract incident symptoms to detect other infected hosts.
“Blocking Particular Hosts” After identifying the compromised component and its corresponding host (i.e. the compromised worker/compute host), that host should be blocked.
“Soliciting User Participation” Interaction among cloud stakeholders (e.g. cloud providers, cloud consumers, third parties, end users, etc.) is a mandatory step toward fulfilling incident containment requirements.
“Disabling Services” Disabling the infected service (nova-compute in our scenario) may reduce impacts of the compromised host. Disabling a service can disrupt other services and cause deviation from promised SLA by the provider.