Advances, Systems and Applications
Table 2 Containment strategies
From: Handling compromised components in an IaaS cloud installation
NIST recommended action | Brief description |
|---|---|
“Identifying and Isolating Other Infected Hosts” | Extract incident symptoms to detect other infected hosts. |
“Blocking Particular Hosts” | After identifying the compromised component and its corresponding host (i.e. the compromised worker/compute host), that host should be blocked. |
“Soliciting User Participation” | Interaction among cloud stakeholders (e.g. cloud providers, cloud consumers, third parties, end users, etc.) is a mandatory step toward fulfilling incident containment requirements. |
“Disabling Services” | Disabling the infected service (nova-compute in our scenario) may reduce impacts of the compromised host. Disabling a service can disrupt other services and cause deviation from promised SLA by the provider. |