Skip to main content

Advances, Systems and Applications

Journal of Cloud Computing Cover Image

Table 4 Comparison (RS: Responsible stakeholder, CP: Cloud Provider, CC: Cloud Consumer, P: Proactive, R: Reactive)

From: Handling compromised components in an IaaS cloud installation

Approach RS P/R Service impact Implementation/Enforcement difficulties Dependencies
Filtering in the messaging server CP R Platform components may never receive an expected message. Unless deployed in distributed mode, can become a bottleneck. Messaging server
Filtering in each component CP R Platform components may never receive an expected message. All components should be modified to support it. Platform components
Disabling services CP R Healthy components can become inaccessible. Losing control over instances managed by disabled components. - Platform interfaces
Replicating services CP P Services should be replicated based on requirement and performance analysis of the environment. - Platform components
Disinfecting infected components CP R Healthy components can become inaccessible. Losing control over instances managed by disabled components. Configuration management tools and cloud platform interfaces should be deployed and configured. Configuration management tools, Platform interfaces
Removing instances from the project VLAN CP CC R The instance won’t be accessible for the consumer and its services. Highly dependent on the OpenStack VLANManager networking mode. Platform components
Disabling live migration CP R Consumer experiences lower QoS. - Platform interfaces
Quarantining instances CP CC R Quarantined instances won’t be accessible for the consumer. Implementing this solution requires a lot of effort as discussed briefly in[10]. -
Disinfecting an instance CP CC R - A framework for analyzing VM images and disinfecting running instances must be developed Platform interfaces
Migrating instances CP CC R Consumer may experience lower QoS. The cloud environment should consist of distributed and independent zones. Platform interfaces
Component authentication CP P Small overhead for all communications. Developing a system for managing components certificates and identity. Messaging server and identity services
No new worker policy CP P - Developing a policy manager component Messaging server and policy manager
Trust levels and timeouts CP CC P Lower QoS for non-critical use-cases Lower resource volume for critical use-cases High complexity Platform interfaces, and scheduler component