Incident detection for cloud environments
Security and privacy concerns hinder a broadDoelitzscher F, Reich C, Knahl MH, Clarke NL
adoption of cloud computing in industry. In this paper we
identify cloud specific security risks and introduce the cloud
incident detection system Security Audit as a Service (SAaaS).
SAaaS is built on autonomous distributed agents feeding a
complex event processing engine, informing about a cloud’s
security state. In addition to technical monitoring factors like
number of open network connections business process flows can
be modelled to detect customer overlapping security incidents.
In case of identified attacks actions can be defined to protect the
cloud service assets. As contribution of this paper we provide a
high-level design of the SAaaS architecture and a first prototype
of a virtual machine agent. We show how an incident detection
system for a cloud environment should be designed to address
cloud specific security problems.