Service Integrity Assurance in Large-Scale Cloud Systems

Internet has evolved into an important service delivery infrastructure instead of merely providing host connectivity. With rapid adoption of the concepts of Software as a Service (SaaS), Service Oriented Architecture (SOA), and Cloud Computing, service oriented cloud systems have emerged as cost-effective platforms for users to access various software applications as services via Internet.;However, cloud systems are often shared by multiple tenants from different security domains, which makes them vulnerable to various malicious attacks. Moreover, cloud systems often host long-running applications such as massive data processing, which provides more opportunities for attackers to exploit the system vulnerability and perform strategic attacks.;This dissertation focuses on securing data processing applications in large-scale multi-tenant cloud systems. It includes three studies on service integrity assurance for data processing applications in cloud systems.;The first study designs, implements, and evaluates RunTest, a scalable runtime integrity attestation framework. RunTest provides light-weight application-level attestation to dynamically verify the integrity of data processing services and pinpoint malicious service providers in cloud systems. RunTest validates service integrity by aggregating and analyzing result consistency information and utilizes a clique based attestation graph analysis algorithm to pinpoint malicious service providers and recognize colluding attack patterns.;The second study designs, implements, and evaluates IntTest, an integrated service integrity attestation framework that can efficiently verify the integrity of dataflow processing services and quickly pinpoint malicious service providers within a large-scale cloud infrastructure. In contrast to RunTest, IntTest can effectively detect more challenging colluding attacks and mitigate false alarms with more relaxed assumption than RunTest. Furthermore, we have investigated stateful dataflow processing and have provided service integrity attestation schemes supporting stateful services.;The third study designs, implements, and evaluates AdapTest, an adaptive continuous service integrity attestation framework for large-scale cloud systems. Building on top of RunTest, AdapTest can (1) significantly reduce attestation overhead and shorten detection delay; and (2) automatically detect and correct corrupted data processing results produced by the cloud system.;All of the three systems have been implemented on top of the IBM System S streaming processing system and tested on the virtual computing lab (VCL), a production virtualized computing cluster that operates in a similar way as Amazon EC2. Our experimental results show that our schemes are effective and impose low performance impact for data processing in the cloud system.;We have also identified two other security threats toward dataflow processing applications in cloud systems, including data attacks and dataflow topology attacks. We have provided efficient and effective countermeasures to mitigate such attacks.