Mitigating service impersonation attacks in clouds

Abstract

Providing security for interacting cloud services requires more than user authentication with passwords or digital certificates and confidentiality in data transmission. Existing data protection mechanisms have previously failed in preventing data theft attacks perpetrated by an insider to the cloud provider or impersonators. In this paper, we focus on the service cloud model, which facilitates the composition and communication among web services owned by different cloud vendors. We augment a detection approach for impersonation attacks with additional analyses to improve the security of communicating web services hosted in the cloud. A statistical model generates a normal behavior profile for individual services and groups of services based on their business tasks. The detection approach monitors the behavior of each service and identifies anomalies as a potential impersonation attack if it deviates significantly from the expected behavior. To verify the impersonation attack, we deploy a cloud-based verification technique, misleading suspicious services with useless responses. The experimental results show that modeling request behavior reliably detects a significant number of impersonation attempts, with a performance degradation that is a reasonable trade-off.