Techniques for Mutual Auditability in a Cloud Environment

Abstract

Mutual auditability offers visibility between a cloud service provider (CSP) and cloud service customer (CSC), informing both of the risks posed by their association with the other. In this work, we develop and experiment with two systems designed to enable such auditability: a specialized network-based intrusion detection system (NIDS) implementation, traditional-based intrusion system (TBIS), that gives CSPs insight into the malicious activity by clients' virtual machines (VMs) without undermining the CSC's privacy, and a complementary system, hypervisor-based intrusion system (HBIS), that provides visibility into malicious activities of co-resident CSCs by detecting side channel attacks. In order to ensure that our design does not introduce new vulnerabilities into the cloud environment, we examine the potential of using these auditing tools as attack vectors themselves and potential mitigations if such vulnerabilities are found.