Monitoring Auditable Claims in the Cloud

• URL: http://arxiv.org/abs/2312.12057v1
• Date: Tue, 19 Dec 2023 11:21:18 GMT
• Title: Monitoring Auditable Claims in the Cloud
• Authors: Lev Sorokin, Ulrich Schoepp
• Abstract summary: We propose a flexible monitoring approach that is independent of the implementation of the observed system. Our approach is based on combining distributed Datalog-based programs with tamper-proof storage based on Trillian. We apply our approach to an industrial use case that uses a cloud infrastructure for orchestrating unmanned air vehicles.
• Score: 0.0
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: When deploying mission-critical systems in the cloud, where deviations may have severe consequences, the assurance of critical decisions becomes essential. Typical cloud systems are operated by third parties and are built on complex software stacks consisting of e.g., Kubernetes, Istio, or Kafka, which due to their size are difficult to be verified. Nevertheless, one needs to make sure that mission-critical choices are made correctly. We propose a flexible runtime monitoring approach that is independent of the implementation of the observed system that allows to monitor safety and data-related properties. Our approach is based on combining distributed Datalog-based programs with tamper-proof storage based on Trillian to verify the premises of safety-critical actions. The approach can be seen as a generalization of the Certificate Transparency project. We apply our approach to an industrial use case that uses a cloud infrastructure for orchestrating unmanned air vehicles.

Related papers

• A Verifiable Computing Scheme for Encrypted Control Systems [0.0]
  It is imperative to verify the correctness of the control signals received from the cloud. Traditional verification methods, like zero-knowledge proof techniques, are computationally demanding in both proof generation and verification. We present a novel computationally inexpensive verifiable computing solution inspired by the probabilistic cut-and-choose approach.
  arXiv  Detail & Related papers  (2024-05-28T21:06:39Z)
• Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments [60.51751612363882]
  We investigate the security implications of and software-based Open Radio Access Network (RAN) systems. We highlight the presence of potential vulnerabilities and misconfigurations in the infrastructure supporting the Near Real-Time RAN Controller (RIC) cluster.
  arXiv  Detail & Related papers  (2024-05-03T07:18:45Z)
• HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
  Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs) TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks. We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
  arXiv  Detail & Related papers  (2024-01-17T00:56:23Z)
• A fully decentralized auditing approach for edge computing: A Game-Theoretic Perspective [18.20120097647291]
  Edge storage presents a viable data storage alternative for application vendors. Data cached in edge computing systems is susceptible to intentional or accidental disturbances. This paper proposes a decentralized integrity auditing scheme to safeguard data integrity.
  arXiv  Detail & Related papers  (2023-12-26T11:26:44Z)
• Safety Margins for Reinforcement Learning [53.10194953873209]
  We show how to leverage proxy criticality metrics to generate safety margins. We evaluate our approach on learned policies from APE-X and A3C within an Atari environment.
  arXiv  Detail & Related papers  (2023-07-25T16:49:54Z)
• In-Distribution Barrier Functions: Self-Supervised Policy Filters that Avoid Out-of-Distribution States [84.24300005271185]
  We propose a control filter that wraps any reference policy and effectively encourages the system to stay in-distribution with respect to offline-collected safe demonstrations. Our method is effective for two different visuomotor control tasks in simulation environments, including both top-down and egocentric view settings.
  arXiv  Detail & Related papers  (2023-01-27T22:28:19Z)
• Scalable Discovery and Continuous Inventory of Personal Data at Rest in Cloud Native Systems [0.0]
  Cloud native systems are processing large amounts of personal data through numerous and possibly multi-paradigmatic data stores. From a privacy engineering perspective, a core challenge is to keep track of all exact locations, where personal data is being stored. We present Teiresias, comprising i) a workflow pattern for scalable discovery of personal data at rest, and ii) a cloud native system architecture and open source prototype implementation of said workflow pattern.
  arXiv  Detail & Related papers  (2022-09-09T10:45:34Z)
• Recursively Feasible Probabilistic Safe Online Learning with Control Barrier Functions [60.26921219698514]
  We introduce a model-uncertainty-aware reformulation of CBF-based safety-critical controllers. We then present the pointwise feasibility conditions of the resulting safety controller. We use these conditions to devise an event-triggered online data collection strategy.
  arXiv  Detail & Related papers  (2022-08-23T05:02:09Z)
• Learning Robust Output Control Barrier Functions from Safe Expert Demonstrations [50.37808220291108]
  This paper addresses learning safe output feedback control laws from partial observations of expert demonstrations. We first propose robust output control barrier functions (ROCBFs) as a means to guarantee safety. We then formulate an optimization problem to learn ROCBFs from expert demonstrations that exhibit safe system behavior.
  arXiv  Detail & Related papers  (2021-11-18T23:21:00Z)
• Graph-based Incident Aggregation for Large-Scale Online Service Systems [33.70557954446136]
  We propose GRLIA, an incident aggregation framework based on graph representation learning over the cascading graph of cloud failures. A representation vector is learned for each unique type of incident in an unsupervised and unified manner, which is able to simultaneously encode the topological and temporal correlations. The proposed framework is evaluated with real-world incident data collected from a large-scale online service system of Huawei Cloud.
  arXiv  Detail & Related papers  (2021-08-27T08:48:55Z)
• Collaborative Inference for Efficient Remote Monitoring [34.27630312942825]
  A naive approach to resolve this on the model level is to use simpler architectures. We propose an alternative solution by decomposing the predictive model as the sum of a simple function which serves as a local monitoring tool. A sign requirement is imposed on the latter to ensure that the local monitoring function is safe.
  arXiv  Detail & Related papers  (2020-02-12T01:57:17Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.