Advocate -- Trustworthy Evidence in Cloud Systems

• URL: http://arxiv.org/abs/2410.13477v1
• Date: Thu, 17 Oct 2024 12:09:26 GMT
• Title: Advocate -- Trustworthy Evidence in Cloud Systems
• Authors: Sebastian Werner, Sepideh Masoudi, Fernando Castillo, Fabian Piper, Jonathan Heiss,
• Abstract summary: The rapid evolution of cloud-native applications, characterized by dynamic, interconnected services, presents significant challenges for maintaining trustworthy and auditable systems. Traditional methods of verification and certification are often inadequate due to the fast-past and dynamic development practices common in cloud computing. This paper introduces Advocate, a novel agent-based system designed to generate verifiable evidence of cloud-native application operations.
• Score: 39.58317527488534
• License:
• Abstract: The rapid evolution of cloud-native applications, characterized by dynamic, interconnected services, presents significant challenges for maintaining trustworthy and auditable systems, especially in sensitive contexts, such as finance or healthcare. Traditional methods of verification and certification are often inadequate due to the fast-past and dynamic development practices common in cloud computing. This paper introduces Advocate, a novel agent-based system designed to generate verifiable evidence of cloud-native application operations. By integrating with existing infrastructure tools, such as Kubernetes and distributed tracing systems, Advocate captures, authenticates, and stores evidence trails in a tamper-resistant manner. This approach not only supports the auditing process but also allows for privacy-preserving evidence aggregation. Advocate's extensible architecture facilitates its deployment in diverse environments, enabling the verification and adherence to policies and enhance trust in cloud services.

Related papers

• Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
  We propose Authenticated Cyclic Redundancy Integrity Check (ACRIC) ACRIC preserves backward compatibility without requiring additional hardware and is protocol agnostic. We show that ACRIC offers robust security with minimal transmission overhead ( 1 ms)
  arXiv  Detail & Related papers  (2024-11-21T18:26:05Z)
• AEAKA: An Adaptive and Efficient Authentication and Key Agreement Scheme for IoT in Cloud-Edge-Device Collaborative Environments [7.106119177152857]
  We propose an adaptive and efficient authentication and key agreement scheme (AEAKA) for Cloud-Edge-Device IoT environments. AEAKA is highly adaptive and scalable, capable of automatically and dynamically initiating different authentication methods based on device requirements. It employs an edge-assisted authentication approach to reduce the load on third-party trust authorities.
  arXiv  Detail & Related papers  (2024-11-14T06:55:27Z)
• Authentication and identity management based on zero trust security model in micro-cloud environment [0.0]
  The Zero Trust framework can better track and block external attackers while limiting security breaches resulting from insider attacks in the cloud paradigm. This paper focuses on authentication mechanisms, calculation of trust score, and generation of policies in order to establish required access control to resources.
  arXiv  Detail & Related papers  (2024-10-29T09:06:13Z)
• A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
  The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure. This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus. We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
  arXiv  Detail & Related papers  (2024-01-19T14:52:04Z)
• HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
  Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs) TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks. We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
  arXiv  Detail & Related papers  (2024-01-17T00:56:23Z)
• Monitoring Auditable Claims in the Cloud [0.0]
  We propose a flexible monitoring approach that is independent of the implementation of the observed system. Our approach is based on combining distributed Datalog-based programs with tamper-proof storage based on Trillian. We apply our approach to an industrial use case that uses a cloud infrastructure for orchestrating unmanned air vehicles.
  arXiv  Detail & Related papers  (2023-12-19T11:21:18Z)
• A Holistic Approach for Trustworthy Distributed Systems with WebAssembly and TEEs [2.0198678236144474]
  This paper introduces a novel approach using WebAssembly to address these issues. We present the design of a portable and fully attested publish/subscribe system as a holistic approach. Our experimental results showcase most overheads, revealing a 1.55x decrease in message throughput when using a trusted broker.
  arXiv  Detail & Related papers  (2023-12-01T16:37:48Z)
• Blockchain-based Zero Trust on the Edge [5.323279718522213]
  This paper proposes a novel approach based on Zero Trust Architecture (ZTA) extended with blockchain to further enhance security. The blockchain component serves as an immutable database for storing users' requests and is used to verify trustworthiness by analyzing and identifying potentially malicious user activities. We discuss the framework, processes of the approach, and the experiments carried out on a testbed to validate its feasibility and applicability in the smart city context.
  arXiv  Detail & Related papers  (2023-11-28T12:43:21Z)
• Exploring Security Practices in Infrastructure as Code: An Empirical Study [54.669404064111795]
  Cloud computing has become popular thanks to the widespread use of Infrastructure as Code (IaC) tools. scripting process does not automatically prevent practitioners from introducing misconfigurations, vulnerabilities, or privacy risks. Ensuring security relies on practitioners understanding and the adoption of explicit policies, guidelines, or best practices.
  arXiv  Detail & Related papers  (2023-08-07T23:43:32Z)
• A Privacy-Preserving Distributed Architecture for Deep-Learning-as-a-Service [68.84245063902908]
  This paper introduces a novel distributed architecture for deep-learning-as-a-service. It is able to preserve the user sensitive data while providing Cloud-based machine and deep learning services.
  arXiv  Detail & Related papers  (2020-03-30T15:12:03Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.