Revolutionizing Cloud Security with Programmable Frameworks: a Novel Approach

We present a novel framework for the management of a multi-tier architecture, where a common, programmable, and pervasive context fabric feeds a powerful set of multi-vendor detection and analysis algorithms (business logic). The challenge is deep visibility over multiple software components by real-time collection of massive events from a multiplicity of capillary sources, while maintaining essential properties such as forwarding speed, scalability, autonomy, usability, fault tolerance, resistance to compromises, and responsiveness. The ambition is to support better and more reliable situational awareness by inter- and intra-domain data correlation in both space and time, in order to timely detect and respond even the more sophisticated multi-vector and interdisciplinary cyberattacks. The Context Broker (CB) is the logical component to manage the security context. We define the security context as the set of information, data, and measurements that describe the service and can be used for security-related purposes. The Local Control Plane (LCP) gives the CB access to the configuration of agents. We performed an evaluation of the CB Manager (CB-Man) and LCP considering different scenarios and workloads. The goal is to verify the robustness and the reliance of these two components in different execution scenarios.