VAM-aaS: Online Cloud Services Security Vulnerability Analysis and Mitigation-as-a-Service

Cloud computing introduces a new paradigm shift in service delivery models. However, the potential benefits reaped from the adoption of this model are threatened by public accessibility of the cloud-hosted services and sharing of resources. This increases the possibility of malicious service attacks. Existing cloud platforms do not provide a means to validate the security of offered cloud services. Moreover, the public accessibility of cloud services increases the potential for exploitation of newly discovered vulnerabilities that usually take a long time to discover and to mitigate. We introduce VAM-aaS, Vulnerability Analysis and Mitigation as-a-service, as a novel, integrated, and online cloudbased security vulnerability analysis and mitigation service. VAM-aaS performs online service analysis to pinpoint new vulnerabilities and weaknesses. It then uses this information to generate security control configuration scripts to block these discovered security holes at runtime. Our approach is based on a new vulnerability signature and mitigation-actions specification approach. We introduce our approach, describe key implementation details, and describe an evaluation of our prototype on a set of .NET benchmark applications.