{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,3]],"date-time":"2026-05-03T11:01:17Z","timestamp":1777806077242,"version":"3.51.4"},"reference-count":91,"publisher":"SAGE Publications","issue":"2","license":[{"start":{"date-parts":[[2018,12,13]],"date-time":"2018-12-13T00:00:00Z","timestamp":1544659200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/journals.sagepub.com\/page\/policies\/text-and-data-mining-license"}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["Journal of Computer Security"],"published-print":{"date-parts":[[2019,3,29]]},"abstract":"<jats:p>Security compliance auditing is a viable solution to ensure the accountability and transparency of a cloud provider to its tenants. However, the sheer size of a cloud, coupled with the high operational complexity implied by the multi-tenancy and self-service nature, can easily render existing runtime auditing techniques too expensive and non-scalable. To this end, a\u00a0proactive approach, which prepares for the auditing ahead of critical events, is a promising solution to reduce the response time to a practical level. However, a key limitation of such approaches is their reliance on manual efforts to extract the dependency relationships among events, which greatly restricts their practicality. What makes things worse is the fact that, as the most important input to security auditing, the logs and configuration databases of a real world cloud platform can be unstructured and not ready to be used for efficient security auditing. In this paper, we first propose a log processing technique, which prepares raw cloud logs for different analysis purposes, and then design a learning-based proactive security auditing system, namely, [Formula: see text]. To this end, we conduct case studies on current log formats in different real-world OpenStack (a popular cloud platform) deployments, and identify major challenges in log processing. Later, we design a stand-alone log processor for clouds, which may potentially be used for various log analyses. Consequently, we leverage the log processor outputs to extract probabilistic dependencies from runtime events for the dependency models. Finally, through these dependency models, we proactively prepare for security critical events and prevent security violations resulting from those critical events. Furthermore, we integrate [Formula: see text]\u00a0to OpenStack and perform extensive experiments in both simulated and real cloud environments that show a practical response time (e.g., 6\u00a0ms to audit a cloud of 100,000 VMs) and a significant improvement (e.g., about 50% faster) over existing proactive approaches. In addition, we successfully and efficiently apply our log processor outputs to other learning techniques (e.g., executing sequence pattern mining algorithms within 18\u00a0ms for 50,000 events).<\/jats:p>","DOI":"10.3233\/jcs-181137","type":"journal-article","created":{"date-parts":[[2018,12,14]],"date-time":"2018-12-14T13:26:28Z","timestamp":1544793988000},"page":"165-202","update-policy":"https:\/\/doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":9,"title":["Learning probabilistic dependencies among events for proactive security auditing in clouds"],"prefix":"10.1177","volume":"27","author":[{"given":"Suryadipta","family":"Majumdar","sequence":"first","affiliation":[{"name":"Information Security and Digital Forensics, University at Albany, Albany, NY, USA. E-mail:\u00a0"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Azadeh","family":"Tabiban","sequence":"additional","affiliation":[{"name":"CIISE, Concordia University, Montreal, QC, Canada. E-mails:\u00a0,\u00a0,\u00a0,\u00a0,\u00a0"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yosr","family":"Jarraya","sequence":"additional","affiliation":[{"name":"Ericsson Security Research, Ericsson, Montreal, QC, Canada. E-mails:\u00a0,\u00a0"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Momen","family":"Oqaily","sequence":"additional","affiliation":[{"name":"CIISE, Concordia University, Montreal, QC, Canada. E-mails:\u00a0,\u00a0,\u00a0,\u00a0,\u00a0"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Amir","family":"Alimohammadifar","sequence":"additional","affiliation":[{"name":"CIISE, Concordia University, Montreal, QC, Canada. E-mails:\u00a0,\u00a0,\u00a0,\u00a0,\u00a0"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Makan","family":"Pourzandi","sequence":"additional","affiliation":[{"name":"Ericsson Security Research, Ericsson, Montreal, QC, Canada. E-mails:\u00a0,\u00a0"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lingyu","family":"Wang","sequence":"additional","affiliation":[{"name":"CIISE, Concordia University, Montreal, QC, Canada. E-mails:\u00a0,\u00a0,\u00a0,\u00a0,\u00a0"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mourad","family":"Debbabi","sequence":"additional","affiliation":[{"name":"CIISE, Concordia University, Montreal, QC, Canada. E-mails:\u00a0,\u00a0,\u00a0,\u00a0,\u00a0"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"179","published-online":{"date-parts":[[2018,12,13]]},"reference":[{"key":"ref001","unstructured":"R.\u00a0Agrawal, R.\u00a0Srikant et al., Fast algorithms for mining association rules, in: Proc. 20th Int. Conf. Very Large Data Bases, VLDB, Vol.\u00a01215, 1994, pp.\u00a0487\u2013499."},{"key":"ref002","unstructured":"C.S.\u00a0Alliance, Security Guidance for Critical Areas of Focus in Cloud Computing, Vol.\u00a03, 2011."},{"key":"ref003","unstructured":"Amazon, Amazon virtual private cloud, Available at: https:\/\/aws.amazon.com\/vpc."},{"key":"ref004","unstructured":"Amazon, Amazon CloudWatch, Available at: https:\/\/aws.amazon.com\/cloudwatch\/."},{"key":"ref005","unstructured":"BayesFusion, GeNIe and SMILE, Available at: https:\/\/www.bayesfusion.com."},{"key":"ref006","unstructured":"M.\u00a0Bellare and B.\u00a0Yee, Forward integrity for secure audit logs, Technical Report, Citeseer, 1997."},{"key":"ref007","doi-asserted-by":"crossref","unstructured":"S.\u00a0Bleikertz, T.\u00a0Gro\u00df, M.\u00a0Schunter and K.\u00a0Eriksson, Automated information flow analysis of virtualized infrastructures, in: European Symposium on Research in Computer Security (ESORICS), Springer, 2011, pp.\u00a0392\u2013415.","DOI":"10.1007\/978-3-642-23822-2_22"},{"key":"ref008","doi-asserted-by":"crossref","unstructured":"S.\u00a0Bleikertz, C.\u00a0Vogel and T.\u00a0Gro\u00df, Cloud Radar: Near real-time detection of security failures in dynamic virtualized infrastructures, in: Proceedings of the 30th Annual Computer Security Applications Conference (ACSAC), ACM, 2014, pp.\u00a026\u201335.","DOI":"10.1145\/2664243.2664274"},{"key":"ref009","doi-asserted-by":"crossref","unstructured":"S.\u00a0Bleikertz, C.\u00a0Vogel, T.\u00a0Gro\u00df and S.\u00a0M\u00f6dersheim, Proactive security analysis of changes in virtualized infrastructures, in: Proceedings of the 31st Annual Computer Security Applications Conference (ACSAC), ACM, 2015, pp.\u00a051\u201360.","DOI":"10.1145\/2818000.2818034"},{"key":"ref010","unstructured":"Cloud auditing data federation, PyCADF: A Python-based CADF library, 2015, Available at: https:\/\/pypi.python.org\/pypi\/pycadf."},{"key":"ref011","unstructured":"Cloud Security Alliance, Cloud control matrix CCM v3.0.1, 2014, Available at: https:\/\/cloudsecurityalliance.org\/research\/ccm\/."},{"key":"ref012","unstructured":"Cloud Security Alliance, CSA STAR program and open certification framework in 2016 and beyond, 2016, https:\/\/downloads.cloudsecurityalliance.org\/star\/csa-star-program-cert-prep.pdf."},{"key":"ref013","unstructured":"Data center knowledge, Survey: One-third of cloud users\u2019 clouds are private, heavily OpenStack, 2015, Available at: http:\/\/www.datacenterknowledge.com\/archives\/2015\/01\/30\/survey-half-of-private-clouds-are-openstack-clouds."},{"key":"ref014","doi-asserted-by":"crossref","unstructured":"J.\u00a0Davies, Specification and Proof in Real Time CSP, Vol.\u00a06, Cambridge University Press, 1993.","DOI":"10.1017\/CBO9780511569760"},{"key":"ref015","first-page":"1","author":"Dempster A.P.","year":"1977","journal-title":"Journal of the Royal Statistical Society. Series B (Methodological)"},{"key":"ref016","unstructured":"F.\u00a0Doelitzscher, Security audit compliance for cloud computing, PhD thesis, Plymouth University, 2014."},{"key":"ref017","doi-asserted-by":"crossref","unstructured":"F.\u00a0Doelitzscher, C.\u00a0Fischer, D.\u00a0Moskal, C.\u00a0Reich, M.\u00a0Knahl and N.\u00a0Clarke, Validating cloud infrastructure changes by cloud audits, in: Eighth World Congress on Services (SERVICES), IEEE, 2012, pp.\u00a0377\u2013384.","DOI":"10.1109\/SERVICES.2012.12"},{"key":"ref018","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-014-0239-8"},{"key":"ref019","unstructured":"Elasticsearch, Logstash, Available at: https:\/\/www.elastic.co\/products\/logstash."},{"key":"ref020","doi-asserted-by":"crossref","unstructured":"S.N.\u00a0Foley and U.\u00a0Neville, A firewall algebra for OpenStack, in: Conference on Communications and Network Security (CNS), IEEE, 2015, pp.\u00a0541\u2013549.","DOI":"10.1109\/CNS.2015.7346867"},{"key":"ref021","unstructured":"P.\u00a0Fournier-Viger, SPMF, an open-source data mining library, 2018, Available at: http:\/\/www.philippe-fournier-viger.com\/spmf\/index.php."},{"key":"ref022","doi-asserted-by":"crossref","unstructured":"P.\u00a0Fournier-Viger, C.W.\u00a0Wu and V.S.\u00a0Tseng, Mining maximal sequential patterns without candidate maintenance, in: International Conference on Advanced Data Mining and Applications, Springer, 2013, pp.\u00a0169\u2013180. doi:10.1007\/978-3-642-53914-5_15.","DOI":"10.1007\/978-3-642-53914-5_15"},{"key":"ref023","doi-asserted-by":"crossref","unstructured":"A.\u00a0Gomariz, M.\u00a0Campos, R.\u00a0Marin and B.\u00a0Goethals, ClaSP: An efficient algorithm for mining frequent closed sequences, in: Pacific-Asia Conference on Knowledge Discovery and Data Mining, Springer, 2013, pp.\u00a050\u201361. doi:10.1007\/978-3-642-37453-1_5.","DOI":"10.1007\/978-3-642-37453-1_5"},{"key":"ref024","unstructured":"Google, Google cloud platform, Available at: https:\/\/cloud.google.com."},{"key":"ref025","unstructured":"Google, Processing logs at scale using cloud dataflow, Available at: https:\/\/cloud.google.com\/solutions\/processing-logs-at-scale-using-dataflow."},{"key":"ref026","unstructured":"S.\u00a0Guha, Attack detection for cyber systems and probabilistic state estimation in partially observable cyber environments, PhD thesis, Arizona State University, 2016."},{"key":"ref027","doi-asserted-by":"crossref","unstructured":"S.\u00a0Hagen, M.\u00a0Seibold and A.\u00a0Kemper, Efficient verification of IT change operations or: How we could have prevented Amazon\u2019s cloud outage, in: Network Operations and Management Symposium (NOMS), IEEE, 2012, pp.\u00a0368\u2013376.","DOI":"10.1109\/NOMS.2012.6211920"},{"key":"ref028","doi-asserted-by":"publisher","DOI":"10.1007\/978-94-011-5014-9_11"},{"key":"ref029","unstructured":"R.A.\u00a0Hemmat and A.\u00a0Hafid, SLA violation prediction in cloud computing: A machine learning perspective, Technical Report, Universit\u00e9 de Montr\u00e9al, 2016."},{"key":"ref030","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2014.2382574"},{"key":"ref031","doi-asserted-by":"crossref","unstructured":"A.S.\u00a0Ibrahim, J.\u00a0Hamlyn-Harris, J.\u00a0Grundy and M.\u00a0Almorsy, CloudSec: A security monitoring appliance for virtual machines in the IaaS cloud model, in: 5th International Conference on Network and System Security (NSS), IEEE, 2011, pp.\u00a0113\u2013120.","DOI":"10.1109\/ICNSS.2011.6059967"},{"key":"ref032","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2016.2549002"},{"key":"ref033","unstructured":"ISO Std IEC, ISO 27017,\n                      Information technology\u00a0\u2013 Security techniques\u00a0\u2013 Code of practice for information security controls based on ISO\/IEC 27002 for cloud services (DRAFT)\n                      (2012), Available at: http:\/\/www.iso27001security.com\/html\/27017.html."},{"key":"ref034","unstructured":"ISO Std IEC, ISO 27002: 2005,\n                      Information technology-security techniques\u00a0\u2013 Code of practice for information security management. ISO\n                      (2005)."},{"key":"ref035","doi-asserted-by":"crossref","unstructured":"Y.\u00a0Jiang, E.Z.\u00a0Zhang, K.\u00a0Tian, F.\u00a0Mao, M.\u00a0Gethers, X.\u00a0Shen and Y.\u00a0Gao, Exploiting statistical correlations for proactive prediction of program behaviors, in: Proceedings of the 8th Annual IEEE\/ACM International Symposium on Code Generation and Optimization, ACM, 2010, pp.\u00a0248\u2013256.","DOI":"10.1145\/1772954.1772989"},{"key":"ref036","doi-asserted-by":"crossref","unstructured":"H.\u00a0Kai, H.\u00a0Chuanhe, W.\u00a0Jinhai, Z.\u00a0Hao, C.\u00a0Xi, L.\u00a0Yilong, Z.\u00a0Lianzhen and W.\u00a0Bin, An efficient public batch auditing protocol for data security in multi-cloud storage, in: 8th ChinaGrid Annual Conference (ChinaGrid), IEEE, 2013, pp.\u00a051\u201356.","DOI":"10.1109\/ChinaGrid.2013.13"},{"key":"ref037","unstructured":"P.\u00a0Kazemian, M.\u00a0Chang, H.\u00a0Zeng, G.\u00a0Varghese, N.\u00a0McKeown and S.\u00a0Whyte, Real time network policy checking using header space analysis, in: Proceedings of the 10th USENIX Symposium on Networked Systems Design and Implementation (NSDI), 2013."},{"key":"ref038","doi-asserted-by":"crossref","unstructured":"A.\u00a0Khurshid, W.\u00a0Zhou, M.\u00a0Caesar and P.\u00a0Godfrey, Veriflow: Verifying network-wide invariants in real time, in: Proceedings of the 10th USENIX Symposium on Networked Systems Design and Implementation (NSDI), 2013.","DOI":"10.1145\/2342441.2342452"},{"key":"ref039","doi-asserted-by":"crossref","unstructured":"S.\u00a0Kikuchi and K.\u00a0Hiraishi, Improving reliability in management of cloud computing infrastructure by formal methods, in: Network Operations and Management Symposium (NOMS), IEEE, 2014, pp.\u00a01\u20137.","DOI":"10.1109\/NOMS.2014.6838285"},{"key":"ref040","doi-asserted-by":"publisher","DOI":"10.1145\/359545.359563"},{"key":"ref041","doi-asserted-by":"publisher","DOI":"10.1016\/0167-9473(93)E0056-A"},{"key":"ref042","doi-asserted-by":"crossref","unstructured":"M.\u00a0Li, W.\u00a0Zang, K.\u00a0Bai, M.\u00a0Yu and P.\u00a0Liu, MyCloud: Supporting user-configured privacy protection in cloud computing, in: Proceedings of the 29th Annual Computer Security Applications Conference (ACSAC), ACM, 2013, pp.\u00a059\u201368. doi:10.1145\/2523649.2523680.","DOI":"10.1145\/2523649.2523680"},{"key":"ref043","doi-asserted-by":"crossref","unstructured":"J.\u00a0Ligatti, L.\u00a0Bauer and D.\u00a0Walker, Run-time enforcement of nonsafety policies, ACM Transactions on Information and System Security (TISSEC) 12(3) (2009), 19. doi:10.1145\/1455526.1455532.","DOI":"10.1145\/1455526.1455532"},{"key":"ref044","doi-asserted-by":"crossref","unstructured":"J.\u00a0Ligatti and S.\u00a0Reddy, A theory of runtime enforcement, with results, in: European Symposium on Research in Computer Security (ESORICS), Springer, 2010, pp.\u00a087\u2013100.","DOI":"10.1007\/978-3-642-15497-3_6"},{"key":"ref045","doi-asserted-by":"crossref","unstructured":"X.\u00a0Lin, P.\u00a0Wang and B.\u00a0Wu, Log analysis in cloud computing environment with Hadoop and Spark, in: 5th IEEE International Conference on Broadband Network & Multimedia Technology (IC-BNMT), IEEE, 2013, pp.\u00a0273\u2013276.","DOI":"10.1109\/ICBNMT.2013.6823956"},{"key":"ref046","doi-asserted-by":"crossref","unstructured":"T.\u00a0Madi, S.\u00a0Majumdar, Y.\u00a0Wang, Y.\u00a0Jarraya, M.\u00a0Pourzandi and L.\u00a0Wang, Auditing security compliance of the virtualized infrastructure in the cloud: Application to openstack, in: Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy (CODASPY), ACM, 2016, pp.\u00a0195\u2013206.","DOI":"10.1145\/2857705.2857721"},{"key":"ref047","doi-asserted-by":"crossref","unstructured":"S.\u00a0Majumdar, Y.\u00a0Jarraya, T.\u00a0Madi, A.\u00a0Alimohammadifar, M.\u00a0Pourzandi, L.\u00a0Wang and M.\u00a0Debbabi, Proactive verification of security compliance for clouds through pre-computation: Application to OpenStack, in: European Symposium on Research in Computer Security (ESORICS), Springer, 2016, pp.\u00a047\u201366.","DOI":"10.1007\/978-3-319-45744-4_3"},{"key":"ref048","doi-asserted-by":"crossref","unstructured":"S.\u00a0Majumdar, Y.\u00a0Jarraya, M.\u00a0Oqaily, A.\u00a0Alimohammadifar, M.\u00a0Pourzandi, L.\u00a0Wang and M.\u00a0Debbabi, LeaPS: Learning-based proactive security auditing for clouds, in: European Symposium on Research in Computer Security (ESORICS), Springer, 2017, pp.\u00a0265\u2013285.","DOI":"10.1007\/978-3-319-66399-9_15"},{"key":"ref049","doi-asserted-by":"crossref","unstructured":"S.\u00a0Majumdar, T.\u00a0Madi, Y.\u00a0Wang, Y.\u00a0Jarraya, M.\u00a0Pourzandi, L.\u00a0Wang and M.\u00a0Debbabi, Security compliance auditing of identity and access management in the cloud: Application to OpenStack, in: 7th International Conference on Cloud Computing Technology and Science (CloudCom), IEEE, 2015, pp.\u00a058\u201365.","DOI":"10.1109\/CloudCom.2015.80"},{"key":"ref050","doi-asserted-by":"crossref","unstructured":"A.\u00a0Ma\u00f1a, A.\u00a0Mu\u00f1oz and J.\u00a0Gonz\u00e1lez, Dynamic security monitoring for virtualized environments in cloud computing, in: 1st International Workshop on Securing Services on the Cloud (IWSSC), IEEE, 2011, pp.\u00a01\u20136.","DOI":"10.1109\/IWSSCloud.2011.6049018"},{"key":"ref051","doi-asserted-by":"crossref","unstructured":"S.\u00a0Mehnaz and E.\u00a0Bertino, Ghostbuster: A fine-grained approach for anomaly detection in file system accesses, in: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy (CODASPY), ACM, 2017, pp.\u00a03\u201314.","DOI":"10.1145\/3029806.3029809"},{"key":"ref052","unstructured":"M.\u00a0Michael, R.\u00a0Chad, M.\u00a0Pete and K.\u00a0Nikita, This is Sparkhara: OpenStack Log processing in real-time using Spark on Sahara, 2018, Available at: https:\/\/www.openstack.org\/videos\/tokyo-2015\/this-is-sparkhara-openstack-log-processing-in-real-time-using-spark-on-sahara."},{"key":"ref053","unstructured":"Microsoft, Microsoft Azure virtual network, Available at: https:\/\/azure.microsoft.com."},{"key":"ref054","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2014.2312327"},{"key":"ref055","unstructured":"K.\u00a0Murphy, A Brief Introduction to Graphical Models and Bayesian Networks, 1998."},{"key":"ref056","unstructured":"S.\u00a0Narain, Network configuration management via model finding, in: Proceedings of the 19th Conference on Large Installation System Administration Conference (LISA), 2005, pp.\u00a015."},{"key":"ref057","unstructured":"NIST, SP 800-53,\n                      Recommended security controls for federal information systems\n                      , 2003."},{"key":"ref058","unstructured":"OpenStack, OpenStack user survey, 2016, Available at: https:\/\/www.openstack.org\/assets\/survey\/October2016SurveyReport.pdf."},{"key":"ref059","unstructured":"OpenStack, OpenStack open source cloud computing software, 2015, Available at: http:\/\/www.openstack.org."},{"key":"ref060","unstructured":"OpenStack, Nova network security group changes are not applied to running instances, 2015, Available at: https:\/\/security.openstack.org\/ossa\/OSSA-2015-021.html."},{"key":"ref061","unstructured":"OpenStack, OpenStack congress, 2015, Available at: https:\/\/wiki.openstack.org\/wiki\/Congress."},{"key":"ref062","unstructured":"OpenStack, OpenStack command list, 2016, Available at: http:\/\/docs.openstack.org\/developer\/python-openstackclient\/command-list.html."},{"key":"ref063","unstructured":"OpenStack, OpenStack audit middleware, 2016, Available at: http:\/\/docs.openstack.org\/developer\/keystonemiddleware\/audit.html."},{"key":"ref064","unstructured":"OpenStack, Neutron security groups bypass through invalid CIDR, 2015, Available at: https:\/\/security.openstack.org\/ossa\/OSSA-2014-014.html."},{"key":"ref065","unstructured":"OpenStack, OSSA-2014-008: Routers can be cross plugged by other tenants, 2014, Available at: https:\/\/security.openstack.org\/ossa\/OSSA-2014-008.html."},{"key":"ref066","doi-asserted-by":"crossref","unstructured":"B.D.\u00a0Payne, M.\u00a0Carbone, M.\u00a0Sharif and W.\u00a0Lee, Lares: An architecture for secure active monitoring using virtualization, in: IEEE Symposium on Security and Privacy (SP), IEEE, 2008, pp.\u00a0233\u2013247.","DOI":"10.1109\/SP.2008.24"},{"key":"ref067","unstructured":"J.\u00a0Pearl, Causality: Models, Reasoning and Inference, Cambridge University Press, 2000."},{"key":"ref068","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2004.77"},{"key":"ref069","doi-asserted-by":"crossref","unstructured":"D.\u00a0Petcu and C.\u00a0Craciun, Towards a security SLA-based cloud monitoring service, in: Proceedings of the 4th International Conference on Cloud Computing and Services Science (CLOSER), 2014, pp.\u00a0598\u2013603.","DOI":"10.5220\/0004957305980603"},{"key":"ref070","doi-asserted-by":"publisher","DOI":"10.1007\/s10703-017-0271-1"},{"key":"ref071","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2016.01.006"},{"key":"ref072","unstructured":"J.\u00a0Reavis and D.\u00a0Catteddu, Open certification framework. Vision Statement, Rev.\u00a01, 2012, Available at: https:\/\/downloads.cloudsecurityalliance.org\/initiatives\/ocf\/OCF_Vision_Statement_Final.pdf."},{"key":"ref073","doi-asserted-by":"publisher","DOI":"10.1109\/MIC.2012.14"},{"key":"ref074","doi-asserted-by":"publisher","DOI":"10.1109\/2.485845"},{"key":"ref075","doi-asserted-by":"publisher","DOI":"10.1145\/353323.353382"},{"key":"ref076","doi-asserted-by":"crossref","unstructured":"S.A.\u00a0Schneider, Security properties and CSP, in: Proceedings of the 1996 IEEE Symposium on Security and Privacy, 1996, pp.\u00a0174\u2013187. doi:10.1109\/SECPRI.1996.502680.","DOI":"10.1109\/SECPRI.1996.502680"},{"key":"ref077","unstructured":"M.\u00a0Solanas, J.\u00a0Hernandez-Castro and D.\u00a0Dutta, Detecting fraudulent activity in a cloud using privacy-friendly data aggregates, 2014, Technical Report, arXiv preprint."},{"key":"ref078","unstructured":"N.\u00a0Tamura and M.\u00a0Banbara, Sugar: A CSP to SAT translator based on order encoding, in: Proceedings of the Second International CSP Solver Competition, 2008, pp.\u00a065\u201369."},{"key":"ref079","doi-asserted-by":"crossref","unstructured":"B.\u00a0Tang and R.\u00a0Sandhu, Extending OpenStack access control with domain trust, in: Network and System Security, Springer, 2014, pp.\u00a054\u201369.","DOI":"10.1007\/978-3-319-11698-3_5"},{"key":"ref080","doi-asserted-by":"crossref","unstructured":"K.W.\u00a0Ullah, A.S.\u00a0Ahmed and J.\u00a0Ylitalo, Towards building an automated security compliance tool for the cloud, in: 12th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), IEEE, 2013, pp.\u00a01587\u20131593.","DOI":"10.1109\/TrustCom.2013.195"},{"key":"ref081","doi-asserted-by":"crossref","unstructured":"K.K.\u00a0Venkatasubramanian, T.\u00a0Mukherjee and S.K.\u00a0Gupta, CAAC\u00a0\u2013 an adaptive and proactive access control approach for emergencies in smart infrastructures, ACM Transactions on Autonomous and Adaptive Systems (TAAS) 8(4) (2014), 20.","DOI":"10.1145\/2555614"},{"key":"ref082","unstructured":"VMware, VMware vCloud director, Available at: https:\/\/www.vmware.com."},{"key":"ref083","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2011.245"},{"key":"ref084","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2016.2646913"},{"key":"ref085","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2016.2646913"},{"key":"ref086","unstructured":"WSGI, Middleware and libraries for WSGI, 2016, Available at: http:\/\/wsgi.readthedocs.io\/en\/latest\/libraries.html."},{"key":"ref087","doi-asserted-by":"crossref","unstructured":"S.S.\u00a0Yau, A.B.\u00a0Buduru and V.\u00a0Nagaraja, Protecting critical cloud infrastructures with predictive capability, in: 8th International Conference on Cloud Computing (CLOUD), IEEE, 2015, pp.\u00a01119\u20131124.","DOI":"10.1109\/CLOUD.2015.165"},{"key":"ref088","doi-asserted-by":"crossref","unstructured":"H.\u00a0Yu and D.\u00a0Wang, Mass log data processing and mining based on Hadoop and cloud computing, in: 7th International Conference on Computer Science & Education (ICCSE), IEEE, 2012, pp.\u00a0197\u2013202.","DOI":"10.1109\/ICCSE.2012.6295056"},{"key":"ref089","unstructured":"H.\u00a0Zeng, S.\u00a0Zhang, F.\u00a0Ye, V.\u00a0Jeyakumar, M.\u00a0Ju, J.\u00a0Liu, N.\u00a0McKeown and A.\u00a0Vahdat, Libra: Divide and conquer to verify forwarding tables in huge networks, in: Proceedings of the 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI), Vol.\u00a014, 2014, pp.\u00a087\u201399."},{"key":"ref090","doi-asserted-by":"crossref","unstructured":"T.\u00a0Zhang and R.B.\u00a0Lee, CloudMonatt: An architecture for security health monitoring and attestation of virtual machines in cloud computing, in: 42nd Annual International Symposium on Computer Architecture (ISCA), IEEE, 2015, pp.\u00a0362\u2013374.","DOI":"10.1145\/2749469.2750422"},{"key":"ref091","doi-asserted-by":"crossref","unstructured":"X.\u00a0Zhu, S.\u00a0Song, J.\u00a0Wang, S.Y.\u00a0Philip and J.\u00a0Sun, Matching heterogeneous events with patterns, in: 30th International Conference on Data Engineering (ICDE), IEEE, 2014, pp.\u00a0376\u2013387.","DOI":"10.1109\/ICDE.2014.6816666"}],"container-title":["Journal of Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-181137","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/full-xml\/10.3233\/JCS-181137","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-181137","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T20:45:17Z","timestamp":1777495517000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.3233\/JCS-181137"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,12,13]]},"references-count":91,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2019,3,29]]}},"alternative-id":["10.3233\/JCS-181137"],"URL":"https:\/\/doi.org\/10.3233\/jcs-181137","relation":{},"ISSN":["0926-227X","1875-8924"],"issn-type":[{"value":"0926-227X","type":"print"},{"value":"1875-8924","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,12,13]]}}}