Observability and Incident Response in Managed Serverless Environments Using Ontology-Based Log Monitoring
arxiv(2024)
摘要
In a fully managed serverless environment, the cloud service provider is
responsible for securing the cloud infrastructure, thereby reducing the
operational and maintenance efforts of application developers. However, this
environment limits the use of existing cybersecurity frameworks and tools,
which reduces observability and situational awareness capabilities (e.g., risk
assessment, incident response). In addition, existing security frameworks for
serverless applications do not generalize well to all application architectures
and usually require adaptation, specialized expertise, etc. for use in fully
managed serverless environments. In this paper, we introduce a three-layer
security scheme for applications deployed in fully managed serverless
environments. The first two layers involve a unique ontology based solely on
serverless logs which is used to transform them into a unified application
activity knowledge graph. In the third layer, we address the need for
observability and situational awareness capabilities by implementing two
situational awareness tools that utilizes the graph-based representation: 1) An
incident response dashboard that leverages the ontology to visualize and
examine application activity logs in the context of cybersecurity alerts. Our
user study showed that the dashboard enabled participants to respond more
accurately and quickly to new security alerts than the baseline tool. 2) A
criticality of asset (CoA) risk assessment framework that enables efficient
expert-based prioritization in cybersecurity contexts.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要