Observability and Incident Response in Managed Serverless Environments Using Ontology-Based Log Monitoring
Authors:
Lavi Ben-Shimol,
Edita Grolman,
Aviad Elyashar,
Inbar Maimon,
Dudu Mimran,
Oleg Brodt,
Martin Strassmann,
Heiko Lehmann,
Yuval Elovici,
Asaf Shabtai
Abstract:
In a fully managed serverless environment, the cloud service provider is responsible for securing the cloud infrastructure, thereby reducing the operational and maintenance efforts of application developers. However, this environment limits the use of existing cybersecurity frameworks and tools, which reduces observability and situational awareness capabilities (e.g., risk assessment, incident res…
▽ More
In a fully managed serverless environment, the cloud service provider is responsible for securing the cloud infrastructure, thereby reducing the operational and maintenance efforts of application developers. However, this environment limits the use of existing cybersecurity frameworks and tools, which reduces observability and situational awareness capabilities (e.g., risk assessment, incident response). In addition, existing security frameworks for serverless applications do not generalize well to all application architectures and usually require adaptation, specialized expertise, etc. for use in fully managed serverless environments. In this paper, we introduce a three-layer security scheme for applications deployed in fully managed serverless environments. The first two layers involve a unique ontology based solely on serverless logs which is used to transform them into a unified application activity knowledge graph. In the third layer, we address the need for observability and situational awareness capabilities by implementing two situational awareness tools that utilizes the graph-based representation: 1) An incident response dashboard that leverages the ontology to visualize and examine application activity logs in the context of cybersecurity alerts. Our user study showed that the dashboard enabled participants to respond more accurately and quickly to new security alerts than the baseline tool. 2) A criticality of asset (CoA) risk assessment framework that enables efficient expert-based prioritization in cybersecurity contexts.
△ Less
Submitted 12 May, 2024;
originally announced May 2024.
A numerical study of Gibbs $u$-measures for partially hyperbolic diffeomorphisms on $\mathbb T^3$
Authors:
Andrey Gogolev,
Itai Maimon,
Aleksey N. Kolmogorov
Abstract:
We consider a hyperbolic automorphism $A\colon\mathbb T^3\to\mathbb T^3$ of the 3-torus whose 2-dimensional unstable distribution splits into weak and strong unstable subbundles. We unfold $A$ into two one-parameter families of Anosov diffeomorphisms --- a conservative family and a dissipative one. For diffeomorphisms in these families we numerically calculate the strong unstable manifold of the f…
▽ More
We consider a hyperbolic automorphism $A\colon\mathbb T^3\to\mathbb T^3$ of the 3-torus whose 2-dimensional unstable distribution splits into weak and strong unstable subbundles. We unfold $A$ into two one-parameter families of Anosov diffeomorphisms --- a conservative family and a dissipative one. For diffeomorphisms in these families we numerically calculate the strong unstable manifold of the fixed point. Our calculations strongly suggest that the strong unstable manifold is dense in $\mathbb T^3$. Further, we calculate push-forwards of the Lebesgue measure on a local strong unstable manifold. These numeric data indicate that the sequence of push-forwards converges to the SRB measure.
△ Less
Submitted 13 July, 2017;
originally announced July 2017.