CyberDS: Auditable Monitoring in the Cloud

Lev Sorokin and Ulrich Schöpp

Proceedings of the 43rd International Conference on Computer Safety, Reliability and Security (SAFECOMP), pp. 15

September 2024

abstract

When deploying safety-critical systems in the cloud, where deviations may have severe consequences, the assurance of critical decisions becomes essential. Typical cloud systems are operated by third parties and are built on complex software stacks consisting of e.g., Kubernetes, Istio, or Kafka, which due to their size are difficult to be verified. Nevertheless, one needs to make sure that safety-critical choices are made correctly. In this paper, we propose CyberDS, a flexible runtime monitoring approach designed to transparently monitor safety and data-related properties in the Cloud. CyberDS is based on combining distributed Datalog-based programs with tamper-proof storage based on Trillian to verify the premises of critical actions. We demonstrate our monitoring approach on an industrial use case that uses a cloud infrastructure for the orchestration of unmanned air vehicles.

url: https://arxiv.org/pdf/2312.12057