Securing Public Clouds using Dynamic Communication Graphs
- Sathiya Kumaran Mani ,
- Kevin Hsieh ,
- Santiago Segarra ,
- Trevor Eberl ,
- Ranveer Chandra ,
- Eliran Azulai ,
- Narayan Annamalai ,
- Deepak Bansal ,
- Srikanth Kandula
ACM Workshop on Hot Topics in Networks (HotNets) |
We describe a novel telemetry source available in public clouds today: periodic summaries of every flow that enters or leaves any VM. A key aspect is that such telemetry can be collected transparently to customers and with minimal impact on their workloads. By consuming this telemetry, we discuss how one may realize complete and dynamic communication graphs inside cloud subscriptions. We describe several novel analyses over these communication graphs with broad implications on network security and management.