Leveraging countermeasures as a service for VoIP security in the cloud Oussema Dabbebi, * † Remi Badonnel and Olivier Festor INRIA Nancy Grand Est, LORIA–University of Lorraine, Technopôle de Nancy Brabois, 54506 Vandœuvre-lès-Nancy, France SUMMARY The emergence of cloud computing is contributing to the integration of multiple services, in particular VoIP services. While the cloud has recently been used for performing security attacks targeting IP telephony, it also provides new opportunities for supporting the security of this service. In that context, we propose a risk management strategy for VoIP cloud based on security countermeasures that may be outsourced as services. We present the architecture of our solution and its components in the context of services implementing the SIP protocol. We describe the mathematical modelling supporting our approach and detail different treatment strategies for the application of countermeasures. Finally, we quantify the benefits and limits of these strategies based on extensive simulation results. When a counter- measure fails, these strategies allow us to maintain the risk level low at an additional cost of up to 7%, or to accept an additional risk of up to 12%. They can also be combined to obtain a trade-off between cost and performance. Copyright © 2013 John Wiley & Sons, Ltd. Received 3 November 2012; Revised 2 September 2013; Accepted 22 October 2013 1. INTRODUCTION Cloud computing constitutes a new paradigm for supporting the delivery and access of computer resources in a virtual manner. It provides these resources as services at a large scale that are commitment-free and on-demand. The cloud offers a sufficiently high abstraction level for allowing users to dynamically deploy and exploit elaborate infrastructures, platforms and applications based on these services. The development of high-speed broadband Internet access has contributed to the emergence of cloud computing. The growing interest and support of companies and organizations is motivated by the scalability, interoperability and flexibility properties that enable cloud computing with respect to computer resources [1]. Four main deployment models are typically considered for cloud computing in the literature [2,3]. The first model corresponds to private clouds which are exclusively provisioned for a single organization. The second model stands for community clouds where the infrastructure is restricted to a community of consumers. The third model corresponds to public clouds which are open to the general public. The last deployment model, hybrid clouds, is obtained by a composition of the preceding models. All these deployment models typically support a large variety of services and pose security challenges at various degree levels. Amongst these services, IP telephony has known an important development with the standardization of signalling protocols, such as the Session Initiation Protocol (SIP). It enables the establishment and transmission of voice communications directly over the IP layer. The cloud integration of this service increases its scalability and improves its maintenance [4]. VoIP services are, however, exposed to multiple security threats. These threats can be specific to the application layer (such as SIP malformed messages) or they can be inherited from the IP layer (such as ARP-based denial of service). They are *Correspondence to: Oussema Dabbebi, INRIA Nancy Grand Est, LORIA—University of Lorraine, Campus Scientifique, BP 239, Technopôle de Nancy Brabois, 54506 Vandœuvre-lès-Nancy, France. † E-mail: dabbebi@loria.fr INTERNATIONAL JOURNAL OF NETWORK MANAGEMENT Int. J. Network Mgmt 2014; 24: 70–84 Published online 25 December 2013 in Wiley Online Library (wileyonlinelibrary.com) DOI: 10.1002/nem.1853 Copyright © 2013 John Wiley & Sons, Ltd.