Securing Mission-Centric Operations in the Cloud
Recent years have seen a growing interest in the use of Cloud Computing facilities to execute critical missions. However, due to their inherent complexity, most Cloud Computing services are vulnerable to multiple types of cyber-attacks and prone to a number of failures. Current solutions focus either on the infrastructure itself or on mission analysis, but fail to consider the complex interdependencies between system components, vulnerabilities, failures, and mission tasks. In this chapter, we propose a different approach, and present a solution for deploying missions in the cloud in a way that minimizes a mission’s exposure to vulnerabilities by taking into account available information about vulnerabilities and dependencies. We model the mission deployment problem as a task allocation problem, subject to various dependability constraints, and propose a solution based on the A ∗ algorithm for searching the solution space. Additionally, in order to provide missions with further availability and fault tolerance guarantees, we propose a cost-effective approach to harden the set of computational resources that have been selected for executing a given mission. Finally, we consider offering fault tolerance as a service to users in need of deploying missions in the Cloud. This approach allows missions to obtain required fault tolerance guarantees from a third party in a transparent manner.
The work presented in this chapter has been supported in part by the Office of Naval Research under award number N00014-12-1-0461, by Italian Ministry of Research within PRIN project “GenData 2020” (2010RTFWBH), and by the European Union under Integrated Project FP7-SEC-2012-312797 ABC gates for Europe.
- 1.P. Samarati and S. De Capitani di Vimercati, “Data protection in outsourcing scenarios: Issues and directions,” in Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2010), Beijing, China, April 2010, pp. 1–14.Google Scholar
- 2.M. Albanese, S. Jajodia, and S. Noel, “Time-efficient and cost-effective network hardening using attack graphs,” in Proceedings of the 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012), Boston, MA, USA, June 2012.Google Scholar
- 3.V. Mehta, C. Bartzis, H. Zhu, E. Clarke, and J. Wing, “Ranking attack graphs,” in Proceedings of the 9th International Symposium On Recent Advances In Intrusion Detection (RAID 2006), ser. Lecture Notes in Computer Science, vol. 4219, Hamburg, Germany, September 2006, pp. 127–144.Google Scholar
- 5.G. Jakobson, “Mission cyber security situation assessment using impact dependency graphs,” in Proceedings of the 14th International Conference on Information Fusion (FUSION), Chicago, IL, USA, July 2011.Google Scholar
- 6.K. V. Vishwanath and N. Nagappan, “Characterizing cloud computing hardware reliability,” in Proceedings of the 1st ACM Symposium on Cloud Computing, Indianapolis, IN, USA, 2010, pp. 93–204.Google Scholar
- 7.P. Gill, N. Jain, and N. Nagappan, “Understanding network failures in data centers: Measurement, analysis, and implications,” in Proceedings of the ACM SIGCOMM 2011, Toronto, ON, Canada, August 2011, pp. 350–361.Google Scholar
- 8.R. Jhawar and V. Piuri, “Fault tolerance management in iaas clouds,” in Proceedings of the IEEE First AESS European Conference on Satellite Telecommunications (ESTEL 2012), Rome, Italy, October 2012.Google Scholar
- 9.D. S. Kim, F. Machida, and K. S. Trivedi, “Availability modeling and analysis of a virtualized system,” in Proceedings of the 15th IEEE Pacific Rim International Symposium on Dependable Computing (PRDC 2009), Shanghai, China, November 2009, pp. 365–371.Google Scholar
- 10.M. Albanese, S. Jajodia, R. Jhawar, and V. Piuri, “Reliable mission deployment in vulnerable distributed systems,” in Proceedings of the 43rd IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W 2013), Budapest, Hungary, June 2013.Google Scholar
- 11.M. Balduzzi, J. Zaddach, D. Balzarotti, E. Kirda, and S. Loureiro, “A security analysis of amazon’s elastic compute cloud service,” in Proceedings of the 27th Annual ACM Symposium on Applied Computing (SAC 2012), 2012, pp. 1427–1434.Google Scholar
- 13.B. Cully, G. Lefebvre, D. Meyer, M. Feeley, N. Hutchinson, and A. Warfield, “Remus: High availability via asynchronous virtual machine replication,” in Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation (NSDI 2008). San Francisco, CA, USA: USENIX Association, 2008, pp. 161–174.Google Scholar
- 15.A. Undheim, A. Chilwan, and P. Heegaard, “Differentiated availability in cloud computing slas,” in Proceedings of the 12th IEEE/ACM International Conference on Grid Computing (GRID 2011), Lyon, France, September 2011, pp. 129–136.Google Scholar
- 16.R. Jhawar, V. Piuri, and P. Samarati, “Supporting security requirements for resource management in cloud computing,” in Proceedings of the 15th IEEE International Conference on Computational Science and Engineering (CSE 2012), Paphos, Cyprus, December 2012, pp. 170–177.Google Scholar