Securing Mission-Centric Operations in the Cloud

  • Massimiliano Albanese
  • Sushil Jajodia
  • Ravi Jhawar
  • Vincenzo Piuri
Chapter

Abstract

Recent years have seen a growing interest in the use of Cloud Computing facilities to execute critical missions. However, due to their inherent complexity, most Cloud Computing services are vulnerable to multiple types of cyber-attacks and prone to a number of failures. Current solutions focus either on the infrastructure itself or on mission analysis, but fail to consider the complex interdependencies between system components, vulnerabilities, failures, and mission tasks. In this chapter, we propose a different approach, and present a solution for deploying missions in the cloud in a way that minimizes a mission’s exposure to vulnerabilities by taking into account available information about vulnerabilities and dependencies. We model the mission deployment problem as a task allocation problem, subject to various dependability constraints, and propose a solution based on the A algorithm for searching the solution space. Additionally, in order to provide missions with further availability and fault tolerance guarantees, we propose a cost-effective approach to harden the set of computational resources that have been selected for executing a given mission. Finally, we consider offering fault tolerance as a service to users in need of deploying missions in the Cloud. This approach allows missions to obtain required fault tolerance guarantees from a third party in a transparent manner.

References

  1. 1.
    P. Samarati and S. De Capitani di Vimercati, “Data protection in outsourcing scenarios: Issues and directions,” in Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2010), Beijing, China, April 2010, pp. 1–14.Google Scholar
  2. 2.
    M. Albanese, S. Jajodia, and S. Noel, “Time-efficient and cost-effective network hardening using attack graphs,” in Proceedings of the 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012), Boston, MA, USA, June 2012.Google Scholar
  3. 3.
    V. Mehta, C. Bartzis, H. Zhu, E. Clarke, and J. Wing, “Ranking attack graphs,” in Proceedings of the 9th International Symposium On Recent Advances In Intrusion Detection (RAID 2006), ser. Lecture Notes in Computer Science, vol. 4219, Hamburg, Germany, September 2006, pp. 127–144.Google Scholar
  4. 4.
    P. K. Manadhata and J. M. Wing, “An attack surface metric,” IEEE Transactions on Software Engineering, vol. 37, no. 3, pp. 371–386, May 2011.CrossRefGoogle Scholar
  5. 5.
    G. Jakobson, “Mission cyber security situation assessment using impact dependency graphs,” in Proceedings of the 14th International Conference on Information Fusion (FUSION), Chicago, IL, USA, July 2011.Google Scholar
  6. 6.
    K. V. Vishwanath and N. Nagappan, “Characterizing cloud computing hardware reliability,” in Proceedings of the 1st ACM Symposium on Cloud Computing, Indianapolis, IN, USA, 2010, pp. 93–204.Google Scholar
  7. 7.
    P. Gill, N. Jain, and N. Nagappan, “Understanding network failures in data centers: Measurement, analysis, and implications,” in Proceedings of the ACM SIGCOMM 2011, Toronto, ON, Canada, August 2011, pp. 350–361.Google Scholar
  8. 8.
    R. Jhawar and V. Piuri, “Fault tolerance management in iaas clouds,” in Proceedings of the IEEE First AESS European Conference on Satellite Telecommunications (ESTEL 2012), Rome, Italy, October 2012.Google Scholar
  9. 9.
    D. S. Kim, F. Machida, and K. S. Trivedi, “Availability modeling and analysis of a virtualized system,” in Proceedings of the 15th IEEE Pacific Rim International Symposium on Dependable Computing (PRDC 2009), Shanghai, China, November 2009, pp. 365–371.Google Scholar
  10. 10.
    M. Albanese, S. Jajodia, R. Jhawar, and V. Piuri, “Reliable mission deployment in vulnerable distributed systems,” in Proceedings of the 43rd IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W 2013), Budapest, Hungary, June 2013.Google Scholar
  11. 11.
    M. Balduzzi, J. Zaddach, D. Balzarotti, E. Kirda, and S. Loureiro, “A security analysis of amazon’s elastic compute cloud service,” in Proceedings of the 27th Annual ACM Symposium on Applied Computing (SAC 2012), 2012, pp. 1427–1434.Google Scholar
  12. 12.
    R. Jhawar, V. Piuri, and M. Santambrogio, “Fault tolerance management in cloud computing: A system-level perspective,” IEEE Systems Journal, vol. 7, no. 2, pp. 288–297, June 2012.CrossRefGoogle Scholar
  13. 13.
    B. Cully, G. Lefebvre, D. Meyer, M. Feeley, N. Hutchinson, and A. Warfield, “Remus: High availability via asynchronous virtual machine replication,” in Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation (NSDI 2008). San Francisco, CA, USA: USENIX Association, 2008, pp. 161–174.Google Scholar
  14. 14.
    W. E. Smith, K. S. Trivedi, L. A. Tomek, and J. Ackaret, “Availability analysis of blade server systems,” IBM Systems Journal, vol. 47, no. 4, pp. 621–640, 2008.CrossRefGoogle Scholar
  15. 15.
    A. Undheim, A. Chilwan, and P. Heegaard, “Differentiated availability in cloud computing slas,” in Proceedings of the 12th IEEE/ACM International Conference on Grid Computing (GRID 2011), Lyon, France, September 2011, pp. 129–136.Google Scholar
  16. 16.
    R. Jhawar, V. Piuri, and P. Samarati, “Supporting security requirements for resource management in cloud computing,” in Proceedings of the 15th IEEE International Conference on Computational Science and Engineering (CSE 2012), Paphos, Cyprus, December 2012, pp. 170–177.Google Scholar

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  • Massimiliano Albanese
    • 1
  • Sushil Jajodia
    • 1
  • Ravi Jhawar
    • 2
  • Vincenzo Piuri
    • 2
  1. 1.Center for Secure Information SystemsGeorge Mason UniversityFairfaxUSA
  2. 2.Department of Computer ScienceUniversità degli Studi di MilanoCremaItaly

Personalised recommendations