Authors: Glynis Dsouza; Gabriel Rodriguez; Youssif Al-Nashif; Salim Hariri
Addresses: NSF Center for Autonomic Computing, The University of Arizona, Tucson, AZ, 85721, USA ' Computer Architecture Group, University of A Coruña, Campus de Elviña, s/n 15071 A Coruña, Spain ' NSF Center for Autonomic Computing, The University of Arizona, Tucson, AZ, 85721, USA ' NSF Center for Autonomic Computing, The University of Arizona, Tucson, AZ, 85721, USA
Abstract: It is widely accepted that we cannot build cloud systems that are free from vulnerabilities and cannot be penetrated or attacked. Our approach to address cloud security challenges is based on using the dynamic data driven application system (DDDAS) and moving target defence (MTD) strategies to develop resilient cloud services (RCS). The use of the MTD strategy makes it extremely difficult for an attacker to exploit existing vulnerabilities by varying different aspects of the system execution environment. By continuously changing the execution environment based on the DDDAS paradigm to meet the dynamic changes in system and application security requirements, we can reduce the attack surface and consequently, the attackers will have very limited time to figure out the current execution environment and what vulnerabilities are to be exploited. The DDDAS-based resilient cloud services (DRCS) implementation utilises the following capabilities: software behaviour encryption (SBE), replication, diversity, automated checkpointing and recovery.
Keywords: DDDAS paradigm; moving target defence; MTD; resiliency; diversity; checkpointing; recovery block; acceptance test; cloud services; cloud computing; cloud security; vulnerabilities; software behaviour encryption; cryptography; replication.
International Journal of Cloud Computing, 2013 Vol.2 No.2/3, pp.171 - 190
Published online: 24 Jul 2013 *Full-text access for editors Access for subscribers Purchase this article Comment on this article