Abstract
Recent years have seen a growing interest in the use of Cloud Computing facilities to execute critical missions. However, due to their inherent complexity, most Cloud Computing services are vulnerable to multiple types of cyber-attacks and prone to a number of failures. Current solutions focus either on the infrastructure itself or on mission analysis, but fail to consider the complex interdependencies between system components, vulnerabilities, failures, and mission tasks. In this chapter, we propose a different approach, and present a solution for deploying missions in the cloud in a way that minimizes a mission’s exposure to vulnerabilities by taking into account available information about vulnerabilities and dependencies. We model the mission deployment problem as a task allocation problem, subject to various dependability constraints, and propose a solution based on the A ∗ algorithm for searching the solution space. Additionally, in order to provide missions with further availability and fault tolerance guarantees, we propose a cost-effective approach to harden the set of computational resources that have been selected for executing a given mission. Finally, we consider offering fault tolerance as a service to users in need of deploying missions in the Cloud. This approach allows missions to obtain required fault tolerance guarantees from a third party in a transparent manner.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
References
P. Samarati and S. De Capitani di Vimercati, “Data protection in outsourcing scenarios: Issues and directions,” in Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2010), Beijing, China, April 2010, pp. 1–14.
M. Albanese, S. Jajodia, and S. Noel, “Time-efficient and cost-effective network hardening using attack graphs,” in Proceedings of the 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012), Boston, MA, USA, June 2012.
V. Mehta, C. Bartzis, H. Zhu, E. Clarke, and J. Wing, “Ranking attack graphs,” in Proceedings of the 9th International Symposium On Recent Advances In Intrusion Detection (RAID 2006), ser. Lecture Notes in Computer Science, vol. 4219, Hamburg, Germany, September 2006, pp. 127–144.
P. K. Manadhata and J. M. Wing, “An attack surface metric,” IEEE Transactions on Software Engineering, vol. 37, no. 3, pp. 371–386, May 2011.
G. Jakobson, “Mission cyber security situation assessment using impact dependency graphs,” in Proceedings of the 14th International Conference on Information Fusion (FUSION), Chicago, IL, USA, July 2011.
K. V. Vishwanath and N. Nagappan, “Characterizing cloud computing hardware reliability,” in Proceedings of the 1st ACM Symposium on Cloud Computing, Indianapolis, IN, USA, 2010, pp. 93–204.
P. Gill, N. Jain, and N. Nagappan, “Understanding network failures in data centers: Measurement, analysis, and implications,” in Proceedings of the ACM SIGCOMM 2011, Toronto, ON, Canada, August 2011, pp. 350–361.
R. Jhawar and V. Piuri, “Fault tolerance management in iaas clouds,” in Proceedings of the IEEE First AESS European Conference on Satellite Telecommunications (ESTEL 2012), Rome, Italy, October 2012.
D. S. Kim, F. Machida, and K. S. Trivedi, “Availability modeling and analysis of a virtualized system,” in Proceedings of the 15th IEEE Pacific Rim International Symposium on Dependable Computing (PRDC 2009), Shanghai, China, November 2009, pp. 365–371.
M. Albanese, S. Jajodia, R. Jhawar, and V. Piuri, “Reliable mission deployment in vulnerable distributed systems,” in Proceedings of the 43rd IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W 2013), Budapest, Hungary, June 2013.
M. Balduzzi, J. Zaddach, D. Balzarotti, E. Kirda, and S. Loureiro, “A security analysis of amazon’s elastic compute cloud service,” in Proceedings of the 27th Annual ACM Symposium on Applied Computing (SAC 2012), 2012, pp. 1427–1434.
R. Jhawar, V. Piuri, and M. Santambrogio, “Fault tolerance management in cloud computing: A system-level perspective,” IEEE Systems Journal, vol. 7, no. 2, pp. 288–297, June 2012.
B. Cully, G. Lefebvre, D. Meyer, M. Feeley, N. Hutchinson, and A. Warfield, “Remus: High availability via asynchronous virtual machine replication,” in Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation (NSDI 2008). San Francisco, CA, USA: USENIX Association, 2008, pp. 161–174.
W. E. Smith, K. S. Trivedi, L. A. Tomek, and J. Ackaret, “Availability analysis of blade server systems,” IBM Systems Journal, vol. 47, no. 4, pp. 621–640, 2008.
A. Undheim, A. Chilwan, and P. Heegaard, “Differentiated availability in cloud computing slas,” in Proceedings of the 12th IEEE/ACM International Conference on Grid Computing (GRID 2011), Lyon, France, September 2011, pp. 129–136.
R. Jhawar, V. Piuri, and P. Samarati, “Supporting security requirements for resource management in cloud computing,” in Proceedings of the 15th IEEE International Conference on Computational Science and Engineering (CSE 2012), Paphos, Cyprus, December 2012, pp. 170–177.
Acknowledgements
The work presented in this chapter has been supported in part by the Office of Naval Research under award number N00014-12-1-0461, by Italian Ministry of Research within PRIN project “GenData 2020” (2010RTFWBH), and by the European Union under Integrated Project FP7-SEC-2012-312797 ABC gates for Europe.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer Science+Business Media New York
About this chapter
Cite this chapter
Albanese, M., Jajodia, S., Jhawar, R., Piuri, V. (2014). Securing Mission-Centric Operations in the Cloud. In: Jajodia, S., Kant, K., Samarati, P., Singhal, A., Swarup, V., Wang, C. (eds) Secure Cloud Computing. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-9278-8_11
Download citation
DOI: https://doi.org/10.1007/978-1-4614-9278-8_11
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4614-9277-1
Online ISBN: 978-1-4614-9278-8
eBook Packages: Computer ScienceComputer Science (R0)