Abstract
This paper puts forward a generic intrusion-avoidance architecture to be used for deploying web services on the cloud. The architecture, targeting the IaaS cloud providers, avoids intrusions by employing software diversity at various system levels and dynamically reconfiguring the cloud deployment environment. The paper studies intrusions caused by vulnerabilities of system software and discusses an approach allowing the system architects to decrease the risk of intrusions. This solution will also reduce the so-called system’s days-of-risk which is calculated as a time period of an increased security risk between the time when a vulnerability is publicly disclosed to the time when a patch is available to fix it.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Avizienis, A., Laprie, J.-C., Randell, B., Landwehr, C.: Basic Concepts and Taxonomy of Dependable and Secure Computing. IEEE Transactions on Dependable and Secure Computing 1(1), 11–33 (2004)
Cachin, C., Poritz, J.: Secure Intrusion Tolerant Replication on the Internet. In: Proc. International Conference on Dependable Systems and Networks, pp. 167–176 (2002)
VerÃssimo, P., Neves, N.F., Correia, M.: The Middleware Architecture of MAFTIA: A Blueprint. In: Proc. 3rd IEEE Survivability Workshop (2000)
Pal, P., Rubel, P., Atighetchi, M., et al.: An Architecture for Adaptive Intrusion-Tolerant Applications. Special Issue of Software: Practice and Experience on Experiences with Auto-adaptive and Reconfigurable Systems 36(11-12), 1331–1354 (2006)
Nguyen, Q.L., Sood, A.: Realizing S-Reliability for Services via Recovery-driven Intrusion Tolerance Mechanism. In: Proc. 4th Workshop on Recent Advances in Intrusion-Tolerant Systems (2010)
Chatzis, N., Popescu-Zeletin, R.: Special Issue on Detection and Prevention of Attacks and Malware. Journal of Information Assurance and Security 4(3), 292–300 (2009)
Raggad, B.: A Risk-Driven Intrusion Detection and Response System. International Journal of Computer Science and Network Security 12 (2005)
Valdes, A., Almgren, M., Cheung, S., Deswarte, Y., Dutertre, B., Levy, J., Saïdi, H., Stavridou, V., Uribe, T.E.: An Architecture for an Adaptive Intrusion-Tolerant Server. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2002. LNCS, vol. 2845, pp. 158–178. Springer, Heidelberg (2004)
Powell, D., Adelsbach, A., Randell, B., et al.: MAFTIA (Malicious- and Accidental-Fault Tolerance for Internet Applications). In: Proc. International Conference on Dependable Systems and Networks, vol. 35, pp. 32–35 (2001)
Ford, R., Thompson, H.H., Casteran, F.: Role Comparison Report – Web Server Role. Security Innovation Inc., p. 37 (2005), http://www.microsoft.com/windowsserver/compare/ReportsDetails.mspx?recid=31
Buyya, R., Broberg, J., Goscinskin, A.M. (eds.): Cloud Computing Principles and Paradigms, p. 664. Wiley, Chichester (2011)
Strigini, L., Avizienis, A.: Software Fault-Tolerance and Design Diversity: Past Experience and Future Evolution. In: Proc. 4th Int. Conf. on Computer Safety, Reliability and Security, pp. 167–172 (1985)
Jones, J.: Days-of-risk in 2006: Linux, Mac OS X, Solaris and Windows (2006), http://blogs.csoonline.com/days_of_risk_in_2006
Garcia, M., Bessani, A., Gashi, I., Neves, N., Obelheiro, R.: OS Diversity for Intrusion Tolerance: Myth or Reality? In: Proc. Performance and Dependability Symposium at the International Conference on Dependable Systems and Networks, pp. 383–394 (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gorbenko, A., Kharchenko, V., Tarasyuk, O., Romanovsky, A. (2011). Using Diversity in Cloud-Based Deployment Environment to Avoid Intrusions. In: Troubitsyna, E.A. (eds) Software Engineering for Resilient Systems. SERENE 2011. Lecture Notes in Computer Science, vol 6968. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24124-6_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-24124-6_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-24123-9
Online ISBN: 978-3-642-24124-6
eBook Packages: Computer ScienceComputer Science (R0)