skip to main content
10.1145/2602087.2602116acmotherconferencesArticle/Chapter ViewAbstractPublication PagescisrcConference Proceedingsconference-collections
research-article

Diverse virtual replicas for improving intrusion tolerance in cloud

Published: 08 April 2014 Publication History

Abstract

Intrusion tolerance is important for services in cloud to continue functioning while under attack. Byzantine fault-tolerant replication is considered a fundamental component of intrusion tolerant systems. However, the monoculture of replicas can render the theoretical properties of Byzantine fault-tolerant system ineffective, even when proactive recovery techniques are employed. This paper exploits the design diversity available from off-the-shelf operating system products and studies how to diversify the configurations of virtual replicas for improving the resilience of the service in the presence of attacks. A game-theoretic model is proposed for studying the optimal diversification strategy for the system defender and an efficient algorithm is designed to approximate the optimal defense strategies in large games.

References

[1]
M. Garcia, A. Bessani, and N. Neves, "Diverse OS Rejuvenation for Intrusion Tolerance," In Supplement of the International Conference on Dependable Systems and Networks (DSN), Hong Kong, China, 4 pages, June 2011.
[2]
T. Distler, I. Popov, W. Schröder-Preikschat, H. Reiser, R. Kapitza, "SPARE: Replicas on Hold," Proceedings of the Network and Distributed System Security Symposium, San Diego, California, USA, 6--9 February 2011.
[3]
L. Lamport, R. Shostak, M. Pease, "The Byzantine Generals Problem," ACM Trans. Program. Lang. Syst., 4(3): 382--401, 1982.
[4]
M. Castro and B. Liskov, "Practical byzantine fault tolerance and proactive recovery," ACM Trans. Comput. Syst., 20(4): 398--461, 2002.
[5]
I. Gashi, P. Popov, L. Strigini, "Fault Tolerance via Diversity for Off-the-Shelf Products: A Study with SQL Database Servers," IEEE Trans. Dependable Sec. Comput., 4(4): 280--294, 2007.
[6]
A. Avižienis and L. Chen, "On the implementation of N-version programming for software fault tolerance during execution," IEEE International Computer Software and Applications Conference, 1977.
[7]
S. Mitra, N. Saxena, E. McCluskey, "A Design Diversity Metric and Analysis of Redundant Systems," IEEE Trans. Computers, 51(5): 498--510, 2002.
[8]
M. Garcia, A. Bessani, I. Gashi, N. Neves, R. Obelheiro, "OS diversity for intrusion tolerance: Myth or reality?," In Proceedings of the 2011 IEEE/IFIP International Conference on Dependable Systems and Networks, Hong Kong, China, June 27--30 2011: 383--394.
[9]
National Vulnerability Database: http://nvd.nist.gov/.
[10]
J. von Neumann, "Zur Theorie der Gesellschaftsspiele," Mathematische Annalen, 100:295--320, 1927.
[11]
V. Conitzer and T. Sandholm, "Computing the Optimal Strategy to Commit to," 7th ACM Conference on Electronic Commerce, Ann Arbor, Michigan, USA, June 11--15, 2006.
[12]
R. Lipton and N. Young, "Simple Strategies for Large Zero-Sum Games with Applications to Complexity Theory," Proceedings of the 26th Annual ACM Symposium on Theory of Computing, May 23--25, 1994, Montréal, Canada.
[13]
S. Bopardikar, A. Borri, J. Hespanha, M. Prandini, M. Di Benedetto, "Randomized sampling for large zero-sum games," Automatica, 49(5): 1184--1194, 2013.

Cited By

View all
  • (2024)Intrusion Tolerance for Networked Systems through Two-Level Feedback Control2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58291.2024.00042(338-352)Online publication date: 24-Jun-2024
  • (2023)Skynet: a Cyber-Aware Intrusion Tolerant Overseer2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume (DSN-S)10.1109/DSN-S58398.2023.00034(111-116)Online publication date: Jun-2023
  • (2022)Dynamic System Diversification for Securing Cloud-based IoT SubnetworksACM Transactions on Autonomous and Adaptive Systems10.1145/354735017:1-2(1-23)Online publication date: 11-Jul-2022
  • Show More Cited By

Index Terms

  1. Diverse virtual replicas for improving intrusion tolerance in cloud

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Other conferences
    CISR '14: Proceedings of the 9th Annual Cyber and Information Security Research Conference
    April 2014
    134 pages
    ISBN:9781450328128
    DOI:10.1145/2602087
    Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

    Sponsors

    • Los Alamos National Labs: Los Alamos National Labs
    • CEDS: DOE Cybersecurity for Energy Delivery Systems
    • Sandia National Labs: Sandia National Laboratories
    • DOE: Department of Energy
    • Oak Ridge National Laboratory
    • Lawrence Livermore National Lab.: Lawrence Livermore National Laboratory
    • BERKELEYLAB: Lawrence National Berkeley Laboratory
    • CSL: DOE Cyber Sciences Laboratory
    • Argonne Natl Lab: Argonne National Lab
    • Pacific Northwest National Laboratory
    • TTP: DHS Transition to Practice
    • Nevada National Security Site: Nevada National Security Site

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 08 April 2014

    Check for updates

    Author Tags

    1. diversity
    2. intrusion tolerance
    3. virtual replica

    Qualifiers

    • Research-article

    Conference

    CISR' '14
    Sponsor:
    • Los Alamos National Labs
    • CEDS
    • Sandia National Labs
    • DOE
    • Lawrence Livermore National Lab.
    • BERKELEYLAB
    • CSL
    • Argonne Natl Lab
    • TTP
    • Nevada National Security Site

    Acceptance Rates

    CISR '14 Paper Acceptance Rate 32 of 50 submissions, 64%;
    Overall Acceptance Rate 69 of 136 submissions, 51%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)0
    • Downloads (Last 6 weeks)0
    Reflects downloads up to 19 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2024)Intrusion Tolerance for Networked Systems through Two-Level Feedback Control2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58291.2024.00042(338-352)Online publication date: 24-Jun-2024
    • (2023)Skynet: a Cyber-Aware Intrusion Tolerant Overseer2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume (DSN-S)10.1109/DSN-S58398.2023.00034(111-116)Online publication date: Jun-2023
    • (2022)Dynamic System Diversification for Securing Cloud-based IoT SubnetworksACM Transactions on Autonomous and Adaptive Systems10.1145/354735017:1-2(1-23)Online publication date: 11-Jul-2022
    • (2021)On the reliability of a voting system under cyber attacksReliability Engineering & System Safety10.1016/j.ress.2021.107996216(107996)Online publication date: Dec-2021
    • (2020)On Resilience in Cloud ComputingACM Computing Surveys10.1145/338892253:3(1-36)Online publication date: 28-May-2020
    • (2020)Negative Feedback Dynamic Scheduling Algorithm based on Mimic Defense in Cloud Environment2020 IEEE 6th International Conference on Computer and Communications (ICCC)10.1109/ICCC51575.2020.9345169(2265-2270)Online publication date: 11-Dec-2020
    • (2019)Scientific workflow execution system based on mimic defense in the cloud environmentFrontiers of Information Technology & Electronic Engineering10.1631/FITEE.180062119:12(1522-1536)Online publication date: 10-Jan-2019
    • (2017)Optimal Cluster Expansion-Based Intrusion Tolerant System to Prevent Denial of Service AttacksApplied Sciences10.3390/app71111867:11(1186)Online publication date: 17-Nov-2017
    • (2017)Perspectives on Resilience in Cloud Computing: Review and Trends2017 IEEE/ACS 14th International Conference on Computer Systems and Applications (AICCSA)10.1109/AICCSA.2017.221(696-703)Online publication date: Oct-2017
    • (2017)Obfuscation and Diversification for Securing Cloud ComputingEnterprise Security10.1007/978-3-319-54380-2_8(179-202)Online publication date: 19-Mar-2017
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media