Optimal early warning defense of N-version programming service against co-resident attacks in cloud system
作者: Gregory Levitin , Liudong Xing , Yanping Xiang
DOI: 10.1016/J.RESS.2020.106969
关键词: Virtual machine 、 Voting 、 Computer security 、 Optimization problem 、 Cloud computing 、 N-version programming 、 Block (data storage) 、 Warning system 、 Computer science 、 Service (business)
摘要: Abstract Due to the virtual machine co-resident architecture, cloud computing systems are vulnerable attacks (CRAs) where a malicious attacker may access and corrupt information of target user through co-locating their machines on same physical server. To defend against cyber threats such as CRA, early warning mechanisms have been developed with aim detect block an attack at nascent stage. In this paper, we study optimal strategy allocating resources CRAs for voting-based N-version programming (NVP) service running in cloud. A probabilistic model is proposed evaluate failure probability NVP program further expected cost loss considered service. Optimization problems co-determining numbers versions agents solved minimize loss. As demonstrated examples, resultant strategies can effectively allocate defense CRAs.
sci-hub.st 参考文章(46)
Martina Sättele, Michael Bründl, Daniel Straub, Reliability and effectiveness of early warning systems for natural hazards: concept and application to debris flow warning Reliability Engineering & System Safety. ,vol. 142, pp. 192- 202 ,(2015) , 10.1016/J.RESS.2015.05.003
Gloria Mainar-Ruiz, Marcus Peinado, Taesoo Kim, STEALTHMEM: system-level protection against cache-based side channel attacks in the cloud usenix security symposium. pp. 11- 11 ,(2012)
Thomas Ristenpart, Venkatanathan Varadarajan, Michael Swift, Scheduler-based defenses against cross-VM side-channels usenix security symposium. pp. 687- 702 ,(2014)
Smitha Sundareswaran, Anna C. Squcciarini, Detecting Malicious Co-resident Virtual Machines Indulging in Load-Based Attacks international conference on information and communication security. pp. 113- 124 ,(2013) , 10.1007/978-3-319-02726-5_9
Denis Nasonov, Nikolay Butakov, Hybrid Scheduling Algorithm in Early Warning Systems international conference on conceptual structures. ,vol. 29, pp. 1677- 1687 ,(2014) , 10.1016/J.PROCS.2014.05.153
Chaonan Wang, Liudong Xing, Honggang Wang, Yuanshun Dai, Zhaoyang Zhang, Performance Analysis of Media Cloud-Based Multimedia Systems With Retrying Fault-Tolerance Technique IEEE Systems Journal. ,vol. 8, pp. 313- 321 ,(2014) , 10.1109/JSYST.2013.2253042
Gregory Levitin, Kjell Hausken, Is it wise to leave some false targets unprotected Reliability Engineering & System Safety. ,vol. 112, pp. 176- 186 ,(2013) , 10.1016/J.RESS.2012.11.015
Si Yu, Xiaolin Gui, Jiancai Lin, An approach with two-stage mode to detect cache-based side channel attacks international conference on information networking. pp. 186- 191 ,(2013) , 10.1109/ICOIN.2013.6496374
Giorgia Lodi, Alexey Roytman, Leonardo Querzoni, Roberto Baldoni, Mirco Marchetti, Michele Colajanni, Vita Bortnikov, Gregory Chockler, Eliezer Dekel, Gennady Laventman, Defending financial infrastructures through early warning systems Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research Cyber Security and Information Intelligence Challenges and Strategies - CSIIRW '09. pp. 18- ,(2009) , 10.1145/1558607.1558628
Gregory Levitin, Kjell Hausken, Heidi A. Taboada, David W. Coit, Data survivability vs. security in information systems Reliability Engineering & System Safety. ,vol. 100, pp. 19- 27 ,(2012) , 10.1016/J.RESS.2011.12.015