TY - JOUR
T1 - Resilient Dynamic Data Driven Application Systems (rDDDAS)
AU - Dsouza, Glynis
AU - Hariri, Salim
AU - Al-Nashif, Youssif
AU - Rodriguez, Gabriel
N1 - Funding Information: This work is partially supported by AFOSR DDDAS award number FA95550-12-1-0241, and National Science Foundation research projects NSF IIP-0758579, NCS-0855087 and IIP-1127873.
PY - 2013
Y1 - 2013
N2 - There is a growing interest in Cloud Computing for delivering computing as a utility. Security in Cloud Computing is a challenging research problem because it involves many interdependent tasks including vulnerability scanning, application layer firewalls, configuration management, alert monitoring and analysis, source code analysis, and user identity management. It is widely accepted that we cannot build software and computing systems that are free from vulnerabilities and cannot be penetrated or attacked. Consequently, there is a strong interest in resilience approach because of its potential to address the cybersecurity challenges. Our is based on using the Dynamic Data Driven Application System (DDDAS) and Moving Target Defence (MTD) strategies to develop resilient DDDAS. The Resilient Applications utilize the following capabilities: Software Behaviour Encryption (SBE), Replication, Diversity, Automated Checkpointing and Recovery. Software Behaviour Encryption employs spatiotemporal behaviour encryption and a moving target defence to make active software components change their implementations and their resources randomly and consequently evade attackers. Diversity and random execution is achieved by "hot" shuffling multiple functionally- equivalent, behaviourally-different software versions at runtime (This encryption of the execution environment will make it extremely difficult for an attack to disrupt the normal operations of a cloud application. Also, the dynamic change in the execution environment will hide the software flaws that would otherwise be exploited by a cyberattacker. Checkpointing is used to save the current state of the task to a reliable storage and thus enabling rollback recovery if it is required to tolerate cyberattacks and mitigate their impacts. We use the Compiler for Portable Checkpointing (CPPC), a tool for automatically inserting portable checkpoints into the code. We also evaluate the performance and overhead of running three applications in our rDDDAS environment. Our experimental results show that the rDDDAS environment can be used to develop resilient cloud applications are resilient against attacks with around 7% in execution time overhead.
AB - There is a growing interest in Cloud Computing for delivering computing as a utility. Security in Cloud Computing is a challenging research problem because it involves many interdependent tasks including vulnerability scanning, application layer firewalls, configuration management, alert monitoring and analysis, source code analysis, and user identity management. It is widely accepted that we cannot build software and computing systems that are free from vulnerabilities and cannot be penetrated or attacked. Consequently, there is a strong interest in resilience approach because of its potential to address the cybersecurity challenges. Our is based on using the Dynamic Data Driven Application System (DDDAS) and Moving Target Defence (MTD) strategies to develop resilient DDDAS. The Resilient Applications utilize the following capabilities: Software Behaviour Encryption (SBE), Replication, Diversity, Automated Checkpointing and Recovery. Software Behaviour Encryption employs spatiotemporal behaviour encryption and a moving target defence to make active software components change their implementations and their resources randomly and consequently evade attackers. Diversity and random execution is achieved by "hot" shuffling multiple functionally- equivalent, behaviourally-different software versions at runtime (This encryption of the execution environment will make it extremely difficult for an attack to disrupt the normal operations of a cloud application. Also, the dynamic change in the execution environment will hide the software flaws that would otherwise be exploited by a cyberattacker. Checkpointing is used to save the current state of the task to a reliable storage and thus enabling rollback recovery if it is required to tolerate cyberattacks and mitigate their impacts. We use the Compiler for Portable Checkpointing (CPPC), a tool for automatically inserting portable checkpoints into the code. We also evaluate the performance and overhead of running three applications in our rDDDAS environment. Our experimental results show that the rDDDAS environment can be used to develop resilient cloud applications are resilient against attacks with around 7% in execution time overhead.
KW - Cloud computing
KW - DDDAS
KW - Moving target defense
KW - Resilience applications
KW - Software behavior encryption
UR - http://www.scopus.com/inward/record.url?scp=84896956793&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84896956793&partnerID=8YFLogxK
U2 - 10.1016/j.procs.2013.05.362
DO - 10.1016/j.procs.2013.05.362
M3 - Conference article
SN - 1877-0509
VL - 18
SP - 1929
EP - 1938
JO - Procedia Computer Science
JF - Procedia Computer Science
T2 - 13th Annual International Conference on Computational Science, ICCS 2013
Y2 - 5 June 2013 through 7 June 2013
ER -