Cybersecurity Collaboratory

2013-2018

Cyberspace Threat Identification, Analysis and Proactive Response

Resilient Cloud Services (Hemayamini Kurra)

Abstract

Cloud Computing is emerging as a new paradigm that aims at delivering computing as a utility. For cloud computing to be fully adopted and effectively used it is important that the security mechanisms are robust and resilient to faults and attacks. Securing cloud applications and services is a challenging research problem because it involves many interdependent tasks including vulnerability scanning, application layer firewalls, configuration management, alert monitoring and analysis, source code analysis, and user identity management. Most of these challenges are due to the monoculture of cloud software and rapidly developing social networking technologies. Cloud computing integrates many technologies including virtualization, Web technologies, utility computing, and distributed data management, each with its own set of vulnerabilities. The adoption and proliferation of cloud computing will be severely impacted if cloud security is not adequately addressed. Traditional approaches to security will not work well in a cloud environment and it is widely believed that we cannot deliver cloud services that are 100% immune against cyber attacks and exploitations. Moving target defense approach is to create, evaluate and deploy mechanisms and strategies that are diverse, continually shift and change over time to increase the cost and complexity for the attackers, limit the exposures of vulnerabilities and opportunities for attack, and thus increase system resiliency. At the University of Arizona, we applied this technique to application level services and Storage level services. For the application level services we have multiple virtual machines, which are operating on diverse programming languages and operating systems, and are used to execute the application. Thus the execution time is divided in to multiple time windows and execution environment is hot shuffled. For the storage services, the keys are hot shuffled in time so that instead of long keys, short keys can be used for encryption which will improve the performance. This approach is tested on an IBM bladecenter private cloud that consists of 198 cores, where each core can run several virtual machines. The results show that the presented approach makes the environment resilient for attacks, with around only 7% overhead time. For the storage services, the results show that we can improve performance by 50% when we use a key length of 512 when compared with certificate technique that uses key length of 2048 bits.

A short bio

Hemayamini Kurra is a Masters student in Department of Electrical and Computer Engineering at the University of Arizona. She received her Bachelors degree in electronics engineering from Jawaharlal Nehru Technological University in 2012. She is a Graduate Research Assistant in Autonomic Computing Lab, University of Arizona. Her main areas of research are cyber security, storage systems security.

>> -- Slides (pdf) -- <<