Using diversity in cloud-based deployment environment to avoid intrusions

Authors:
Anatoliy Gorbenko;Vyacheslav Kharchenko;Olga Tarasyuk;Alexander Romanovsky
Affiliations:
Department of Computer Systems and Networks, National Aerospace University, Kharkiv, Ukraine;Department of Computer Systems and Networks, National Aerospace University, Kharkiv, Ukraine;Department of Computer Systems and Networks, National Aerospace University, Kharkiv, Ukraine;School of Computing Science, Newcastle University, Newcastle upon Tyne, UK
Venue:
SERENE'11 Proceedings of the Third international conference on Software engineering for resilient systems
Year:
2011

Citing 6
Cited 0

Secure Intrusion-tolerant Replication on the Internet

DSN '02 Proceedings of the 2002 International Conference on Dependable Systems and Networks
Basic Concepts and Taxonomy of Dependable and Secure Computing

IEEE Transactions on Dependable and Secure Computing
An architecture for adaptive intrusion-tolerant applications: Experiences with Auto-adaptive and Reconfigurable Systems

Software—Practice & Experience
Realizing S-Reliability for services via recovery-driven intrusion tolerance mechanism

DSNW '10 Proceedings of the 2010 International Conference on Dependable Systems and Networks Workshops (DSN-W)
Cloud Computing Principles and Paradigms

Cloud Computing Principles and Paradigms
OS diversity for intrusion tolerance: Myth or reality?

DSN '11 Proceedings of the 2011 IEEE/IFIP 41st International Conference on Dependable Systems&Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper puts forward a generic intrusion-avoidance architecture to be used for deploying web services on the cloud. The architecture, targeting the IaaS cloud providers, avoids intrusions by employing software diversity at various system levels and dynamically reconfiguring the cloud deployment environment. The paper studies intrusions caused by vulnerabilities of system software and discusses an approach allowing the system architects to decrease the risk of intrusions. This solution will also reduce the so-called system's days-of-risk which is calculated as a time period of an increased security risk between the time when a vulnerability is publicly disclosed to the time when a patch is available to fix it.