Building resilient cloud services using DDDAS and moving target defence

Abstract

It is widely accepted that we cannot build cloud systems that are free from vulnerabilities and cannot be penetrated or attacked. Our approach to address cloud security challenges is based on using the dynamic data driven application system (DDDAS) and moving target defence (MTD) strategies to develop resilient cloud services (RCS). The use of the MTD strategy makes it extremely difficult for an attacker to exploit existing vulnerabilities by varying different aspects of the system execution environment. By continuously changing the execution environment based on the DDDAS paradigm to meet the dynamic changes in system and application security requirements, we can reduce the attack surface and consequently, the attackers will have very limited time to figure out the current execution environment and what vulnerabilities are to be exploited. The DDDAS-based resilient cloud services (DRCS) implementation utilises the following capabilities: software behaviour encryption (SBE), replication, diversity, automated checkpointing and recovery.