Optimal early warning defense of N-version programming service against co-resident attacks in cloud system

Abstract

Due to the virtual machine co-resident architecture, cloud computing systems are vulnerable to co-resident attacks (CRAs) where a malicious attacker may access and corrupt information of a target user through co-locating their virtual machines on the same physical server. To defend against cyber threats such as the CRA, early warning mechanisms have been developed with the aim to detect and block an attack at a nascent stage. In this paper, we study the optimal strategy of allocating early warning resources to defend against CRAs for the voting-based N-version programming (NVP) service running in the cloud. A probabilistic model is proposed to evaluate the failure probability of the NVP service program and further the expected cost of loss for the considered service. Optimization problems of co-determining the optimal numbers of service program versions and early warning agents are further solved to minimize the expected cost of loss. As demonstrated through examples, the resultant optimal strategies can effectively allocate service and defense resources to defend the NVP cloud service against CRAs.