Resilient Dynamic Data Driven Application Systems (rDDDAS)

Abstract

There is a growing interest in Cloud Computing for delivering computing as a utility. Security in Cloud Computing is a challenging research problem because it involves many interdependent tasks including vulnerability scanning, application layer firewalls, configuration management, alert monitoring and analysis, source code analysis, and user identity management. It is widely accepted that we cannot build software and computing systems that are free from vulnerabilities and cannot be penetrated or attacked. Consequently, there is a strong interest in resilience approach because of its potential to address the cybersecurity challenges. Our is based on using the Dynamic Data Driven Application System (DDDAS) and Moving Target Defence (MTD) strategies to develop resilient DDDAS. The Resilient Applications utilize the following capabilities: Software Behaviour Encryption (SBE), Replication, Diversity, Automated Checkpointing and Recovery. Software Behaviour Encryption employs spatiotemporal behaviour encryption and a moving target defence to make active software components change their implementations and their resources randomly and consequently evade attackers. Diversity and random execution is achieved by “hot” shuffling multiple functionally- equivalent, behaviourally-different software versions at runtime (This encryption of the execution environment will make it extremely difficult for an attack to disrupt the normal operations of a cloud application. Also, the dynamic change in the execution environment will hide the software flaws that would otherwise be exploited by a cyberattacker. Checkpointing is used to save the current state of the task to a reliable storage and thus enabling rollback recovery if it is required to tolerate cyberattacks and mitigate their impacts. We use the Compiler for Portable Checkpointing (CPPC), a tool for automatically inserting portable checkpoints into the code.We also evaluate the performance and overhead of running three applications in our rDDDAS environment. Our experimental results show that the rDDDAS environment can be used to develop resilient cloud applications are resilient against attacks with around 7% in execution time overhead.