IDEAS home Printed from https://ideas.repec.org/a/eee/reensy/v201y2020ics0951832019311949.html
   My bibliography  Save this article

Optimal early warning defense of N-version programming service against co-resident attacks in cloud system

Author

Listed:
  • Levitin, Gregory
  • Xing, Liudong
  • Xiang, Yanping

Abstract

Due to the virtual machine co-resident architecture, cloud computing systems are vulnerable to co-resident attacks (CRAs) where a malicious attacker may access and corrupt information of a target user through co-locating their virtual machines on the same physical server. To defend against cyber threats such as the CRA, early warning mechanisms have been developed with the aim to detect and block an attack at a nascent stage. In this paper, we study the optimal strategy of allocating early warning resources to defend against CRAs for the voting-based N-version programming (NVP) service running in the cloud. A probabilistic model is proposed to evaluate the failure probability of the NVP service program and further the expected cost of loss for the considered service. Optimization problems of co-determining the optimal numbers of service program versions and early warning agents are further solved to minimize the expected cost of loss. As demonstrated through examples, the resultant optimal strategies can effectively allocate service and defense resources to defend the NVP cloud service against CRAs.

Suggested Citation

  • Levitin, Gregory & Xing, Liudong & Xiang, Yanping, 2020. "Optimal early warning defense of N-version programming service against co-resident attacks in cloud system," Reliability Engineering and System Safety, Elsevier, vol. 201(C).
    • Handle: RePEc:eee:reensy:v:201:y:2020:i:c:s0951832019311949
    DOI: 10.1016/j.ress.2020.106969
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S0951832019311949
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.ress.2020.106969?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Sättele, Martina & Bründl, Michael & Straub, Daniel, 2015. "Reliability and effectiveness of early warning systems for natural hazards: Concept and application to debris flow warning," Reliability Engineering and System Safety, Elsevier, vol. 142(C), pages 192-202.
    2. Levitin, Gregory & Hausken, Kjell, 2013. "Is it wise to leave some false targets unprotected?," Reliability Engineering and System Safety, Elsevier, vol. 112(C), pages 176-186.
    3. Peng, R. & Zhai, Q.Q. & Levitin, G., 2016. "Defending a single object against an attacker trying to detect a subset of false targets," Reliability Engineering and System Safety, Elsevier, vol. 149(C), pages 137-147.
    4. Luo, Liang & Xing, Liudong & Levitin, Gregory, 2019. "Optimizing dynamic survivability and security of replicated data in cloud systems under co-residence attacks," Reliability Engineering and System Safety, Elsevier, vol. 192(C).
    5. Levitin, Gregory & Hausken, Kjell & Taboada, Heidi A. & Coit, David W., 2012. "Data survivability vs. security in information systems," Reliability Engineering and System Safety, Elsevier, vol. 100(C), pages 19-27.
    6. Chen Peng & Maochao Xu & Shouhuai Xu & Taizhong Hu, 2017. "Modeling and predicting extreme cyber attack rates via marked point processes," Journal of Applied Statistics, Taylor & Francis Journals, vol. 44(14), pages 2534-2563, October.
    7. Xing, Liudong & Levitin, Gregory, 2017. "Balancing theft and corruption threats by data partition in cloud system with independent server protection," Reliability Engineering and System Safety, Elsevier, vol. 167(C), pages 248-254.
    8. Levitin, Gregory & Xing, Liudong & Dai, Yuanshun, 2018. "Co-residence based data vulnerability vs. security in cloud computing system with random server assignment," European Journal of Operational Research, Elsevier, vol. 267(2), pages 676-686.
    9. Levitin, Gregory & Xing, Liudong & Xiang, Yanping, 2020. "Optimization of time constrained N-version programming service components with competing task execution and version corruption processes," Reliability Engineering and System Safety, Elsevier, vol. 193(C).
    10. Chen, Die & Xu, Maochao & Shi, Weidong, 2018. "Defending a cyber system with early warning mechanism," Reliability Engineering and System Safety, Elsevier, vol. 169(C), pages 224-234.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Zhao, Xian & Chai, Xiaofei & Sun, Jinglei & Qiu, Qingan, 2021. "Optimal bivariate mission abort policy for systems operate in random shock environment," Reliability Engineering and System Safety, Elsevier, vol. 205(C).
    2. Li, Yijia & Hu, Xiaoxiao & Zhao, Peng, 2021. "On the reliability of a voting system under cyber attacks," Reliability Engineering and System Safety, Elsevier, vol. 216(C).
    3. Levitin, Gregory & Xing, Liudong & Dai, Yuanshun, 2022. "Co-residence based data theft game in cloud system with virtual machine replication and cancellation," Reliability Engineering and System Safety, Elsevier, vol. 222(C).
    4. Levitin, Gregory & Xing, Liudong & Dai, Yanshun, 2021. "Security and reliability of N-version cloud-based task solvers with individual version cancellation under data theft attacks," Reliability Engineering and System Safety, Elsevier, vol. 216(C).
    5. Lin, Chen & Xiao, Hui & Peng, Rui & Xiang, Yisha, 2021. "Optimal defense-attack strategies between M defenders and N attackers: A method based on cumulative prospect theory," Reliability Engineering and System Safety, Elsevier, vol. 210(C).

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Levitin, Gregory & Xing, Liudong & Dai, Yuanshun, 2022. "Co-residence based data theft game in cloud system with virtual machine replication and cancellation," Reliability Engineering and System Safety, Elsevier, vol. 222(C).
    2. Levitin, Gregory & Xing, Liudong & Xiang, Yanping, 2021. "Minimization of Expected User Losses Considering Co-resident Attacks in Cloud System with Task Replication and Cancellation," Reliability Engineering and System Safety, Elsevier, vol. 214(C).
    3. Zhang, Xiaoyu & Xu, Maochao & Da, Gaofeng & Zhao, Peng, 2021. "Ensuring confidentiality and availability of sensitive data over a network system under cyber threats," Reliability Engineering and System Safety, Elsevier, vol. 214(C).
    4. Levitin, Gregory & Xing, Liudong & Dai, Yanshun, 2021. "Security and reliability of N-version cloud-based task solvers with individual version cancellation under data theft attacks," Reliability Engineering and System Safety, Elsevier, vol. 216(C).
    5. Luo, Liang & Xing, Liudong & Levitin, Gregory, 2019. "Optimizing dynamic survivability and security of replicated data in cloud systems under co-residence attacks," Reliability Engineering and System Safety, Elsevier, vol. 192(C).
    6. Levitin, Gregory & Xing, Liudong & Xiang, Yanping, 2020. "Optimization of time constrained N-version programming service components with competing task execution and version corruption processes," Reliability Engineering and System Safety, Elsevier, vol. 193(C).
    7. Xing, Liudong & Levitin, Gregory, 2017. "Balancing theft and corruption threats by data partition in cloud system with independent server protection," Reliability Engineering and System Safety, Elsevier, vol. 167(C), pages 248-254.
    8. Peng, Rui & Xiao, Hui & Guo, Jianjun & Lin, Chen, 2020. "Optimal defense of a distributed data storage system against hackers’ attacks," Reliability Engineering and System Safety, Elsevier, vol. 197(C).
    9. Gregory Levitin & Liudong Xing & Hong‐Zhong Huang, 2019. "Security of Separated Data in Cloud Systems with Competing Attack Detection and Data Theft Processes," Risk Analysis, John Wiley & Sons, vol. 39(4), pages 846-858, April.
    10. Heping Jia & Rui Peng & Yi Ding & Changzheng Shao, 2020. "Reliability analysis of distributed storage systems considering data loss and theft," Journal of Risk and Reliability, , vol. 234(2), pages 303-321, April.
    11. Wu, Di & Yan, Xiangbin & Peng, Rui & Wu, Shaomin, 2020. "Risk-attitude-based defense strategy considering proactive strike, preventive strike and imperfect false targets," Reliability Engineering and System Safety, Elsevier, vol. 196(C).
    12. Wu, Di & Xiao, Hui & Peng, Rui, 2018. "Object defense with preventive strike and false targets," Reliability Engineering and System Safety, Elsevier, vol. 169(C), pages 76-80.
    13. Zhang, Xiaoxiong & Ye, Yanqing & Tan, Yuejin, 2020. "How to protect a genuine target against an attacker trying to detect false targets," Physica A: Statistical Mechanics and its Applications, Elsevier, vol. 553(C).
    14. Zhang, Xiaoxiong & Ding, Song & Ge, Bingfeng & Xia, Boyuan & Pedrycz, Witold, 2021. "Resource allocation among multiple targets for a defender-attacker game with false targets consideration," Reliability Engineering and System Safety, Elsevier, vol. 211(C).
    15. Levitin, Gregory & Xing, Liudong & Dai, Yuanshun, 2018. "Co-residence based data vulnerability vs. security in cloud computing system with random server assignment," European Journal of Operational Research, Elsevier, vol. 267(2), pages 676-686.
    16. Chen, Die & Xu, Maochao & Shi, Weidong, 2018. "Defending a cyber system with early warning mechanism," Reliability Engineering and System Safety, Elsevier, vol. 169(C), pages 224-234.
    17. Peng, Rui & Xiao, Hui & Guo, Jianjun & Lin, Chen, 2020. "Defending a parallel system against a strategic attacker with redundancy, protection and disinformation," Reliability Engineering and System Safety, Elsevier, vol. 193(C).
    18. Gao, Kaiye & Yan, Xiangbin & Liu, Xiang-dong & Peng, Rui, 2019. "Object defence of a single object with preventive strike of random effect," Reliability Engineering and System Safety, Elsevier, vol. 186(C), pages 209-219.
    19. Han, Zhong & Tian, Liting & Cheng, Lin, 2021. "A deducing-based reliability optimization for electrical equipment with constant failure rate components duration their mission profile," Reliability Engineering and System Safety, Elsevier, vol. 212(C).
    20. Bose, Gautam & Konrad, Kai A., 2020. "Devil take the hindmost: Deflecting attacks to other defenders," Reliability Engineering and System Safety, Elsevier, vol. 204(C).

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:reensy:v:201:y:2020:i:c:s0951832019311949. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/reliability-engineering-and-system-safety .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.