Quantitative survivability evaluation of three virtual machine-based server architectures

Virtual machine-based services have become very popular in data centers and cloud computing in recent years. Efficient redundancy technology of virtual machine provides good availability for services; thus, it has become possible to provide continuous services even if the system suffers intrusions. So far, many intrusion tolerant server architectures have been developed based on virtual machine technology in academia and industry. Unfortunately, to the best of our knowledge, there is very little work done on evaluating the survivability of virtual machine-based server architectures in the literature. In this paper, we focus on analyzing and evaluating the survivability of three virtual machine-based architectures, which are load balance server architecture (LBSA), isolated component server architecture (ICSA), and Byzantine fault tolerant server architecture (BFTSA). As a reference, a traditional server cluster without virtual machines is also analyzed and compared. We model different architectures with Continuous Time Markov Chain (CTMC). We analyze the transient behaviors and steady states of different virtual machine-based architectures. Furthermore, the costs of the traditional server cluster and the virtual machine-based architectures are compared in terms of processing costs, memory costs, communication costs, and fail-safe fault tolerance. The results show that BFTSA has better survivability than LBSA and ICSA, but with longer time to reach the steady states and higher communication costs.

[1]  Sjouke Mauw,et al.  Foundations of Attack Trees , 2005, ICISC.

[2]  Farokh B. Bastani,et al.  An Early Reliability Assessment Model for Data-Flow Software Architectures , 2008, 2008 Mexican International Conference on Computer Science.

[3]  Kishor S. Trivedi,et al.  Performance And Reliability Analysis Of Computer Systems (an Example-based Approach Using The Sharpe Software , 1997, IEEE Transactions on Reliability.

[4]  William H. Sanders,et al.  Model-based evaluation: from dependability to security , 2004, IEEE Transactions on Dependable and Secure Computing.

[5]  William H. Sanders,et al.  Stochastic Activity Networks: Formal Definitions and Concepts , 2002, European Educational Forum: School on Formal Methods and Performance Analysis.

[6]  G. Yin,et al.  Continuous-Time Markov Chains and Applications: A Singular Perturbation Approach , 1997 .

[7]  Sushil Jajodia,et al.  Topological Vulnerability Analysis , 2010, Cyber Situational Awareness.

[8]  Sushil Jajodia,et al.  Cyber Situational Awareness - Issues and Research , 2009, Cyber Situational Awareness.

[9]  George Candea,et al.  Microreboot - A Technique for Cheap Recovery , 2004, OSDI.

[10]  Swapna S. Gokhale,et al.  Performance and Reliability Analysis ofWeb Server Software Architectures , 2006, 2006 12th Pacific Rim International Symposium on Dependable Computing (PRDC'06).

[11]  Scott Shenker,et al.  Diverse Replication for Single-Machine Byzantine-Fault Tolerance , 2008, USENIX Annual Technical Conference.

[12]  Xinming Ou,et al.  Identifying Critical Attack Assets in Dependency Attack Graphs , 2008, ESORICS.

[13]  Kishor S. Trivedi,et al.  Performance and Reliability Analysis of Computer Systems , 1996, Springer US.

[14]  William H. Sanders,et al.  Modeling and analysis of worm defense using stochastic activity networks , 2007, SpringSim '07.

[15]  Peng Liu,et al.  Evaluating survivability and costs of three virtual machine based server architectures , 2010, 2010 International Conference on Security and Cryptography (SECRYPT).

[16]  Peng Liu,et al.  Self-healing workflow systems under attacks , 2004, 24th International Conference on Distributed Computing Systems, 2004. Proceedings..

[17]  Andrew P. Moore,et al.  Attack Modeling for Information Security and Survivability , 2001 .

[18]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[19]  Karl N. Levitt,et al.  A framework for diversifying windows native APIs to tolerate code injection attacks , 2007, ASIACCS '07.

[20]  Ramakrishna Kotla,et al.  Zyzzyva: speculative byzantine fault tolerance , 2007, TOCS.

[21]  Fred B. Schneider,et al.  Independence from obfuscation: a semantic framework for diversity , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[22]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[23]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[24]  Sushil Jajodia,et al.  Efficient minimum-cost network hardening via exploit dependency graphs , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[25]  Kishor S. Trivedi SHARPE 2002: Symbolic Hierarchical Automated Reliability and Performance Evaluator , 2002, Proceedings International Conference on Dependable Systems and Networks.