Heterogeneous VM Replication: A New Approach to Intrusion Detection, Active Response and Recovery in Cloud Data Centers

Abstract

The goal of this program is to enable development of novel security methods to support future Air Force and Homeland Security in Cybersecurity enterprise. Developing the understanding and tools to build inherently secure software and to ensure the security of vast amounts of information flowing through relevant networks and information spaces are very germane to Air Force. One of the goals of AFOSR in information operations and security is to conduct research to develop new approaches to detection on intrusion, forensics, and active response and recovery from an attack on information systems. Tennessee State University is submitting a proposal to conduct research in developing H-VM-R (Heterogeneous VM Replication), a new approach to intrusion detection, active response, and recovery on servers in cloud data centers. Homogeneous VM replication is the state-of-the-art VM replication technology, but due to lack of artificial diversity, it is very limited in doing intrusion detection and active response. In contrast, H-VM-R does cost-effective intrusion detection by comparing heterogeneous VM images resulted from the same execution history, and cost-effective active response by proactively setting up standby VM replicas: migration from a compromised VM replica to a clean yet heterogeneous. VM replica is in fact the desired hot-start recovery. Our H-V-M-R research will address the specific USAF Cloud Computing requirements, such as scalable security monitoring, accountability, multi-abstraction isolation, security consolidation and elasticity.

Document Details

Document Type

Technical Report

Publication Date

Aug 17, 2015

Accession Number

ADA626370

Entities

Tags