Title :
Diversity in cloud systems through runtime and compile-time relocation
Author :
Kanter, Morgon ; Taylor, Stephen
Author_Institution :
Thayer Sch. of Eng., Dartmouth Coll., Hanover, NH, USA
Abstract :
Cloud computing has become popular in recent years due to the cost and resource savings associated with virtual machines using shared resources. Unfortunately, this mode of operation serves as a vulnerability amplifier because each computer executes multiple versions of the same operating code base carrying the same vulnerabilities. This paper explores techniques for the system´s run-time loader to generate diversity from a single binary source. In addition, we describe compile-time techniques that can augment and enhance the diversity gained through the run-time system alone. Collectively, the techniques randomize the code and data of the binary eliminating vulnerability amplification. Entropy is used as a measure of diversity and we explore the entropy gained by the techniques under several different assumptions concerning the attackers knowledge of the system. The techniques have been implemented into Bear, a from-scratch hypervisor and microkernel designed to run military cloud applications that require resilience.
Keywords :
cloud computing; military computing; resource allocation; Bear hypervisor; binary source; cloud computing; cloud systems diversity; compile-time relocation; cost savings; entropy; microkernel; military cloud applications; resource savings; runtime loader; shared resources; virtual machines; vulnerability amplification; vulnerability amplifier; Entropy; Geophysical measurement techniques; Ground penetrating radar; Kernel; Programming; Runtime; Virtual machine monitors; computer security; information security;
Conference_Titel :
Technologies for Homeland Security (HST), 2013 IEEE International Conference on
Conference_Location :
Waltham, MA
Print_ISBN :
978-1-4799-3963-3
DOI :
10.1109/THS.2013.6699037
