Rafael R. Obelheiro

OS diversity for intrusion tolerance: Myth or reality?

One of the key benefits of using intrusion-tolerant systems is the possibility of ensuring correct behavior in the presence of attacks and intrusions. These security gains are directly dependent on the components exhibiting failure diversity. To what extent failure diversity is observed in practical deployment depends on how diverse are the components that constitute the system. In this paper we present a study with operating systems (OS) vulnerability data from the NIST National Vulnerability Database. We have analyzed the vulnerabilities of 11 different OSes over a period of roughly 15 years, to check how many of these vulnerabilities occur in more than one OS. We found this number to be low for several combinations of OSes. Hence, our analysis provides a strong indication that building a system with diverse OSes may be a useful technique to improve its intrusion tolerance capabilities.

Analysis of operating system diversity for intrusion tolerance

One of the key benefits of using intrusion‐tolerant systems is the possibility of ensuring correct behavior in the presence of attacks and intrusions. These security gains are directly dependent on the components exhibiting failure diversity. To what extent failure diversity is observed in practical deployment depends on how diverse are the components that constitute the system. In this paper, we present a study with operating systems (OSs) vulnerability data from the NIST National Vulnerability Database (NVD). We have analyzed the vulnerabilities of 11 different OSs over a period of 18 years, to check how many of these vulnerabilities occur in more than one OS. We found this number to be low for several combinations of OSs. Hence, although there are a few caveats on the use of NVD data to support definitive conclusions, our analysis shows that by selecting appropriate OSs, one can preclude (or reduce substantially) common vulnerabilities from occurring in the replicas of the intrusion‐tolerant system. Copyright

The FOREVER service for fault/intrusion removal

This paper introduces FOREVER, a novel service that can be used to enhance the resilience of replicated systems, namely those exposed to malicious attacks. The main objective of FOREVER is to remove faults and intrusions that may happen during system execution, and such removal is done by combining both evolution and recovery techniques. The paper presents (i.) the challenges that systems exposed to malicious attacks need to address, and (ii.) how FOREVER can be used to tackle these challenges.

Customer-oriented diagnosis of memory provisioning for IaaS clouds

Infrastructure-as-a-service clouds enable customers to use computing resources in a flexible manner to satisfy their needs, and pay only for the allocated resources. One challenge for IaaS customers is the correct provisioning of their resources. Many users end up underprovisioning, hurting application performance, or overprovisioning, paying for resources that are not really necessary. Memory is an essential resource for any computing system, and is frequently a nperformance-limiting factor in cloud environments. In this work, we propose a model that enables cloud customers to determine whether the memory allocated to their virtual machines is correctly provisioned, underprovisioned, or overprovisioned. The model uses two metrics collected inside a VM, resident and committed memory, and defines thresholds for these metrics that characterize each provisioning level. Experimental results with Linux guests on Xen, running four benchmarks with different workloads and varying memory capacity, show that the model was able to accurately diagnose memory provisioning in 98% of the scenarios evaluated.

FOREVER: Fault/intrusiOn REmoVal through Evolution & Recovery

The goal of the FOREVER project is to develop a service for Fault/intrusiOn REmoVal through Evolution & Recovery. In order to achieve this goal, our work addresses three main tasks: the definition of the FOREVER service architecture; the analysis of how diversity techniques can improve resilience; and the evaluation of the FOREVER service. The FOREVER service is an important contribution to intrustion-tolerant replication middleware and significantly enhances the resilience.

DReAM - a distributed result-aware monitor for Network Functions Virtualization

Network Functions Virtualization (NFV) is a key technology to reduce management costs as well as to improve scalability and elasticity of computer networks. Still, recent research efforts have been exposing additional management challenges. Concerning monitoring in particular, new types of entities and requirements are underexploited. To address these issues, we propose DReAM, a resource management architecture based on management by delegation and distributed monitoring, where each agent runs a diagnostic model to compute the network service state. In this paper, we describe DReAMs proposed architecture and its major components. We also discuss the feasibility of DReAM through experimental and analytical evaluations, where we observed application throughput, CPU utilization, communication overhead, scalability, and diagnosis complexity. We provide a trade-off analysis on the monitoring strategies in NFV scenarios. Our results indicate that a result-aware strategy is a better option when the monitored environment has more than 256 agents or when the diagnosis module induces at least 10% of CPU utilization.

An architecture for synchronising cloud file storage and organisation repositories

ABSTRACT Cloud computing providers have disseminated dynamic storage provisioning delivered to end users as on-demand services. Although cloud file storage and sharing has become popular among home users, the access requirements, performance expectations and usage characteristics are different for organisations, and were not originally considered by popular applications and tools for synchronising files between cloud providers and local repositories. Moreover, multisite organisations traditionally have legacy file storage and wide-area networking solutions to support their business systems. Typically, the file repositories are replicated between sites using private communication links. The combination of legacy storage solutions interconnected through private links with cloud-based file storage is a challenging task. In this context, this paper introduces Cloud4NetOrg, a client architecture for cloud file storage and multisite repository synchronisation. We implemented prototypes of this architecture that interact with two popular cloud file services (DropBox and OneDrive), and the experimental results indicate a promising application in collaborative environments with several LANs. Indeed, Cloud4NetOrg decreases the synchronisation time and the total data transferred from/to cloud repositories by using the organisation repositories as a hierarchical cache system. Cloud4NetOrg is proposed for geographically distributed organisations composed of dynamic and temporary collaborative groups. The interaction between employees is based on file sharing. Commonly, sites are interconnected by a private network and have an internal data storage repository. A single site can have multiple subnetworks to interconnect the collaborative groups. In addition, home-office users collaborate through the Internet, usually using size-limited storage devices. GRAPHICAL ABSTRACT

Diagnosing Memory Provisioning in IaaS Clouds

Infrastructure-as-a-service (IaaS) clouds enable customers to allocate computing resources in a flexible manner to satisfy their needs, and pay only for the allocated resources. One of the challenges for IaaS customers is the correct provisioning of their resources. Many users end up under provisioning, hurting application performance, or over provisioning, paying for resources that are not really necessary. Memory is an essential resource for any computing system, and is frequently a performance-limiting factor in cloud environments. Our work uses monitoring to enable a cloud customer to determine if the memory allocated to his virtual machines is correctly provisioned, under provisioned, or over provisioned. Experimental results with the Xen platform demonstrate the effectiveness of the proposed approach.