Gerenciamento Autonômico de Capacidade em Face de Ataques de Segurança
Resumo
Nesse trabalho apresentamos uma extensão do nosso arcabouço de gerenciamento de capacidade tornando-o robusto a ataques de segurança. Em um cenário no qual múltiplas aplicações são hospedadas em uma infraestrutura compartilhada, nossos modelos de desempenho e otimização foram extendidos para minimizar o impacto dos ataques de segurança no lucro do servidor e no QoS das aplicações. Vários cenários e estratégias baseadas em SLAs dinâmicos foram formulados para descobrir os principais compromissos de custos e desempenho, considerando tanto os interesses do provedor quanto do cliente.
Referências
Abraham, B. and Ledolter, J. (1983). Statistical Methods for Forecasting. John Wiley and Sons.
Abrahão, B., Almeida, V., Almeida, J., et al. (2006). Self-Adaptive SLA-Driven Capacity Management for Internet Services. In Proc. IEEE/IFIP NOMS, Vancouver, Canada.
Almeida, J., Almeida, V., et al. (2006). Resource Management in the Autonomic Service-Oriented Architecture. In Proc. 3rd IEEE ICAC, Dublin, Ireland.
B. Urgaonkar, et al. (2005). Dynamic Provisioning of Multi-tier Internet Applications. In Proc. 2nd IEEE ICAC, Seattle, WA.
Barham, P. et al. (2003). Xen and the Art of Virtualization. In Proc. 19th ACM SOSP, Bolton Landing, NY.
Crosby, S. et al. (2003). Denial of Service via Algorithmic Complexity Attacks. In Proc. 12th USENIX Sec. Symp., Washington, DC.
Cunha, Í., Almeida, J., Almeida, V., and Santos, M. (2007). Gerenciamento de Capacidade Auto-Adaptativo para Ambientes Virtualizados Multicamadas. In Proc. SBRC, Belém, Brasil.
Cunha, Í., Viana, I., Palotti, J., Almeida, J., and Almeida, V. (2008). Analyzing Security and Energy Tradeoffs in Autonomic Capacity Management. In Proc. IEEE/IFIP NOMS, Salvador, Brazil.
Gelenbe, E. and Loukas, G. (2007). A Self-Aware Approach to Denial of Service Defence. Computer Networks, 51(5).
Hussain, A. et al. (2003). A Framework for Classifying Denial of Service Attacks. In Proc. ACM SIGCOMM, Karlsruhe, Germany.
Kandula, S. et al. (2005). Botz-4-Sale: Surviving Organized DDoS Attacks That Mimic Flash Crowds. In Proc. 2nd NSDI, Boston, MA.
Kleinrock, L. (1975). Queueing Systems. John Wiley and Sons.
Lesk, M. (2007). The New Front Line: Estonia under Cyberassault. IEEE Security & Privacy, 5(4).
Menascé, D. and Bennani, M. (2006). Autonomic Virtualized Environments. In Proc. 2nd IEEE ICAS, Silicon Valley, CA.
Mirkovic, J. and Reiher, P. (2004). A Taxonomy of DDoS Attack and DDoS Defense Mechanisms. Comp. Comm. Rev., 34(2).
Perros, H. and Elsayed, K. (2003). Call Admission Control Schemes: A Review. IEEE Communications Magazine, 34(11).
Popovici, F. and Wilkes, J. (2005). Profitable Services in an Uncertain World. In Proc. ACM/IEEE SC, Seattle, WA.
Walfish, M. et al. (2006). DDoS Defense by Offense. In Proc. ACM SIGCOMM, Pisa, Italy.
Abrahão, B., Almeida, V., Almeida, J., et al. (2006). Self-Adaptive SLA-Driven Capacity Management for Internet Services. In Proc. IEEE/IFIP NOMS, Vancouver, Canada.
Almeida, J., Almeida, V., et al. (2006). Resource Management in the Autonomic Service-Oriented Architecture. In Proc. 3rd IEEE ICAC, Dublin, Ireland.
B. Urgaonkar, et al. (2005). Dynamic Provisioning of Multi-tier Internet Applications. In Proc. 2nd IEEE ICAC, Seattle, WA.
Barham, P. et al. (2003). Xen and the Art of Virtualization. In Proc. 19th ACM SOSP, Bolton Landing, NY.
Crosby, S. et al. (2003). Denial of Service via Algorithmic Complexity Attacks. In Proc. 12th USENIX Sec. Symp., Washington, DC.
Cunha, Í., Almeida, J., Almeida, V., and Santos, M. (2007). Gerenciamento de Capacidade Auto-Adaptativo para Ambientes Virtualizados Multicamadas. In Proc. SBRC, Belém, Brasil.
Cunha, Í., Viana, I., Palotti, J., Almeida, J., and Almeida, V. (2008). Analyzing Security and Energy Tradeoffs in Autonomic Capacity Management. In Proc. IEEE/IFIP NOMS, Salvador, Brazil.
Gelenbe, E. and Loukas, G. (2007). A Self-Aware Approach to Denial of Service Defence. Computer Networks, 51(5).
Hussain, A. et al. (2003). A Framework for Classifying Denial of Service Attacks. In Proc. ACM SIGCOMM, Karlsruhe, Germany.
Kandula, S. et al. (2005). Botz-4-Sale: Surviving Organized DDoS Attacks That Mimic Flash Crowds. In Proc. 2nd NSDI, Boston, MA.
Kleinrock, L. (1975). Queueing Systems. John Wiley and Sons.
Lesk, M. (2007). The New Front Line: Estonia under Cyberassault. IEEE Security & Privacy, 5(4).
Menascé, D. and Bennani, M. (2006). Autonomic Virtualized Environments. In Proc. 2nd IEEE ICAS, Silicon Valley, CA.
Mirkovic, J. and Reiher, P. (2004). A Taxonomy of DDoS Attack and DDoS Defense Mechanisms. Comp. Comm. Rev., 34(2).
Perros, H. and Elsayed, K. (2003). Call Admission Control Schemes: A Review. IEEE Communications Magazine, 34(11).
Popovici, F. and Wilkes, J. (2005). Profitable Services in an Uncertain World. In Proc. ACM/IEEE SC, Seattle, WA.
Walfish, M. et al. (2006). DDoS Defense by Offense. In Proc. ACM SIGCOMM, Pisa, Italy.
Publicado
12/07/2008
Como Citar
VIANA, Itamar; PALOTTI, João; CUNHA, Ítalo; ALMEIDA, Jussara; ALMEIDA, Virgílio.
Gerenciamento Autonômico de Capacidade em Face de Ataques de Segurança. In: CONCURSO DE TRABALHOS DE INICIAÇÃO CIENTÍFICA DA SBC (CTIC-SBC), 27. , 2008, Belém/PA.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2008
.
p. 21-30.
