A Heuristic Algorithm for Minimizing Server Maintenance Time and Vulnerability Surface on Data Centers
As cyberattacks against the cloud become more frequent, operators must define efficient maintenance strategies to safeguard data centers. Existing maintenance strategies strive to minimize the maintenance duration and the number of migrations. However, such solutions overlook the period that servers wait for their update, which represents a vulnerability window that attackers can exploit. Accordingly, this study introduces a novel metric, Vulnerability Surface, which assesses maintenance strategies regarding servers' exposure. In addition, we present Salus, a heuristic that minimizes servers' exposure during maintenance. Experimental results show that Salus reduces the Vulnerability Surface by 19.44% compared to baseline strategies.
S. T. Zargar, J. Joshi, and D. Tipper, “A survey of defense mechanisms against distributed denial of service (ddos) ooding attacks,” IEEE communications surveys & tutorials, vol. 15, no. 4, pp. 2046–2069, 2013.
M. Lipp, M. Schwarz, D. Gruss, T. Prescher, W. Haas, A. Fogh, J. Horn, S. Mangard, P. Kocher, D. Genkin et al., “Meltdown: Reading kernel memory from user space,” in 27th USENIX Security Symposium, 2018, pp. 973–990.
P. Kocher, J. Horn, A. Fogh, D. Genkin, D. Gruss, W. Haas, M. Hamburg, M. Lipp, S. Mangard, T. Prescher et al., “Spectre attacks: Exploiting speculative execution,” in 2019 IEEE Symposium on Security and Privacy (SP). IEEE, 2019, pp. 1–19.
O. Ayoub, A. de Sousa, S. Mendieta, F. Musumeci, and M. Tornatore, “Online virtual machine evacuation for disaster resilience in inter-data center networks,” IEEE Transactions on Network and Service Management, 2021.
C. Ying, B. Li, X. Ke, and L. Guo, “Raven: Scheduling virtual machine migration during datacenter upgrades with reinforcement learning,” Mobile Networks and Applications, pp. 1–12, 2020.
L. Wang, H. V. Ramasamy, and R. E. Harper, “Scheduling physical machine maintenance on qualified clouds: What if migration is not allowed?” in 2020 IEEE 13th International Conference on Cloud Computing (CLOUD). IEEE, 2020, pp. 485–492.
A. Yazidi, F. Ung, H. Haugerud, and K. Begnum, “Affinity aware-scheduling of live migration of virtual machines under maintenance scenarios,” in 2019 IEEE Symposium on Computers and Communications (ISCC). IEEE, 2019, pp. 1–4.
R. W. Ahmad, A. Gani, S. H. A. Hamid, M. Shiraz, F. Xia, and S. A. Madani, “Virtual machine migration in cloud data centers: a review, taxonomy, and open research issues,” The Journal of Supercomputing, vol. 71, no. 7, pp. 2473–2515, 2015.