Mitigando Ataques de Egoísmo e Negação de Serviço em Nuvens via Agrupamento de Aplicações
Abstract
Cloud computing is a model where tenants consume on-demand hardware and software resources from a remote provider. However, the sharing of the internal network by all tenants, combined to the lack of data flow isolation due to the use of TCP and UDP, allows the occurrence of selfish and denial of service attacks. The current allocation algorithms do not prevent the availability of network resources to be affected by such attacks. In this paper, we propose a strategy for the allocation of tenants applications, which aims at mitigating the impact of selfish and denial of service attacks in the cloud internal network. The key, novel idea is to group applications into virtual infrastructures considering the mutual trust between pairs of tenants. Evaluation results show that the proposed strategy is able to offer protection against attacks of selfishness and DoS with little or no extra cost.References
Abts, D. and Felderman, B. (2012). A guided tour of data-center networking. Commun. ACM, 55(6):44–51.
Al-Fares, M., Loukissas, A., and Vahdat, A. (2008). A scalable, commodity data center network architecture. In Proceedings of the ACM SIGCOMM 2008 conference on Data communication, SIGCOMM ’08, pages 63–74, New York, NY, USA. ACM.
Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., and Zaharia, M. (2010). A view of cloud computing. Commun. ACM, 53:50–58.
Ballani, H., Costa, P., Karagiannis, T., and Rowstron, A. (2011). Towards predictable datacenter networks. In Proceedings of the ACM SIGCOMM 2011 conference on SIGCOMM, SIGCOMM ’11, pages 242–253, New York, NY, USA. ACM.
Breitgand, D. and Epstein, A. (2012). Improving Consolidation of Virtual Machines with Risk-aware Bandwidth Oversubscription in Compute Clouds. In Proceedings of the 31th conference on Information communications, INFOCOM’12, Piscataway, NJ, USA. IEEE Press.
Chowdhury, N., Rahman, M., and Boutaba, R. (2009). Virtual network embedding with coordinated node and link mapping. In INFOCOM 2009, IEEE, pages 783–791.
Costa, R. B. and Carmo, L. F. R. C. (2007). Avaliação de Confiança Contextual em Grades Computacionais Multímodo usando Plataformas Seguras. In VII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, SBSeg 2007, pages 173–185.
Goel, A. and Indyk, P. (1999). Stochastic load balancing and related problems. In Foundations of Computer Science, 1999. 40th Annual Symposium on, pages 579–586.
Greenberg, A., Hamilton, J., Maltz, D. A., and Patel, P. (2008). The cost of a cloud: research problems in data center networks. SIGCOMM Comput. Commun. Rev., 39(1):68–73.
Greenberg, A., Hamilton, J. R., Jain, N., Kandula, S., Kim, C., Lahiri, P., Maltz, D. A., Patel, P., and Sengupta, S. (2009). Vl2: a scalable and flexible data center network. In Proceedings of the ACM SIGCOMM 2009 conference on Data communication, SIGCOMM ’09, pages 51–62, New York, NY, USA. ACM.
Grobauer, B., Walloschek, T., and Stocker, E. (2011). Understanding Cloud Computing Vulnerabilities. Security Privacy, IEEE, 9(2):50–57.
Guo, C., Lu, G., Wang, H. J., Yang, S., Kong, C., Sun, P., Wu, W., and Zhang, Y. (2010). Secondnet: a data center network virtualization architecture with bandwidth guarantees. In Proceedings of the 6th International Conference, Co-NEXT ’10, pages 15:1–15:12, New York, NY, USA. ACM.
Jensen, M., Schwenk, J., Gruschka, N., and Iacono, L. L. (2009). On Technical Security Issues in Cloud Computing. In Cloud Computing, 2009. CLOUD ’09. IEEE International Conference on, pages 109–116.
Kitsos, I., Papaioannou, A., Tsikoudis, N., and Magoutis, K. (2012). Adapting data-intensive workloads to generic allocation policies in cloud infrastructures. In Network Operations and Management Symposium (NOMS), 2012 IEEE, pages 25 –33.
Lam, T. and Varghese, G. (2010). NetShare: Virtualizing Bandwidth within the Cloud. Technical report cs2010-0957, University of California.
Liu, H. (2010). A new form of DOS attack in a cloud and its avoidance mechanism. In Proceedings of the 2010 ACM workshop on Cloud computing security workshop, CCSW ’10, pages 65–76, New York, NY, USA. ACM.
Meng, X., Pappas, V., and Zhang, L. (2010). Improving the scalability of data center networks with trafficaware virtual machine placement. In Proceedings of the 29th conference on Information communications, INFOCOM’10, pages 1154–1162, Piscataway, NJ, USA. IEEE Press.
Ristenpart, T., Tromer, E., Shacham, H., and Savage, S. (2009). Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM conference on Computer and communications security, CCS ’09, pages 199–212, New York, NY, USA. ACM.
Shieh, A., Kandula, S., Greenberg, A., Kim, C., and Saha, B. (2011). Sharing the data center network. In Proceedings of the 8th USENIX conference on Networked systems design and implementation, NSDI’11, pages 23–23, Berkeley, CA, USA. USENIX Association.
Wang, M., Meng, X., and Zhang, L. (2011). Consolidating virtual machines with dynamic bandwidth demand in data centers. In INFOCOM, 2011 Proceedings IEEE, pages 71 –75.
Zimmermann, P. R. (1995). The official PGP user’s guide. MIT Press, Cambridge, MA, USA.
Al-Fares, M., Loukissas, A., and Vahdat, A. (2008). A scalable, commodity data center network architecture. In Proceedings of the ACM SIGCOMM 2008 conference on Data communication, SIGCOMM ’08, pages 63–74, New York, NY, USA. ACM.
Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., and Zaharia, M. (2010). A view of cloud computing. Commun. ACM, 53:50–58.
Ballani, H., Costa, P., Karagiannis, T., and Rowstron, A. (2011). Towards predictable datacenter networks. In Proceedings of the ACM SIGCOMM 2011 conference on SIGCOMM, SIGCOMM ’11, pages 242–253, New York, NY, USA. ACM.
Breitgand, D. and Epstein, A. (2012). Improving Consolidation of Virtual Machines with Risk-aware Bandwidth Oversubscription in Compute Clouds. In Proceedings of the 31th conference on Information communications, INFOCOM’12, Piscataway, NJ, USA. IEEE Press.
Chowdhury, N., Rahman, M., and Boutaba, R. (2009). Virtual network embedding with coordinated node and link mapping. In INFOCOM 2009, IEEE, pages 783–791.
Costa, R. B. and Carmo, L. F. R. C. (2007). Avaliação de Confiança Contextual em Grades Computacionais Multímodo usando Plataformas Seguras. In VII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, SBSeg 2007, pages 173–185.
Goel, A. and Indyk, P. (1999). Stochastic load balancing and related problems. In Foundations of Computer Science, 1999. 40th Annual Symposium on, pages 579–586.
Greenberg, A., Hamilton, J., Maltz, D. A., and Patel, P. (2008). The cost of a cloud: research problems in data center networks. SIGCOMM Comput. Commun. Rev., 39(1):68–73.
Greenberg, A., Hamilton, J. R., Jain, N., Kandula, S., Kim, C., Lahiri, P., Maltz, D. A., Patel, P., and Sengupta, S. (2009). Vl2: a scalable and flexible data center network. In Proceedings of the ACM SIGCOMM 2009 conference on Data communication, SIGCOMM ’09, pages 51–62, New York, NY, USA. ACM.
Grobauer, B., Walloschek, T., and Stocker, E. (2011). Understanding Cloud Computing Vulnerabilities. Security Privacy, IEEE, 9(2):50–57.
Guo, C., Lu, G., Wang, H. J., Yang, S., Kong, C., Sun, P., Wu, W., and Zhang, Y. (2010). Secondnet: a data center network virtualization architecture with bandwidth guarantees. In Proceedings of the 6th International Conference, Co-NEXT ’10, pages 15:1–15:12, New York, NY, USA. ACM.
Jensen, M., Schwenk, J., Gruschka, N., and Iacono, L. L. (2009). On Technical Security Issues in Cloud Computing. In Cloud Computing, 2009. CLOUD ’09. IEEE International Conference on, pages 109–116.
Kitsos, I., Papaioannou, A., Tsikoudis, N., and Magoutis, K. (2012). Adapting data-intensive workloads to generic allocation policies in cloud infrastructures. In Network Operations and Management Symposium (NOMS), 2012 IEEE, pages 25 –33.
Lam, T. and Varghese, G. (2010). NetShare: Virtualizing Bandwidth within the Cloud. Technical report cs2010-0957, University of California.
Liu, H. (2010). A new form of DOS attack in a cloud and its avoidance mechanism. In Proceedings of the 2010 ACM workshop on Cloud computing security workshop, CCSW ’10, pages 65–76, New York, NY, USA. ACM.
Meng, X., Pappas, V., and Zhang, L. (2010). Improving the scalability of data center networks with trafficaware virtual machine placement. In Proceedings of the 29th conference on Information communications, INFOCOM’10, pages 1154–1162, Piscataway, NJ, USA. IEEE Press.
Ristenpart, T., Tromer, E., Shacham, H., and Savage, S. (2009). Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM conference on Computer and communications security, CCS ’09, pages 199–212, New York, NY, USA. ACM.
Shieh, A., Kandula, S., Greenberg, A., Kim, C., and Saha, B. (2011). Sharing the data center network. In Proceedings of the 8th USENIX conference on Networked systems design and implementation, NSDI’11, pages 23–23, Berkeley, CA, USA. USENIX Association.
Wang, M., Meng, X., and Zhang, L. (2011). Consolidating virtual machines with dynamic bandwidth demand in data centers. In INFOCOM, 2011 Proceedings IEEE, pages 71 –75.
Zimmermann, P. R. (1995). The official PGP user’s guide. MIT Press, Cambridge, MA, USA.
Published
2012-11-19
How to Cite
MARCON, Daniel Stefani; NEVES, Miguel Cardoso; OLIVEIRA, Rodrigo Ruas; BURIOL, Luciana Salete; GASPARY, Luciano Paschoal; BARCELLOS, Marinho Pilla.
Mitigando Ataques de Egoísmo e Negação de Serviço em Nuvens via Agrupamento de Aplicações. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 12. , 2012, Curitiba.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2012
.
p. 154-167.
DOI: https://doi.org/10.5753/sbseg.2012.20543.
