Cloud resiliency and security via diversified replica execution and monitoring

摘要

The Information Technology industry heavily relies on the cloud computing paradigm for large-scale infrastructures, and more military and critical infrastructure systems are moving towards cloud platforms as well. Leveraging the cloud can reduce the total cost of ownership and allocates resources on demand in order to cope with load. Two key expectations when shifting to cloud-based services are availability and security. However, recent outages with major Platform as a Service (PaaS) providers reportedly widely in the press have proven that even a cloud platform cannot provide perfect availability. In addition, a 2013 Defense Science Board report on “Cyber Security and Reliability in a Digital Cloud” finds that while some security practices can be improved in a cloud environment, some threats are different or exacerbated. In this paper we present an approach to leverage the elasticity and on-demand provisioning features of the cloud to improve resilience to availability concerns and common attacks. Our approach utilizes diversification of lightweight virtualized application servers for redundancy and protection against both application errors and network-based attacks.