EVALUATING SURVIVABILITY AND COSTS OF THREE VIRTUAL MACHINE BASED SERVER ARCHITECTURES

Meng Yu, Alex Hai Wang, Wanyu Zang, Peng Liu

Abstract

Virtual machine based services are becoming predominant in data centers or cloud computing since virtual machines can provide strong isolation and better monitoring for security purposes. While there are many promising security techniques based on virtual machines, it is not clear how significant the difference between various system architectures can be in term of survivability. In this paper, we analyze the survivability of three virtual machine based architectures — load balancing architecture, isolated service architecture, and BFT architecture. Both the survivability based on the availability and the survivability under sustained attacks for each architecture are analyzed. Furthermore, the costs of each architecture are compared. The results show that even if the same set of commercial off the shell (COTS) software are used, the performance of various service architectures are largely different in surviving attacks. Our results can be used as guidelines in the service architecture design when survivability to attacks is important.

References

  1. Alvisi, L., Malkhi, D., Pierce, E., and Reiter, M. K. (2001). Fault detection for byzantine quorum systems. IEEE Transactions on Parallel and Distributed Systems, 12(9):996-1007.
  2. Bernstein, P. A., Hadzilacos, V., and Goodman, N. (1987). Concurrency Control and Recovery in Database Systems. Addison-Wesley, Reading, MA.
  3. Castro, M. (2001). Practical Byzantine Fault Tolerance. PhD thesis, Department of Electrical Engineering and Computer Science, Massachusetts Institute of Technology. Also as Technical Report MIT/LCS/TR-817.
  4. Castro, M. and Liskov, B. (1999). Practical byzantine fault tolerance. In The Third Symposium on Operating Systems Design and Implementation (OSDI 7899), pages 173-186, New Orleans, USA.
  5. Chun, B.-G., Maniatis, P., and Shenker, S. (2008). Diverse replication for single-machine byzantine-fault tolerance. In ATC'08: USENIX 2008 Annual Technical Conference on Annual Technical Conference, pages 287-292, Berkeley, CA, USA. USENIX Association.
  6. Gokhale, S. S., Vandal, P. J., and Lu, J. (2006). Performance and reliability analysis ofweb server software architectures. In PRDC 7806: Proceedings of the 12th Pacific Rim International Symposium on Dependable Computing, pages 351-358, Washington, DC, USA. IEEE Computer Society.
  7. Jajodia, S. and Mutchler, D. (1990). Dynamic voting algorithms for maintaining the consistency of a replicated database. ACM Trans. Database Syst., 15(2):230-280.
  8. Kotla, R., Alvisi, L., Dahlin, M., Clement, A., and Wong, E. (2007). Zyzzyva: speculative byzantine fault tolerance. SIGOPS Oper. Syst. Rev., 41(6):45-58.
  9. Malkhi, D. and Reiter, M. (1998). Byzantine quorum system. Distributed Computing, 11(4):203-213.
  10. Marsan, M. A. (1990). Stochastic Petri nets: an elementary introduction, pages 1-29. Springer-Verlag New York, Inc., New York, NY, USA.
  11. Mauw, S. and Oostdijk, M. (2005). Foundations of attack trees. In International Conference on Information Security and Cryptology ICISC 2005. LNCS 3935, pages 186-198. Springer.
  12. Nicol, D. M., Sanders, W. H., and Trivedi, K. S. (2004). Model-based evaluation: From dependability to security. IEEE Transactions on Dependable and Secure Computing, 1(1):48-65.
  13. Padilla, G., Gao, T., Yen, I.-L., Bastani, F., and de Oca, C. M. (2008). An early reliability assessment model for data-flow software architectures. Mexican International Conference on Computer Science, 0:9-19.
  14. Sahner, R. A., Trivedi, K. S., and Puliafito, A. (1996a). Performance and Reliability Analysis of Computer Systems. Kluwer Academic Publishers, Norwell, Massachusetts, USA.
  15. Sahner, R. A., Trivedi, K. S., and Puliafito, A. (1996b). Performance and reliability analysis of computer systems: an example-based approach using the SHARPE software package. Kluwer Academic Publishers, Norwell, MA, USA.
  16. Sanders, W. H., S, W. H., and Meyer, J. F. (2001). Stochastic activity networks: Formal definitions and concepts.
  17. Sawilla, R. E. and Ou, X. (2008). Identifying critical attack assets in dependency attack graphs. In ESORICS 7808: Proceedings of the 13th European Symposium on Research in Computer Security, pages 18-34, Berlin, Heidelberg. Springer-Verlag.
  18. Schneider, F. B. (1990). Implementing fault tolerant services using the state machine approach: A tutorial. ACM Computing Surveys, 22(4).
  19. Seguin, J., Sergeant, G., and Wilms, P. (1979). A majority consensus algorithm for the consistency of duplicated and distributed information. In IEEE International Conference on Distributed Computing Systems, pages 617-624, New York.
  20. Tijms, H. C. (1994). Stochastic Models. Wiley series in probability and mathematical statistics. John Wiley & Son, New York, NY, USA.
Download


Paper Citation


in Harvard Style

Yu M., Hai Wang A., Zang W. and Liu P. (2010). EVALUATING SURVIVABILITY AND COSTS OF THREE VIRTUAL MACHINE BASED SERVER ARCHITECTURES . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010) ISBN 978-989-8425-18-8, pages 478-485. DOI: 10.5220/0002994604780485


in Bibtex Style

@conference{secrypt10,
author={Meng Yu and Alex Hai Wang and Wanyu Zang and Peng Liu},
title={EVALUATING SURVIVABILITY AND COSTS OF THREE VIRTUAL MACHINE BASED SERVER ARCHITECTURES},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010)},
year={2010},
pages={478-485},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002994604780485},
isbn={978-989-8425-18-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010)
TI - EVALUATING SURVIVABILITY AND COSTS OF THREE VIRTUAL MACHINE BASED SERVER ARCHITECTURES
SN - 978-989-8425-18-8
AU - Yu M.
AU - Hai Wang A.
AU - Zang W.
AU - Liu P.
PY - 2010
SP - 478
EP - 485
DO - 10.5220/0002994604780485