Nature-inspired survivability: Prey-inspired survivability countermeasures for cloud computing security challenges

As cloud computing environments become complex, adversaries have become highly sophisticated and unpredictable. Moreover, they can easily increase attack power and persist longer before detection. Uncertain malicious actions, latent risks, Unobserved or Unobservable risks (UUURs) characterise this new threat domain. This thesis proposes prey-inspired survivability to address unpredictable security challenges borne out of UUURs. While survivability is a well-addressed phenomenon in non-extinct prey animals, applying prey survivability to cloud computing directly is challenging due to contradicting end goals. How to manage evolving survivability goals and requirements under contradicting environmental conditions adds to the challenges. To address these challenges, this thesis proposes a holistic taxonomy which integrate multiple and disparate perspectives of cloud security challenges. In addition, it proposes the TRIZ (Teorija Rezbenija Izobretatelskib Zadach) to derive prey-inspired solutions through resolving contradiction. First, it develops a 3-step process to facilitate interdomain transfer of concepts from nature to cloud. Moreover, TRIZ’s generic approach suggests specific solutions for cloud computing survivability. Then, the thesis presents the conceptual prey-inspired cloud computing survivability framework (Pi-CCSF), built upon TRIZ derived solutions. The framework run-time is pushed to the user-space to support evolving survivability design goals. Furthermore, a target-based decision-making technique (TBDM) is proposed to manage survivability decisions. To evaluate the prey-inspired survivability concept, Pi-CCSF simulator is developed and implemented. Evaluation results shows that escalating survivability actions improve the vitality of vulnerable and compromised virtual machines (VMs) by 5% and dramatically improve their overall survivability. Hypothesis testing conclusively supports the hypothesis that the escalation mechanisms can be applied to enhance the survivability of cloud computing systems. Numeric analysis of TBDM shows that by considering survivability preferences and attitudes (these directly impacts survivability actions), the TBDM method brings unpredictable survivability information closer to decision processes. This enables efficient execution of variable escalating survivability actions, which enables the Pi-CCSF’s decision system (DS) to focus upon decisions that achieve survivability outcomes under unpredictability imposed by UUUR

Survivability analogy for cloud computing

As cloud computing has become the most popular computing platform, and cloud-based applications a commonplace, the methods and mechanisms used to ensure their survivability is increasingly becoming paramount. One of the prevalent trends in recent times is a turn to nature for inspiration in developing and supporting highly survivable environments. This paper aims to address the problems of survivability in cloud environments through inspiration from nature. In particular, the community metaphor in nature's predator-prey systems where autonomous individuals' local decisions focus on ensuring the global survival of the community. Thus, we develop analogies for survivability in cloud computing based on a range of mechanisms which we view as key determinants of prey's survival against predation. For this purpose we investigate some predator-prey systems that will form the basis for our analogical designs. Furthermore, due to a lack of a standardized definition of survivability, we propose a unified definition for survivability, which emphasizes as imperative, a high level of proactiveness to thwart black swan events, as well as high capacity to respond to insecurity in a timely and appropriate manner, inspired by prey's avoidance and anti-predation approaches. © 2017 IEEE

Cloud computing security taxonomy: From an atomistic to a holistic view

Countless discussions around security challenges affecting cloud computing are often large textual accounts, which can be cumbersome to read and prone to misinterpretation. The growing reliance on cloud computing means that not only should we focus on evaluating its security challenges but devote greater attention towards how challenges are viewed and communicated. With many cloud computing implementations in use and a growing evolution of the cloud paradigm (including fog, edge and cloudlets), comprehending, correlating and classifying diverse perspectives to security challenges increasingly becomes critical. Current classifications are only suited for limited use; both as effective tools for research and countermeasures design. The taxonomic approach has been used as a modeling technique towards classifying concepts across many domains. This paper surveys multiple perspectives of cloud security challenges and systematically develops corresponding graphical taxonomy based upon meta-synthesis of important cloud security concepts in literature. The contributions and significance of this work are as follows: (1) a holistic view simplifies visualization for the reader by providing illustrative graphics of existing textual perspectives, highlighting entity relationships among cloud entities/players thereby exposing security areas at every layer of the cloud. (2) a holistic taxonomy that facilitates the design of enforcement or corrective countermeasures based upon the source or origin of a security incident. (3) a holistic taxonomy highlights security boundary and identifies apt areas to implement security countermeasures

Cloud computing security taxonomy: From an atomistic to a holistic view

International audienc

A Bio-inspired Approach to Cyber Security

Owing to a growing reliance on information, technology and connectivity, Cyberspace has become the lifeline and interactive place for modern life. As such, Cyber security challenges are a global phenomenon whose adverse implications are catastrophic. Cyberspace is complex and unpredictable; its global connectedness and an explosion of data increases the threat surface as cyber infrastructures become highly complex and dynamic. Managing, i.e. ensuring and assuring security in cyberspace requires inspiration from advanced complex systems. Through evolution, nature has developed natural propensities in complex systems (including animalia and plants) that enable survival through adaptation. Predation-avoidance and anti-predation techniques employed by non-extinct preys could be exploited/adopted as mechanisms for adaptation through their application in Cyber security. This chapter presents an overall review of the current state of the Cyber security landscape. In addition, it demonstrates through further review, significant trends towards bio-inspired approaches as unconventional solutions to problems in other fields. Drawing from survivable preys in nature, the chapter speculates solutions for Cyberspace and Cyber security as follows; given an old problem (Pold) with an old solutions (Sold), a new problem (Pnew) can be conceptualized with new partial and perhaps null solutions (Snew) in the solutions space Sold to Snew. Keywords: Bio-inspired, Artificial Life, Cyber security, Cyberdefense, Autonomic Computing, Survivability, Cloud Computing, Machine Learning, Predator-Prey

Virtual Environments Testing as a Cloud Service: A Methodology for Protecting and Securing Virtual Infrastructures

International audienc

Virtual Environments Testing as a Cloud service: A Methodology for Protecting and Securing Virtual Infrastructures

Testing is a vital component of the system development life cycle. As information systems infrastructure move from native computing to cloud-based and virtualized platforms, it becomes necessary to evaluate their effectiveness to ensure completion of organisational goals. However, the complexity and scale of virtualized environments makes this process difficult. Additionally, inherited and novel issues further complicate this process, while relatively high costs can be constraining. Enabling service driven environments to provide this evaluation is therefore beneficial for both providers and users. No such complete service offering currently exists. This paper is therefore aimed to benefit industry and academia involved in areas involved with cloud-based testing of virtualized software and its environments. A review of current literature highlights a number of challenges in the domain. An analysis of the challenges aided in deriving requirements for developing a servitisation framework for Virtual Infrastructure Testing as a Service. It is anticipated that this framework can further feedback into developing solutions to the aforementioned challenges. An evaluation of a real-world organisation’s servitization requirements case scenario indicates that the proposed framework provides potential solutions for associated use cases