Cloud Firewall Under Bursty and Correlated Data Traffic: A Theoretical Analysis
Abstract : Cloud firewalls stand as one of the major building blocks of the cloud security framework protecting the Virtual Private Infrastructure against attacks such as the Distributed Denial of Service (DDoS). In order to fully characterize the cloud firewall operation and gain actionable insights on the design of cloud security, performance models for the cloud firewall become imperative. In this paper, we propose a multi-dimensional Continuous-Time Markov Chain model for the cloud firewall that takes into account the burrstones and correlation features of the legitimate and malicious data traffic. By adopting the Markov-Modulated Poisson process (MMPP) and the Interrupted Poisson Process (IPP), we identify the workload conditions under which the cloud firewall might be subject to a loss of availability. Furthermore, by comparing the IPP and Poisson attacks, we numerically verify that the cloud firewall is inherently vulnerable to a burrstones-aware attack which might seriously compromise its operation. Additionally, we characterize the joint harmful impact of burrstones and correlation on the cloud firewall that might lead to performance degradation. Finally, we design an elastic cloud firewall by proposing a MMPP-driven load balancing procedure that provisions virtual firewalls dynamically while fulfilling a Service Level Agreement (SLA) latency specification.
The future of the Internet is predicted to be on the cloud, resulting in more complex and more intensive computing, but possibly also a more insecure digital world. The presence of a large amount of resources organized densely is a key factor in attracting DDoS attacks. Such attacks are arguably more dangerous in private individual clouds with limited resources.
In a cloud computing environment, the entire data is deployed over a set of networked resources, and such data can be accessed through virtual machines.
There is always a possibility of server breakdown that has been witnessed often in recent times.
This paper discusses several prominent approaches introduced to counter DDoS attacks in private clouds. We also discuss issues and challenges to mitigateDDoS attacks in private clouds.
A private cloud is designed to offer the same features and benefits of public cloud systems, usually with limited resources for maintaining the cloud environment.
A private cloud can be used by a company to store sensitive data internally and at the same time provide the advantages of cloud computing within their business infrastructure, such as on demand resource allocation as in ApacheCloudStack8, OpenStack9, VMware vCloud Suite10, etc.
|