Toward Intrusion Tolerant Clouds

A DARPA/I2O grant (October 2011 - September 2015) to Johns Hopkins University, Purdue University and University of Virginia. A component of the DARPA Mission-Oriented Resilient Clouds (MRC) program. Principal Investigator: Yair Amir. Subcontract PIs: Cristina Nita-Rotaru, Michael Franz.

Overview

Cloud computing offers a new, cost-effective approach for running the nation's IT infrastructure. As critical services move to a relatively small number of large distributed systems, ensuring the availability, reliability, and security of those systems becomes essential. Our experience has shown that a scalable, highly-available cloud system requires consistent replicated global state and a distributed messaging system that connects the cloud components. However, there is a large gap between today's cloud systems and a truly resilient cloud architecture; this gap is the vulnerability to intrusions. The systems in use today were not designed to withstand sophisticated attackers who may successfully compromise one or more machines in the system. Modern cloud systems are generally composed of homogeneous hosts on the widely accessible Internet. Because these systems are on the Internet, they are subject to attack. However, today's systems typically rely on perimeter defenses and implicitly trust all hosts in the system; an attacker who is able to gain access to a single host can cause serious damage throughout the system. Moreover, the homogeneity of the hosts means that the same exploit will be effective against all of them, so even if hosts are not implicitly trusted, a determined attacker can compromise a large fraction of the system and do considerable damage. A resilient cloud must continue to function correctly and perform well under sophisticated attacks, including when the system is partially compromised. However, the algorithms and tools needed to build consistent global state and distributed messaging systems that meet this requirement do not exist in practice. Our goal in this project is to invent, develop, and transition the replication and messaging tools necessary to make public and private clouds resilient to sophisticated intrusion attacks. The proposed plan includes:

Students

Johns Hopkins University: Daniel Obenshain, Tom Tantillo, Amy Babay.
Purdue University: Andrew Newell, Jeff Seibert, Endadul Hoque, Sebastian Moreno.
University of California, Irvine: Andrei Homescu, Stephen Crane, Steven Neisius.

Results and Current Activities

Presentations

Distributed Systems and Networks Lab
Computer Science Department, Johns Hopkins University
207 Malone Hall
3400 North Charles Street
Baltimore, MD 21218