Minimizing the Impact of Denial of Service Attacks on a Virtualized Cloud Adel Abusitta, PhD Student (First year) Supervisors: Pr. Martine Bellaiche and.

Slides:



Advertisements
Similar presentations
Virtual Switching Without a Hypervisor for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton)
Advertisements

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
Application of Bayesian Network in Computer Networks Raza H. Abedi.
Kenichi Kourai (Kyushu Institute of Technology) Takeshi Azumi (Tokyo Institute of Technology) Shigeru Chiba (Tokyo University) A Self-protection Mechanism.
Green Cloud Computing Hadi Salimi Distributed Systems Lab, School of Computer Engineering, Iran University of Science and Technology,
Securing The Cloud What is the Cloud? How do you lock it down? Kevin King - Senior Technical Instructor ● Infrastructructure/Cloud Consulting | MCT CCSI.
Application Models for utility computing Ulrich (Uli) Homann Chief Architect Microsoft Enterprise Services.
Diagnosis on Computational Grids for Detecting Intelligent Cheating Nodes Felipe Martins Rossana M. Andrade Aldri L. dos Santos Bruno SchulzeJosé N. de.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
12/6/2010CS Andrew Bates - UCCS1 Intrusion Detection and Advanced Persistent Threats CS 591 Andrew Bates University of Colorado at Colorado Springs.
Authors: Thomas Ristenpart, et at.
Agenda Who needs an Architect? Cloud and Security Key Security Differences in Private Cloud Cloud Security Challenges Secondary to Essential Characteristics.
Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.
By- Jaideep Moses, Ravi Iyer , Ramesh Illikkal and
Virtual Machine Security Summer 2013 Presented by: Rostislav Pogrebinsky.
5205 – IT Service Delivery and Support
Exploiting Virtualization for Delivering Cloud based IPTV Services Speaker : 吳靖緯 MA0G IEEE Conference on Computer Communications Workshops.
Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.
Network Problems and Solutions M. Sc. Juan Carlos Olivares Rojas
1 Integrating a Network IDS into an Open Source Cloud Computing Environment 1st International Workshop on Security and Performance in Emerging Distributed.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
Sharing the Data Center Network Alan Shieh, Srikanth Kandula, Albert Greenberg, Changhoon Kim, Bikas Saha Microsoft Research, Cornell University, Windows.
Department of Computer Science Engineering SRM University
Jakub Szefer, Eric Keller, Ruby B. Lee Jennifer Rexford Princeton University CCS October, 2011 報告人:張逸文.
How to Resolve Bottlenecks and Optimize your Virtual Environment Chris Chesley, Sr. Systems Engineer
NICE :Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems.
Adaptive Trust Negotiation and Access Control Tatyana Ryutov, et.al. Presented by: Carlos Caicedo.
Jan – Apr 2012 Private Cloud Day System Center 2012 announced Microsoft Management Summit System Center 2012 General Availability Windows Server 2012.
INTRODUCTION TO CLOUD COMPUTING CS 595 LECTURE 2.
Storage Management in Virtualized Cloud Environments Sankaran Sivathanu, Ling Liu, Mei Yiduo and Xing Pu Student Workshop on Frontiers of Cloud Computing,
Improving Network I/O Virtualization for Cloud Computing.
Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.
1 Suronapee Phoomvuthisarn, Ph.D. / NETE4631:Cloud Privacy and Security - Lecture 12.
Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash.
COMS E Cloud Computing and Data Center Networking Sambit Sahu
High Performance File System Service for Cloud Computing Kenji Kobayashi, Osamu Tatebe University of Tsukuba, JAPAN.
DISTRIBUTED tcpdump CAPABILITY FOR LINUX Research Paper EJAZ AHMED SYED Dr. JIM MARTIN Internet Research Group. Department Of Computer Science – Clemson.
Windows Server ® 2008 R2 Remote Desktop Services Infrastructure Planning and Design Published: November 2009.
Sumit Kumar Archana Kumar Group # 4 CSE 591 : Virtualization and Cloud Computing4/19/2011.
Client: The Boeing Company Contact: Mr. Nick Multari Adviser: Dr. Thomas Daniels Group 6 Steven BromleyJacob Gionet Jon McKeeBrandon Reher.
Joint Power Optimization Through VM Placement and Flow Scheduling in Data Centers DAWEI LI, JIE WU (TEMPLE UNIVERISTY) ZHIYONG LIU, AND FA ZHANG (CHINESE.
A System for Denial-of- Service Attack Detection Based on Multivariate Correlation Analysis.
ARMD – Next Steps Next Steps. Why a WG There is a problem People want to work to solve the problem Scope of problem is defined Work items are defined.
A dynamic optimization model for power and performance management of virtualized clusters Vinicius Petrucci, Orlando Loques Univ. Federal Fluminense Niteroi,
Group 8 Distributed Denial of Service. DoS SYN Flood DDoS Proposed Algorithm Group 8 What is Denial of Service? “Attack in which the primary goal is to.
Mehmud Abliz, Taieb Znati, ACSAC (Dec., 2009). Outline Introduction Desired properties Basic scheme Improvements to the basic scheme Analysis Related.
SECURITY IN CLOUD COMPUTING By Bina Bhaskar Anand Mukundan.
Synchronized Co-migration of Virtual Machines for IDS Offloading in Clouds Kenichi Kourai and Hisato Utsunomiya Kyushu Institute of Technology, Japan.
Denial of Service Attack 발표자 : 전지훈. What is Denial of Service Attack?  Denial of Service Attack = DoS Attack  Service attacks on a Web server floods.
A Cost-Based Framework for Analysis of Denial of Service in Networks Author: Catherine Meadows Presenter: Ajay Mahimkar.
SECURING SELF-VIRTUALIZING ETHERNET DEVICES IGOR SMOLYAR, MULI BEN-YEHUDA, AND DAN TSAFRIR PRESENTED BY LUREN WANG.
Performance Analysis of Preemption-aware Scheduling in Multi-Cluster Grid Environments Mohsen Amini Salehi, Bahman Javadi, Rajkumar Buyya Cloud Computing.
Design of a Cooperative Video Streaming System on Community based Resource Sharing Networks 2010 International Conference on P2P, Parallel, Grid, Cloud.
Security Vulnerabilities in A Virtual Environment
Copyright © 2010, Performance and Power Management for Cloud Infrastructures Hien Nguyen Van; Tran, F.D.; Menaud, J.-M. Cloud Computing (CLOUD),
EuroSys Doctoral Workshop 2011 Resource Provisioning of Web Applications in Heterogeneous Cloud Jiang Dejun Supervisor: Guillaume Pierre
Capacity Planning in a Virtual Environment Chris Chesley, Sr. Systems Engineer
CSE 5810 Biomedical Informatics and Cloud Computing Zhitong Fei Computer Science & Engineering Department The University of Connecticut CSE5810: Introduction.
Trusted Virtual Machine Images the HEPiX Point of View Tony Cass October 21 st 2011.
Dynamic Memory and Remote Fx Perumal Raja Dell India R & D Centre.
Computer Science Infrastructure Security for Virtual Cloud Computing Peng Ning 04/08/111BITS/ Financial Services Roundtable Supported by the US National.
NFV Group Report --Network Functions Virtualization LIU XU →
University of Maryland College Park
Cloud-Assisted VR.
Cloud-Assisted VR.
Home Internet Vulnerabilities
SUSPICIOUS ACTIVITY DETECTION
Presentation transcript:

Minimizing the Impact of Denial of Service Attacks on a Virtualized Cloud Adel Abusitta, PhD Student (First year) Supervisors: Pr. Martine Bellaiche and Pr. Michel Dagenais

Introduction The industry push is increasingly shifting towards cloud-based services and applications. The main reason for that is because cloud user can reduce spending on technology infrastructure.

Introduction(cont.) Virtualization has been proposed as an architecture to increase resource utilization, improving services and applications quality.

Problem statement Virtualized systems are vulnerable to different type of attacks such as: denial-of-service (DoS) attacks. DoS attacks in virtualization occurs when one VM drains all the available physical resources, such that the hypervisor can’t support more VMs, and availability is imperiled.

Problem statement (cont.) The existing approaches to prevent DoS attacks are based on limiting resource allocation using simple configurations.

Problem statement (cont.) However, these approaches are limited to understanding different behaviors of different applications.

Problem statement (cont.) A recent survey about applications behavior shows that busy applications are not always under attack but may be overwhelmed by a large number of legitimate clients.

Proposed Architecture

Data gathering component: obtaining information about virtual machines(e.g, workload, activities and events)

Proposed Architecture Learning component: aims to understand the behavior of the VMs (e.g, normal workload under different frames of time)

Proposed Architecture Detection component: Having learned the behavior of the VMs from the second component, the detection component identifies the suspicious VMs.

Proposed Architecture Negotiation Component : aims to find the optimal decision making strategy that minimizes the resources wasting during DoS attack.

Proposed Architecture The negotiation is made between the host and the suspicious VM. The host will decide whether to apply limitation directly on the VM shared resources or to give the suspicious VM some time hoping the abnormal behavior will be overcomed.

Proposed Architecture The decision will be taken based on several factors, such as: the workload history of the suspicious VM and the available resources on the host.

Conclusion  A denial-of-service (DoS) attack in virtualization occurs when one or more VM drain all the available physical resources, such that the hypervisor can’t support more VMs, and availability is imperiled.  The existing approaches to prevent DoS attacks are based on limiting resource allocation using simple configurations.  These approaches are limited to understanding different behaviors of different applications.  Busy applications are not always under attack but may be overwhelmed by a large number of legitimate clients.  An optimal decision making strategies are required to minimize the resources wasting during DoS attack.

References the-growing-choices-for-cloud-applications server/ impact

Thank You… 17

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.