A Design Methodology for Developing Resilient Cloud Services

Cihan Tunc, Salim Hariri, Abdella Battou

Research output: Chapter in Book/Report/Conference proceedingChapter

2 Scopus citations


Cloud computing is emerging as a new paradigm that aims at delivering computing as a utility. For the cloud computing paradigm to be fully adopted and effectively used, it is critical that the security mechanisms are robust and resilient to malicious faults and attacks. Security in cloud computing is of major concern and a challenging research problem since it involves many interdependent tasks including application layer firewalls, configuration management, alert monitoring and analysis, source code analysis, and user identity management. It is widely accepted that we cannot build software and computing systems that are free from vulnerabilities and cannot be penetrated or attacked. Therefore, it is widely accepted that cyber resilient techniques are the most promising solutions to mitigate cyberattacks and change the game to advantage the defender over the attacker. Moving Target Defense (MTD) has been proposed as a mechanism to make it extremely difficult for an attacker to exploit existing vulnerabilities by varying the attack surface of the execution environment. By continuously changing the environment (e.g., software versions, programming language, operating system, connectivity, etc.), we can shift the attack surface and, consequently, evade attacks. In this chapter we present a methodology for designing resilient cloud services that is based on the following capabilities: Redundancy, Diversity, Shuffling, and Autonomic Management. Redundancy is used to tolerate attacks if any redundant version or resource is compromised. The diversity is to use to avoid the software monoculture problem where one attack vector can successfully attack many instances of the same software module. Shuffling is needed to randomly change the execution environment and is achieved by "hot" shuffling of multiple functionally equivalent, behaviorally different software versions (code implementation) at runtime (e.g., the software task can have multiple versions where each version can be a different algorithm implemented in different programming language running on different computing systems). We also present our experimental results and evaluation of the RCS design methodology. We have implemented the applications on an IBM blade server with four blades, where each blade has 24 cores and can run several virtual machines. Our experimental results show that our environment is resilient against attacks with less than 7% in overhead time.

Original languageEnglish (US)
Title of host publicationHandbook of System Safety and Security
Subtitle of host publicationCyber Risk and Risk Management, Cyber Security, Threat Analysis, Functional Safety, Software Systems, and Cyber Physical Systems
PublisherElsevier Inc.
Number of pages21
ISBN (Electronic)9780128038383
ISBN (Print)9780128037737
StatePublished - 2017


  • Autonomic computing
  • Cloud computing
  • Cloud resiliency
  • Diversity
  • Moving target defense

ASJC Scopus subject areas

  • General Computer Science


Dive into the research topics of 'A Design Methodology for Developing Resilient Cloud Services'. Together they form a unique fingerprint.

Cite this