The elasticity and economics of cloud computing offer significant benefits to mission-critical applications which are increasingly complex and resource demanding. Cloud systems also provide powerful tools such as virtual machine (VM) based replication for defending mission-critical applications. However, cloud-based mission-critical computing raises serious challenges to mission assurance. VM-based consolidation brings different applications to the same set of physical resources, increasing the risk of one user compromising the mission of another. The mission-critical application in a VM lacks the visibility and control to detect and stop outside malicious attacks, whereas the support for security isolation from existing cloud systems is also limited.
The objective of the research presented in this paper is to address these challenges and improve the survivability of mission-critical applications through the novel use of VM replication.Specifically, this paper presents a new multi-level VM replication approach which uses different types of VM clones to provide a variety of protections to mission-critical applications, and improve the survivability of the applications under accidental faults and malicious attacks. In this approach, full VM clones are employed to provide tolerance of attacks, decoy clones are created to divert attacks, and honeypot clones are used to analyze attacks. The paper also presents the prototypes of the proposed approach implemented for the widely used OpenStack-based private cloud systems and Amazon-EC2-based public cloud systems.