This award is funded under the American Recovery and Reinvestment Act of 2009 (Public Law 111-5). Data centers using virtual machine (VM) consolidation are taking over old computer rooms run by individual companies. However, consolidating services and resources does not consolidate security automatically. To meet the top two requirements for modern data centers, namely business continuity and information security, this research will take a systematic approach that leverages the emerging VM technologies to consolidate four areas of systems security research: redundancy, microscopic intrusion analysis and detection, automatic response, and diversity-driven protection. We will make innovative contributions on various aspects of security consolidation, including (1) An architecture and underlying techniques based on diversified replication towards defensive protection against unknown attacks; (2) Novel cross-layer and cross-VM methods for causal relation logging, event correlation, damage assessment, and forensics; (3) New intrusion detection techniques based on unique cross-VM-replica inconsistency checking techniques, and new cross-layer inconsistency checking methods; (4) A novel pipelining approach towards automated intrusion response; and (5) New techniques for on-the-fly data center intrusion confinement and recovery.
Our research will result in significant advances in helping mission/life/business critical applications and information systems reduce risk, increase business continuity, and deliver data assurance in the presence of severe cyber attacks. Broader impact will also result from the education, outreach, and dissemination initiatives. Educational resources from this project, including course modules and teaching laboratory designs, will be disseminated through a dedicated Website.
Key Words: self-protection; recovery; virtual machine monitor; causal relations; availability