Cloud Firewall Under Bursty and Correlated Data Traffic: A Theoretical Analysis

作     者：Carvalho, Glaucio H. S. Woungang, Isaac Anpalagan, Alagan 

作者机构：Ryerson Univ Dept Comp Sci 350 Victoria St Toronto ON M5B 2K3 Canada Ryerson Univ Dept Elect & Comp Engn Toronto ON M5B 2K3 Canada 

出 版 物：《IEEE TRANSACTIONS ON CLOUD COMPUTING》 (IEEE Trans. Cloud Comput.)

年 卷 期：2022年第10卷第3期

页      面：1620-1633页

核心收录：

学科分类：0808[工学-电气工程] 08[工学] 0835[工学-软件工程] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：National Science and Engineering Research Council of Canada (NSERC) [RGPIN 2017 04423] 

主　　题：Cloud security DDoS markov process firewall markov-modulated poisson process 

摘      要：Cloud firewalls stand as one of the major building blocks of the cloud security framework protecting the Virtual Private Infrastructure against attacks such as the Distributed Denial of Service (DDoS). In order to fully characterize the cloud firewall operation and gain actionable insights on the design of cloud security, performance models for the cloud firewall become imperative. In this article, we propose a multi-dimensional Continuous-Time Markov Chain model for the cloud firewall that takes into account the burstiness and correlation features of the legitimate and malicious data traffic. By adopting the Markov-Modulated Poisson process (MMPP) and the Interrupted Poisson Process (IPP), we identify the workload conditions under which the cloud firewall might be subject to a loss of availability. Furthermore, by comparing the IPP and Poisson attacks, we numerically verify that the cloud firewall is inherently vulnerable to a burstiness-aware attack which might seriously compromise its operation. Additionally, we characterize the joint harmful impact of burstiness and correlation on the cloud firewall that might lead to performance degradation. Finally, we design an elastic doud firewall by proposing a MMPP-driven load balancing procedure that provisions virtual firewalls dynamically while fulfilling a Service Level Agreement (SLA) latency specification.