The MEERKATS cloud security architecture

Angelos D. Keromytis, Roxana Geambasu, Simha Sethumadhavan, Salvatore J. Stolfo, Junfeng Yang, Azzedine Benameur, Marc Dacier, Matthew Elder, Darrell Kienzle, Angelos Stavrou

Research output: Contribution to conferencePaper

Abstract

MEERKATS is a novel architecture for cloud environments that elevates continuous system evolution and change as first-rate design principles. Our goal is to enable an environment for cloud services that constantly changes along several dimensions, toward creating an unpredictable target for an adversary. This unpredictability will both impede the adversary's ability to achieve an initial system compromise and, if a compromise occurs, to detect, disrupt, and/or otherwise impede his ability to exploit this success. Thus, we envision an environment where cloud services and data are constantly in flux, using adaptive (both proactive and reactive) protection mechanisms and distributed monitoring at various levels of abstraction. A key element of MEERKATS is the focus on both the software and the data in the cloud, not just protecting but leveraging both to improve mission resilience. MEERKATS seeks to effectively exploit "economies of scale" (in resources available) to provide higher flexibility and effectiveness in the deployment and use of protection mechanisms as and where needed, focusing on current and anticipated application and mission needs instead of an inefficient, "blanket" approach to protecting "everything the same way, all the time". We outline our vision for MEERKATS and describe our approach toward prototyping it.

Original languageEnglish
Pages446-450
Number of pages5
DOIs
Publication statusPublished - 24 Sep 2012
Event32nd IEEE International Conference on Distributed Computing Systems Workshops, ICDCSW 2012 - Macau, China
Duration: 18 Jun 201221 Jun 2012

Conference

Conference32nd IEEE International Conference on Distributed Computing Systems Workshops, ICDCSW 2012
CountryChina
CityMacau
Period18/6/1221/6/12

    Fingerprint

Keywords

  • cloud security
  • deception
  • decoys
  • resource management

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Control and Systems Engineering

Cite this

Keromytis, A. D., Geambasu, R., Sethumadhavan, S., Stolfo, S. J., Yang, J., Benameur, A., Dacier, M., Elder, M., Kienzle, D., & Stavrou, A. (2012). The MEERKATS cloud security architecture. 446-450. Paper presented at 32nd IEEE International Conference on Distributed Computing Systems Workshops, ICDCSW 2012, Macau, China. https://doi.org/10.1109/ICDCSW.2012.42