Final Report: Heterogeneous VM Replication: A New Approach to Intrusion Detection, Active Response, and Recovery in Cloud Data Centers

Number of Papers published in peer-reviewed journals: Number of Papers published in non peer-reviewed journals: Final Report: Heterogeneous VM Replication: A New Approach to Intrusion Detection, Active Response, and Recovery in Cloud Data Centers Report Title The goal of this program is to enable development of novel security methods to support future Air Force and Homeland Security in Cybersecurity enterprise. Developing the understanding and tools to build inherently secure software and to ensure the security of vast amounts of information flowing through relevant networks and information spaces are very germane to Air Force. One of the goals of AFOSR in information operations and security is to conduct research to develop new approaches to detection on intrusion, forensics, and active response and recovery from an attack on information systems. Tennessee State University is submitting a proposal to conduct research in developing H-VM-R (Heterogeneous VM Replication), a new approach to intrusion detection, active response, and recovery on servers in cloud data centers. Homogeneous VM replication is the state-of-the-art VM replication technology, but due to lack of artificial diversity, it is very limited in doing intrusion detection and active response. In contrast, H-VM-R does cost-effective intrusion detection by comparing heterogeneous VM images resulted from the same execution history, and cost-effective active response by proactively setting up standby VM replicas: migration from a compromised VM replica to a clean yet heterogeneous. VM replica is in fact the desired hot-start recovery. Our H-V-M-R research will address the specific USAF Cloud Computing requirements, such as scalable security monitoring, accountability, multi-abstraction isolation, security consolidation and elasticity. (a) Papers published in peer-reviewed journals (N/A for none) Enter List of papers submitted or published that acknowledge ARO support from the start of the project to the date of this printing. List the papers, including journal references, in the following categories: (b) Papers published in non-peer-reviewed journals (N/A for none) (c) Presentations Received Paper