oa Securing The E-infrastructure In Qatar Through Malware Inspired Cloud Self-protection

Whilst the state of security within the Cloud is still a contentious issue, some privacy and security issues are well known or deemed to be a likely threat. When considering the ongoing threat of malicious insiders the promised security expertise might be deemed untrusted. The focus of our research is determining the extent of issues related to the underlying technology, which support Cloud environments, mainly virtualization platforms. It is often argued that virtualization is secure over conventional shared resources due to the inherent isolation. However much literature may be seen which cites examples to the contrary and as such it should be considered that, as with all software, virtualization applications are susceptible to exploitation and subversion. In fact, it might even be argued that the complexity and heterogeneous nature of the environment may even facilitate further security vulnerabilities. To illustrate and investigate this point we consider the security threat of malware within the context of cloud environments. With this evolution of malware combined with the knowledge that Cloud software is susceptible to vulnerabilities, it is argued that complex malware might exist for the Cloud and if it were successful, would shed light on the security of these technologies. Whilst there are many examples of state of the art malware detection and protection for Cloud environments, this work tends to focus on examining virtual machines (VMs) from another layer. The primary flaw identified in all of the current approaches is failing to take into account malware, which is aware of the Cloud environment; thus be in a position to subvert this detection process. Traditional malware security applications tend to take a defensive approach by looking for existing malware through signature analysis or behavior monitoring. Whilst such approaches are acceptable for traditional environments they become less effective for distributed and dynamic ones. We argued that due to this dynamic nature of the Cloud as well as its uncertain security concerns, a malware type application may be a suitable security defense and thus operate as a proactive, self-protecting element. We present an architecture for Multi-Agent Cloud-Aware Self-Propagating Agents for Self-Protection. By adapting this architecture to include constraints (such as a kill switch) the application may be effectively controlled and thus any negative effects minimized. This application will then cross the multiple layers within the network, having high privilege. Its dynamic and distributed architecture will allow it survive removal from malware whilst hunting down malicious agents and patching systems as necessary. In order to survive in the hostile and dynamic cloud environment, the software incorporates a multi-component and multi-agent architecture which has shown success in the past with malware that propagate in heterogeneous environments. The components consist of passive and active sensors to learn about the environment, distributed storage to provide redundancy and controller/constructor agents for localized coordination. The proposed architecture has been implemented with success and desired results were achieved. The research outputs hold significant potentials, particularly for complex and highly dynamic infrastructures such as those aimed for DigitalQatar.