Scalable Cyber-Security for Terabit Cloud Computing

Abstract

This paper addresses the problem of scalable cyber-security using a cloud computing architecture. Scalability is treated in two contexts: (1) performance and power efficiency and (2) degree of cyber security-relevant information detected by the cyber-security cloud (CSC). We provide a framework to construct CSCs, which derives from a set of fundamental building blocks (forwarders, analyzers and grounds) and the identification of the smallest functional units (atomic CSC cells or simply aCS C cells) capable of embedding the full functionality of the cyber-security cloud. aCSC cells are then studied and several high-performance algorithms are presented to optimize the system's performance and power efficiency. Among these, a new queuing policy - called tail early detection (TED) - is introduced to proactively drop packets in a way that the degree of detected information is maximized while saving power by avoiding spending cycles on less relevant traffic components. We also show that it is possible to use aCSC cells as core building blocks to construct arbitrarily large cyber-security clouds by structuring the cells using a hierarchical architecture. To demonstrate the utility of our framework, we implement one cyber-security "mini-cloud" on a single chip prototype based on the Tilera's TILEPro64 processor demonstrating performance of up to 10Gbps.