Cloud Firewall Under Bursty and Correlated Data Traffic: A Theoretical Analysis

Cloud firewalls stand as one of the major building blocks of the cloud security framework protecting the Virtual Private Infrastructure against attacks such as the Distributed Denial of Service (DDoS). In order to fully characterize the cloud firewall operation and gain actionable insights on the design of cloud security, performance models for the cloud firewall become imperative. In this article, we propose a multi-dimensional Continuous-Time Markov Chain model for the cloud firewall that takes into account the burstiness and correlation features of the legitimate and malicious data traffic. By adopting the Markov-Modulated Poisson process (MMPP) and the Interrupted Poisson Process (IPP), we identify the workload conditions under which the cloud firewall might be subject to a loss of availability. Furthermore, by comparing the IPP and Poisson attacks, we numerically verify that the cloud firewall is inherently vulnerable to a burstiness-aware attack which might seriously compromise its operation. Additionally, we characterize the joint harmful impact of burstiness and correlation on the cloud firewall that might lead to performance degradation. Finally, we design an elastic doud firewall by proposing a MMPP-driven load balancing procedure that provisions virtual firewalls dynamically while fulfilling a Service Level Agreement (SLA) latency specification.