Recent years have seen a growing interest in missioncentric operation of large-scale distributed systems. However, due to their complexity, these systems are prone to failures and vulnerable to a wide range of cyber-attacks. Current solutions focus either on the infrastructure itself or on mission analysis, but fail to consider information about the complex interdependencies existing between system components and mission tasks. In this paper, we take a different approach, and present a solution for deploying mission tasks in a distributed computing environment in a way that minimizes a mission's exposure to vulnerabilities by taking into account available information about vulnerabilities and dependencies. We model the mission deployment problem as a task allocation problem, subject to various dependability constraints. The proposed solution is based on the A * algorithm for searching the solution space, but we also introduce a heuristic to significantly improve the search performance. We validate our approach, and show that our algorithm scales linearly with the size of both missions and networks.Index Terms-Data-driven reliability, mission-centric computing, vulnerability analysis.
I. INTRODUCTIONLarge-scale distributed systems are increasingly being adopted for a wide range of applications. The availability of dynamic and scalable pools of computational resources makes such systems particularly attractive for mission-critical applications. Despite the significant benefits, these systemsdue to their complexity -are prone to a number of failures and are vulnerable to a wide range of cyber-attacks, which may have a significant impact on the success of a mission. Therefore, it is critically important to assess the dependability of computing systems and deploy computational tasks taking dependability constraints into account.Traditional approaches to improve security include (i) designing networks with services such as intrusion detection systems, firewalls, and other network hardening tools; and (ii) developing mission tasks using security measures such as data obfuscation and memory management. However, complex interdependencies between network infrastructure, mission tasks, and residual vulnerabilities in the system are typically not taken into account. This implies that existing solutions fail to complement network and mission's security, and, as a consequence, they provide opportunities for attackers to penetrate the network and compromise a mission.