Skip to main content
SpringerLink
Log in

An Automated Security Analysis Framework and Implementation for MTD Techniques on Cloud

  • Conference paper
  • First Online:
Information Security and Cryptology – ICISC 2019 (ICISC 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11975))

Included in the following conference series:

Abstract

Cloud service providers offer their customers with on-demand and cost-effective services, scalable computing, and network infrastructures. Enterprises migrate their services to the cloud to utilize the benefit of cloud computing such as eliminating the capital expense of their computing need. There are security vulnerabilities and threats in the cloud. Many researches have been proposed to analyze the cloud security using Graphical Security Models (GSMs) and security metrics. In addition, it has been widely researched in finding appropriate defensive strategies for the security of the cloud. Moving Target Defense (MTD) techniques can utilize the cloud elasticity features to change the attack surface and confuse attackers. Most of the previous work incorporating MTDs into the GSMs are theoretical and the performance was evaluated based on the simulation. In this paper, we realized the previous framework and designed, implemented and tested a cloud security assessment tool in a real cloud platform named UniteCloud. Our security solution can (1) monitor cloud computing in real-time, (2) automate the security modeling and analysis and visualize the GSMs using a Graphical User Interface via a web application, and (3) deploy three MTD techniques including Diversity, Redundancy, and Shuffle on the real cloud infrastructure. We analyzed the automation process using the APIs and showed the practicality and feasibility of automation of deploying all the three MTD techniques on the UniteCloud.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Unitecloud. http://www.unitecloud.net/

  2. Alavizadeh, H., Hong, J.B., Jang-Jaccard, J., Kim, D.S.: Comprehensive security assessment of combined MTD techniques for the cloud. In: Proceedings of the 5th ACM Workshop on Moving Target Defense, pp. 11–20. ACM (2018)

    Google Scholar 

  3. Alavizadeh, H., Jang-Jaccard, J., Kim, D.S.: Evaluation for combination of shuffle and diversity on moving target defense strategy for cloud computing. In: 2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE), pp. 573–578. IEEE (2018)

    Google Scholar 

  4. Alavizadeh, H., Kim, D.S., Hong, J.B., Jang-Jaccard, J.: Effective security analysis for combinations of MTD techniques on cloud computing (Short Paper). In: Liu, J.K., Samarati, P. (eds.) ISPEC 2017. LNCS, vol. 10701, pp. 539–548. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-72359-4_32

    Chapter  Google Scholar 

  5. Alavizadeh, H., Kim, D.S., Jang-Jaccard, J.: Model-based evaluation of combinations of shuffle and diversity MTD techniques on the cloud. Fut. Gener. Comput. Syst. (2019). https://doi.org/10.1016/j.future.2019.10.009

    Article  Google Scholar 

  6. Beale, J., Deraison, R., Meer, H., Temmingh, R., Walt, C.: The NESSUS project. Syngress Publishing (2002). http://www.nessus.org

  7. Chung, C.J., Khatkar, P., Xing, T., Lee, J., Huang, D.: Nice: Network intrusion detection and countermeasure selection in virtual network systems. IEEE Trans. Dependable Secure Comput. 10(4), 198–211 (2013)

    Article  Google Scholar 

  8. Cook, K., Shaw, T., Hawrylak, P., Hale, J.: Scalable attack graph generation. In: Proceedings of the 11th Annual Cyber and Information Security Research Conference, p. 21. ACM (2016)

    Google Scholar 

  9. Dewri, R., Ray, I., Poolsappasit, N., Whitley, D.: Optimal security hardening on attack tree models of networks: a cost-benefit analysis. Int. J. Inf. Secur. 11(3), 167–188 (2012)

    Article  Google Scholar 

  10. Gonzalez Granadillo, G., Débar, H., Jacob, G., Gaber, C., Achemlal, M.: Individual countermeasure selection based on the return on response investment index. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol. 7531, pp. 156–170. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33704-8_14

    Chapter  Google Scholar 

  11. Hong, J., Kim, D.S.: Harms: Hierarchical attack representation models for network security analysis (2012)

    Google Scholar 

  12. Hong, J.B., Kim, D.S.: Assessing the effectiveness of moving target defenses using security models. IEEE Trans. Dependable Secure Comput. 13(2), 163–177 (2016)

    Article  Google Scholar 

  13. Ingols, K., Chu, M., Lippmann, R., Webster, S., Boyer, S.: Modeling modern network attacks and countermeasures using attack graphs. In: Proceedings of the 25th Annual Computer Security Applications Conference (ACSAC 2009), pp. 117–126 (2009). https://doi.org/10.1109/ACSAC.2009.21

  14. Jia, F., Hong, J.B., Kim, D.S.: Towards automated generation and visualization of hierarchical attack representation models. In: 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing, pp. 1689–1696. IEEE (2015)

    Google Scholar 

  15. Kordy, B., Pietre-Cambacedes, L., Schweitzer, P.: DAG-Based Attack and Defense Modeling: Don’t Miss the Forest for the Attack Trees. CoRR abs/1303.7397 (2013)

    Google Scholar 

  16. Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Attack-defense trees. J. Logic Comput. 24(1), 55–87 (2014)

    Article  MathSciNet  Google Scholar 

  17. Kotenko, I., Chechulin, A.: Computer attack modeling and security evaluation based on attack graphs. In: 2013 IEEE 7th International Conference on Intelligent Data Acquisition and Advanced Computing Systems (IDAACS), vol. 2, pp. 614–619. IEEE (2013)

    Google Scholar 

  18. Kotenko, I.V., Doynikova, E.: Evaluation of computer network security based on attack graphs and security event processing. JoWUA 5(3), 14–29 (2014)

    Google Scholar 

  19. Mell, P., Scarfone, K., Romanosky, S.: Common vulnerability scoring system. IEEE Secur. Priv. 4(6), 85–89 (2006)

    Article  Google Scholar 

  20. Nespoli, P., Papamartzivanos, D., Mármol, F.G., Kambourakis, G.: Optimal countermeasures selection against cyber attacks: a comprehensive survey on reaction frameworks. IEEE Commun. Surv. Tutor. 20(2), 1361–1396 (2018)

    Article  Google Scholar 

  21. Sgandurra, D., Lupu, E.: Evolution of attacks, threat models, and solutions for virtualized systems. ACM Comput. Surv. (CSUR) 48(3), 46 (2016)

    Article  Google Scholar 

  22. Yusuf, S.E., Ge, M., Hong, J.B., Kim, H.K., Kim, P., Kim, D.S.: Security modelling and analysis of dynamic enterprise networks. In: 2016 IEEE International Conference on Computer and Information Technology (CIT), pp. 249–256. IEEE (2016)

    Google Scholar 

  23. Zissis, D., Lekkas, D.: Addressing cloud computing security issues. Future Gener. Comput. Syst. 28(3), 583–592 (2012)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Natural and Computational Sciences, Massey University, Auckland, New Zealand

    Hooman Alavizadeh & Julian Jang-Jaccard

  2. Department of Computer Engineering, Imam Reza International University, Mashhad, Iran

    Hootan Alavizadeh

  3. School of Information Technology and Electrical Engineering, The University of Queensland, Brisbane, Australia

    Dong Seong Kim

  4. Department of Computer Engineering, Mashhad Branch, Islamic Azad University, Mashhad, Iran

    Masood Niazi Torshiz

Authors
  1. Hooman Alavizadeh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hootan Alavizadeh
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dong Seong Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Julian Jang-Jaccard
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Masood Niazi Torshiz
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hooman Alavizadeh .

Editor information

Editors and Affiliations

  1. Hanyang University, Seoul, Korea (Republic of)

    Jae Hong Seo

Appendix A

Appendix A

Fig. 6.
figure 6

Cloud security framework UI panel: UniteCloud Graph view and HARM visualization.

Full size image

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Alavizadeh, H., Alavizadeh, H., Kim, D.S., Jang-Jaccard, J., Torshiz, M.N. (2020). An Automated Security Analysis Framework and Implementation for MTD Techniques on Cloud. In: Seo, J. (eds) Information Security and Cryptology – ICISC 2019. ICISC 2019. Lecture Notes in Computer Science(), vol 11975. Springer, Cham. https://doi.org/10.1007/978-3-030-40921-0_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-40921-0_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-40920-3

  • Online ISBN: 978-3-030-40921-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation