Abstract
Cloud service providers offer their customers with on-demand and cost-effective services, scalable computing, and network infrastructures. Enterprises migrate their services to the cloud to utilize the benefit of cloud computing such as eliminating the capital expense of their computing need. There are security vulnerabilities and threats in the cloud. Many researches have been proposed to analyze the cloud security using Graphical Security Models (GSMs) and security metrics. In addition, it has been widely researched in finding appropriate defensive strategies for the security of the cloud. Moving Target Defense (MTD) techniques can utilize the cloud elasticity features to change the attack surface and confuse attackers. Most of the previous work incorporating MTDs into the GSMs are theoretical and the performance was evaluated based on the simulation. In this paper, we realized the previous framework and designed, implemented and tested a cloud security assessment tool in a real cloud platform named UniteCloud. Our security solution can (1) monitor cloud computing in real-time, (2) automate the security modeling and analysis and visualize the GSMs using a Graphical User Interface via a web application, and (3) deploy three MTD techniques including Diversity, Redundancy, and Shuffle on the real cloud infrastructure. We analyzed the automation process using the APIs and showed the practicality and feasibility of automation of deploying all the three MTD techniques on the UniteCloud.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Unitecloud. http://www.unitecloud.net/
Alavizadeh, H., Hong, J.B., Jang-Jaccard, J., Kim, D.S.: Comprehensive security assessment of combined MTD techniques for the cloud. In: Proceedings of the 5th ACM Workshop on Moving Target Defense, pp. 11–20. ACM (2018)
Alavizadeh, H., Jang-Jaccard, J., Kim, D.S.: Evaluation for combination of shuffle and diversity on moving target defense strategy for cloud computing. In: 2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE), pp. 573–578. IEEE (2018)
Alavizadeh, H., Kim, D.S., Hong, J.B., Jang-Jaccard, J.: Effective security analysis for combinations of MTD techniques on cloud computing (Short Paper). In: Liu, J.K., Samarati, P. (eds.) ISPEC 2017. LNCS, vol. 10701, pp. 539–548. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-72359-4_32
Alavizadeh, H., Kim, D.S., Jang-Jaccard, J.: Model-based evaluation of combinations of shuffle and diversity MTD techniques on the cloud. Fut. Gener. Comput. Syst. (2019). https://doi.org/10.1016/j.future.2019.10.009
Beale, J., Deraison, R., Meer, H., Temmingh, R., Walt, C.: The NESSUS project. Syngress Publishing (2002). http://www.nessus.org
Chung, C.J., Khatkar, P., Xing, T., Lee, J., Huang, D.: Nice: Network intrusion detection and countermeasure selection in virtual network systems. IEEE Trans. Dependable Secure Comput. 10(4), 198–211 (2013)
Cook, K., Shaw, T., Hawrylak, P., Hale, J.: Scalable attack graph generation. In: Proceedings of the 11th Annual Cyber and Information Security Research Conference, p. 21. ACM (2016)
Dewri, R., Ray, I., Poolsappasit, N., Whitley, D.: Optimal security hardening on attack tree models of networks: a cost-benefit analysis. Int. J. Inf. Secur. 11(3), 167–188 (2012)
Gonzalez Granadillo, G., Débar, H., Jacob, G., Gaber, C., Achemlal, M.: Individual countermeasure selection based on the return on response investment index. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol. 7531, pp. 156–170. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33704-8_14
Hong, J., Kim, D.S.: Harms: Hierarchical attack representation models for network security analysis (2012)
Hong, J.B., Kim, D.S.: Assessing the effectiveness of moving target defenses using security models. IEEE Trans. Dependable Secure Comput. 13(2), 163–177 (2016)
Ingols, K., Chu, M., Lippmann, R., Webster, S., Boyer, S.: Modeling modern network attacks and countermeasures using attack graphs. In: Proceedings of the 25th Annual Computer Security Applications Conference (ACSAC 2009), pp. 117–126 (2009). https://doi.org/10.1109/ACSAC.2009.21
Jia, F., Hong, J.B., Kim, D.S.: Towards automated generation and visualization of hierarchical attack representation models. In: 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing, pp. 1689–1696. IEEE (2015)
Kordy, B., Pietre-Cambacedes, L., Schweitzer, P.: DAG-Based Attack and Defense Modeling: Don’t Miss the Forest for the Attack Trees. CoRR abs/1303.7397 (2013)
Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Attack-defense trees. J. Logic Comput. 24(1), 55–87 (2014)
Kotenko, I., Chechulin, A.: Computer attack modeling and security evaluation based on attack graphs. In: 2013 IEEE 7th International Conference on Intelligent Data Acquisition and Advanced Computing Systems (IDAACS), vol. 2, pp. 614–619. IEEE (2013)
Kotenko, I.V., Doynikova, E.: Evaluation of computer network security based on attack graphs and security event processing. JoWUA 5(3), 14–29 (2014)
Mell, P., Scarfone, K., Romanosky, S.: Common vulnerability scoring system. IEEE Secur. Priv. 4(6), 85–89 (2006)
Nespoli, P., Papamartzivanos, D., Mármol, F.G., Kambourakis, G.: Optimal countermeasures selection against cyber attacks: a comprehensive survey on reaction frameworks. IEEE Commun. Surv. Tutor. 20(2), 1361–1396 (2018)
Sgandurra, D., Lupu, E.: Evolution of attacks, threat models, and solutions for virtualized systems. ACM Comput. Surv. (CSUR) 48(3), 46 (2016)
Yusuf, S.E., Ge, M., Hong, J.B., Kim, H.K., Kim, P., Kim, D.S.: Security modelling and analysis of dynamic enterprise networks. In: 2016 IEEE International Conference on Computer and Information Technology (CIT), pp. 249–256. IEEE (2016)
Zissis, D., Lekkas, D.: Addressing cloud computing security issues. Future Gener. Comput. Syst. 28(3), 583–592 (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix A
Appendix A
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Alavizadeh, H., Alavizadeh, H., Kim, D.S., Jang-Jaccard, J., Torshiz, M.N. (2020). An Automated Security Analysis Framework and Implementation for MTD Techniques on Cloud. In: Seo, J. (eds) Information Security and Cryptology – ICISC 2019. ICISC 2019. Lecture Notes in Computer Science(), vol 11975. Springer, Cham. https://doi.org/10.1007/978-3-030-40921-0_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-40921-0_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-40920-3
Online ISBN: 978-3-030-40921-0
eBook Packages: Computer ScienceComputer Science (R0)