Abstract
Moving Target Defense (MTD) is an emerging security solution based on continuously changing attack surface thus makes it unpredictable for attackers. Cloud computing could leverage such MTD approaches to prevent its resources and services being compromised from an increasing number of attacks. Most of the existing MTD methods so far have focused on devising subtle strategies for attack surface mitigation, and only a few have evaluated the effectiveness of different MTD techniques deployed in systems. We conducted an in-depth study, based on realistic simulations done on a cloud environment, on the effects of security and reliability for three different MTD techniques: (i) Shuffle, (ii) Redundancy, and (iii) the combination of Shuffle and Redundancy. For comparisons, we use a formal scalable security model to analyse the effectiveness of the MTD techniques. Moreover, we adopt Network Centrality Measures to enhance the performance of security analysis to overcome the exponential computational complexity which is often seen in a large networked mode.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Al-Shaer, E.: Toward network configuration randomization for moving target defense. In: Jajodia, S., Ghosh, A., Swarup, V., Wang, C., Wang, X. (eds.) Moving Target Defense - Creating Asymmetric Uncertainty for Cyber Threats, vol. 54, pp. 153–159. Springer, New York (2011). https://doi.org/10.1007/978-1-4614-0977-9_9
Chatfield, B., Haddad, R.: Moving Target Defense Intrusion Detection System for IPv6 based smart grid advanced metering infrastructure. In: Proceedings of the IEEE SoutheastCon 2017, pp. 1–7, March 2017
He, M., Pang, S., Lavrov, D., Lu, D., Zhang, Y., Sarrafzadeh, A.: Reverse Replication of Virtual Machines (rRVM) for mow latency and high availability services. In: Proceedings of the 9th International Conference on Utility and Cloud Computing (UCC 2016), pp. 118–127. ACM (2016)
Hong, J.B., Kim, D.S.: Performance analysis of scalable attack representation models. In: Janczewski, L.J., Wolfe, H.B., Shenoi, S. (eds.) SEC 2013. IAICT, vol. 405, pp. 330–343. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39218-4_25
Hong, J.B., Kim, D.S.: Scalable security analysis in hierarchical attack representation model using centrality measures. In: Proceedings of the 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshop (DSN-W 2013), pp. 1–8 (2013)
Hong, J.B., Kim, D.S.: Assessing the effectiveness of moving target defenses using security models. IEEE Trans. Dependable Secure Comput. 13(2), 163–177 (2016)
Hong, J.B., Kim, D.S.: Towards scalable security analysis using multi-layered security models. J. Netw. Comput. Appl. 75(C), 156–168 (2016)
Jafarian, J., Al-Shaer, E., Duan, Q.: Openflow random host mutation: transparent moving target defense using software defined networking. In: Proceedings of the 1st Workshop on Hot Topics in Software Defined Networks (HotSDN 2012), pp. 127–132. ACM, New York (2012)
Jia, Q., Wang, H., Fleck, D., Li, F., Stavrou, A., Powell, W.: Catch me if you can: a cloud-enabled DDoS defense. In: Proceedings of the Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2014), pp. 264–275 (2014)
Kaynar, K., Sivrikaya, F.: Distributed attack graph generation. IEEE Trans. Dependable Secure Comput. 13(5), 519–532 (2016)
Peng, W., Li, F., Huang, C., Zou, X.: A moving-target defense strategy for cloud-based services with heterogeneous and dynamic attack surfaces. In: Proceedings of the IEEE International Conference on Communications (ICC 2014), pp. 804–809 (2014)
Sahner, R., Trivedi, K., Puliafito, A.: Performance and Reliability Analysis of Computer Systems: An Example-Based Approach Using the SHARPE Software Package. Springer, US (2012)
Zhang, L., Shetty, S., Liu, P., Jing, J.: Rootkitdet: practical end-to-end defense against kernel rootkits in a cloud environment. In: Proceedings of the European Symposium on Research in Computer Security (ESORICS 2014), pp. 475–493 (2014)
Zhang, Y., Li, M., Bai, K., Yu, M., Zang, W.: Incentive compatible moving target defense against VM-colocation attacks in clouds. In: Proceedings of the 27th IFIP Information Security and Privacy Conference (SEC 2012), pp. 388–399 (2012)
Acknowledgment
This paper was made possible by Grant NPRP 8-531-1-111 from Qatar National Research Fund (QNRF). The statements made herein are solely the responsibility of the authors.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Alavizadeh, H., Kim, D.S., Hong, J.B., Jang-Jaccard, J. (2017). Effective Security Analysis for Combinations of MTD Techniques on Cloud Computing (Short Paper). In: Liu, J., Samarati, P. (eds) Information Security Practice and Experience. ISPEC 2017. Lecture Notes in Computer Science(), vol 10701. Springer, Cham. https://doi.org/10.1007/978-3-319-72359-4_32
Download citation
DOI: https://doi.org/10.1007/978-3-319-72359-4_32
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-72358-7
Online ISBN: 978-3-319-72359-4
eBook Packages: Computer ScienceComputer Science (R0)