Skip to main content
SpringerLink
Log in

Security-as-a-Service with Cyberspace Mimic Defense Technologies in Cloud

  • Conference paper
  • First Online:
Data Science (ICPCSEE 2021)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1452))

Abstract

Users usually focus on the application-level requirements which are quite friendly and direct to them. However, there are no existing tools automating the application-level requirements to infrastructure provisioning and application deployment. Although some security issues have been solved during the development phase, the undiscovered vulnerabilities remain hidden threats to the application’s security. Cyberspace mimic defense (CMD) technologies can help to enhance the application’s security despite the existence of the vulnerability. In this paper, the concept of SECurity-as-a-Service (SECaaS) is proposed with CMD technologies in cloud environments. The experiment on it was implemented. It is found that the application’s security is greatly improved to meet the user’s security and performance requirements within budgets through SECaaS. The experimental results show that SECaaS can help the users to focus on application-level requirements (monetary costs, required security level, etc.) and automate the process of application orchestration.

This research is supported by National Key Research and Development Program of China (2017YFB0803202), Major Scientific Research Project of Zhejiang Lab (No. 2018FD0ZX01), National Core Electronic Devices, High-end Generic Chips and Basic Software Major Projects (2017ZX01030301)and the National Natural Science Foundation of China (No. 61309020) and the National Natural Science Fund for Creative Research Groups Project (No. 61521003).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Chen, Z., Cui, G., Zhang, L., et al.: Optimal strategy for cyberspace mimic defense based on game theory. IEEE Access PP(99), 1 (2021)

    Google Scholar 

  2. Jajodia, S., Ghosh, A.K., Swarup, V., et al.: Moving Target Defense. Springer, New York (2011). https://doi.org/10.1007/978-1-4614-0977-9

  3. Voulimeneas, A., Song, D., Larsen, P., Franz, M., Volckaert, S.: dMVX: secure and efficient multi-variant execution in a distributed setting. In: 14th European Workshop on Systems Security (EuroSec 2021), Edinburgh, Scotland, April 2021

    Google Scholar 

  4. OllyDbg. http://www.ollydbg.de/

  5. IDA Pro. https://www.hex-rays.com/products/ida/

  6. Voulimeneas, A., et al.: Distributed heterogeneous N-variant execution. In: 17th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA 2020), Lisbon, Portugal, June 2020

    Google Scholar 

  7. Evtyushkin, D., Ponomarev, D., Abu-Ghazaleh, N.: Jump over ASLR: attacking branch predictors to bypass ASLR. In: IEEE/ACM International Symposium on Microarchitecture ACM (2016)

    Google Scholar 

  8. Borrello, P., Coppa, E., D’Elia, D.C.: Hiding in the particles: when return-oriented programming meets program obfuscation. In: 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2021). IEEE (2021)

    Google Scholar 

  9. Banescu, S., Collberg, C., Pretschner, A.: Predicting the resilience of obfuscated code against symbolic execution attacks via machine learning. In: 26th USENIX Security Symposium (USENIX Security 17), pp. 661–678 (2017)

    Google Scholar 

  10. Koschel, J., Giuffrida, C., Bos, H., Razavi, K.: TagBleed: breaking KASLR on the isolated kernel address space using tagged TLBs. In: EuroS&P, September 2020

    Google Scholar 

  11. Sun, Y., Nanda, S., Jaeger, T.: Security-as-a-service for microservices-based cloud applications. In: 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom), pp. 50–57. IEEE (2015)

    Google Scholar 

  12. Banescu, S., Pretschner, A.: A tutorial on software obfuscation. Adv. Comput. 108, 283–353 (2018)

    Article  Google Scholar 

  13. Koo, H., Chen, Y., Lu, L., Kemerlis, V.P., Polychronakis, M.: Compiler-assisted code randomization. In: IEEE Symposium on Security and Privacy (SP), San Francisco, CA, vol. 2018, pp. 461–477 (2018). https://doi.org/10.1109/SP.2018.00029

  14. Cox, B., Evans, D., Filipi, A., et al.: N-variant systems: a secretless framework for security through diversity. In: USENIX Security Symposium, pp. 105–120 (2006)

    Google Scholar 

  15. Volckaert, Stijn, De Sutter, Bjorn, De Baets, Tim, De Bosschere, Koen: GHUMVEE: efficient, effective, and flexible replication. In: Garcia-Alfaro, Joaquin, Cuppens, Frédéric., Cuppens-Boulahia, Nora, Miri, Ali, Tawbi, Nadia (eds.) FPS 2012. LNCS, vol. 7743, pp. 261–277. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-37119-6_17

    Chapter  Google Scholar 

  16. Junchao, W., et al.: A framework for multi-variant execution environment. J. Phys. Conf. Ser. 1325(1), 012005 (2019)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. State Key Laboratory of Mathematical Engineering and Advanced Computing, ZhengZhou, China

    Junchao Wang & Jianmin Pang

  2. School of Computer Science, Fudan University, Shanghai, China

    Jin Wei

  3. Shanghai Key Laboratory of Data Science, Fudan University, Shanghai, China

    Jin Wei

Authors
  1. Junchao Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jianmin Pang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jin Wei
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. North University of China, Taiyuan, China

    Jianchao Zeng

  2. North University of China, Taiyuan, China

    Pinle Qin

  3. Northeast Forestry University, Harbin, China

    Weipeng Jing

  4. Harbin University of Science and Technology, Harbin, China

    Xianhua Song

  5. National Academy of Guo Ding Institute of Data Science, Beijing, China

    Zeguang Lu

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wang, J., Pang, J., Wei, J. (2021). Security-as-a-Service with Cyberspace Mimic Defense Technologies in Cloud. In: Zeng, J., Qin, P., Jing, W., Song, X., Lu, Z. (eds) Data Science. ICPCSEE 2021. Communications in Computer and Information Science, vol 1452. Springer, Singapore. https://doi.org/10.1007/978-981-16-5943-0_11

Download citation

  • DOI: https://doi.org/10.1007/978-981-16-5943-0_11

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-16-5942-3

  • Online ISBN: 978-981-16-5943-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation