Abstract
Users usually focus on the application-level requirements which are quite friendly and direct to them. However, there are no existing tools automating the application-level requirements to infrastructure provisioning and application deployment. Although some security issues have been solved during the development phase, the undiscovered vulnerabilities remain hidden threats to the application’s security. Cyberspace mimic defense (CMD) technologies can help to enhance the application’s security despite the existence of the vulnerability. In this paper, the concept of SECurity-as-a-Service (SECaaS) is proposed with CMD technologies in cloud environments. The experiment on it was implemented. It is found that the application’s security is greatly improved to meet the user’s security and performance requirements within budgets through SECaaS. The experimental results show that SECaaS can help the users to focus on application-level requirements (monetary costs, required security level, etc.) and automate the process of application orchestration.
This research is supported by National Key Research and Development Program of China (2017YFB0803202), Major Scientific Research Project of Zhejiang Lab (No. 2018FD0ZX01), National Core Electronic Devices, High-end Generic Chips and Basic Software Major Projects (2017ZX01030301)and the National Natural Science Foundation of China (No. 61309020) and the National Natural Science Fund for Creative Research Groups Project (No. 61521003).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Chen, Z., Cui, G., Zhang, L., et al.: Optimal strategy for cyberspace mimic defense based on game theory. IEEE Access PP(99), 1 (2021)
Jajodia, S., Ghosh, A.K., Swarup, V., et al.: Moving Target Defense. Springer, New York (2011). https://doi.org/10.1007/978-1-4614-0977-9
Voulimeneas, A., Song, D., Larsen, P., Franz, M., Volckaert, S.: dMVX: secure and efficient multi-variant execution in a distributed setting. In: 14th European Workshop on Systems Security (EuroSec 2021), Edinburgh, Scotland, April 2021
OllyDbg. http://www.ollydbg.de/
Voulimeneas, A., et al.: Distributed heterogeneous N-variant execution. In: 17th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA 2020), Lisbon, Portugal, June 2020
Evtyushkin, D., Ponomarev, D., Abu-Ghazaleh, N.: Jump over ASLR: attacking branch predictors to bypass ASLR. In: IEEE/ACM International Symposium on Microarchitecture ACM (2016)
Borrello, P., Coppa, E., D’Elia, D.C.: Hiding in the particles: when return-oriented programming meets program obfuscation. In: 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2021). IEEE (2021)
Banescu, S., Collberg, C., Pretschner, A.: Predicting the resilience of obfuscated code against symbolic execution attacks via machine learning. In: 26th USENIX Security Symposium (USENIX Security 17), pp. 661–678 (2017)
Koschel, J., Giuffrida, C., Bos, H., Razavi, K.: TagBleed: breaking KASLR on the isolated kernel address space using tagged TLBs. In: EuroS&P, September 2020
Sun, Y., Nanda, S., Jaeger, T.: Security-as-a-service for microservices-based cloud applications. In: 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom), pp. 50–57. IEEE (2015)
Banescu, S., Pretschner, A.: A tutorial on software obfuscation. Adv. Comput. 108, 283–353 (2018)
Koo, H., Chen, Y., Lu, L., Kemerlis, V.P., Polychronakis, M.: Compiler-assisted code randomization. In: IEEE Symposium on Security and Privacy (SP), San Francisco, CA, vol. 2018, pp. 461–477 (2018). https://doi.org/10.1109/SP.2018.00029
Cox, B., Evans, D., Filipi, A., et al.: N-variant systems: a secretless framework for security through diversity. In: USENIX Security Symposium, pp. 105–120 (2006)
Volckaert, Stijn, De Sutter, Bjorn, De Baets, Tim, De Bosschere, Koen: GHUMVEE: efficient, effective, and flexible replication. In: Garcia-Alfaro, Joaquin, Cuppens, Frédéric., Cuppens-Boulahia, Nora, Miri, Ali, Tawbi, Nadia (eds.) FPS 2012. LNCS, vol. 7743, pp. 261–277. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-37119-6_17
Junchao, W., et al.: A framework for multi-variant execution environment. J. Phys. Conf. Ser. 1325(1), 012005 (2019)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Wang, J., Pang, J., Wei, J. (2021). Security-as-a-Service with Cyberspace Mimic Defense Technologies in Cloud. In: Zeng, J., Qin, P., Jing, W., Song, X., Lu, Z. (eds) Data Science. ICPCSEE 2021. Communications in Computer and Information Science, vol 1452. Springer, Singapore. https://doi.org/10.1007/978-981-16-5943-0_11
Download citation
DOI: https://doi.org/10.1007/978-981-16-5943-0_11
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-16-5942-3
Online ISBN: 978-981-16-5943-0
eBook Packages: Computer ScienceComputer Science (R0)