Comprehensive Security Assessment of Combined MTD Techniques for the Cloud

作者: Hooman Alavizadeh , Jin B. Hong , Julian Jang-Jaccard , Dong Seong Kim

DOI: 10.1145/3268966.3268967

关键词: Cloud computingScalabilitySecurity assessmentReliability engineeringRedundancy (engineering)Computer scienceSecurity analysis

摘要: Moving Target Defense (MTD) is a proactive security solution, which can be utilized by cloud computing in order to thwart cyber attacks. Many MTD techniques have been proposed, but there still lack of systematic evaluation methods for assessing the effectiveness proposed techniques, especially when multiple are used combinations. In this paper, we aim address aforementioned issue proposing an approach modeling and analysis techniques. We consider four metrics: system risk, attack cost, return on attack, availability quantify before after deploying Moreover, propose Diversity technique deploy OS diversification with various variants VMs also combined Shuffle, Diversity, Redundancy improve cloud. analyze metrics show them. utilize importance measures based network centrality into phase scalability evaluation.

参考文章(34)
Mihai Christodorescu, Matthew Fredrikson, Somesh Jha, Jonathon Giffin, End-to-End Software Diversification of Internet Services Moving Target Defense. pp. 117- 130 ,(2011) , 10.1007/978-1-4614-0977-9_7
Joost R. Santos, Yacov Y. Haimes, Chenyang Lian, A Framework for Linking Cybersecurity Metrics to the Modeling of Macroeconomic Interdependencies Risk Analysis. ,vol. 27, pp. 1283- 1297 ,(2007) , 10.1111/J.1539-6924.2007.00957.X
Fida Gillani, Ehab Al-Shaer, Samantha Lo, Qi Duan, Mostafa Ammar, Ellen Zegura, Agile virtualized infrastructure to proactively defend against cyber attacks 2015 IEEE Conference on Computer Communications (INFOCOM). pp. 729- 737 ,(2015) , 10.1109/INFOCOM.2015.7218442
Jafar Haadi Jafarian, Ehab Al-Shaer, Qi Duan, An Effective Address Mutation Approach for Disrupting Reconnaissance Attacks IEEE Transactions on Information Forensics and Security. ,vol. 10, pp. 2562- 2577 ,(2015) , 10.1109/TIFS.2015.2467358
Marthony Taguinod, Adam Doupe, Ziming Zhao, Gail-Joon Ahn, Toward a Moving Target Defense for Web Applications information reuse and integration. pp. 510- 517 ,(2015) , 10.1109/IRI.2015.84
Eric Yuan, Sam Malek, Bradley Schmerl, David Garlan, Jeff Gennari, Architecture-based self-protecting software systems Proceedings of the 9th international ACM Sigsoft conference on Quality of software architectures - QoSA '13. pp. 33- 42 ,(2013) , 10.1145/2465478.2465479
Boris Danev, Ramya Jayaram Masti, Ghassan O. Karame, Srdjan Capkun, Enabling secure VM-vTPM migration in private clouds annual computer security applications conference. pp. 187- 196 ,(2011) , 10.1145/2076732.2076759
Justin P. Rohrer, Abdul Jabbar, James P. G. Sterbenz, Path diversification for future internet end-to-end resilience and survivability Telecommunication Systems. ,vol. 56, pp. 49- 67 ,(2014) , 10.1007/S11235-013-9818-7
Jafar Haadi Jafarian, Ehab Al-Shaer, Qi Duan, Openflow random host mutation: transparent moving target defense using software defined networking acm special interest group on data communication. pp. 127- 132 ,(2012) , 10.1145/2342441.2342467