Modeling Virtual Machine Migration as a Security Mechanism by using Continuous-Time Markov Chain Model

In Cloud Computing Environment, using only static security measures didn't mitigate the attack considerably. Hence, deployment of sophisticated methods by the attackers to understand the network topology of complex network makes the task easier. For this reason, the use of dynamic security measure as virtual machine (VM) migration increases uncertainty to locate a virtual machine in a dynamic attack surface. Although this, not all VM's migration enhances security. Indeed, the destination server to host the VM should be selected precisely in order to avoid externality and attack at the same time. In this paper, we model migration in cloud environment by using continuous Markov Chain. Then, we analyze the probability of a VM to be compromised based on the destination server parameters. Finally, we provide some numerical results to show the effectiveness of our approach in term of avoiding intrusion.

[1]  Dong Seong Kim,et al.  A Game Theoretic approach based virtual machine migration for cloud environment security , 2017, Int. J. Commun. Networks Inf. Secur..

[2]  Minghui Zhu,et al.  Comparing Different Moving Target Defense Techniques , 2014, MTD '14.

[3]  Fei Li,et al.  Towards Cost-Effective Moving Target Defense Against DDoS and Covert Channel Attacks , 2016, MTD@CCS.

[4]  Sajjan G. Shiva,et al.  Automated Live Migration in OpenStack:A Moving Target Defense Solution , 2017 .

[5]  Dimitrios Zissis,et al.  Addressing cloud computing security issues , 2012, Future Gener. Comput. Syst..

[6]  Kevin M. Carter,et al.  A Game Theoretic Approach to Strategy Determination for Dynamic Platform Defenses , 2014, MTD '14.

[7]  Yanpei Chen,et al.  What's New About Cloud Computing Security? , 2010 .

[8]  Chin-Tser Huang,et al.  A moving-target defense strategy for Cloud-based services with heterogeneous and dynamic attack surfaces , 2014, 2014 IEEE International Conference on Communications (ICC).

[9]  Min Zhu,et al.  B4: experience with a globally-deployed software defined wan , 2013, SIGCOMM.

[10]  Ehab Al-Shaer,et al.  Openflow random host mutation: transparent moving target defense using software defined networking , 2012, HotSDN '12.

[11]  AnuarNor Badrul,et al.  Service delivery models of cloud computing , 2016 .

[12]  Maolin Tang,et al.  A penalty-based genetic algorithm for the composite SaaS placement problem in the Cloud , 2010, IEEE Congress on Evolutionary Computation.

[13]  Francesco Palmieri,et al.  Stackelberg games for modeling defense scenarios against cloud security threats , 2018, J. Netw. Comput. Appl..

[14]  Cheng Lei,et al.  Optimal Strategy Selection for Moving Target Defense Based on Markov Game , 2017, IEEE Access.

[15]  Gail-Joon Ahn,et al.  Security and Privacy Challenges in Cloud Computing Environments , 2010, IEEE Security & Privacy.

[16]  Mohammad Hossein Manshaei,et al.  A cost-effective security management for clouds: A game-theoretic deception mechanism , 2017, 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM).

[17]  Jin B. Hong,et al.  Assessing the Effectiveness of Moving Target Defenses Using Security Models , 2016, IEEE Transactions on Dependable and Secure Computing.