Anonymous blockchain Based Routing For Moving-target Defense Across Federated Clouds

Cloud federation is the evolution of modern cloud computing. It provides better resource-sharing, perfect resourceutilization, and load-balancing. However, the heterogeneity of security policies and configurations between cloud service providers makes it hard for users to totally trust them. Further, the severe impact of modern cloud attacks such as cross-side channels on federated environments is a major roadblock against such evolution. Securing users’ capsules (Virtual Machines and containers) against cross-side channel attacks is considered as a big challenge to cloud service providers. Moving-target Defense (MtD) by live capsule migration was introduced as an effective mechanism to overcome such challenge. However, researchers noted that even with MtD, migrated capsules can still be tracked via routing information. In this paper, we propose a novel Blockchain-based routing mechanism to enable trace-resistant Moving-target Defence (BMtD) to enable anonymous live cross-cloud migrations of running capsules in federated cloud environments. Exploiting the Vulnerable, Exposed, Attacked, Recovered (VEAR) model, simulation results demonstrated the effectiveness of BMtD in minimizing viral attack dispersion.

[1]  Sachin Shetty,et al.  ProvChain: A Blockchain-Based Data Provenance Architecture in Cloud Environment with Enhanced Privacy and Availability , 2017, 2017 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID).

[2]  Michael K. Reiter,et al.  Cross-VM side channels and their use to extract private keys , 2012, CCS.

[3]  Jörn Altmann,et al.  Cost model based service placement in federated hybrid clouds , 2014, Future Gener. Comput. Syst..

[4]  Vyas Sekar,et al.  Nomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration , 2015, CCS.

[5]  Martin Gilje Jaatun,et al.  Thunder in the Clouds: Security challenges and solutions for federated Clouds , 2012, 4th IEEE International Conference on Cloud Computing Technology and Science Proceedings.

[6]  Mohamed Azab,et al.  Online Smart Disguise: real-time diversification evading coresidency-based cloud attacks , 2018, Cluster Computing.

[7]  Mohamed Eltoweissy,et al.  Towards Online Smart Disguise: Real-Time Diversification Evading Co-Residency Based Cloud Attacks , 2017, 2017 IEEE 3rd International Conference on Collaboration and Internet Computing (CIC).

[8]  Marcos A. Simplício,et al.  A Quantitative Analysis of Current Security Concerns and Solutions for Cloud Computing , 2011, CloudCom.

[9]  Mohamed Eltoweissy,et al.  MIGRATE: Towards a Lightweight Moving-Target Defense Against Cloud Side-Channels , 2016, 2016 IEEE Security and Privacy Workshops (SPW).

[10]  A. S. Carstea,et al.  Extending the SIR epidemic model , 2004 .