Mayflies: A Moving Target Defense Framework for Distributed Systems

prevent attackers from gaining control of the system using well established techniques such as; perimeter-based fire walls, redundancy and replications, and encryption. However, given sufficient time and resources, all these methods can be defeated. Moving Target Defense (MTD), is a defensive strategy that aims to reduce the need to continuously fight against attacks by disrupting attackers gain-loss balance. We present Mayflies, a bio-inspired generic MTD framework for distributed systems on virtualized cloud platforms. The framework enables systems designed to defend against attacks for their entire runtime to systems that avoid attacks in time intervals. We discuss the design, algorithms and the implementation of the framework prototype. We illustrate the prototype with a quorum-based Byzantime Fault Tolerant system and report the preliminary results.

[1]  David Evans,et al.  N-Variant Systems: A Secretless Framework for Security through Diversity , 2006, USENIX Security Symposium.

[2]  Tal Garfinkel,et al.  A Virtual Machine Introspection Based Architecture for Intrusion Detection , 2003, NDSS.

[3]  Yue Chen,et al.  Remix: On-demand Live Randomization , 2016, CODASPY.

[4]  Jeannette M. Wing,et al.  An Attack Surface Metric , 2011, IEEE Transactions on Software Engineering.

[5]  Lei Xu,et al.  Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures , 2015, NDSS.

[6]  Liming Chen,et al.  N-VERSION PROGRAMMINC: A FAULT-TOLERANCE APPROACH TO RELlABlLlTY OF SOFTWARE OPERATlON , 1995, Twenty-Fifth International Symposium on Fault-Tolerant Computing, 1995, ' Highlights from Twenty-Five Years'..

[7]  B. W. Sweeney,et al.  POPULATION SYNCHRONY IN MAYFLIES: A PREDATOR SATIATION HYPOTHESIS , 1982, Evolution; international journal of organic evolution.

[8]  Jari-Matti Mäkelä,et al.  Diversification of System Calls in Linux Binaries , 2014, INTRUST.

[9]  Ehab Al-Shaer,et al.  Openflow random host mutation: transparent moving target defense using software defined networking , 2012, HotSDN '12.

[10]  Golden G. Richard,et al.  ModChecker: Kernel Module Integrity Checking in the Cloud Environment , 2012, 2012 41st International Conference on Parallel Processing Workshops.

[11]  Cristiano Giuffrida,et al.  Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization , 2012, USENIX Security Symposium.

[12]  Bharat K. Bhargava,et al.  Towards Targeted Intrusion Detection Deployments in Cloud Computing , 2015, Int. J. Next Gener. Comput..

[13]  Sushil Jajodia,et al.  Moving Target Defense - Creating Asymmetric Uncertainty for Cyber Threats , 2011, Moving Target Defense.

[14]  Ronald L. Rivest,et al.  Defending against the Unknown Enemy: Applying FlipIt to System Security , 2012, GameSec.

[15]  Jeffrey M. Bradshaw,et al.  A human-agent teamwork command and control framework for moving target defense (MTC2) , 2013, CSIIRW '13.

[16]  Alysson Neves Bessani,et al.  State Machine Replication for the Masses with BFT-SMART , 2014, 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[17]  David H. Ackley,et al.  Building diverse computer systems , 1997, Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133).

[18]  Ian C. Campbell,et al.  Mayflies and Stoneflies: Life Histories and Biology , 1990, Series Entomologica.

[19]  Angelos D. Keromytis,et al.  Fast and practical instruction-set randomization for commodity systems , 2010, ACSAC '10.

[20]  H. Okhravi,et al.  TALENT : Dynamic Platform Heterogeneity for Cyber Survivability of Mission Critical Applications ∗ , 2010 .