Online Smart Disguise: real-time diversification evading coresidency-based cloud attacks

Security is a major challenge in Cloud Computing. In this paper, we propose an Online Smart Disguise Framework (OSDF). OSDF employs dynamic, proactive, real-time moving-target defense against cloud attacks. OSDF relies on two main pillars. The first, is a behavior obscuring module that frequently live-migrates virtual machines (VMs) between heterogeneously configured compute nodes to avoid co-residency and virtualization based attacks. The second module limits attack dispersion between same-host VMs by migrating maliciously behaving VMs to remote isolated compute node acting as a quarantine zone. The second module is guided by a smart intrusion detection system that monitors the VM system calls searching for suspicious activities. To evaluate OSDF efficiency and effectiveness on limiting attack dispersion, we devised the vulnerable, exposed, attacked, recovered model based on the susceptible, exposed, infected, recovered (SEIR) epidemic model. The SEIR model is an epidemiological model commonly used to investigate disease dispersion on cooperative communities. The implementation of OSDF is tested on OpenStack private cloud. Simulation results show the effectiveness of OSDF MTD approach in decreasing the number of attacked VMs even for fast-spreading worms. Furthermore, NAS Parallel Benchmark is used to evaluate OSDF efficiency for cloud-hosted VMs running both stateful and stateless applications.

[1]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[2]  T. Chiueh,et al.  A Survey on Virtualization Technologies , 2005 .

[3]  Taesoo Kim,et al.  STEALTHMEM: System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud , 2012, USENIX Security Symposium.

[4]  T. Charles Clancy,et al.  Intrusion Detection System for Applications Using Linux Containers , 2015, STM.

[5]  Wei Hu,et al.  Moving target defense: state of the art and characteristics , 2016, Frontiers of Information Technology & Electronic Engineering.

[6]  Mohamed Almorsy,et al.  CloudSec: A security monitoring appliance for Virtual Machines in the IaaS cloud model , 2011, 2011 5th International Conference on Network and System Security.

[7]  Mohamed Eltoweissy,et al.  MIGRATE: Towards a Lightweight Moving-Target Defense Against Cloud Side-Channels , 2016, 2016 IEEE Security and Privacy Workshops (SPW).

[8]  Michael K. Reiter,et al.  Düppel: retrofitting commodity operating systems to mitigate cache side channels in the cloud , 2013, CCS.

[9]  H. Mouftah,et al.  Virtual Machine Migration in Cloud Computing Environments : Benefits , Challenges , and Approaches , 2013 .

[10]  Hamed Okhravi,et al.  Creating a cyber moving target for critical infrastructure applications using platform diversity , 2012, Int. J. Crit. Infrastructure Prot..

[11]  Salvatore J. Stolfo,et al.  Data Mining Approaches for Intrusion Detection , 1998, USENIX Security Symposium.

[12]  Rajkumar Buyya,et al.  Article in Press Future Generation Computer Systems ( ) – Future Generation Computer Systems Cloud Computing and Emerging It Platforms: Vision, Hype, and Reality for Delivering Computing as the 5th Utility , 2022 .

[13]  Muttukrishnan Rajarajan,et al.  A survey on security issues and solutions at different layers of Cloud computing , 2013, The Journal of Supercomputing.

[14]  Anh Nguyen-Tuong,et al.  Effectiveness of Moving Target Defenses , 2011, Moving Target Defense.

[15]  A. S. Carstea,et al.  Extending the SIR epidemic model , 2004 .

[16]  Vyas Sekar,et al.  Nomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration , 2015, CCS.

[17]  Rajkumar Buyya,et al.  Deploying OpenStack on CentOS Using the KVM Hypervisor and GlusterFS Distributed File System , 2012 .

[18]  Pankaj Deep Kaur,et al.  Virtual Machine Migration in Cloud Computing , 2015 .

[19]  Mohamed Eltoweissy,et al.  ChameleonSoft: Software Behavior Encryption for Moving Target Defense , 2013, Mob. Networks Appl..

[20]  A. B. M. Shawkat Ali,et al.  A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing , 2012, Future Gener. Comput. Syst..

[21]  Eduardo B. Fernández,et al.  An analysis of security issues for cloud computing , 2013, Journal of Internet Services and Applications.

[22]  Abdelwahab Hamou-Lhadj,et al.  A host-based anomaly detection approach by representing system calls as states of kernel modules , 2013, 2013 IEEE 24th International Symposium on Software Reliability Engineering (ISSRE).

[23]  Sabela Ramos,et al.  Performance analysis of HPC applications in the cloud , 2013, Future Gener. Comput. Syst..

[24]  Siani Pearson,et al.  Privacy Risk, Security, Accountability in the Cloud , 2013, 2013 IEEE 5th International Conference on Cloud Computing Technology and Science.

[25]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .