Evaluation for Combination of Shuffle and Diversity on Moving Target Defense Strategy for Cloud Computing

Moving Target Defence (MTD) has been recently proposed and is an emerging proactive approach which provides an asynchronous defensive strategies. Unlike traditional security solutions that focused on removing vulnerabilities, MTD makes a system dynamic and unpredictable by continuously changing attack surface to confuse attackers. MTD can be utilized in cloud computing to address the cloud's security-related problems. There are many literature proposing MTD methods in various contexts, but it still lacks approaches to evaluate the effectiveness of proposed MTD method. In this paper, we proposed a combination of Shuffle and Diversity MTD techniques and investigate on the effects of deploying these techniques from two perspectives lying on two groups of security metrics (i) system risk: which is the cloud providers' perspective and (ii) attack cost and return on attack: which are attacker's point of view. Moreover, we utilize a scalable Graphical Security Model (GSM) to enhance the security analysis complexity. Finally, we show that combining MTD techniques can improve both aforementioned two groups of security metrics while individual technique cannot.

[1]  Mohamed Eltoweissy,et al.  ChameleonSoft: A moving target defense system , 2011, 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom).

[2]  Jin B. Hong,et al.  Assessing the Effectiveness of Moving Target Defenses Using Security Models , 2016, IEEE Transactions on Dependable and Secure Computing.

[3]  Abdul Jabbar,et al.  Path diversification for future internet end-to-end resilience and survivability , 2014, Telecommun. Syst..

[4]  Jin B. Hong,et al.  HARMs: Hierarchical Attack Representation Models for Network Security Analysis , 2012, AISM 2012.

[5]  Fikret Sivrikaya,et al.  Distributed Attack Graph Generation , 2016, IEEE Transactions on Dependable and Secure Computing.

[6]  Cristina Nita-Rotaru,et al.  Increasing Network Resiliency by Optimally Assigning Diverse Variants to Routing Nodes , 2015, IEEE Trans. Dependable Secur. Comput..

[7]  Rami J. Haddad,et al.  Moving Target Defense Intrusion Detection System for IPv6 based smart grid advanced metering infrastructure , 2017, SoutheastCon 2017.

[8]  Julian Jang,et al.  Effective Security Analysis for Combinations of MTD Techniques on Cloud Computing (Short Paper) , 2017, ISPEC.

[9]  Marco Cremonini,et al.  Evaluating Information Security Investments from Attackers Perspective: the Return-On-Attack (ROA) , 2005, WEIS.

[10]  Karen Scarfone,et al.  Common Vulnerability Scoring System , 2006, IEEE Security & Privacy.

[11]  Cheng Lei,et al.  Network moving target defense technique based on collaborative mutation , 2017, Comput. Secur..

[12]  Chao Yang,et al.  NOMAD: Towards non-intrusive moving-target defense against web bots , 2013, 2013 IEEE Conference on Communications and Network Security (CNS).

[13]  Anh Nguyen-Tuong,et al.  Effectiveness of Moving Target Defenses , 2011, Moving Target Defense.

[14]  Ghassan O. Karame,et al.  Enabling secure VM-vTPM migration in private clouds , 2011, ACSAC '11.

[15]  Chin-Tser Huang,et al.  A moving-target defense strategy for Cloud-based services with heterogeneous and dynamic attack surfaces , 2014, 2014 IEEE International Conference on Communications (ICC).

[16]  Sushil Jajodia,et al.  A moving target defense approach to mitigate DDoS attacks against proxy-based architectures , 2016, 2016 IEEE Conference on Communications and Network Security (CNS).

[17]  COVER FE ATURE MOVING TOWARD TRUSTWORTHY SYSTEMS: R&D ESSENTIALS , 2010 .

[18]  Pratyusa K. Manadhata,et al.  Game Theoretic Approaches to Attack Surface Shifting , 2013, Moving Target Defense.

[19]  Fei Li,et al.  Catch Me If You Can: A Cloud-Enabled DDoS Defense , 2014, 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[20]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[21]  Ehab Al-Shaer,et al.  Toward Network Configuration Randomization for Moving Target Defense , 2011, Moving Target Defense.

[22]  Yuan Zhang,et al.  Reverse Replication of Virtual Machines (rRVM) for Low Latency and High Availability Services , 2016, 2016 IEEE/ACM 9th International Conference on Utility and Cloud Computing (UCC).