Evaluating the Security and Economic Effects of Moving Target Defense Techniques on the Cloud

09/04/2020
by   Hooman Alavizadeh, et al.
0

Moving Target Defense (MTD) is a proactive security mechanism which changes the attack surface aiming to confuse attackers. Cloud computing leverages MTD techniques to enhance cloud security posture against cyber threats. While many MTD techniques have been applied to cloud computing, there has not been a joint evaluation of the effectiveness of MTD techniques with respect to security and economic metrics. In this paper, we first introduce mathematical definitions for the combination of three MTD techniques: Shuffle, Diversity, and Redundancy. Then, we utilize four security metrics including system risk, attack cost, return on attack, and reliability to assess the effectiveness of the combined MTD techniques applied to large-scale cloud models. Secondly, we focus on a specific context based on a cloud model for E-health applications to evaluate the effectiveness of the MTD techniques using security and economic metrics. We introduce (1) a strategy to effectively deploy Shuffle MTD technique using a virtual machine placement technique and (2) two strategies to deploy Diversity MTD technique through operating system diversification. As deploying Diversity incurs cost, we formulate the Optimal Diversity Assignment Problem (O-DAP) and solve it as a binary linear programming model to obtain the assignment which maximizes the expected net benefit.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
04/03/2019

An Automated Security Analysis Framework and Implementation for Cloud

Cloud service providers offer their customers with on-demand and cost-ef...
research
09/03/2019

Towards Models for Availability and Security Evaluation of Cloud Computing with Moving Target Defense

Security is one of the most relevant concerns in cloud computing. With t...
research
04/30/2022

Effective Security by Obscurity

"Security by obscurity" is a bromide which is frequently applied to unde...
research
12/23/2018

Markov Game Modeling of Moving Target Defense for Strategic Detection of Threats in Cloud Networks

The processing and storage of critical data in large-scale cloud network...
research
12/03/2019

On the (In)security of Approximate Computing Synthesis

The broad landscape of new applications requires minimal hardware resour...
research
04/29/2020

Economic-Driven Strategies for Virtual Machine Allocation in Cloud Data Center

In the cloud environment, applications have different requirements and p...
research
03/06/2023

Resource-aware Cyber Deception in Cloud-Native Environments

Cyber deception can be a valuable addition to traditional cyber defense ...

Please sign up or login with your details

Forgot password? Click here to reset