Effective security analysis for combinations of MTD techniques on cloud computing : a thesis submitted in partial fulfilment of the requirements for the degree of Doctor of Philosophy (Ph.D.) in Computer Science, Massey University

Thumbnail Image
Open Access Location
Alavizadeh, Hooman
Journal Title
Journal ISSN
Volume Title
Massey University
The Author
Moving Target Defense (MTD) is an emerging security mechanism that can introduce a dynamic defensive layer for a given system by changing the attack surface. MTD techniques are useful to address security issues in cloud computing. MTD techniques are classified into three main categories: Shuffle, Diversity, and Redundancy. Shuffle MTD techniques can rearrange the system's components (e.g., IP mutation). They confuse the attackers by hardening the reconnaissance process and wasting the information collected by the attackers. Diversity MTD techniques change the variants of a system's component (e.g., operating systems), which makes an attack more difficult and costly because the attackers encounter a new set of vulnerabilities. Redundancy MTD techniques increase the system components' replicas. They can be used to increase system dependability (e.g., reliability or availability) by providing redundant ways of providing the same services when some system components are compromised. Since deploying each MTD technique may affect the others and also have different effects on the system (e.g., one can enhance the security and another can provide service's availability), it is important to combine MTD techniques in such a way that they can support each other directly or indirectly. This research first conducts an extensive survey of MTD literature to realize and summarize the key limitations of the current MTD studies. We reveal that (i) there is a lack of investigation on the combination of MTD techniques, (ii) relatively less effort has been made to evaluate the effectiveness of MTD techniques using security analysis, and (iii) there is a shortcoming in the validation of MTD techniques on more realistic cloud testbeds. We focus on the theoretical aspects of combining MTD techniques and provide formalization to combine MTD techniques in order to address those limitations. First, we achieve this by combining Shuffle and Redundancy to find a trade-off between System Risk and Reliability. Then, we provide a formal mathematical definition to combine Shuffle and Diversity to increase security while narrowing the scope for potential attacks. We evaluate the effectiveness of the proposed combined techniques using Graphical Security Models (GSMs) and incorporating various security metrics. We extend the combination of MTD techniques by including Redundancy besides Shuffle and Diversity. We perform an in-depth analysis on combining those MTD techniques to find out a trade-off between security alongside the reliability of the cloud. We show that if those MTD techniques are combined properly, it not only improves the cloud's security posture but also it increases the reliability of the cloud. Moreover, we study the economic metrics to show how MTD techniques can be deployed in a cost effective way. We also propose an Optimal Diversity Assignment Problem (O-DAP) to find the optimal solution for deploying Diversity over cloud. Finally, we design and develop an automated cloud security framework to evaluate the cloud security posture and adapt MTD techniques on the real cloud platform. We demonstrate the feasibility, adaptability, and usability of implementing MTD techniques on UniteCloud which is a real private cloud platform.
Listed in 2020 Dean's List of Exceptional Theses
Cloud computing, Computer networks, Internet, Security measures, Computer security, Dean's List of Exceptional Theses