The homogeneity and uniformity of static data storage and access make data leakage one of the most severe security threats. Dynamic data techniques such as data randomization and diversification, are effective approaches to mitigate data theft and illegal data modification. By increasing data diversity and dynamics, the data attack surface shifting space can be expanded to confuse attackers and influence their further actions. However, there are only a few dynamic data techniques developed because of the difficulty in encoding multiple data formats and the loss of compatibility in data formats. In this paper, we propose a new dynamic data approach that integrates the data deception techniques based on Moving Target Defense (MTD). By changing the data size, data authenticity, and users’ data access privilege, the approach significantly expands the data attack surface shifting space. Moreover, the approach provides dynamic data access based upon both users’ attributes and users’ operations. Through dynamic analysis and experiments, the paper shows that the proposed dynamic data technique can expand the attack surface shifting space at a lower cost, protect the sensitive data, and impose no significant burden on the system.
展开▼
