Model-based evaluation of combinations of Shuffle and Diversity MTD techniques on the cloud

摘要

Regardless of cloud computing capabilities, security is still one of the biggest threats in the cloud. Moving Target Defense (MTD) has shown to be an effective security mechanism to secure the cloud by changing the attack surface to make uncertainties for the attackers. In this paper, we propose a combination of two MTD techniques: Shuffle and Diversity which we believe further attributes to reduce the cyber attack surface. We first provide the formal definitions of the combination to design and implement our proposal. Then, we investigate a number of approaches in which Shuffle and Diversity can be combined in order to provide the most effective defense. Towards, we utilize Network Centrality Measures (NCMs) to find out the most critical component in the cloud. Then, we evaluate the proposed MTD techniques through formal Graphical Security Models (GSM) and quantify the cloud security level through security metrics before and after deploying the MTD techniques. Our experimental evaluation shows that the combination of Shuffle and Diversity techniques can increase the security posture of the cloud.