Design, Implementation and Evaluation of a Moving Target Defense in Distributed Systems

Publicerad

Typ

Examensarbete för masterexamen
Master's Thesis

Modellbyggare

Tidskriftstitel

ISSN

Volymtitel

Utgivare

Sammanfattning

Cloud computing has recently become increasingly popular for server hosting. Additionally, a new model of cloud computing has emerged where cloud resources are placed at the edge of the network closer to the user. Both cloud and edge systems share many common security concerns, however, edge systems may suffer an increased risk of physical tampering and destruction. One way to harden the security in both cloud and edge systems is to use a technique called Moving Target Defense. The technique can be likened to the idea of frequency hopping in secure communication systems. Moving Target Defense is not yet widely adopted by industry and the current research in the area is very limited. Additionally, to our knowledge, there are no open-source implementations that can be easily replicated. The Moving Target Defense proposed in this thesis is an open-source implementation and can move a critical application between virtual and physical nodes in order to avoid and confuse adversaries. In addition to the implementation, we performed security, availability, and performance tests on the system. The results show that our system is able to successfully thwart some types of attacks while not significantly impacting availability and performance.

Beskrivning

Ämne/nyckelord

moving target defense, distributed systems, kubernetes, cluster, cloud

Citation

Arkitekt (konstruktör)

Geografisk plats

Byggnad (typ)

Byggår

Modelltyp

Skala

Teknik / material

Index

item.page.endorsement

item.page.review

item.page.supplemented

item.page.referenced