Design, Implementation and Evaluation of a Moving Target Defense in Distributed Systems

Abstract

Cloud computing has recently become increasingly popular for server hosting. Additionally, a new model of cloud computing has emerged where cloud resources are placed at the edge of the network closer to the user. Both cloud and edge systems share many common security concerns, however, edge systems may suffer an increased risk of physical tampering and destruction. One way to harden the security in both cloud and edge systems is to use a technique called Moving Target Defense. The technique can be likened to the idea of frequency hopping in secure communication systems. Moving Target Defense is not yet widely adopted by industry and the current research in the area is very limited. Additionally, to our knowledge, there are no open-source implementations that can be easily replicated. The Moving Target Defense proposed in this thesis is an open-source implementation and can move a critical application between virtual and physical nodes in order to avoid and confuse adversaries. In addition to the implementation, we performed security, availability, and performance tests on the system. The results show that our system is able to successfully thwart some types of attacks while not significantly impacting availability and performance.