Protecting Secrets in Cloud Applications using Moving-Target Defense

Publicerad

Typ

Examensarbete för masterexamen
Master's Thesis

Modellbyggare

Tidskriftstitel

ISSN

Volymtitel

Utgivare

Sammanfattning

Over the last decade, more and more IT systems are moved from on-premise or co-located servers to cloud infrastructure to take advantage of the reduced cost, complexity and time-to-market that cloud infrastructure brings. However, a shared environment, such as a server shared between different customers, exposes customers to sophisticated side-channel attacks, where a malicious virtual machine can steal information from any of the other virtual machines running on the same host. Thisthesis proposes a solution to this problem by utilizing moving-target defense, where the virtual machine of the customer is moved to different physical machines on a regular basis to avoid any adversary from having enough time to perform long-running side-channel attacks. To solve the connectivity problem, where clients need to connect to this moving virtual machine, a reverse proxy is used that keeps track of the current location of the virtual machine and keeps the connections alive. Benchmarks show that the added latency is insignificant for most applications, and the slight reduction in throughput is unlikely to become a bottleneck.

Beskrivning

Ämne/nyckelord

moving-target defense, mtd, security, cybersecurity, cloud, proxy, virtual machine, vm, side-channel attack

Citation

Arkitekt (konstruktör)

Geografisk plats

Byggnad (typ)

Byggår

Modelltyp

Skala

Teknik / material

Index

item.page.endorsement

item.page.review

item.page.supplemented

item.page.referenced