publication . Preprint . 2019

Don't Wait to be Breached! Creating Asymmetric Uncertainty of Cloud Applications via Moving Target Defenses

Torkura, Kennedy A.; Meinel, Christoph; Kratzke, Nane;
Open Access English
  • Published: 11 Jan 2019
Abstract
Cloud applications expose - besides service endpoints - also potential or actual vulnerabilities. Therefore, cloud security engineering efforts focus on hardening the fortress walls but seldom assume that attacks may be successful. At least against zero-day exploits, this approach is often toothless. Other than most security approaches and comparable to biological systems we accept that defensive "walls" can be breached at several layers. Instead of hardening the "fortress" walls we propose to make use of an (additional) active and adaptive defense system to attack potential intruders - an immune system that is inspired by the concept of a moving target defense....
Subjects
free text keywords: Computer Science - Cryptography and Security, Computer Science - Distributed, Parallel, and Cluster Computing, Computer Science - Networking and Internet Architecture, Computer Science - Systems and Control
Download from
44 references, page 1 of 3

N. Kratzke, “About an Immune System Understanding for Cloudnative Applications - Biology Inspired Thoughts to Immunize the Cloud Forensic Trail,” in Proc. of the 9th Int. Conf. on Cloud Computing, GRIDS, and Virtualization (CLOUD COMPUTING 2018, Barcelona, Spain), 2018.

B. Duncan and M. Whittington, “Compliance with standards, assurance and audit: does this equal security?” in Proc. 7th Int. Conf. Secur.

Inf. Networks - SIN '14. Glasgow: ACM, 2014, pp. 77-84. [Online].

Available: http://dl.acm.org/citation.cfm?doid=2659651.2659711 N. Kratzke, “Smuggling Multi-Cloud Support into Cloud-native Applications using Elastic Container Platforms,” in Proc. of the 7th Int. Conf.

on Cloud Computing and Services Science (CLOSER 2017), 2017.

--, “About the complexity to transfer cloud applications at runtime and how container platforms can contribute?” in Cloud Computing and Service Sciences: 7th International Conference, CLOSER 2017, Revised Selected Papers, Communications in Computer and Information Science (CCIS). Springer International Publishing, 2018, to be published.

N. Kratzke and P.-C. Quint, “Understanding Cloud-native Applications after 10 Years of Cloud Computing - A Systematic Mapping Study,” Journal of Systems and Software, vol. 126, no. April, 2017. [OpenAIRE]

N. Kratzke and R. Peinl, “ClouNS - a Cloud-Native Application Reference Model for Enterprise Architects,” in 2016 IEEE 20th Int. [OpenAIRE]

L. Bilge and T. Dumitras, “Before we knew it: an empirical study of zero-day attacks in the real world,” in ACM Conference on Computer and Communications Security, 2012. [OpenAIRE]

K. Krombholz, H. Hobel, M. Huber, and E. Weippl, “Advanced social engineering attacks,” Journal of Information Security and Applications, vol. 22, 2015.

S. Gupta, A. Singhal, and A. Kapoor, “A literature survey on social engineering attacks: Phishing attack,” 2016 International Conference on Computing, Communication and Automation (ICCCA), 2016, pp.

N. Kratzke and P.-C. Quint, “Technical Report of the Project CloudTRANSIT - Transfer Cloud-native Applications at Runtime,” Oct. 2018, technical report.

C. Fehling, F. Leymann, R. Retter, W. Schupeck, and P. Arbitter, Cloud Computing Patterns: Fundamentals to Design, Build, and Manage Cloud Applications. Springer Publishing Company, Incorporated, 2014.

A. Balalaie, A. Heydarnoori, and P. Jamshidi, “Migrating to CloudNative Architectures Using Microservices: An Experience Report,” in 1st Int. Workshop on Cloud Adoption and Migration (CloudWay), Taormina, Italy, 2015.

S. Ashtikar, C. Barker, B. Clem, P. Fichadia, V. Krupin, K. Louie, G. Malhotra, D. Nielsen, N. Simpson, and C. Spence, “OPEN DATA CENTER ALLIANCE Best Practices: Architecting Cloud-Aware Applications Rev. 1.0,” 2014. [Online].

44 references, page 1 of 3
Abstract
Cloud applications expose - besides service endpoints - also potential or actual vulnerabilities. Therefore, cloud security engineering efforts focus on hardening the fortress walls but seldom assume that attacks may be successful. At least against zero-day exploits, this approach is often toothless. Other than most security approaches and comparable to biological systems we accept that defensive "walls" can be breached at several layers. Instead of hardening the "fortress" walls we propose to make use of an (additional) active and adaptive defense system to attack potential intruders - an immune system that is inspired by the concept of a moving target defense....
Subjects
free text keywords: Computer Science - Cryptography and Security, Computer Science - Distributed, Parallel, and Cluster Computing, Computer Science - Networking and Internet Architecture, Computer Science - Systems and Control
Download from
44 references, page 1 of 3

N. Kratzke, “About an Immune System Understanding for Cloudnative Applications - Biology Inspired Thoughts to Immunize the Cloud Forensic Trail,” in Proc. of the 9th Int. Conf. on Cloud Computing, GRIDS, and Virtualization (CLOUD COMPUTING 2018, Barcelona, Spain), 2018.

B. Duncan and M. Whittington, “Compliance with standards, assurance and audit: does this equal security?” in Proc. 7th Int. Conf. Secur.

Inf. Networks - SIN '14. Glasgow: ACM, 2014, pp. 77-84. [Online].

Available: http://dl.acm.org/citation.cfm?doid=2659651.2659711 N. Kratzke, “Smuggling Multi-Cloud Support into Cloud-native Applications using Elastic Container Platforms,” in Proc. of the 7th Int. Conf.

on Cloud Computing and Services Science (CLOSER 2017), 2017.

--, “About the complexity to transfer cloud applications at runtime and how container platforms can contribute?” in Cloud Computing and Service Sciences: 7th International Conference, CLOSER 2017, Revised Selected Papers, Communications in Computer and Information Science (CCIS). Springer International Publishing, 2018, to be published.

N. Kratzke and P.-C. Quint, “Understanding Cloud-native Applications after 10 Years of Cloud Computing - A Systematic Mapping Study,” Journal of Systems and Software, vol. 126, no. April, 2017. [OpenAIRE]

N. Kratzke and R. Peinl, “ClouNS - a Cloud-Native Application Reference Model for Enterprise Architects,” in 2016 IEEE 20th Int. [OpenAIRE]

L. Bilge and T. Dumitras, “Before we knew it: an empirical study of zero-day attacks in the real world,” in ACM Conference on Computer and Communications Security, 2012. [OpenAIRE]

K. Krombholz, H. Hobel, M. Huber, and E. Weippl, “Advanced social engineering attacks,” Journal of Information Security and Applications, vol. 22, 2015.

S. Gupta, A. Singhal, and A. Kapoor, “A literature survey on social engineering attacks: Phishing attack,” 2016 International Conference on Computing, Communication and Automation (ICCCA), 2016, pp.

N. Kratzke and P.-C. Quint, “Technical Report of the Project CloudTRANSIT - Transfer Cloud-native Applications at Runtime,” Oct. 2018, technical report.

C. Fehling, F. Leymann, R. Retter, W. Schupeck, and P. Arbitter, Cloud Computing Patterns: Fundamentals to Design, Build, and Manage Cloud Applications. Springer Publishing Company, Incorporated, 2014.

A. Balalaie, A. Heydarnoori, and P. Jamshidi, “Migrating to CloudNative Architectures Using Microservices: An Experience Report,” in 1st Int. Workshop on Cloud Adoption and Migration (CloudWay), Taormina, Italy, 2015.

S. Ashtikar, C. Barker, B. Clem, P. Fichadia, V. Krupin, K. Louie, G. Malhotra, D. Nielsen, N. Simpson, and C. Spence, “OPEN DATA CENTER ALLIANCE Best Practices: Architecting Cloud-Aware Applications Rev. 1.0,” 2014. [Online].

44 references, page 1 of 3
Powered by OpenAIRE Open Research Graph
Any information missing or wrong?Report an Issue