SD-MTD: Software-Defined Moving-Target Defense for Cloud-System Obfuscation
- Authors
- 강기완; 서정택; Baek, Sung Hoon; Kim, Chul Woo; 박기웅
- Issue Date
- Mar-2022
- Publisher
- 한국인터넷정보학회
- Keywords
- Cloud Computing System; Container Orchestration; Moving-Target Defense; System Obfuscation
- Citation
- KSII Transactions on Internet and Information Systems, v.16, no.3, pp.1063 - 1075
- Journal Title
- KSII Transactions on Internet and Information Systems
- Volume
- 16
- Number
- 3
- Start Page
- 1063
- End Page
- 1075
- URI
- https://scholarworks.bwise.kr/gachon/handle/2020.sw.gachon/84026
- DOI
- 10.3837/tiis.2022.03.017
- ISSN
- 1976-7277
- Abstract
- In recent years, container techniques have been broadly applied to cloud computing systems to maximize their efficiency, flexibility, and economic feasibility. Concurrently, studies have also been conducted to ensure the security of cloud computing. Among these studies, moving-target defense techniques using the high agility and flexibility of cloud-computing systems are gaining attention. Moving-target defense (MTD) is a technique that prevents various security threats in advance by proactively changing the main attributes of the protected target to confuse the attacker. However, an analysis of existing MTD techniques revealed that, although they are capable of deceiving attackers, MTD techniques have practical limitations when applied to an actual cloud-computing system. These limitations include resource wastage, management complexity caused by additional function implementation and system introduction, and a potential increase in attack complexity. Accordingly, this paper proposes a software-defined MTD system that can flexibly apply and manage existing and future MTD techniques. The proposed software-defined MTD system is designed to correctly define a valid mutation range and cycle for each moving-target technique and monitor system-resource status in a software-defined manner. Consequently, the proposed method can flexibly reflect the requirements of each MTD technique without any additional hardware by using a software-defined approach. Moreover, the increased attack complexity can be resolved by applying multiple MTD techniques.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - IT융합대학 > 컴퓨터공학과 > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.