DSEOM: A Framework for Dynamic Security Evaluation and Optimization of MTD in Container-Based Cloud

41Citations
Citations of this article
74Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

Due to the lightweight features, the combination of container technology and microservice architecture makes container-based cloud environment more efficient and agile than VM-based cloud environment. However, it also greatly amplifies the dynamism and complexity of the cloud environment and increases the uncertainty of security issues in the system concurrently. In this case, the effectiveness of defense mechanisms with fixed strategies would fluctuate as the updates occur in cloud environment. We refer this problem as effectiveness drift problem of defense mechanisms, which is particularly acute in the proactive defense mechanisms, such as moving target defense (MTD). To tackle this problem, we present DSEOM, a framework that can automatically perceive updates of container-based cloud environment, rapidly evaluate the effectiveness change of MTD and dynamically optimize MTD strategies. Specifically, we establish a multi-dimensional attack graphs model to formalize various complex attack scenarios. Combining with this model, we introduce the concept of betweenness centrality to effectively evaluate and optimize the implementation strategies of MTD. In addition, we present a series of security and performance metrics to quantify the effectiveness of MTD strategies in DSEOM. And we conduct extensive experiments to illustrate the existence of the effectiveness drift problem and demonstrate the usability and scalability of DSEOM.

Cite

CITATION STYLE

APA

Jin, H., Li, Z., Zou, D., & Yuan, B. (2021). DSEOM: A Framework for Dynamic Security Evaluation and Optimization of MTD in Container-Based Cloud. IEEE Transactions on Dependable and Secure Computing, 18(3), 1125–1136. https://doi.org/10.1109/TDSC.2019.2916666

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free